Follow Us

Woke feds refused to deploy facial recognition on key portal because they thought it was racist

Team of GSA workers falsely claimed it had implemented the security provision when they hadn't, Inspector General found.

Published: April 2, 2023 11:12pm

Woke employees from the General Services Administration (GSA) refused to incorporate facial recognition into a new government login system as required because they believed the technology was "racist," an internal investigation found.

The saga didn't end there, as the GSA employees later falsely certified that Login.gov did in fact have the facial recognition elements when it did not. The original intent for the login platform was "to create a seamless, secure, and user-friendly 'lock' to the government’s digital services."

The extraordinary security saga was highlighted last week at a congressional hearing during which lawmakers in both parties excoriated the rebellious GSA workers for putting federal agencies at risk.

"This is a very damning report against GSA, the one agency we trust to do the sort of oversight of other agencies and the government's money," Rep. Kweisi Mfume (D-Md.) said. "It's very disconcerting. The GSA clearly has tarnished its own name here, and the question is how do they get out of that hole."

Sonny Hasmi, the commissioner of GSA's Federal Acquisition Service, told lawmakers that "certain members of the Login.gov team did indeed misrepresent intentionally.

"These misrepresentations represent the worst in how government should operate," he said.

A report released last month by the GSA Office of Inspector General office shows the GSA's own general counsel first brought the controversy to light, "identifying potential misconduct within Login.gov" that had been going on for several years.

The IG found that GSA officials delayed implementation of the required features "due to equity concerns," citing President Biden's Executive Order 13985 "on Advancing Racial Equity and Support for Underserved Communities Through the Federal Government."

Section two of this order states the term "equity" means the consistent and systematic, fair, just, and impartial treatment of all individuals. "For Login.gov, the equity concerns pertain to physical traits, such as skin color and tone, that may be discriminated against in the identify verification process," the IG report read.

In one Slack discussion, the GSA team was searching for "other, more equitable, proofing options," while another digital chat showed angst over social concerns, rather than functionality.

"The benefits of liveness/selfie does not outweigh any discriminatory impact, and therefore should not be used as a proofing requirement," a 2021 Slack discussion stated.

GSA continued withholding information from customer agencies about Login.gov's lack of biometric comparison until January 2022, when they released their "Equity Action Plan" required by the aforementioned Executive Order.

The plan stated, "We will not deploy facial recognition, liveness detection, or any other emerging technology into production environments until rigorous review has given us confidence that they can be implemented equitably and without causing disproportionate harm to vulnerable populations."

The confusion even led Wired magazine to retract a statement in an article about Login.gov, which reported the website "asks for selfies to check against photos of a person's ID."

When the IG's office asked what "the equity requirements" were, they were referred back to GSA's "Equity Action Plan," which has no official status or requirements within it.

Investigators pointed out that there were several layers of oversight to manage the implementation of the recognition features, yet this didn't stop officials from failing to notify customers that nothing had been done. It wasn't until early 2022 that GSA finally told customer agencies their services did not comply with the necessary standards.

Image
Screenshot from IG report
Inspector General Report Screenshot
IG report

"Our evaluation found GSA misled their customer agencies when GSA failed to communicate Login.gov's known noncompliance with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63-3, Digital Identity Guidelines," the IG reported  

According to investigators, GSA billed customers over $10 million for services they didn't fully render. The agency additionally used "misleading language to secure additional funds for Login.gov" and allowed the operation to function with a "hands-off culture," yielding little accountability or followup.

"At multiple points over the past three years, senior leaders in TTS and Login.gov learned that Login.gov did not comply with IAL2 requirements," according to the report. "They did not, however, notify customer agencies of the noncompliance. The inability to meet IAL2 NIST standards became the topic of discussions among Login.gov leaders and personnel at least as early as 2019, and included concerns that using individuals' selfies to verify their identity could impact Login.gov's rejection rates based on physical traits, such as skin color and tone."

In total, from September 2018 to January 2022, Login.gov entered into 18 interagency agreements, "based on templates that misrepresented that Login.gov's identity verification service met and/or were consistent with, the IAL2 requirements," the report continued.

The IG made five recommendations to address the findings in the report. GSA management agreed with the findings and recommendations but also continued to stress the need for equity, claiming there were "barriers" to achieving the previously cited standards.

"GSA is committed to developing a secure, scalable, trusted and accessible authentication and identify verification solution that reduces burden and risk to our agency partners, and that helps the American people access the government services they need in a seamless and secure manner while advancing equity, protecting privacy, and preventing fraud," an email response to the report stated. "Toward that end, an equity study is underway, which will help GSA better understand the current technological barriers to equitable remote identity proofing services for the public."

Inspector General Carol Fortine Ochoa testified on the matter during a House Oversight Committee hearing last week saying, "The noncompliance began long before GSA announced an equity-based rationale for the decision not to deploy facial recognition."

Rep. Andy Biggs (R-Ariz.) asked if anyone had been referred for criminal violations, given the large sum of money and the deception involved. Hashmi claimed, however, that those individuals were "no longer with the agency." 

"Who?" Biggs shot back. "Have they been referred to prosecution? Criminal fraud requires a deliberate act, you got $10 million dollars that came in, from clients ... I want to know where the money is, when we're going to get it back, and I want to know who is going to be held accountable."

Just The News reached out to the GSA for comment, but did not receive a reply. 

You can follow Nick on Twitter @NGivasDC

The Facts Inside Our Reporter's Notebook

Links

Other Media

Image
Screenshot from IG report
Inspector General Report Screenshot
IG report
Image
Screenshot of IG report (2)
Screenshot of IG report (2)
Screenshot of IG report (2)

    Just the News Spotlight