[NEWS] Paying taxes? You might have to say ‘cheese’

Quietly announced in November, the Internal Revenue Service in the US plans to require everyone who logs into their online system to agree to facial recognition as a form of identification.

Beginning this summer, anyone who wants to access the IRS website to pay their taxes, view their balance, or otherwise interact with the agency online will need to create an account with third-party provider ID.me. This in turn will require users to submit bills and other documents (such as a photo of a driver’s license or passport) to prove their identity and agree to a live webcam or mobile camera video selfie. 

The public wasn’t aware of this dramatic change until online security expert Brian Krebs sounded the alarm last week in a story that was subsequently picked up by Gizmodo. 

As Krebs explained, not only is the process invasive, but it is very difficult and time-consuming. As he noted: 

“Stepping away from one part of the many-step application process for a little more than five minutes necessitated another login, and then the re-submission of documents I’d previously uploaded.”

Once a user uploads all of their documents, the system will then attempt to verify the user’s identity by comparing the photo on the physical document to the live selfie. The final step involves speaking on camera to a live agent who will initiate a video call to verify their identity. 

In a statement to Gizmodo, the IRS reiterated that taxpayers won’t need the ID.me service to pay or file taxes but will need to use the identity verification process to access online tools such as checking account balances or obtaining transcripts.

Needless to say, this process has sparked concerns among privacy advocates. SC Media, an online cybersecurity publication, suggests that by making ID.me the default option, “the IRS is pushing potentially millions of taxpayers into using a risky technology with a spotty track record; one that isn’t even owned by the government.” 

And Caitlin Seeley George of Fight for the Future told SC Media that the IRS identity verification program represents “a massive expansion of the federal government using facial recognition on the public at large.”

In a recent article, Electronic Frontier Foundation (EFF) explains some of the concerns about face-matching technology. First, these systems are less reliable when applied to women and people of color. In one example, EFF cites a case in which women of color were misidentified 40 times more often than white men. 

EFF also points out that this technology has been used to attempt to analyze someone’s emotions. They explained how, in shades of Minority Report, the U.S. Department of Homeland Security implemented “FAST” technology in the hopes it could detect “mal-intent” among people in airports and border crossings. And they note that such technology has been used to falsely identify individuals and then charge them with crimes. 

The good news is that the IRS facial recognition plans may not be a done deal. Senate Finance Chair Ron Wyden, D-OR, intends to look into the matter. On Jan. 20th he tweeted, 

“I’m very disturbed that Americans may have to submit to a facial recognition system, wait on hold for hours, or both, to access personal data on the IRS website. While e-filing returns remain unaffected, I’m pushing the IRS for greater transparency on this plan.”

Paying taxes is already hard enough. Will all Americans be subjected to facial scans just to see how much they owe? Only time will tell.

In other news

• FBI warning: Fake QR codes risk. We’ve all become increasingly familiar with QR codes; those little pixelated squares which take you quickly to places on the web. When legitimately used for tickets, purchases, promotions, and payments, QR codes are hugely useful, and more so during the pandemic because they reduced the need for touching payment cards. Because of this increased uptake, the temptation for scammers to fiddle with the QR image is also on the rise. The FBI is warning mobile users to especially when out and about avoid scanning QR codes used in ambient advertising. If you see a sticker on a bench or in a venue, for the time being, their advice is not to scan it, or you might become a victim of password fraud, or payments theft, a cryptocurrency scam, or a re-direct to phishing pages.

• Kids won’t stop launching DDoS attacks against their schools. It’s probably time for adults to get schooling. Tech Radar reports that kids, some as young as nine, know how to launch a DDoS attack. The UK National Cybercrime Agency wants to educate kids about the consequences. During the pandemic and subsequent rise in homeschooling,  DDoS attacks launched by students against their school networks, websites, and other services rose sharply.

• One person’s NFT is another’s treasure. Many prefer their NFTs to have that built-in celebrity factor. The race is on to purchase select NFTs from the Beatles in the ‘Lennon Collection,’ an official auction on Yellow Heart. One item, Paul McCartney’s notes on “Hey Jude,” already has bids up to USD $30,000.
  
  At the other end of the NFT spectrum, Peta pixel shares how an Indonesian student managed to make a million in NFT sales. Once a big celebrity chef purchased a batch of Sultan Gustaf Al Ghozali’s selfies, more than 400 others raced to buy some. The 22-year-old, who studies computer science, took pictures of himself every single day for around five years wearing the same bland expression while staring at his computer.

• Four weeks to repair Tonga’s undersea cables. A major underwater volcanic eruption spliced clean through Tonga’s only Internet link to the world, the ‘Tonga Cable’. The devastation makes it plain how reliant we all are on the Internet’s backbone, which is comprised of cables lining the ocean’s floor. Tonga residents now have access to their state-owned domestic network in Tongatapu, the main island of Tonga, with limited 2G communication. But it’s still virtually impossible to make contact with the rest of the world until the Tonga Cable is back online.
  
  In some good news, the cable repair ship CS Reliance, owned by SubCom, is sailing towards the island. This will gladden those relatives waiting for news about what’s happening on the ground. However, mainly because one of the splices is very close to the center of volcanic activity,  Submarine Networks explains that repairs will likely take up to four weeks. 

• Putting video conferences into focus. It’s no secret that the last two years ushered in a new era for video conferencing. From the increased need for online meetings to virtual concerts and court hearings, streaming communications are everywhere now. Communications platform Dialpad recently released The state of video conferencing 2022, with findings from a survey of US businesses and proprietary business intelligence. Key insights show 82.9% of people surveyed do not believe most meetings require video at all. However, “too many meetings” isn’t the most significant pain point for video conferencing — audio-related issues are the biggest complaint from over 50% of respondents. This begs the question: if you can’t see me, can you hear me?

Tip of the week

Apple launched AirTags in 2021, the small, sleek, affordable tracking device that works with your iPhone. The benefit is that AirTags can be attached to keys, gym bags, or anything you could lose, letting technology help you find them. But the unintended side effect is that they are being used to track people — without their knowledge. The BBC recently interviewed six women in the US who say they have been tracked using Apple AirTags. 

While Apple included some safeguards to prevent stalking, they don’t work well, so it’s up to you to look out for yourself for now. Perpetrators have been known to throw an AirTag into bags in order to track someone. If you’ve been in a public place, check your pockets and bags before leaving for evidence of tampering. Since AirTags rely on Bluetooth, you can also use a Bluetooth tracking app to scan for unknown devices around you periodically.