IRS defends use of biometric verification for online FOIA filers

The tax agency directs users to file public records requests through, a tool that has sparked concerns in Congress and from privacy advocates.
Internal Revenue Service (IRS) building
(Chip Somodevilla / Getty Images)

A few years ago, the Internal Revenue Service announced that it had begun using the identity credential service for taxpayers to access various online tools. At some point between then and now, the IRS quietly began directing people filing public records requests through its online portal to register for the private biometric verification system.

Though Freedom of Information Act requests to the tax agency can still be filed through, the mail, by fax, or even in person, the IRS’s decision to point online filers to — whose facial verification technology has, in the past, drawn scrutiny from Congress — has raised some advocates’ eyebrows

Alex Howard, who directs the Digital Democracy Project and also serves on the FOIA Advisory Committee hosted out of the National Archives, said in an email to FedScoop that language on the IRS website seems to encourage use for faster service. It also doesn’t make significant references to, a separate governmentwide portal that agencies are supposed to work with by law, he said. 

“While modernizing authentication systems for online portals is not inherently problematic, adding such a layer to exercising the right to request records under the FOIA is overreach at best and a violation of our fundamental human right to access information at worst, given the potential challenges doing so poses,” Howard said. 


The IRS defended its use of the service in responses to FedScoop questions, noting the other ways people can file FOIA requests and that the tool is only required of those seeking to interact with their public records electronically. The agency also said that follows National Institute of Standards and Technology guidelines for credential authentication services.

“The sole purpose of is to act as a Credential Service Provider that authenticates a user interested in using the IRS FOIA Portal to submit a FOIA request and receive responsive documents,” a spokesperson for the agency said. “The data collected by has nothing to do with the processing of a FOIA request.”

The IRS website currently directs people trying to access the agency’s online FOIA portal to use, which describes itself as a “digital passport” that “simplifies how individuals prove and share their identity online.” According to one IRS page, the “IRS Freedom of Information Act (FOIA) Public Access Portal now uses a sign-on system that requires identity verification.” Those hoping to access online FOIA portal accounts created before June 2023 also must register for, the site states. 

The login page directs users to the FOIA portal, stating that those who can’t verify their identity can try visiting the help page or pursue alternative options. From there, another page tells users to try “another method” for submitting a FOIA. 


The system requires users to upload a picture of their ID: They can choose between taking a selfie and using biometric facial verification software that compares the image to their ID — or wait for a video appointment to confirm their identity. 

The system also appears to prompt users to share their Social Security number and includes terms of service that discuss the handling of biometric data. Two FedScoop reporters tried registering with the system: one had their expired identification rejected and had to attempt again with a passport, while the other’s driver’s license could not be “read” the first time but was accepted during a second attempt in combination with the video selfie. Both FedScoop reporters later received a letter, by mail, notifying them that their personal information was used to access an IRS service using

What an scan looks like when signing into the IRS’s FOIA portal.

The IRS spokesperson said that the collection of a Social Security number is related to the digital authentication process, not the processing of the FOIA request itself, and biometric information is not retained by the IRS. 

“The IRS requires to delete the selfie and biometric information within 24 hours for taxpayers who verify using the self-service process,” the spokesperson said, adding that “ is also required to delete any video chat recording within 30 days for taxpayers who choose to verify using the video chat pathway.” 


An spokesperson said in an email to FedScoop that no state or local agency uses the system for identity verification or as authentication for FOIA portals.  

The FOIA portals for the Treasury Department and Social Security Administration do use, the company spokesperson noted, but both agencies seem to provide more information on alternative submission options to submit requests online. referred additional questions regarding the IRS’s use of the company’s FOIA portal to the tax agency. Treasury did not respond to a request for comment by the time of publication.

The Social Security Administration offers both and — another government-run ID service — as options to log into its FOIA portal, FOIAXPress Public Access Link. Like the IRS, the SSA said in response to FedScoop questions that mail, fax, email and are alternatives to filing FOIAs. A Social Security number is not required for accessing FOIAXpress, though it appears to be required for signing into, which some users might be using to file FOIA requests. 

“In the scenario where a customer uses their account to access FOIAXpress PAL, the customer selects this sign in option on the login page and is redirected to a webpage on’s website,” an agency spokesperson said. “If the customer creates an account in this session, retains info on the registration event in their records.

They continued: “Upon successful account creation, the user is routed back to SSA’s website and allowed access to FOIAXpress PAL. SSA and retain info on the transaction in our respective records.”


“Submitting a Social Security Number to is related to the digital identity authentication process; generally it is not required for the FOIA process,” the IRS spokesperson added. 

Albert Fox Cahn, a privacy-focused attorney who directs the Surveillance Technology Oversight Project, expressed concerns about the IRS’s use of “This isn’t just creepy and discriminatory, it might break federal law,” he said in a statement to FedScoop. “Under FOIA, public records belong to the public, and no one should have to hand over their biometric data just to see the records they’re entitled to access.” 

The use of by the government has sparked concerns in the past. In 2022, some members of Congress accused the company of downplaying wait times and misleading people about the way its facial recognition technology worked. The company, meanwhile, has defended its practices, including its work on fighting fraud during the pandemic.

Matt Bracken contributed to this article.

This story was updated June 11, 2024, to update Alex Howard’s professional affiliation.

Latest Podcasts