GSA to pilot face matching technology this summer for Login

The General Services Administration is gearing up to make good on promises made last year to add face verification to its single sign-on platform, Login.gov. 

GSA announced on Thursday that in coming months, it will be piloting face matching technology, expanding its in-person identity verification option at U.S. Postal Service offices and rolling out a new pricing model for the government agencies that use the service. 

This latest news follows an announcement previewing the addition of face matching technology last fall and, before that, an inspector general report last spring that blasted GSA for misleading its agency customers about Login.gov’s compliance with digital identity proofing standards set by the National Institute of Standards and Technology.

The agency says that this and other changes represent improvements to Login.gov as a service that can help government agencies block fraudsters trying to impersonate others online without building their own digital identity systems and offer individuals one way to sign on across government programs.

The changes to how Login.gov verifies identities will be felt by many Americans using the service online, as currently, over 40 federal and state agencies use the service as a front door for programs like unemployment insurance, disaster loan applications and more. Login.gov had over 49 million active users in fiscal 2023, according to GSA. 

The easiest way to meet the standards in question — called identity assurance level 2, or IAL2 — is by leveraging one-to-one face matching technology that compares a selfie submitted by the user to their photo on a government-issued ID, according to Jeremy Grant, a longtime digital identity expert who has worked at the National Institute of Standards and Technology and now runs the Better Identity Coalition trade group.

Still, the government’s use of biometrics for online identity verification has been contested at times due to concerns about bias, privacy ramifications and more.

The IRS, in particular, has received pushback for its use of biometrics via vendor ID.me, and GSA itself has previously said that it wouldn’t use the tech until it had done a “rigorous review… that we can do so equitably.” 

Now, GSA says that, beginning in May, it will be piloting the face matching technology that compares photos of IDs with selfies to meet IAL2 requirements and get independently certified as in compliance with the standard.

The pilot will start with “a handful of existing agency partners,” GSA says, before adding more over the summer. 

“This will be a key step in helping federal and state agencies who require an IAL2-compliant solution to more easily deliver benefits to millions of Americans in a secure, seamless, and timely way,” said Ann Lewis, director of the Technology Transformation Services, in a statement.

GSA currently verifies identities by validating data like state-issued IDs and Social Security numbers, although it can be difficult to verify some individuals, such as those without credit histories, using this method.

The agency put out a call for participants last year for a study on remote identity proofing tech, including facial recognition, in addition to other methods used to verify identities online, like data-matching. 

The agency did not provide Nextgov/FCW with details on what contractors will be providing the tech for the pilot, although it did note that face matching minimizes data retention, ensures that personal information like selfies are only used for identity verification purposes and uses encryption. 

Post Office partnership and new pricing

GSA is also expanding its partnership with USPS “in the coming weeks” to offer individuals leery of facial recognition the option to verify themselves at one of 18,000 Post Office locations without using the face matching technology. 

Currently, the in-person option is only available among agencies that opt to offer it as a back-up for users that can’t verify their identity online, according to a GSA spokesperson. GSA now plans to enable the in-person option across agencies for any individual to choose up front, as opposed to it only being a back-up.

Over 99% of the U.S. population lives within 10 miles of a post office, GSA says.

Last fall, the agency also previewed a new, online option for Login.gov that also doesn’t use facial recognition technology, relying instead on other methods such as a video call, but the latest announcement doesn’t provide any details on that option.

A GSA spokesperson told Nextgov/FCW that while the agency’s “primary focus has been on achieving IAL2 compliance… we are continuing to pursue the online assisted capability and are actively exploring the set of solutions that may be available in order to do so.”

GSA is also rolling out a new pricing model for the government agencies that use Login.gov “as a result of stakeholder conversations.”

The changes — meant “to help agencies of all sizes more affordably use and expand use of Login.gov” — will go into effect July 1, according to the agency, which says that the new pricing structure is “based on extensive forecasting that helps ground Login.gov’s future in a long-term, sustainable financial model.”

Login.gov is meant to be cost-recoverable. GSA doesn’t receive annual appropriations from Congress to field the service and charges agencies for its use.

Currently, the agency is using some of its $187 million in funding from the Technology Modernization Fund to cover costs associated with identity proofing, according to public agency documents.

The new base price for agencies to use Login.gov will be $2,500 a month, according to a GSA spokesperson, who said that the change “represents a savings of up to 50% from current base prices, depending on a given agency’s existing plan.”

Agencies using the service also have to pay for authentication based on their number of monthly active users and for identity verification per active users. 

The updated pricing, in addition to IAL2 compliance, is expected to make Login.gov more competitive and increase adoption, the agency stated in its recent budget request. Some agencies have hesitated to use the service due to its lack of IAL2 compliance.

“These announcements reflect how, over the past year, our team has collected input and feedback from many agency partners and stakeholders,” said Dan Lopez, Login.gov director. “We are pleased to be building a product that attracts and empowers both our partners and their users who increasingly demand a single sign-on service to access their services and benefits.”