Surprising exactly no one paying attention to the slow erosion of privacy, the US General Services Administration (GSA) has rolled out its shiny new toy: facial recognition technology for accessing login.gov. Yes, that beloved single sign-in service, connecting Americans to federal and state agencies, now wants your face—literally. This gateway, clicked into over 300 million times a year by citizens has decided the most efficient way to keep us all “safe” is by scanning our mugs. How very 2024.
But of course, this little “upgrade” didn’t just appear overnight. Oh no, it dragged itself through bureaucratic purgatory, complete with false starts, delays, and some spicy critique from the Inspector General. Apparently, login.gov had been fibbing about its compliance with Identity Assurance Level 2 (IAL2)—a fancy label for a government-mandated security standard that requires real-deal verification of who you are. Up until now, that “verification” meant having someone eyeball your ID card photo and say, “Yep, that looks about right,” rather than dipping into the biometric surveillance toolkit.
Facial recognition was supposed to make its grand debut last year, but things got complicated when it turned out login.gov wasn’t actually playing by the rules it claimed to follow. The Inspector General, ever the fun police, caught them misrepresenting their tech’s adherence to the IAL2 standard, causing the rollout to stall while everyone scrambled to figure out if they could get away with this. Now, after enough piloting to give a nervous airline passenger a heart attack, login.gov has finally reached compliance, but not without leaving a greasy trail of unanswered questions in its wake.
Hellbound and Down 