In June 2021, Dave Zvenyach, director of a group tasked with improving digital access to US government services, sent a Slack message to his team. He’d decided that Login.gov, which provides a secure way to access dozens of government apps and websites, wouldn’t use selfies and face recognition to verify the identity of people creating new accounts. “The benefits of liveness/selfie do not outweigh any discriminatory impact,” he wrote, referring to the process of asking users to upload a selfie and photo of their ID so that algorithms can compare the two.

Zvenyach’s rejection of face recognition, detailed in a report this month by the Office of the Inspector General of the General Services Administration, the agency that houses Login.gov, saw a government official draw a line in the sand in order to protect citizens from discrimination by algorithms. Face recognition technology has become more accurate, but many systems have been found to work less reliably for women with dark skin, people who identify as Asian, or people with a nonbinary gender identity.

Yet Zvenyach’s pronouncement also put Login.gov and US agencies using the service at odds with federal security guidelines. For access to some sensitive data or services, they require that a person’s identity be confirmed against a government ID, either in person or remotely using a biometric such as fingerprint or face recognition.

The inspector general's report finds that the GSA misled 22 agencies paying for use of Login.gov by claiming its service was fully compliant with National Institute of Standards and Technology requirements when it was not. An official from one federal agency told OIG investigators that Login.gov not complying with the standard left their agency at greater risk of fraud. Zvenyach did not respond to questions from WIRED about the report.

Though Zvenyach left the GSA in September 2022, and a new Login.gov director was appointed that same month, spokesperson Channing Grate says that the service will continue to avoid use of face recognition “until we have confidence that it can be deployed equitably and without causing harm to vulnerable populations.” That leaves Login.gov out of compliance with NIST requirements, although the standard is being revised, and a new draft calls for an alternative to face recognition to be offered.

The allegations of misconduct at the GSA come at a time of renewed scrutiny on US government use of face recognition for administrative purposes. Migrants at the US-Mexico border have complained that a new app offered by the Department of Homeland Security to speed up asylum applications that uses selfies and face recognition functions poorly for people with dark skin. Civil liberties groups have long argued that human rights threats posed by face recognition outweigh the benefits of its use.

The report from the GSA’s inspector general says that Zvenyach notified other agencies relying on Login.gov that its lack of face recognition put them out of compliance with NIST requirements in early 2022, after a WIRED article drew attention to Login.gov’s face recognition policy.