"The report says IAL2 non-compliance was a matter of discussion as early as 2019.
That discussion ended, according to the OIG report, when Vladlen "Dave" Zvenyach, former director of GSA's Technology Transformation Services (TTS), the group overseeing the development of the authentication service, determined that facial recognition via submitted selfies was discriminatory."
Isn't that the whole idea of using facial recognition for authentication - that it's discriminatory? There's not a lot of point using it if can't discriminate between users! Perhaps, in context, the discrimination was that some had laptops with cameras/phones whilst other potential users didn't have the means to generate selfies.