Technology

DHS plan for face scanning at airports sparks alarm

Lawmakers and civil liberties advocates are calling on the Department of Homeland Security (DHS) to halt plans to begin using facial recognition technology on nearly all departing air passengers within the next four years.

The agency’s plan has reignited the fight over the sensitive technology. Critics say facial recognition technology is not ready for large-scale deployment and that DHS has failed to establish specific rules to prevent abuses and policies for handling the collected data.

{mosads}“The Department of Homeland Security is plowing ahead with its program to scan travelers’ faces, and it’s doing so in absence of adequate safeguards against privacy invasions, data breaches, and racial bias,” Sen. Ed Markey (D-Mass.) said in a statement to The Hill. “Homeland Security should change course and stop its deployment of facial recognition technology until it meets that standard.”

Markey and Sen. Mike Lee (R-Utah) have raised these concerns with DHS over the past year, releasing statements and sending letters to the agency urging it to halt the program until it puts specific safeguards in place. So far, according to Markey’s office, the department has ignored their warnings.

DHS has been implementing its “biometric exit” program, which photographs some visitors when they are departing the U.S., for years, expanding to 15 major airports with plans to reach five more. President Trump in 2017 signed an executive order speeding up the rollout of the face-scanning technology, and Congress in 2016 authorized up to $1 billion over the next 10 years to implement the program.

The stated purpose of the program is to identify non-U.S. citizens who have overstayed their visas, but it captures the faces of U.S. citizens as well. The agency says it has successfully identified 7,000 people at major U.S. airports who have overstayed their visas.

The DHS report published last week, which was provided to the House and Senate judiciary committees, is the latest sign that Customs and Border Protection (CBP) — DHS’s largest federal law enforcement agency — is fast-tracking the implementation of the program at the country’s largest airports.

That has privacy advocates in an uproar. They say DHS is ignoring concerns that facial recognition technology wrongly recognizes certain populations at higher rates and allegations that the agency ignored formal procedures required to implement such a wide-ranging program. 

{mossecondads}“DHS wants to scan your face before it has issued formal rules to protect your privacy,” Harrison Rudolph, an associate at Georgetown Law’s Center on Privacy and Technology, told The Hill. “Without rules, there could be little that stands in the way of DHS breaking its privacy promises. That’s deeply alarming.”

According to a tranche of documents released by the Electronic Privacy Information Center last month, CBP skipped parts of the formal rulemaking process that requires federal agencies to solicit public comments before they adopt technology that will be used on U.S. citizens. 

Privacy advocates have continued to call for CBP to undertake a rulemaking process, which would allow them to push for safeguards and limits on its data collection.

As it stands, CBP says it keeps the photos of those identified as U.S. citizens for 12 hours before disposing of them. The agency keeps photographs of departing non-U.S. citizens for up to 14 days.

Neema Singh Guliani, a senior legislative council at the American Civil Liberties Union, told The Hill that she is concerned by CBP’s refusal to establish rules around how passengers can opt out of face scanning.

“The agency has not undertaken any rulemaking to clarify how it’s going to use this information, what privacy protections will apply, what recourse individuals may have in the event that their privacy is violated,” Guliani said. “They haven’t provided clarity or information as to how U.S. citizens or others can opt out of face recognition.” 

The agency says it is working to propose a rule that would require all travelers, including U.S. citizens, to be photographed. But it is unclear what safeguards that would include.

Currently, CBP says passengers are welcome to decline to participate in the program. But according to the airlines partnering with the agency, very few passengers do so.

And CBP also says it cannot prevent the private companies that provide the facial recognition technology from keeping the biometric data they capture. Airports and airlines solicit third-party vendors to provide the cameras used by CBP.

“If any airline wanted to suddenly start their own photograph database, that’s their business to do with their customer, but it cannot in any way connect to us for any matching,” a CBP official told The Hill. The official noted that “nobody wants to be in the biometric game” or “keep this data” because they recognize it is a “responsibility.”

Those vendors include SITA, a multinational information technology company that focuses on airport transportation; NEC Corporation, a Japanese information technology company; and Vision-Box, a Portugal-based multinational technology company.

SITA, which has worked with JetBlue and CBP on biometric exit at three U.S. airports, in an emailed statement told The Hill that it does not distribute “biometric information to any party other than the customer … and to CBP.” It said it only uses personal information to share with CBP and “expedite passengers’ departure.”

The other two companies did not immediately respond to The Hill’s request for comment.

Besides the concerns around data collection, critics say facial recognition is not ready for large-scale deployment.

DHS face scans have been shown to misrecognize U.S. citizens, as well as young and old people, at higher rates, according to a September audit of biometric exit by the DHS Office of the Inspector General.

U.S. citizens, according to the watchdog report, were up to six times more likely to be rejected by DHS than non-U.S. citizens last year. And individuals under the age of 29, who accounted for 18 percent of all passengers, accounted for 36 percent of all passengers rejected by DHS’s system.

A CBP official told The Hill that its facial recognition system will be undergoing an external assessment over the next six months.

The National Institute of Standards and Technology, a non-regulatory federal agency, will be assessing DHS’s face scanning system for bias testing. The two agencies have signed all the appropriate paperwork and started holding exploratory meetings in the past few weeks, according to the official.

Officials are trying to calm worries about the new technologies.

“Nobody wants to have an anomaly in the way the system matches and operates,” the CBP official said. “The federal government has policies against that, and we don’t want to do that.”

Lawmakers, though, note that there are no laws in the U.S. specifically governing the use of facial recognition technology even as it is being rapidly deployed at airports. And they want DHS to address their concerns.

“DHS has a statutory requirement to submit a report to Congress detailing the viability of biometric technologies, including privacy implications and accuracy,” Markey and Lee wrote in a statement last month.

“DHS should pause their efforts until American travelers fully understand exactly who has access to their facial recognition data, how long their data will be held, how their information will be safeguarded, and how they can opt out of the program altogether.”