The Washington PostDemocracy Dies in Darkness

Facial-recognition scanners at airports raise privacy concerns

September 15, 2018 at 5:07 p.m. EDT

When a facial recognition scanner helped authorities nab a man trying to enter the country using someone else’s passport at Dulles International Airport last month, officials heralded the technology as a “step forward” in protecting the United States from threats.

Later, when a similar system was unveiled that allows international travelers to have their faces scanned to board flights, officials said it would make the travel experience smoother and more secure by eliminating the need for boarding passes and IDs. Travelers’ faces will serve as their identification.

“It’s convenient, secure and efficient,” said John Wagner, deputy executive assistant commissioner at U.S. Customs and Border Protection’s office of field operations. “We just have to find better ways than lining everyone up and manually reviewing [documents].”

But privacy advocates and civil libertarians are concerned about the devices’ accuracy and potential misuse of the information they collect, and they say the technology is being rushed into use before it has been fully vetted.

“Right now, there is very little federal law that provides any type of protections or limitations with respect to the use of biometrics in general and the use of facial recognition in particular,” said Jeramie D. Scott, national security counsel for the Electronic Privacy Information Center, which has filed Freedom of Information Act requests seeking details about the program.

At a dozen U.S. airports, customs officers collect photos of travelers’ faces when they land in the United States. At 15 airports, including Atlanta’s Hartsfield-Jackson, Chicago’s O’Hare and Dulles, cameras do facial scans of travelers before they leave the country. Facial recognition has been used in more than 3 million instances by Customs and Border Protection since June 2017.

CBP says the program will expand to all U.S. airports with international service.

Privacy advocates agree that efforts to improve the travel experience probably will be welcomed by anyone who’s ever trudged through an airport with their baggage, but they say requiring people to submit to facial scanning goes too far. The government, they say, needs to do a better job of explaining why the scans are needed, how it intends to use the information and how long the information will be kept, among other things.

New facial recognition system nabs impostor at Dulles Airport

Adam Schwartz, senior staff attorney with the Electronic Frontier Foundation, said a system that uses biometrics — particularly facial scans — presents unique challenges to a person’s privacy and security because those characteristics can’t be changed once they are acquired.

“You can’t change your face the way you can change a license plate,” he said.

Congress has pushed for more than a decade to develop programs that would use biometrics to track those who enter and exit the country. In 2016, it authorized up to $1 billion collected from certain visa fees to fund its implementation. The effort received another boost when President Trump signed an executive order in March 2017 directing the Department of Homeland Security to expedite implementation.

An attractive option

Improvements in technology have made facial-recognition scans a more attractive option for identifying the more than 350,000 international travelers who move through CBP’s systems daily. Cameras are smaller and cheaper. Facial scans often take less time than collecting fingerprints. The improvements also have made airports and airlines more willing to try the programs — especially with the promise that they could speed the boarding process and move travelers through customs more quickly.

“The industry vision, broadly, is getting away from paper and the historical approaches for the air travel process,” said Matthew J. Cornelius, vice president of air policy for Airports Council International — North America, a trade group that advocates for airports. “With biometrics, there really are a lot of opportunities and possibilities.”

The scans are optional for U.S. citizens, but it’s not clear whether travelers are aware that they can refuse. CBP said it communicates the information through signs at airports, but critics contend that people often don’t read what’s posted and unwittingly allow themselves to be scanned.

Officials unveil new facial recognition system at Dulles

Here’s how it works: Travelers from outside the United States who fly into Atlanta, Orlando, John F. Kennedy, Miami, San Diego, San Jose and Los Angeles international airports and on certain flights into Houston International, have their faces scanned at customs before entering the country. The scans are required for foreign nationals entering and leaving the country. First-time visitors also must provide their fingerprints.

The scans are compared with images CBP stores on what it says are secure systems and in the cloud. The stored images can include passport photos or photos submitted with visa applications.

At Dulles, the system has caught two people — a 26-year-old woman and a 26-year-old man — traveling with passports that did not belong to them. The woman, detected on Monday, had a U.S. passport but was a Ghanaian citizen. The man, nabbed in August, was traveling with a French passport; officers found his identification card from Congo Republic hidden in his shoe. In both cases, the passport photos did not match the facial scans.

CBP officials said the two incidents were the first times impostors had been caught by the new technology.

Those airport cameras tracking your face may not be legal

Foreign visitors who leave the United States from certain airports also have their faces scanned before they board. Airports and airlines are piloting different versions of the biometric program, but at Dulles, travelers have their pictures taken with iPads installed at departure gates. The image is then compared with a “gallery” of images pulled from DHS records, including passport or visa photos of all travelers on the flight. If the images match, the screen flashes green, and the person is allowed to board. If there is a mismatch, the screen flashes red, and the person may be pulled aside for additional screening.

Scans of children younger than 14 are not required. Airlines and airports do not have access to either the stored images or the ones taken at the gate, officials said.

'I have mixed feelings'

A recent demonstration of the technology on an SAS flight bound for Copenhagen showed how quickly it can move passengers from the gate to the plane. For now, gate agents must manually review passports. Eventually, though, only a facial scan will be needed to board.

Tad Siembida, 73, watched skeptically as other passengers used the system.

“I have mixed feelings,” he said. “It’s like GPS knowing where I am. You lose your privacy, and I like my anonymity.”

Nevertheless, the retired postal worker from Ohio relented.

“At my age, they probably have all kinds of information on me anyway,” he said with a shrug.

CBP Commissioner Kevin McAleenan explained how the technology improved boarding at the Los Angeles airport: Officials were able to load an A380 with more than 350 passengers in less than 20 minutes — half the time it would normally take.

“Facial recognition and the capability that it provides is really the next step,” McAleenan said. “It’s user-friendly, it’s fast, it’s flexible, and it’s cost-effective, and we believe it will change the face of international travel both in the boarding process and in the speed and security of international arrivals.”

Officials said photos of U.S. citizens are deleted once their identity has been confirmed. With noncitizens, photos taken when they arrive are stored in CBP’s system for 75 years. Photos taken when they depart are deleted after 14 days.

But critics who have watched the rapid deployment of the technology say there are trade-offs for that convenience. Once the system is in place, they say, there are no guarantees that it won’t be expanded.

“We need to take a step back because there will be consequences that we might not think about unless we sit down and have a meaningful discussion,” said Scott, of the Electronic Privacy Information Center.

There also are questions about the legality of collecting biometric information from U.S. citizens.

A study last year by researchers at Georgetown University Law School’s Center on Privacy and Technology noted that while Congress has passed legislation authorizing the collection of biometric data from noncitizens, it has never explicitly authorized the collection of that information from citizens.

“If Congress had wanted to tell DHS to collect Americans’ biometrics at the border, it could easily have done so,” the report’s authors wrote. “It never has. Without explicit authorization, DHS cannot and should not be scanning the faces of Americans as they depart on international flights, as it is currently doing.”

It’s also unclear whether the scans are more effective than the previous system that used data from passports and other travel documents to identify people. A 2014 study by the Immigration Task Force of the Bipartisan Policy Center said biometric exit records “offer mixed value” for the government’s efforts to crack down on travelers who overstay their visas.

The Georgetown report noted that the scans are less effective at correctly identifying people depending on their race or gender and said that Homeland Security’s own data found that the system rejected as many as 1 in 25 travelers — even though they had valid travel documents.

CBP officials say their system is able to match travelers who have photographs in existing government databases in less than two seconds 99 percent of the time.

“We are not seeing any bias on say, ethnic differences, gender differences,” said CBP’s Wagner. “We are not seeing any noticeable bias.”

And then there is the worry about how the information is used.

“Even if they’re pitching it every two weeks, it’s a very ripe set of data that can be misused,” Schwartz said. “They say it’s for catching people for using fake IDs, but it could be very tempting to expand the system.”

Schwartz said it is important to remember that DHS is focused on security.

“It’s not their mission to protect our privacy,” he noted.

Privacy advocates like Schwartz and Scott said officials should put off expanding the program until there is more discussion about its implications.

CBP is undergoing the federal rulemaking process that would allow members of the public to comment on the system’s deployment.

The agency has found bipartisan allies in Congress, including Sens. Edward J. Markey (D-Mass.) and Mike Lee (R-Utah) who in letters to DHS Secretary Kirstjen Nielsen urged the agency to go through the formal rulemaking process.

“We believe this formal rulemaking will provide DHS with an opportunity to address the concerns previously raised by us as well as other stakeholders, including airlines, airports, and privacy advocates,” Markey and Lee wrote. “It will also ensure a full vetting of this potentially sweeping program that could impact every American leaving this country by airport.”