[US Senator Jeff Merkley films the signage and what happens when he opts out of facial recognition at the TSA checkpoint at Reagan National Airport]
Attempts by airlines, airports, and government agencies to make facial recognition mandatory for air travel, while pretending that it is “optional” or based on “consent”, are being challenged in both the United States and the European Union.
In the US, the Transportation Security Administration continues to tell Congress and the public that it is “testing” facial recognition and that mug shots are optional for air travel.
But Senators continue to question whether, as the TSA claims, this is really a “field demonstration” or actually a phased rollout, and whether, “Providing this information is voluntary.”
The latest in a series of increasingly skeptical letters to the TSA from groups of US Senators was sent in February of this year, asking questions including these:
- How are travelers notified of their right to opt-out of facial recognition?
- What are the effects on a traveler who chooses to opt-out of facial recognition?
- Under TSA’s current system, do travelers who choose to opt-out face any additional consequences or additional screenings, pat-downs, interrogations, or even detention, beyond what they would have encountered at a non-facial recognition airport?
If the TSA provided these Senators with any answers, they haven’t been made public. But it seems likely that any response from the TSA was unsatisfactory, since a month after this letter was sent, some of these same Senators and others, along with members of the House of Representatives, reintroduced a bill (S. 681 and H.R. 1404) first introduced in the previous session of Congress that would outlaw use of facial recognition by Federal agencies except with explicit statutory authorization which the TSA lacks.
The “Facial Recognition and Biometric Technology Moratorium Act of 2023” has yet to be considered by either the House or the Senate. But in the meantime, Senator Jeff Merkley (D-OR)has been opting out of facial recognition when he flies home to Portland, filming what happens at the TSA checkpoint, and posting the videos on YouTube.
TSA policies are expressed in “standard operating procedures” (SOPs) for checkpoint staff that the TSA refuses to make public. So except to the extent that the SOPs have been leaked or inadvertently released by the TSA itself, this sort of observation-based reverse engineering is the best available evidence of de facto TSA policies and procedures.
On his first tests of TSA signage and practices, Sen. Merkley found that there were no signs at the TSA checkpoint at Reagan National Airport telling travelers that mug shots were optional. After he posted video of the lack of signage, some signs were added — but with notices about facial recognition buried in fine print and not next to the mug shot cameras.
TSA staff told Sen. Merkley that opting out of TSA mug shots would result in “significant delay” in his passage through the TSA checkpoint, and detained him (although seemingly only briefly), contrary to what the TSA claims is supposed to happen.
In his latest video posted this week, Sen. Merkley encourages air travelers to film the signage or lack of signage at TSA checkpoints and what happens when they opt out of facial recognition:
Know that you can refuse to use facial recognition technology at the airport and you should be easily accommodated by an agent checking your physical ID….
You ARE allowed to take photos and videos at a security checkpoint.
The Algorithmic Justice League is also collecting reports from travelers about facial recognition at TSA checkpoints, including signage and consent (or the lack thereof).
It’s a sad day when a member of the US Senate has to enlist the help of members of the public to find out whether a Federal agency is lying to Congress and the public about its practices. But the TSA has earned our mistrust and that of Congress. We commend Sen. Merkley for his skepticism and for judging the agency by what it does and not what it says.
Meanwhile, in the European Union, a complaint has been brought against the airline Ryanair for requiring either facial images or earlier check-in from certain passengers.
While this complaint has been made under EU law, it’s significant as the first complaint against an airline anywhere in the world, so far as we know, for requiring for requiring passengers to provide mug shots or imposing additional burdens on those who opt out.
As we’ve noted before, there’s a malign convergence of interest between airlines, airport operators (public or private), and law enforcement agencies in tracking and control of air travelers. In practice, it’s often impossible to tell whether cameras — including those used for automated facial recognition — are being operated by the airline, the airport, or the police, or are part of a common-use shared surveillance-as-a-service infrastructure. In such cases, there’s no meaningful distinction between a requirement for passenger mug shots imposed by a common carrier that shares photos with the government and a mug shot requirement imposed and carried out directly by a government agency.
The complaint against Ryanair under EU law also has implications for US travelers and US airlines. Most major US and international airlines operate flights, sell tickets, and/or collect personal information in the EU and are thus subject, in at least some of their operations, to EU data protection laws. If they can respect their European customers’ rights, they could — and should — afford their US customers those same rights.