Mar 23 2015

Smile for the camera, citizen!

The Department of Homeland Security is extending its photography of travelers at US border crossings, ports, and international airports from foreign nationals to US citizens entering and leaving our own country.

On January 5, 2004, under an “interim final rule” for the “US-VISIT” program effective the same day it was published in the Federal Register, agents of US Customs and Border Protection (CBP) began fingerprinting and photographing foreign visitors on their arrival and again on their departure from the US.

At first, only those foreign citizens who required visas to enter the US were given this treatment.  A few countries. starting with Brazil, took this as a sign of their “least favored nation” status with the US government, and reciprocated by photographing and fingerprinting US citizens arriving in and departing from their countries. Many other countries didn’t take things quite so far, but partially reciprocated to the extent of increasing their visa or entry fees for US visitors, or imposing new fees where entry for US tourists had been free, to match the US$135 minimum fee for a tourist or transit visa to the US for citizens of most other countries.

On August 31, 2004, under yet another “interim” rule effective the same day it was published, fingerprinting and photography at US airports and borders was extended to citizens of countries in the US “visa waiver program”.

For the third phase of expansion of US-VISIT fingerprinting and photography of border crossers, the DHS published a notice of proposed rulemaking in 2006, giving organizations and individuals a chance to object before the rules were finalized. But the numerous objections, including ours, were ignored. In December 2008, the DHS promulgated a final rule extending the fingerprinting and photography of visitors to all non-US citizens, including permanent US residents (green-card holders).

Now, without bothering to propose or finalize any new regulations, DHS has announced through a non-binding “Privacy Impact Assessment” (PIA) posted on its website that CBP is already conducting a “Facial Recognition Air Entry Pilot” program under which some unspecified fraction of US citizens entering the US by air are being required to submit to facial photography by CBP agents:

U.S. citizens with U.S. e-passports arriving at air ports of entry testing the technology may be selected to participate in the pilot at port discretion. Individuals that are selected do not have the option to opt out of this process.

Facial recognition software is being used to compare the photos to the digital photos stored on the RFID chips in US citizens’ passports, and to assign a score indicating the robot’s “confidence” that the photo in the passport and the photo taken at the airport depict the same person. “The facial recognition system is a tool to assist CBPOs [CBP officers] in the inspection process.”

The selection is supposedly random, but there is no specified limit on how large the percentage of US citizens subjected to this requirement might be:

Supervisory CBPOs (SCBPO) will set the standard for the random selection criteria and have discretion to change the criteria as needed. For example, the SCBPO may choose to select every fifth traveler but may change to every third or every seventh traveler at his or her discretion.

DHS has a history of prolonging and expanding “tests” as cover for de facto full implementation of controversial requirements. There’s nothing in this PIA to rule out the extension of the “pilot” program to nine out of ten arriving US citizens, or 99 out of 100.

Disturbingly but characteristically, DHS suggests that US citizens returning to our own country can be required to do whatever is necessary to “satisfy” CBP officers:

A person claiming U.S. citizenship must establish that fact to the examining [CBP] officer’s satisfaction [emphasis added] and must present a U.S. passport or alternative documentation as required by 22 CFR part 53. If such applicant for admission fails to satisfy the examining immigration officer that he or she is a U.S. citizen, he or she shall thereafter be inspected as an alien.

There are contradictory claims in the PIA that this is only a test and the results will not be used as the sole basis for any decision-making or adverse action, and that submission by citizens is required because the results of the robotic scoring of photographic “matches” is essential for law enforcement and security:

CBPOs will neither use the facial recognition technology output as the sole basis for whether to admit an individual into the United States nor [to] send an individual to secondary inspection….

Requiring CBP to obtain an individual’s consent prior to the collection, use, dissemination, and maintenance of these photos would compromise enforcement operations, and would interfere with the U.S. government’s ability to identify possible imposters attempting to enter into the U.S. and to protect its borders, thereby lessening the overall security of the United States.

In practice, of course, no CBP officer will risk letting any citizen flagged by the facial-recognition algorithms as a “possible non-match” go on their way without referring them to secondary inspection, i.e. more intrusive search and/or interrogation.

We’ve heard stories about this sort of thing from other countries that restricted their citizens’ movements. Visitors whose current appearance didn’t match the photo in their passport closely enough have been being required to shave their beard or cut their hair on the spot to show that they were the same person as was depicted in their passport.

Will these same intrusions on citizens’ rights become the new normal in the USA — this time on the basis of snap judgments by robots instead of by border guards?  And will US citizens returning from abroad submit to this nonsense?

In its PIA, the DHS tries to reassure us that the database of photographs of travelers compiled through this “pilot” program won’t be shared with other agencies, and will be purged after the “pilot” is over. But the “pilot” is more likely to be extended indefinitely, and eventually made officially permanent, than actually to be terminated on schedule.

And the likelihood is that the temptation to use this photo library for other purposes will prove irresistible, regardless of any current disclaimers of such intent, or the lack of legal authority for such new uses.

A clear example of this dangerous tendency comes from the states, which are the custodians of the largest current aggregation of personally-identified government photos of US citizens in the form of drivers license and state ID photos.

As we’ve noted, the key goal of the REAL-ID Act of 2004 is to induce states to link their drivers license and state ID databases, including “biometrics” in the form of facial images, to an interstate hub operated by a private contractor that will enable all states’ photo and ID databases to be searched with a single query, as though they were a single distributed database.

As with the latest expansion of US-VISIT entry and exit photography to US citizens, and as has been pointed out in recent state legislative testimony by our friend Jim Harper of the Cato Institute (and who’ll be moderating the panel we’ll be on at Cato on May 11th), the REAL-ID Act is being implemented through “notices” posted on DHS websites, rather than through rules published in the Federal Register.

States aren’t waiting for legal authorization to implement the REAL-ID Act any more than DHS is likely to wait for legal authorization to retain, use, and share border crossing photos.  EFF, for example, has discovered that an obscure California law enforcement advisory committee has been scheming to get California to link its drivers license and state-ID database, including photos, to a privately-operated interstate hub. This data-sharing juggernaut continues despite repeated, explicit written reminders to this committee from the California Department of Motor Vehicles that the DMV does not and cannot support such use of the photos, and that it would violate California law.

The next meeting of the California state law enforcement advisory committee considering this bad idea is this Wednesday, March 25, 2015. You can send a message to California authorities opposing this plan, and supporting the longstanding official opposition of the DMV, through the EFF website.

3 thoughts on “Smile for the camera, citizen!

  1. Pingback: 1 – Smile for the camera, citizen |

  2. Pingback: DHS aggregating commercial biometric data and position logs – Papers, Please!

Leave a Reply

Your email address will not be published. Required fields are marked *