The Department of Homeland Security has posted the latest update to a series of Privacy Impact Assessments attempting to whitewash the invasions of privacy and human rights inherent in a comprehensive system of automated facial identification of travelers.

The latest PIA reveals more than the DHS has previously admitted about the nature and scope of its planned use of automated facial ID technology.

The DHS plans to use image data aggregated from commercial surveillance systems operated by airlines and airports, as well as DHS cameras, including non-obvious cameras, to identify air travelers (including both domestic and international travelers), international ferry and cruise passengers, and travelers crossing US land borders in vehicles or on foot.

Automated identification of travelers based on facial images would be used as the basis for who is, and who is not, allowed to travel, based on travel histories and algorithmic “risk assessments” that form the US counterpart of, and predecessor to, China’s control of  travel and other activities through facial recognition and “social credit” scoring.

The latest PIA makes a variety of claims about how the risks to privacy and human rights inherent in this scheme will purportedly be “mitigated”. Some of these “reassurances” are implausible, while others are already contradicted by the facts on the ground. And none of them would cure some of the ongoing violations of Federal law in current DHS practices.

Data collection and retention by travel companies:  Collection of facial photos by third parties such as airlines and airport operators, when they could be collected directly by DHS, violates the Privacy Act: “Each agency that maintains a system of records shall collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual’s rights, benefits, and privileges under Federal programs”, which include the right to travel by Federally-licensed common carrier.

Requiring travelers to provide information — names, ID numbers, photos, etc. — to airlines or other travel companies, as a condition of travel, gives travel companies a free ride. They gat to use this valuable personal information for their own purposes such as profiling and personalized pricing, while blaming the government for mandating its collection.

In response to our objections about this, the latest PIA includes the following new claim:

CBP is developing business requirements with its airline, airport authority, and cruise line partners that will specify that the partners must immediately delete the photos, captured for the purpose of identity verification through the TVS [Traveler Verification Service], as soon as the photos are transmitted to the TVS. In addition, any associated partner IT system must provide a method for CBP to audit compliance with this requirement.

But this is all worded in the future tense, suggesting that there was no “privacy by design”  and that existing agreements (if any) between the DHS and its travel industry partners don’t yet restrict commercial use of personal data collected for DHS use.

There’s no evidence that any such agreements are yet in place. In July of 2018, we requested copies of any such agreements. More than four months later, we’ve received none.

We won’t hold our breath for the DHS to put such restrictions in place any time soon. Airlines have been required to collect identifying information about all domestic and international air travelers — including names, passport or ID numbers, and dates of birth — for more than a decade. Despite our repeated objections to this at every stage, the DHS has yet to impose any restrictions on commercial use of this data by travel companies.

The latest PIA repeats the DHS “big lie” that airlines have no interest in retaining photos of travelers or using them for their own purposes. But this is belied by the fact that these photos are already being used by airlines for check-in and other functions.

According to the PIA, “As of the publication data of this PIA, no airline or airport authority had communicated to CBP any plans to capture and retain biometric data at the departure gate for its own purposes.” Airlines may not have officially notified CBP of their plans, and have no obligation to do so. But they have made their plans and current practices explicit, including in joint industry events with CBP and other DHS officials.

CBP and TSA officials are certainly aware that airlines and airport operators are already capturing and retaining facial images at check-in and departure gates for their own purposes, and plan to expand these practices. DHS “big lie” claims to the contrary, in the latest PIA and other propaganda, are knowingly false and made in patently bad faith.

As travel companies expand their demands for personal information as a condition of transportation, it becomes ever more important to determine what restrictions are placed on such demands by common carrier laws and by Constitutional and international provisions recognizing the right to freedom of movement and travel.

Notice and opt-out: In another attempt to ameliorate our criticism, the latest PIA claims that US citizens aren’t currently being required to submit to mug shots:

U.S. citizens who do not wish to provide a facial image to CBP may opt out of this requirement and request alternative processing by seeing a CBPO. For the CBP-TSA technical demonstration, TSA and CBP allow travelers to decline to participate and proceed with normal TSA processing.

This is contrary to what we’ve observed at many airports, where line-minders (employed by airlines, airports, or unidentified third-party contractors) routinely tell arriving international travelers that they are required to show a photo receipt from one of the APC kiosks before they are allowed to approach any of the inspection stations or CBP staff.

No copies of opt-out notices are included in the PIA, and none are visible in any of the photos of mug-shot camera stations at departure gates. So far as we have seen, there are none.

The PIA claims that  collection of facial images has been approved, as required by the Paperwork Reduction Act, with OMB control number 1651-0138. But that approval was only for collection of information from “visitors” to the US, not from US citizens. And we challenge anyone to find a valid PRA notice, including that OMB control number and informing individuals about whether submitting to mug shots is required, at any airport. As applied to US citizens, the current biometric entry/exit program is in flagrant violation of the PRA as well as (as discussed above) the Privacy Act.

The difficulty of providing meaningful  notice or meaningful opportunity to opt out is obviously much greater when non-obvious cameras, or cameras also used for general area surveillance, are used to capture facial images for automated recognition.

According to the latest PIA:

CBP is increasingly employing technologies that do not require subjects to present their face directly to the camera.

Given this new focus, technology providers are continuing to refine their solutions to collect face images with minimal participation from the subject. While a more streamlined capture of facial images (rather than a “stop and look” approach) poses operational benefits to CBP, it also poses increased privacy risks since the individual may be unaware that their photo is being captured….

CBP  will continue to provide notice to travelers at the designated ports of entry through both physical and either LED message boards or electronic signs as well as verbal announcements in some cases to inform the public that CBP will be capturing the photos for identity verification purposes, and that U.S. citizens may currently request alternative processing from a CBPO, should they wish to opt-out of the biometric process.

But how will this actually work? If you hear an announcement or see a sign as you enter an airport that images of travelers may be used for automated facial recognition by the DHS, will that announcement or sign indicate how you can make your way to a CBP officer to “request alternative processing”  without having your photo already captured?

Will there be a marked, camera-free pathway from the airport entrance or arrival gate to a CBP officer for opt-out processing? There is none now, and there isn’t likely to be any. The ability to opt-out is almost certain to remain a sham, as it is now.

The DHS acknowledges that the problem will be even greater at land borders:

The Vehicle Face demonstration uses facial recognition devices at vehicle inbound and outbound lanes in order to capture the facial images of vehicle occupants “at speed” (under 20 mph) and biometrically match the new images against a TVS gallery of recent travelers….

For the vehicle at speed process, it is more challenging to ensure that drivers view the signs and are aware of the capture of their facial image; to address this issue, CBP provides both electronic and physical signs in visible locations prior to the port of entry’s vehicle infrastructure , as well as signs in each vehicle lane.

There is currently no such signage at any US land border crossing including the required Privacy Act and PRA notices and OMB control number, or indicating an “opt out” lane.

Will there be a camera-free opt-out lane in which a motorist or pedestrian can approach a CBP officer to ask to opt out, without already having their facial image collected? And for motorists, will the opt-out lanes be signed sufficiently far in advance  (“Use far right 2 lanes to opt out of mug shots”) to allow motorists to merge safely into them before the first cameras? We doubt it. And if there are any opt-out lanes, they will be deliberately under-staffed to punish travelers who opt-out by imposing additional gratuitous delays.

Let us know how it goes for you if you try to approach a CBP officer to opt out without already being photographed, or if you get copies or photos of opt-out notices, signs, or forms or Privacy Act or PRA notices distributed by DHS, airline, airport, or contractor staff at biometric check-in, arrival, or departure gates or land border crossings.