This week the Port of Seattle Commission — a special-purpose government body elected by the voters of King County, Washington, to administer both the Seattle-Tacoma International Airport and the maritime Port of Seattle — became the first airport operating or oversight body in the US to publicly discuss any policy for use of facial recognition and other biometrics to identify and track travelers.
Dozens of community members, technical experts, and members and representatives of local, national, and international civil liberties and human rights organizations including the Identity Project, the World Privacy Forum, the ACLU of Washington, the Japanese American Citizens League (JACL), Puget Sound Sage, the Seattle Privacy Coalition, cyber-security experts, and many others submitted written statements to the Port Commission or testified in person at the Port Commission meeting on December 10th in opposition to biometric tracking of travelers at Sea-Tac Airport and the Seattle cruise ship terminal.
The only testimony to the Port Commission in support of biometrics to identify travelers came from a representative of Alaska Airlines, who asked the airport to make available “common-use” biometric passenger identification infrastructure and systems that could be used by all airline tenants at Sea-Tac.
Contrary to some reports, the Port of Seattle Commission adopted neither a moratorium on current or additional deployments of biometric traveler identification systems at Sea-Tac and the Seattle cruise ship port, nor any binding rules for the continued or expanded use of biometrics.
Port Commissioners made explicit during this week’s public meeting that they have not yet made any decision on which current and/or proposed new or expanded biometric systems or uses, if any, or what regulations or contractual terms of airport leases to airline tenants related to biometrics the Port Commission will eventually approve.
The motion adopted by the Port Commission is a directive to Port staff who have approved years of biometrics deployments at Sea-Tac (including Automated Passport Control kiosks for biometric entry tracking of arriving international passengers) and the Seattle cruise ship port without, to date, any formal standards or meaningful assessment of their purpose, justification, or impact. The Port Commission has now ordered what amounts to a “do over” by Port staff:
Through this motion, a port working group is established to develop further recommendations governing port policy related to use of public-facing biometric technology.
This working group is to be composed of Port staff and operate in line with general principles, procedural guidelines, and a schedule included in the Port Commission motion.
Port staff are to “engage active participation from an advisory group [to be named later by Port staff] composed of community partners, travelers, maritime and aviation industry partners, and other impacted stakeholders”. The Port Commission will only then decide whether, and if so on what terms, the Port will allow continued and/or expanded use of biometric systems to identify travelers on Port premises. “Policy recommendations shall be delivered to the commission by the end of the first quarter of 2020…. The commission … expects a policy governing the use of public-facing biometric technology to be delivered to the commission by the end of the second quarter of 2020.”
As we explained in our written testimony to the Port Commission, and in person near the start of the public comment period at the Port Commission meeting on December 10th, there’s a malign convergence of interest between airlines’ desire to use facial recognition for business process automation and personalization, and government agencies’ desire to use the same systems for profiling, surveillance, and control of travelers.
The unfortunate result has been the development of integrated common-use systems of commercial and government biometric tracking.
Tracking (a/k/a surveillance) and profiling of travelers are explicit goals of these common-use systems. According to a position paper adopted in 2005 by the governing board of the Airports Council International (a “trade association” which includes both operators of private airports and the government agencies that operate almost all US airports with scheduled airline service):
The airport should provide the necessary know-how and flexibility to achieve the integration, automation and interoperability of security systems, based on biometric recognition technology. This technology should support smooth facilitation and passenger flow within the terminal. The goal of airport security systems should be to ensure unequivocal passenger identification and to monitor passenger movement from profiling / check-in, through to boarding at the corresponding gate.
These goals and expectations for interoperable biometric identification and tracking systems and infrastructure provided by airports for shared use by airlines and government agencies have been reflected in planning, budgets, and increasingly in construction and renovation of airports around the world for at least the last 15 years. Airlines, government agencies such as the US Department of Homeland Security and its counterparts abroad, and airport staff have long since come to take these goals and expectations for granted as a fait accompli that could be presumed to be part of the specifications for any new project.
In the US, airlines and cruise lines have “voluntarily” chosen to collaborate with Federal intrusions into travelers’ rights, because airlines have been given free use of the DHS facial matching service (“Traveler Verification Service“) for their own commercial purposes, in exchange for airlines’ operating the cameras, taking mug shots of travelers, and passing them on to the DHS. Many of the threats to privacy and civil rights are greatly amplified by this integration of government and commercial biometric systems.
Many of the questions asked by members of the Port Commission at its “study sessions” on September 10 and October 29, 2019, are the same ones that we asked in a Freedom Of Information Act (FOIA) request to US Customs and Border Protection (CBP) in July 2018, to which we have, to date, received no response. These and many other questions about what is already happening and what is planned with biometrics at Sea-Tac and other airports remain unanswered.
Airports have provided little information about their activities and plans for biometrics, despite their status in the US as government agencies subject to state and local public records and open meetings laws and their essential role as both landlords and providers of common-use infrastructure and services.
Both the DHS and airlines have offered only press releases and other non-binding “aspirational” claims, some of them of dubious truth value or directly contradicted by their official regulatory filings, statements in court, and/or practices at airports, and none of them supported by any binding laws or regulations.
But neither the DHS nor the airlines deserve our trust. The ways that the DHS is already using facial recognition at airports are in flagrant violation of Federal law. The systems in which airlines store personal data about travelers are grossly insecure.
The “principles” included in the Port Commission motion to guide the policy development process appear to have been derived, albeit with modifications, from principles recently put forward by the US Chamber of Commerce and by a coalition including the Airports Council International as part of the basis for industry lobbying against any moratorium on commercial use of biometric identification — lobbying in which airlines and airports (including public airport authorities) have taken a leading role.
It should already be clear that neither the current uses of biometrics to identify travelers at Sea-Tac, nor the new uses planned by airlines and the DHS, are consistent with the principles in the motion adopted this week by the Port of Seattle Commission.
But it’s also clear that the DHS and its airline partners think they will be able to mislead the Port of Seattle and “ethics-wash” their biometric invasion of passengers’ rights. An undated letter sent to the Port of Seattle Commission this week by the head of the CBP Office of Field Operations makes the preposterous and clearly unsupportable claim that “CBP agrees with the Port of Seattle’s biometric principles and finds they align fundamentally with CBP’s mission and approach.”
Delta Air Lines made a similarly outrageous and unsupportable claim in a statement to the Travel Weekly trade journal that its “biometrics program appears either to meet or exceed the guiding principles in the motion that the Port of Seattle adopted governing the use of biometrics technology…. [T]he technology adheres to high standards for data security and customer privacy.”
We’ll be watching closely to see how carefully the Port of Seattle reviews what airlines and the DHS actually do — not just what they say they do — and intend to do, what policies Port of Seattle staff recommend, and what action the Port Commission takes when it receives those staff recommendations in 2020.
As we told the Seattle Port Commissioners at their meeting on December 10:
An airport is, first and foremost, a public transit facility. Your first duty as its overseers is to ensure that all travelers are able to exercise what Federal law describes as “the public right of transit” by air.
We thank you for being the first airport authority in the country to consider this issue. But we urge you to take the time to get this right, to set the right precedent for other airports, and to work with us and other technical experts and community members to develop and impose meaningful, binding directives to protect the public.