A bill introduced yesterday in both houses of Congress would, at least initially, prohibit all or most current and planned use of facial recognition or other biometric identification at US airports and borders by the Transportation Security Administration (TSA) and US Customs and Border Protection (CBP).
The Facial Recognition and Biometric Technology Moratorium Act of 2020 was introduced by Sen. Edward Markey (D-MA) as S. 4084 and by Rep. Pramila Jayapal (D-WA) as H.R. 7356. The new bill has already been endorsed by a broad coalition of civil liberties organizations. Sen. Markey has been a leading Congressional critic of facial recognition at airports.
This Federal proposal, if enacted as introduced, would fill a significant gap in ongoing efforts to rein in facial recognition through state laws and local ordinances.
Several cities and states have passed laws “banning” facial recognition. But some of these are limited to use of facial recognition for “mass surveillance”, excluding one-to-one facial matching for identity verification. Others are limited to use of facial recognition by “law enforcement” agencies or officers, which at least arguably excludes the TSA and TSA contractors at “administrative” rather than “law enforcement” checkpoints.
State and local legislation could restrict use of facial recognition by operators or commercial airline tenants of airports owned by state or local authorities. That includes almost all airports with common-carrier airline service in the U.S.
But Federal law pre-empts regulation of airlines themselves, and state and local authorities lack jurisdiction over Federal agencies such as the TSA and CBP.
The Facial Recognition and Biometric Technology Moratorium Act of 2020 would make it unlawful for any Federal agency to “unlawful for “any Federal agency or Fderal official” to “acquire, possess, access, or use in the United States — (1) any biometric surveillance system; or (2) information derived from a biometric surveillance system operated by another entity,” without explicit statutory authorization meeting specified criteria.
According to the bill, “The term ‘Federal official’ means any officer, employee, agent, contractor, or subcontractor of the Federal Government.” So the bill would cover TSA contractors such as those who staff the checkpoints at San Francisco International Airport (SFO).
To prevent CBP from arguing that airports or ports of entry aren’t “in” the U.S., the bill defines “In the United States” as “including airports, ports of entry, and border zones.”
The prohibition on use of “information derived from a biometric surveillance system operated by another entity” would put an end to the use by the TSA or CBP of images from cameras operated by airlines or airports, as well as images from Automated Passport Control kiosks (owned and operated by airports or contractors) or the Mobile Passport Control smartphone app operated by a CBP contractor.
As noted above, any or all of these uses of biometrics would be permitted if explicitly authorized by Congress in a manner meeting criteria specified in the bill. There is currently no explicit authorization in Federal law for any use of facial recognition or other biometrics by the TSA or TSA contractors. There is limited authorization for use of biometrics by CBP for non-US citizens departing from the US, but not for US citizens. And the laws cited by CBP as providing authority for its biometric exit regulations for aliens don’t appear to satisfy the criteria in the new bill.
The chances for passage of the Facial Recognition and Biometric Technology Moratorium Act are uncertain. The bill could be amended to carve out exceptions for airports, borders, the TSA, and/or CBP. Even if the bill is enacted, Congress could pass explicit enabling legislation for use of biometrics by TSA, CBP, and/or their contractors and airline and airport “partners”. But this bill is an important indicator of what needs to be done to close the gap in regulation of biometrics left by exclusive Federal jurisdiction over airline travel.