Feb 07 2020

The nightmare of airport facial recognition

[TSA Biometrics Roadmap, September 2018. Note that face ID will be used for all air travelers and that all use of physical ID credentials is “phasing out” in favor of facial recognition and digital tokens on mobile devices.]

[IATA airline vision for shared use of facial recognition by governments, airlines, and airports]

The ACLU has released an important white paper on airport facial recognition by ACLU senior policy analyst Jay Stanley. Citing some of our previous reporting and analysis, the ACLU white paper focuses, appropriately, not so much on the details of current use of facial recognition at airports, but on where governments and the aviation industry — who share a an explicitly-recognized interest in common use of facial recognition — say it will lead if we don’t stop them.

Driving the dystopian trend called out in the ACLU white paper is the malign convergence of interest between governments that want to use facial recognition and other techniques of compelled and automated identification for surveillance and control of travelers’ movements, and airlines, airports, and other businesses that want to share use of the same identification systems and data for business process automation and commercial tracking and profiling of travel customers.

Below are some key excerpts, but we encourage you to read the full ACLU white paper:

Customs and Border Protection’s new airport face recognition system has attracted a lot of attention and criticism, most recently last month when the agency backed away from suggestions that it would make the program mandatory for American citizens….

CBP officials argue that this program doesn’t involve mass surveillance. But CBP’s program still involves the mass collection of photographs of the general public….

The biggest harm from this program, however, is likely to come from the investment that it represents, the precedent it sets, and the path it puts us on as a society.

And where that path leads is a nightmare. It hardly takes a paranoid flight of fancy to foresee this program morphing into something far more comprehensive and dystopian — a world where face recognition is used throughout our public spaces to scrutinize our identity, record our movements, and create a world where everyone is constantly watched….

DHS and the aviation industry as a whole have a sweeping vision of expanded use of face recognition in the air travel context, and the government itself has already laid out — and begun following — a very specific, clear, and well-defined pathway for how the current program leads to a much broader implementations of face surveillance at the airport. And from there, it will be poised to expand far beyond the airport.

Here is what that pathway looks like:…

Read More

Dec 17 2019

Airports of the future: surveillance by design

As we’ve seen in the ongoing debate over biometric identification of travelers at Sea-Tac Airport, and as we’ve seen before elsewhere, airlines and government agencies want to pretend that each of their initiatives to identify and track travelers is a discrete, limited project, not part of any common agenda for government and commercial surveillance.

Don’t believe a word of this soothing blather. These measures are part of a conscious, deliberate, and (in their internal communications) explicit plan to deploy pervasive, integrated common-use infrastructure and data sharing for government and commercial identification and tracking  purposes throughout airports and each step of an air traveler’s journey. The airline/airport/government consensus is on surveillance by design, not privacy by design.

Here’s our latest glimpse at the real thinking behind the curtain of propaganda: The leading provider of communications and IT infrastructure and services for air transportation has a guest commentary of end-of-the-year predictions for “airports of the future” on an industry news site:

Airports of the future: SITA’s 10 predictions for the next decade
by Benoit Verbaere, business development director, SITA
Passenger Terminal Today, December 12, 2019

Air transport IT provider SITA has unveiled 10 bold predictions about the technology shaping how passengers will move through the airport of the future. Benoit Verbaere, business development director, SITA, predicts major change in almost every aspect of the airport experience….

Security will be integrated into a frictionless journey.

Over the next decade, going through security will mean walking along a corridor…. Passengers and their bags will be recognized automatically as they go through automated checkpoints. Hard checkpoints will be replaced by sensor corridors….

In future airports, risk will be constantly assessed by specialist artificial intelligence (AI), using the passenger’s digital identity…. [G]overnments… will use automated collaborative systems to approve – or, in some cases, not approve – the various steps of the journey….

Everything will have tags: people, bags and cargo. And they will be tracked throughout their entire journey, whatever mode of transport they are using…

The airport will be highly connected.

Our new era of connected airports will be driven by increasingly cheap sensors, less dedicated hardware and new data lakes, fed by every device….

Across every single journey, there are 10 or more different entities that are responsible for making the trip a reality. The only way to collect all the data to make this journey seamless is through close collaboration between everyone working at an airport: the airport itself, airlines, government agencies, ground handlers, restaurants, and shops. We also need collaboration across the entire ecosystem of connected airports….

The fast and frictionless journey to, and through, the airport will make some current revenue streams, for example, parking, weaker or obsolete. Airports will, therefore, need to find new ways to augment the travel experience to replace them. Personalization will be the key….

The future of airports lies in connected, highly-intelligent and efficient operations that offer passengers …  frictionless travel and rich, personalized experiences. Today’s … operational silos will dissolve, resulting in data sharing.

Is this point of view an outlier? No, just the opposite: SITA is jointly owned by airlines, and its agenda expresses its owners’ common agenda and the industry consensus.

SITA is a unique airline joint venture created by its airline owners to provide shared, common-use communications and IT infrastructure and services. SITA messaging has been for decades, and remains, the industry standard for reservations and operational communications between airlines, airport operators, contractors, and — increasingly — government agencies. Today most SITA messages are sent and received by ‘bots, via APIs, or through e-mail gateways, but airline and airport operations staff still have SITA addresses on their business cards along with, or instead of, e-mail addresses.

None of these predictions are new or considered controversial by airlines, airport operators, government agencies, and service providers including SITA and its competitors. Nor is this vision seen as dystopian — those who hold these views see the ability of governments and commercial entities to track each passenger in real time, and to seamlessly share data about travelers identities and movements between airlines, airports, and government agencies, as their utopia.

If we do not resist its implementation, this vision will be the future of travel.

Dec 12 2019

Port of Seattle to develop policies on use of biometrics to identify travelers

This week the Port of Seattle Commission — a special-purpose government body elected by the voters of King County, Washington, to administer both the Seattle-Tacoma International Airport and the maritime Port of Seattle — became the first airport operating or oversight body in the US to publicly discuss any policy for use of facial recognition and other biometrics to identify and track travelers.

Dozens of community members, technical experts, and members and representatives of local, national, and international civil liberties and human rights organizations including the Identity Project, the World Privacy Forum, the ACLU of Washington, the Japanese American Citizens League (JACL), Puget Sound Sage, the Seattle Privacy Coalition, cyber-security experts, and many others submitted written statements to the Port Commission or testified in person at the Port Commission meeting on December 10th in opposition to biometric tracking of travelers at Sea-Tac Airport and the Seattle cruise ship terminal.

The only testimony to the Port Commission in support of biometrics to identify travelers came from a representative of Alaska Airlines, who asked the airport to make available “common-use” biometric passenger identification infrastructure and systems that could be used by all airline tenants at Sea-Tac.

Contrary to some reports, the Port of Seattle Commission adopted neither a moratorium on current or additional deployments of biometric traveler identification systems at Sea-Tac and the Seattle cruise ship port, nor any binding rules for the continued or expanded use of biometrics.

Port Commissioners made explicit during this week’s public meeting that they have not yet made any decision on which current and/or proposed new or expanded biometric systems or uses, if any, or what regulations or contractual terms of airport leases to airline tenants related to biometrics the Port Commission will eventually approve.

The motion adopted by the Port Commission is a directive to Port staff who have approved years of biometrics deployments at Sea-Tac (including Automated Passport Control kiosks for biometric entry tracking of arriving international passengers) and the Seattle cruise ship port without, to date, any formal standards or meaningful assessment of their purpose,  justification, or impact. The Port Commission has now ordered what amounts to a “do over” by Port staff:

Through this motion, a port working group is established to develop further recommendations governing port policy related to use of public-facing biometric technology.

This working group is to be composed of Port staff and operate in line with general principles, procedural guidelines, and a schedule included in the Port Commission motion.

Port staff are to “engage active participation from an advisory group [to be named later by Port staff] composed of community partners, travelers, maritime and aviation industry partners, and other impacted stakeholders”. The Port Commission will only then decide whether, and if so on what terms, the Port will allow continued and/or expanded use of biometric systems to identify travelers on Port premises. “Policy recommendations shall be delivered to the commission by the end of the first quarter of 2020…. The commission … expects a policy governing the use of public-facing biometric technology to be delivered to the commission by the end of the second quarter of 2020.”

As we explained in our written testimony to the Port Commission, and in person near the start of the public comment period at the Port Commission meeting on December 10th, there’s a malign convergence of interest between airlines’ desire to use facial recognition for business process automation and personalization, and government agencies’ desire to use the same systems for profiling, surveillance, and control of travelers.

The unfortunate result has been the development of integrated common-use systems of commercial and government biometric tracking.

Read More

Dec 05 2019

DHS postpones plan for mug shots of innocent US citizen travelers

Press releases issued today by US Customs and Border Protection (CBP) and Sen. Edward Markey suggest that CBP and its parent agency, the Department of Homeland Security (DHS), have cancelled or postponed, at least for now, their plans to require mug shots of all US citizens leaving, or returning to, the US.

But rather than admit that it has partially backed down or postponed some of its most offensive and intrusive plans in the face of public and Congressional outrage, CBP has sent reporters a statement alleging that our report breaking the story and others that followed contained “incorrect claims” about CBP plans:

We stand by our story.

Until this Monday, when we called attention to the official DHS/CBP notice, the officially-approved and officially-stated intent of the DHS and CBP was to propose rules requiring U.S. citizens on international flights to be photographed.

If “there are no current plans” for mandating mug shots of US citizens, that’s becuuse DHS and CBP plans changed this week in response to public and Congressional outrage and the likelihood that pursuing these plans now would derail DHS and CBP hopes for approval of its current facial recognition programs by airport authorities such as the Seattle Port Commission, which will consider the issue next Tuesday (and which had been misleadingly told by the CBP official responsible for the planned rulemaking that facial recognition would not be mandatory for US citizens).

The official DHS/CBP notice of planned rulemaking meant what it said. It was issued through a formal process of agency review. It wasn’t  a typo, a mistake, or issued by a “rogue” employee.

We vigorously contest the CBP assertion that our story contained any “incorrect claim”.

Such DHS and CBP allegations, in response to truthful reporting, only further discredit the DHS and CBP, and lower whatever little credibility they may have had.

Was this a trial balloon to find out whether the DHS had finally reached the limits of our willingness to be treated like criminals whenever we fly? And if so, has the DHS partially backed off, at least for now? Maybe.

Read More

Dec 03 2019

Seattle Port Commission to consider rules for airport facial recognition

We’ll be in Seattle on December 10, 2019, to give public comments (see our detailed written testimony submitted in advance) at a meeting of the Port of Seattle Commission concerning a proposed resolution on use of facial recognition by airlines at the Seattle-Tacoma International Airport (SEA).

This will be the first time that any operator of a US airport has publicly considered any policies to govern use of facial recognition by airlines or on airport property.

The public authorities that operate almost all major US airports have a key role to play in oversight of traveler surveillance systems deployed on their premises by their tenants.

Read More

Dec 02 2019

DHS plans to require mug shots of U.S. citizen travelers

Buried in the latest Fall 2019 edition of an obscure Federal bureaucratic planning database called the Unified Agenda of Regulatory and Deregulatory Actions is an official notice from the U.S. Department of Homeland Security (DHS) that:

To facilitate the implementation of a seamless biometric entry-exit system that uses facial recognition … DHS is proposing to amend the regulations to provide that all travelers, including U.S. citizens, may be required to be photographed upon entry and/or departure [to or from the U.S.].

According to the “Unified Agenda”, the DHS plans to publish a “Notice of Proposed Rulemaking” (NPRM) in approximately July 2020 to make mug shots mandatory for U.S. citizens leaving  or returning to the U.S.

The laws cited in the “Unified Agenda” as providing the statutory basis for the proposed rule pertain to searches of aliens (non-U.S. citizens) and the obligation for U.S. citizens entering or leaving the U.S. to have U.S. passports (a requirement of questionable and largely untested Constitutionality). It’s not obvious how the DHS will twist this into purported authority to require mug shots of all U.S. citizens who travel internationally.

The DHS has already given notice of its intention to solicit bids for systems to capture photos of all air travelers, including U.S. citizens, and is working with airlines and airports on schemes to share the photos, so that airlines and airports will be able to use data collected under government coercion for their own commercial business-process-automation and price-personalization purposes.

In November 2019, the U.S. Customs and Border Protection (CBP) component of DHS declared that its “test” of facial recognition on travelers crossing the US-Mexico border on foot had become a “permanent fixture” at certain pedestrian border crossings.

Meanwhile, the DHS continues to try to reassure travelers by claiming that U.S. citizens can and will be able to opt out of being photographed at airports or land border crossings — even though we continue to get reports, as we have told DHS officials directly, from travelers who were told by U.S. Customs and Border Protection officers and/or by line-minders at airports and borders that photography is mandatory .

Can you opt out? All current statutory and regulatory provisions for biometric entry and/or exit are explicitly applicable only to non-U.S. citizens. They provide no legal basis for photography of U.S. citizens leaving or returning to the U.S. But current law also provides no guarantee of a right for U.S. citizens to opt out, and no specification of procedures for opting out or for redress for U.S. citizens who aren’t allowed to opt out. That will all become moot if the DHS succeeds in promulgating regulations requiring all travelers to submit to mug shots, the courts uphold them, and travelers acquiesce.

Just say no.

Aug 28 2019

Public/private partnerships for travel surveillance

In preparation for the annual Future Travel Experience – Global conference next month in Las Vegas, which will include tours of the TSA’s prototype biometric checkpoint and a “Biometrics Summit” featuring joint presentations by the TSA, CBP, and their partners, both the DHS and its airline, airport, and industry partners (Part 1, Part 2) have released new previews of their plans for collaboration in surveillance and control of air travel through automated facial recognition.

As we’ve noted before, one of the more significant lies being told by the US Department of Homeland Security about its plans for increased surveillance and tracking of travelers is  that airlines and airport operators have no commercial interest in retaining or using facial images and other biometric data collected on behalf of DHS components including the TSA and CBP.

In reality, airlines and airport operators are eager to share facial recognition insfrastructure (cameras, kiosks, etc.) and data with the DHS. Airlines, airports, and the DHS all see this collaboration as fundamental to their plans to transform the airline and airport passenger “processing” experience through a panopticon of shared-use biometric ID systems.

According to a  two-part post in the Future Travel Experience conference blog (Part 1, Part 2), “Biometric technology is expected to play a key role in shaping the seamless passenger experience of the future.”

One of the briefings at the FTE Global 2019 Biometric Summit will be given by CBP’s “Director of Entry/Exit Transformation”, who described his mission as “developing U.S. biometric entry/exit system through private sector partnerships”.

Some of the airline and airport executives quoted in the FTE blog post have begun to argue that airline passengers should be allowed to opt out of biometric identification. But there’s no mention of how that would work or how long those who opt out would be delayed.

The FTE blog post also notes that:

[A]s the use of biometrics is becoming more widespread and the technology is advancing quickly, there have been rising concerns around privacy and data security from a civil rights point of view. For instance, San Francisco became the first US city to ban facial recognition technology as part of an anti-surveillance ordinance, though the ban doesn’t affect federal agencies, such as San Francisco International Airport.

This claim that SFO is a Federal agency exempt from San Francisco legislation is wishful thinking on the part of proponents of biometric surveillance and control of air travelers. While SFO is located in unincorporated San Mateo County, the land and buildings are owned by the City and County of San Francisco and operated by an instrumentality of the City and County of SF. The San Francisco ordinance applies to all City and County departments, including SFO.

Most other major airports are, like SFO, operated by state, county, or municipal governments and/or by other public or publicly-chartered entities subject to state and local public records laws and accountable, at least in theory, to state and local elected officials. These entities could, and should, prohibit any use of automated facial recognition on their property or by their lessees or contractors. Only Federal agencies themselves could escape the jurisdiction of such conditions on use of airport property.

Contradicting the public claim that airlines and airports have no interest in using biometric data shared with CBP, the FTE blog says that, “CBP’s view is that we will see further expansion into other aspects of the travel continuum, such as bag drop, international boarding and improved arrival process.” And of course a CBP spokesperson also tells the FTE blog that, “This is not a surveillance programme .”

Meanwhile, the DHS has released a Privacy Impact Assessment for the Travel Document Checker Automation Using Facial Recognition to be tested and first deployed at LAS airport, with its unveiling to attendees of the FTE Global 2019 conference.

The PIA acknowledges, in a footnote, that, “For passengers who are unable to present verifying identity documentation, TSA offers an alternative identity verification process in which passengers answer knowledge-based questions.” But the PIA ignores the fact that this questioning is being conducted illegally, without the required OMB approval, in violation of the Paperwork Reduction Act and other statutes.

In late 2016, the TSA gave notice that it planned to request OMB approval for the form that air travelers without ID or with ID deemed unacceptable are asked to complete. But the TSA received numerous objections, including ours, in response to this notice, and has not yet submitted a request to OMB for approval of the form or the “knowledge-based” questioning of travelers (which is based on commercial data aggregated by the Accurint division of Lexis-Nexis).

The last time we tried to attend a government-industry lovefest like FTE Global, we were ordered to leave and our registration fee and, eventually, our travel expenses were refunded. We’d welcome reports from our readers, workers at the conference venue, or other whistleblowers or leakers as to what gets said at FTE Global 2019.

Aug 12 2019

CBP databases for travel surveillance and profiling

An advance notice posted last week by US Customs and Border Protection (CBP) of a forthcoming request for bids by IT contractors includes one of the most detailed inventories made public to date of the databases and interfaces used by CBP and its government and commercial partners (some of which are shown in the illustration above from the notice) for tracking, profiling, and control of travelers’ and our movements.

According to the 5-year plan in the draft Request For Quotations (RFQ), CBP’s Passenger Systems Program Directorate (PSPD) already outsources some of these databases to Saleforce.com, but plans to migrate them all to commercial cloud “Software-As-A-Service” contractors in 2020. According to the draft RFQ:

CBP’s vision for primary inspection processing of the future is to transform the way travelers are processed…  The paradigm will evolve from biographic data focused to biometric data centric. CBP will identify travelers biometrically based on information already in CBP holdings as an alternative to having the traveler present their travel document. A biometric-based approach allows threats to be pushed-out further beyond our borders before travelers arrive to the U.S…. Integration of facial recognition technologies is intended throughout all passenger applications.

Throughout the draft RFQ, facial recognition is described as a substitute for document checks, rather than as an (optional) alternative. “GE [Global Entry] kiosks are expected to be replaced with a facial recognition solution to identify GE members,” for example. There’s no mention of any provision in user interfaces for opt-out from facial recognition.

Moreover, “The vision for Global Entry of the Future (GE Next Gen) is a kiosk-less solution that uses facial recognition to identify GE members…. GE-Face aligns with CBP’s Biometric Entry-Exit strategy of identifying travelers with biometrics.”

A “kiosk-less solution” suggests that travelers will be identified by cameras that surveil them as they walk through, with neither the need to “present” themselves at a kiosk nor any way to pass through the airport or checkpoint without being photographed and identified — and having one’s presence at that place and time entered into a permanent ID-based government surveillance log.

Capturing photos of all US citizens — including those who currently opt out — so that their movements can be accurately logged is an explicit goal of the planned systems:

Simplified Arrival (SA) is a new and innovative approach that incorporates advanced facial recognition technologies into the primary inspection…. The new Simplified Arrival application will eventually replace TPAC and TPAC-Face. Simplified Arrival leverages facial recognition technologies in … the processing of arriving passengers and airline crew…. Capturing facial biometrics of all passengers adds additional security, as currently there is no biometric verification of U.S. Citizens, most Canadians, citizens of a few other countries and travelers who are exempted for other reasons such as age and class of admission. Using facial matching as the primary biometric verification modality provides a previously unavailable method to verify and facilitate travel for almost everyone, not just those travelers for whom DHS has fingerprints…. The Simplified Arrival process for air travel … Replaces document scan with facial recognition.

Not all CBP databases or systems and interfaces for populating and accessing them are included in the draft RFQ. These include the “Secure Flight”pre-crime program for profiling and tracking air travelers, which is used by both CBP and the TSA but “owned” by the TSA.

Also not mentioned in the draft RFQ is CBP’s Silent Partner pre-crime program for algorithmic profiling, scoring, and targeting of travelers for more intrusive searches and surveillance, and the associated rule-sets and blacklists of targeted travelers.

Silent Partner was first mentioned publicly in DHS testimony to Congress in 2011 as “an aviation security screening program…. the details of this program are classified.” Quiet Skies, a TSA program which uses a subset of the Silent Partner database to target domestic air travelers within the US, was made public by DHS whistleblowers in 2018.

More information about Silent Partner and Quiet Skies was released in Sai v. Pekoske (a pro se challenge to TSA “orders” originally filed as Sai v. Neffenger) and  Elhady v. Kable (a challenge by CAIR to DHS blacklisting originally filed as Elhady v. Piehota).

Only then did the DHS publish a years-belated Privacy Impact Assessment for Silent Partner and Quiet Skies. The PIA makes clear that these are pre-crime programs based on algorithmic profiling, not on suspicion of having committed any criminal or civil violation of law. But the profiling and scoring rules remain a secret to those against whom action is taken.

Jul 10 2019

Automated DHS searches of state drivers’ license photos

State agencies that issue drivers’ licenses are conducting warrantless searches of their databases of license photos, using automated face recognition software, at the request of  law enforcement agencies including the Immigration and Customs Enforcement (ICE) division of the Department of Homeland Security.

The use of automated facial recognition to search databases of drivers’ license mug shots was revealed in responses to requests made under the Freedom Of Information Act and  state public records laws by the Georgetown University Center on Privacy & Technology.  It was reported in recent days in the Washington Post, New York Times, and in two stories on NPR, and was discussed in a Congressional hearing today on the use of automated facial recognition by Federal agencies. (Earlier Congressional hearings on automated facial recognition were held on May 22nd and June 4th.)

Questions are being asked by members of Congress, state officials, and civil libertarians: What is the legal basis, if any, for these dragnet searches of drivers’ license photo databases? How have they have evaded judicial oversight?  Warrants or court orders were neither requested by DHS or other law enforcement agencies, nor demanded by the state agencies that carried out the searches in response to extrajudicial administrative requests.

A letter sent this week by a coalition of civil liberties organizations calls on Congress to suspend the use of facial recognition technology by the DHS. While that is appropriate, it doesn’t address how, from what sources, or on what legal basis databases of ID-linked mug shots of innocent individuals are being created and obtained by the DHS.

Additional questions ought to be asked about the implications of the latest revelations for the REAL-ID Act and the use of facial recognition by airlines, airport operators, and DHS officers and agents at airports and borders:

Read More

May 07 2019

Air travelers question use of facial recognition

A Tweet that went viral from an airline passenger questioning JetBlue Airlines about its use of automated facial recognition at departure gates has called new attention to the growing use of automated facial recognition to identify and track travelers.

Our friends at the Electronic Frontier Foundation have an excellent analysis in their Deeplinks blog of some of the unanswered questions raised by this practice. We’ve talked about these before, in our blog and in meetings with DHS officials:

  • What is the relationship between the government and its airline and airport “partners” for the use of mug shots of travelers and related identifying information?
  • Can travelers really opt out of airport mug shots, and if so how, especially if — as with ceiling-mounted cameras or other new airport designs for “touchless” passenger processing — facial images are automatically captured before travelers reach the point where they could ask to opt out
  • What, if any, restrictions apply to use or “sharing” of the images and tracking data by airlines, airport operators (which are often local government agencies or other parastatal entities), or DHS components or other government agencies?

We agree completely with EFF that travelers should “Skip the surveillance by opting out of face recognition at airports” and that both members of the public and members of Congress should question what is happening , why, and whether it is legally justified.

But we also want to call attention to two additional aspects of this problem that have been overlooked or misinterpreted in much of the recent discussion: retention of facial images and accuracy of automated facial recognition.

Read More