Mar 24 2020

How drivers license photos are aggregated and shared

During a press conference yesterday, President Trump announced a postponement of the “deadline” previously announced by the Department of Homeland Security for “enforcement” of the REAL-ID Act of 2005 at TSA checkpoints:

I’m also announcing that we’re postponing the deadline for compliance with REAL ID requirements…. We will be announcing the new deadline very soon. It’s going to be announced in a very short moment.

The REAL-ID Act “deadline” was set by DHS press release, not by law or regulation. It’s unclear if a new date will be announced by decree of the Secretary of Homeland Security, or by promulgation of regulations. There has been no further announcement by the DHS, and there is no notice of rulemaking in the Federal Register today.

As we noted yesterday, neither a postponement nor any of the other proposed amendments to the REAL-ID Act would address the central problems in this law: the requirement for states that want to be deemed “compliant” to share their drivers’ license and state-ID databases with all other states.

Read More

Mar 23 2020

In a pandemic, freedom is the first casualty

We’ve seen before — notably after September 11, 2001 — how a crisis can result in damage to rights and freedoms that persists long after the initial cause of public panic.

Some advocates for restrictions on individuals and our movements and activities will exploit any crisis to ratchet the mechanisms of surveillance and control tighter.

Other officials, including many who mean well but are too traumatized to recognize the long-term consequences of their short-term actions, will advocate “temporary” restrictions on individual rights and freedoms that almost inevitably become permanent.

We don’t yet know what the cost in lost lives of the coronavirus pandemic will be. But we can already see the outlines of some of its potential cost in lost civil liberties.

Earlier in the pandemic, we reminded our readers of the risks of abuse of overbroad quarantine powers. But that’s only one aspect of the problem.

The basic methodology of control of travel and movement is that compulsory identification of travelers enables surveillance (tracking and logging) of travel and movement histories, and control of future movements based on individuals’ identities and the histories and other databases of personal information linked to those identities.

Already, changes to policies and practices related to (1) identification, (2) surveillance, and (3) control of travelers have all been proposed in response to the coronavirus pandemic: Read More

Mar 10 2020

Seattle Port Commission reneges on its “principles” for facial recognition

[CBP sign at biometric boarding gate at Newark Liberty International Airport. Note the absence of the OMB Control Number and other notices required by the Paperwork Reduction Act.]

Repudiating the principles for assessment of biometric identification of travelers  it adopted in December 2019, and effectively mooting the policy development process it had begun since then, the Port of Seattle Commission voted unanimously today to authorize a $5 million, ten-year contract to purchase and install Port-owned common-use cameras and facial recognition stations at all 30 departure gates of a new international terminal.

The Port issued a detailed, self-congratulatory press release within minutes after the vote, which strongly suggests that Port staff knew how the Commissioners would vote before today’s charade by the Commissioners of taking comments from the public and “debating” the issue even began.

Behind the scenes, US Customs and Border Protection (CBP) appears to have been playing hardball, using the typical law enforcement line of, “We’re going to do this to you anyway. You can either choose to make it easy for us, or we’ll make it hard on you.” The Seattle Times reported after the Port Commission vote that CBP recently began fingerprinting non-U.S. citizens boarding some international flights at Sea-Tac Airport. It seems likely that the implicit or explicit threat by CBP was that if the airport didn’t install and deploy automated facial recognition to track passengers, CBP would use a more humiliating form of biometric tracking, fingerprinting departing non-U.S. citizens the way it already fingerprints non-U.S. citizens when they arrive in the U.S.

The choice for the airport and its governing board was whether to collaborate with CBP. Port Commissioners seemed to want to reign in CBP. But at the end of the day, they proved unwilling to assert their authority as an elected public oversight  board against the malign convergence of interest between government agencies, airlines, and Port staff who identify with the police and the airline industry more than with the public. The Port Commissioners  chose to have the airport actively collaborate with and front for CBP, at the airport’s expense, rather than dissociating itself from CBPs flagrantly illegal activities, making CBP do its own dirty work at its own expense, or trying to mitigate the damage through signage informing travelers of their rights.

The Port press release claims that “the Commission’s goal is to replace CBP”, but that’s clearly false and appears intended to mislead the public. In fact, the sole purpose of the cameras and software to be purchased by the Port is to augment, not replace, the ability of CBP to use, retain, and share photos as its sees fit. Every photo of a traveler taken by the Port cameras will immediately be sent to CBP. There’s no plan to replace CBP, deny it access to any photos, or expose its secret algorithms and secret biometric databases.

All of the comments from the public to the Port Commission on this issue, as members of the Commission acknowledged, were opposed to the Port collaborating with CBP on facial recognition or spending Port money to do so. Members of the public, including experts in cybersecurity and threat modeling, pointed out that many key questions about the Port’s proposal and CBP’s and airline’s practices, plans, and policies remain unanswered. Most urged the Commission to reject the proposal outright and withdraw its request for bids for facial recognition equipment. All commenters agreed that approval of the procurement contract would be premature until more information is made available to the public and the current policy development process is completed.

In our latest written comments to the Port Commission today, which we summarized in person at today’s meeting (see also our previous submissions to the Port Commission on December 10, 2019, and February 25, 2020), we pointed out that:

The proposed procurement and deployment would violate Federal law, the norms of Fair Information Practices (FIPPs), and the professed “principles”, including FIPPs, of both the Port and US Customs and Border Protection (CBP). It should be rejected, and the RFP for this project should be withdrawn or, at a minimum, postponed….

It isn’t just that CBP is violating the Privacy Act, or that collecting facial images and sending them to CBP would make the Port complicit in this violation of Federal law. The violation of the Privacy Act by CBP lies specifically in CBP’s outsourcing the collection of this personal data to the Port, airlines, or any other non-Federal entities.

This provision was and is included in the Privacy Act for good reason. The Port should heed it, and make CBP comply with Federal law by collecting any personal data it uses for making decisions about individuals, including facial images of travelers, directly from those individuals. CBP could collect this data itself at Sea-Tac, as it does at some other airports. It doesn’t want to, but it has clearly demonstrated that it could do so.

If there is one lane at a departure gate, or on arrival, where a uniformed CBP agent is photographing travelers, and one lane without a Federal law enforcement officer with a camera, travelers will have a much clearer and more informed choice – and one that, unlike the proposal before the Port Commission, might comply with the Privacy Act.

Port Commissioners claimed, quite implausibly, to think that having the Port install and operate the cameras would give the Port some control of how CBP uses the photos after the Port sends them on, or at least more control over signage. But CBPs “Biometric Air Exit Business Requirements” for its airline and airport “partners”, which were finally disclosed only two days ago in response to our request, and were never provided to or reviewed by the Port’s “Biometrics External Advisory Group” (BEAG), tell a different story about who’s in control. As we explained in our comments:

Some Port staff, in their proposals to the BEAG and the Port Commission, have suggested that by owning and operating facial recognition systems the Port would have more control over signage and other notices provided to the public to enable more informed consent and mitigate the harm to the public of CBP’s (illegal) activities.

But in fact, the proposed procurement would have exactly the opposite effect. By agreeing to comply with CBP’s “Requirements” – which are explicitly incorporated by reference in the RFP and the proposal for action by the Port Commission – the Port would be tieing its own hands and committing itself to display CBP’s signs – regardless of their truth or falsehood or their compliance with the law – and not to display any signage, make any announcements, or provide any information not approved by CBP.

Item 8 of CBP’s “Requirements” would prohibit the Port from posting any signs or distributing any communications pertaining to CBP’s use of biometrics without CBP’s prior approval.

Item 13 of CBP’s “Requirements” would obligate the Port to post whatever signage CBP demands, regardless of whether the Port considers it inaccurate, misleading, or incomplete.

In effect, these provisions would amount to a (self-imposed) gag order not to criticize CBP, and a (self-imposed) agreement to serve as a mouthpiece for CBP propaganda, regardless of its truth or falsehood. Rather than enabling the Port to mitigate the harms of CBP’s (illegal) practices through more or better signs or announcements, the proposed action by the Port Commission would prevent the Port from doing so.

If CBP fails – as it has failed to date at Sea-Tac and all other airports with biometric departure gates – to post the notices required by the Paperwork Reduction Act, informing individuals, regardless of citizenship or immigration status, of their right not to respond to any Federal collection of information that does not display a valid OMB Control Number and PRA notice, the Port itself should post such notices at all gates. But the Port won’t be able to do so without CBP approval (which wouldn’t be likely to be granted) if the Port Commission approves the proposal on your agenda for action today.

Port Commissioners approved a motion declaring that CBP’s uses of facial recognition at airports are “lawful”, while simultaneously and hypocritically dismissing our objections to CBP’s flagrant violations of Federal law by saying that, “We’re not judges. If a court says it’s illegal, we won’t do it.” This ignores the fact that, as we also noted in our comments, CBP and DHS have promulgated regulations exempting the databases in which they store facial images from the rights otherwise available to individuals under the Privacy Act to access, accounting of disclosures, and civil remedies for violations. This makes it all but impossible to have CBP’s practices reviewed by the courts.

Today’s decision by the Port of Seattle Commission sets the worst possible national precedent. But it doesn’t render the Port’s ongoing  process of developing policies for use of biometrics at Sea-Tac entirely irrelevant. We will continue to monitor the process and engage with the Port Commission as it considers use of facial recognition (in collaboration with, and sending passenger photos to, CBP and perhaps in the future the TSA) by airlines and other commercial entities for their own purposes.

As we noted in response to the first draft of a Port of Seattle policy for “non-Federally mandated” uses of biometrics:

Missing from that draft is any explanation of the purpose or justification for airlines to identify passengers, independent of any Federal mandate.

Airlines could, and did, operate for decades without requesting ID from passengers. Airlines began asking (but not requiring) passengers to identify themselves only when they were ordered to do so by the FAA (the predecessor of the TSA). The only lawful reason for airlines to ask passengers for ID is to satisfy a government mandate.

As common carriers, airlines are required to transport all passengers, regardless of who they are, and are required to sell tickets at prices determined by a public tariff.

An airline cannot lawfully “reserve the right to refuse service”. It cannot lawfully personalize prices or charge different prices based on passengers’ identities.

So why do airlines think they “need” to identify passengers at all, by any means?

One cannot assess the justification (or lack thereof) for biometric identification of travelers for non-Federally mandated purposes without first assessing the justification (or lack thereof) for identification of travelers generally for such purposes.

This assessment is entirely absent from the draft recommendations for Port policy, but is essential.

Feb 25 2020

Is facial recognition at Sea-Tac Airport a fait accompli?

In December 2019, the elected Port of Seattle Commission voted to develop public policies and criteria for deciding whether to approve use of facial recognition or other biometrics to identify travelers at the Seattle-Tacoma International Airport (SEA) and the Seattle cruise port.

This is a positive step — but only if the Port follows through and enforces appropriate rules.

Since then, an internal working group of Port staff and a Port-appointed Biometrics External Advisory Group have begun work on this policy-development process. Today’s meeting of the Port Commission at noon at the Conference Center at Sea-Tac (on the Mezzanine level above the Arrivals Hall) will include a report on that work to date, including recommendations drafted by Port staff and proposed to the external advisory group.

But in the meantime, Port staff didn’t wait for governing policies to be developed and approved before posting a Request For Proposals (RFP) soliciting bids for new automated facial recognition systems to be deployed by the Port itself at Sea-Tac.

As we note in our comments to the Port Commission for today’s meeting:

We are concerned that:

  1. The Port has, according to the RFP, already made a “commitment” to U.S. Customs and Border Protection (CBP) to deploy a biometric exit system at all gates of the new International Arrival Facility (IAF) at Sea-Tac;
  2. The RFP requires bids to be submitted months before the biometrics policies and procedures which bidders will be required to comply with are finalized;
  3. The Port staff draft of recommendations  proposed to the Biometrics External Advisory Group contains material misstatements of law and fact; and
  4. Neither the RFP nor the draft recommendations include any of the Port, airline, biometrics vendor, or CBP policies or notices (if any such policies exist) which would apply to the collection and use of facial images at biometric exit stations….

Is the Port’s current policy-development process a good-faith effort to determine what, if any, use of public-facing biometrics should be permitted on Port property?

Or is it merely window-dressing for decisions that are already faits accomplis?

As our comments to the Port Commission explain, there is already ample evidence to establish that the current and proposed biometric entry, exit, and departure-gate systems at Sea-Tac do not, and are not likely to, satisfy the principles adopted in December 2019 by the Port of Seattle Commission. We’ll be watching closely to see whether the Port Commission acts on its stated principles, or whether it allows them to be ignored.

Feb 07 2020

The nightmare of airport facial recognition

[TSA Biometrics Roadmap, September 2018. Note that face ID will be used for all air travelers and that all use of physical ID credentials is “phasing out” in favor of facial recognition and digital tokens on mobile devices.]

[IATA airline vision for shared use of facial recognition by governments, airlines, and airports]

The ACLU has released an important white paper on airport facial recognition by ACLU senior policy analyst Jay Stanley. Citing some of our previous reporting and analysis, the ACLU white paper focuses, appropriately, not so much on the details of current use of facial recognition at airports, but on where governments and the aviation industry — who share a an explicitly-recognized interest in common use of facial recognition — say it will lead if we don’t stop them.

Driving the dystopian trend called out in the ACLU white paper is the malign convergence of interest between governments that want to use facial recognition and other techniques of compelled and automated identification for surveillance and control of travelers’ movements, and airlines, airports, and other businesses that want to share use of the same identification systems and data for business process automation and commercial tracking and profiling of travel customers.

Below are some key excerpts, but we encourage you to read the full ACLU white paper:

Customs and Border Protection’s new airport face recognition system has attracted a lot of attention and criticism, most recently last month when the agency backed away from suggestions that it would make the program mandatory for American citizens….

CBP officials argue that this program doesn’t involve mass surveillance. But CBP’s program still involves the mass collection of photographs of the general public….

The biggest harm from this program, however, is likely to come from the investment that it represents, the precedent it sets, and the path it puts us on as a society.

And where that path leads is a nightmare. It hardly takes a paranoid flight of fancy to foresee this program morphing into something far more comprehensive and dystopian — a world where face recognition is used throughout our public spaces to scrutinize our identity, record our movements, and create a world where everyone is constantly watched….

DHS and the aviation industry as a whole have a sweeping vision of expanded use of face recognition in the air travel context, and the government itself has already laid out — and begun following — a very specific, clear, and well-defined pathway for how the current program leads to a much broader implementations of face surveillance at the airport. And from there, it will be poised to expand far beyond the airport.

Here is what that pathway looks like:…

Read More

Dec 17 2019

Airports of the future: surveillance by design

As we’ve seen in the ongoing debate over biometric identification of travelers at Sea-Tac Airport, and as we’ve seen before elsewhere, airlines and government agencies want to pretend that each of their initiatives to identify and track travelers is a discrete, limited project, not part of any common agenda for government and commercial surveillance.

Don’t believe a word of this soothing blather. These measures are part of a conscious, deliberate, and (in their internal communications) explicit plan to deploy pervasive, integrated common-use infrastructure and data sharing for government and commercial identification and tracking  purposes throughout airports and each step of an air traveler’s journey. The airline/airport/government consensus is on surveillance by design, not privacy by design.

Here’s our latest glimpse at the real thinking behind the curtain of propaganda: The leading provider of communications and IT infrastructure and services for air transportation has a guest commentary of end-of-the-year predictions for “airports of the future” on an industry news site:

Airports of the future: SITA’s 10 predictions for the next decade
by Benoit Verbaere, business development director, SITA
Passenger Terminal Today, December 12, 2019

Air transport IT provider SITA has unveiled 10 bold predictions about the technology shaping how passengers will move through the airport of the future. Benoit Verbaere, business development director, SITA, predicts major change in almost every aspect of the airport experience….

Security will be integrated into a frictionless journey.

Over the next decade, going through security will mean walking along a corridor…. Passengers and their bags will be recognized automatically as they go through automated checkpoints. Hard checkpoints will be replaced by sensor corridors….

In future airports, risk will be constantly assessed by specialist artificial intelligence (AI), using the passenger’s digital identity…. [G]overnments… will use automated collaborative systems to approve – or, in some cases, not approve – the various steps of the journey….

Everything will have tags: people, bags and cargo. And they will be tracked throughout their entire journey, whatever mode of transport they are using…

The airport will be highly connected.

Our new era of connected airports will be driven by increasingly cheap sensors, less dedicated hardware and new data lakes, fed by every device….

Across every single journey, there are 10 or more different entities that are responsible for making the trip a reality. The only way to collect all the data to make this journey seamless is through close collaboration between everyone working at an airport: the airport itself, airlines, government agencies, ground handlers, restaurants, and shops. We also need collaboration across the entire ecosystem of connected airports….

The fast and frictionless journey to, and through, the airport will make some current revenue streams, for example, parking, weaker or obsolete. Airports will, therefore, need to find new ways to augment the travel experience to replace them. Personalization will be the key….

The future of airports lies in connected, highly-intelligent and efficient operations that offer passengers …  frictionless travel and rich, personalized experiences. Today’s … operational silos will dissolve, resulting in data sharing.

Is this point of view an outlier? No, just the opposite: SITA is jointly owned by airlines, and its agenda expresses its owners’ common agenda and the industry consensus.

SITA is a unique airline joint venture created by its airline owners to provide shared, common-use communications and IT infrastructure and services. SITA messaging has been for decades, and remains, the industry standard for reservations and operational communications between airlines, airport operators, contractors, and — increasingly — government agencies. Today most SITA messages are sent and received by ‘bots, via APIs, or through e-mail gateways, but airline and airport operations staff still have SITA addresses on their business cards along with, or instead of, e-mail addresses.

None of these predictions are new or considered controversial by airlines, airport operators, government agencies, and service providers including SITA and its competitors. Nor is this vision seen as dystopian — those who hold these views see the ability of governments and commercial entities to track each passenger in real time, and to seamlessly share data about travelers identities and movements between airlines, airports, and government agencies, as their utopia.

If we do not resist its implementation, this vision will be the future of travel.

Dec 12 2019

Port of Seattle to develop policies on use of biometrics to identify travelers

This week the Port of Seattle Commission — a special-purpose government body elected by the voters of King County, Washington, to administer both the Seattle-Tacoma International Airport and the maritime Port of Seattle — became the first airport operating or oversight body in the US to publicly discuss any policy for use of facial recognition and other biometrics to identify and track travelers.

Dozens of community members, technical experts, and members and representatives of local, national, and international civil liberties and human rights organizations including the Identity Project, the World Privacy Forum, the ACLU of Washington, the Japanese American Citizens League (JACL), Puget Sound Sage, the Seattle Privacy Coalition, cyber-security experts, and many others submitted written statements to the Port Commission or testified in person at the Port Commission meeting on December 10th in opposition to biometric tracking of travelers at Sea-Tac Airport and the Seattle cruise ship terminal.

The only testimony to the Port Commission in support of biometrics to identify travelers came from a representative of Alaska Airlines, who asked the airport to make available “common-use” biometric passenger identification infrastructure and systems that could be used by all airline tenants at Sea-Tac.

Contrary to some reports, the Port of Seattle Commission adopted neither a moratorium on current or additional deployments of biometric traveler identification systems at Sea-Tac and the Seattle cruise ship port, nor any binding rules for the continued or expanded use of biometrics.

Port Commissioners made explicit during this week’s public meeting that they have not yet made any decision on which current and/or proposed new or expanded biometric systems or uses, if any, or what regulations or contractual terms of airport leases to airline tenants related to biometrics the Port Commission will eventually approve.

The motion adopted by the Port Commission is a directive to Port staff who have approved years of biometrics deployments at Sea-Tac (including Automated Passport Control kiosks for biometric entry tracking of arriving international passengers) and the Seattle cruise ship port without, to date, any formal standards or meaningful assessment of their purpose,  justification, or impact. The Port Commission has now ordered what amounts to a “do over” by Port staff:

Through this motion, a port working group is established to develop further recommendations governing port policy related to use of public-facing biometric technology.

This working group is to be composed of Port staff and operate in line with general principles, procedural guidelines, and a schedule included in the Port Commission motion.

Port staff are to “engage active participation from an advisory group [to be named later by Port staff] composed of community partners, travelers, maritime and aviation industry partners, and other impacted stakeholders”. The Port Commission will only then decide whether, and if so on what terms, the Port will allow continued and/or expanded use of biometric systems to identify travelers on Port premises. “Policy recommendations shall be delivered to the commission by the end of the first quarter of 2020…. The commission … expects a policy governing the use of public-facing biometric technology to be delivered to the commission by the end of the second quarter of 2020.”

As we explained in our written testimony to the Port Commission, and in person near the start of the public comment period at the Port Commission meeting on December 10th, there’s a malign convergence of interest between airlines’ desire to use facial recognition for business process automation and personalization, and government agencies’ desire to use the same systems for profiling, surveillance, and control of travelers.

The unfortunate result has been the development of integrated common-use systems of commercial and government biometric tracking.

Read More

Dec 05 2019

DHS postpones plan for mug shots of innocent US citizen travelers

Press releases issued today by US Customs and Border Protection (CBP) and Sen. Edward Markey suggest that CBP and its parent agency, the Department of Homeland Security (DHS), have cancelled or postponed, at least for now, their plans to require mug shots of all US citizens leaving, or returning to, the US.

But rather than admit that it has partially backed down or postponed some of its most offensive and intrusive plans in the face of public and Congressional outrage, CBP has sent reporters a statement alleging that our report breaking the story and others that followed contained “incorrect claims” about CBP plans:

We stand by our story.

Until this Monday, when we called attention to the official DHS/CBP notice, the officially-approved and officially-stated intent of the DHS and CBP was to propose rules requiring U.S. citizens on international flights to be photographed.

If “there are no current plans” for mandating mug shots of US citizens, that’s becuuse DHS and CBP plans changed this week in response to public and Congressional outrage and the likelihood that pursuing these plans now would derail DHS and CBP hopes for approval of its current facial recognition programs by airport authorities such as the Seattle Port Commission, which will consider the issue next Tuesday (and which had been misleadingly told by the CBP official responsible for the planned rulemaking that facial recognition would not be mandatory for US citizens).

The official DHS/CBP notice of planned rulemaking meant what it said. It was issued through a formal process of agency review. It wasn’t  a typo, a mistake, or issued by a “rogue” employee.

We vigorously contest the CBP assertion that our story contained any “incorrect claim”.

Such DHS and CBP allegations, in response to truthful reporting, only further discredit the DHS and CBP, and lower whatever little credibility they may have had.

Was this a trial balloon to find out whether the DHS had finally reached the limits of our willingness to be treated like criminals whenever we fly? And if so, has the DHS partially backed off, at least for now? Maybe.

Read More

Dec 03 2019

Seattle Port Commission to consider rules for airport facial recognition

We’ll be in Seattle on December 10, 2019, to give public comments (see our detailed written testimony submitted in advance) at a meeting of the Port of Seattle Commission concerning a proposed resolution on use of facial recognition by airlines at the Seattle-Tacoma International Airport (SEA).

This will be the first time that any operator of a US airport has publicly considered any policies to govern use of facial recognition by airlines or on airport property.

The public authorities that operate almost all major US airports have a key role to play in oversight of traveler surveillance systems deployed on their premises by their tenants.

Read More

Dec 02 2019

DHS plans to require mug shots of U.S. citizen travelers

Buried in the latest Fall 2019 edition of an obscure Federal bureaucratic planning database called the Unified Agenda of Regulatory and Deregulatory Actions is an official notice from the U.S. Department of Homeland Security (DHS) that:

To facilitate the implementation of a seamless biometric entry-exit system that uses facial recognition … DHS is proposing to amend the regulations to provide that all travelers, including U.S. citizens, may be required to be photographed upon entry and/or departure [to or from the U.S.].

According to the “Unified Agenda”, the DHS plans to publish a “Notice of Proposed Rulemaking” (NPRM) in approximately July 2020 to make mug shots mandatory for U.S. citizens leaving  or returning to the U.S.

The laws cited in the “Unified Agenda” as providing the statutory basis for the proposed rule pertain to searches of aliens (non-U.S. citizens) and the obligation for U.S. citizens entering or leaving the U.S. to have U.S. passports (a requirement of questionable and largely untested Constitutionality). It’s not obvious how the DHS will twist this into purported authority to require mug shots of all U.S. citizens who travel internationally.

The DHS has already given notice of its intention to solicit bids for systems to capture photos of all air travelers, including U.S. citizens, and is working with airlines and airports on schemes to share the photos, so that airlines and airports will be able to use data collected under government coercion for their own commercial business-process-automation and price-personalization purposes.

In November 2019, the U.S. Customs and Border Protection (CBP) component of DHS declared that its “test” of facial recognition on travelers crossing the US-Mexico border on foot had become a “permanent fixture” at certain pedestrian border crossings.

Meanwhile, the DHS continues to try to reassure travelers by claiming that U.S. citizens can and will be able to opt out of being photographed at airports or land border crossings — even though we continue to get reports, as we have told DHS officials directly, from travelers who were told by U.S. Customs and Border Protection officers and/or by line-minders at airports and borders that photography is mandatory .

Can you opt out? All current statutory and regulatory provisions for biometric entry and/or exit are explicitly applicable only to non-U.S. citizens. They provide no legal basis for photography of U.S. citizens leaving or returning to the U.S. But current law also provides no guarantee of a right for U.S. citizens to opt out, and no specification of procedures for opting out or for redress for U.S. citizens who aren’t allowed to opt out. That will all become moot if the DHS succeeds in promulgating regulations requiring all travelers to submit to mug shots, the courts uphold them, and travelers acquiesce.

Just say no.