Papers, Please!

The Identity Project

Category Archives: Biometrics

Aug 12 2019

CBP databases for travel surveillance and profiling

An advance notice posted last week by US Customs and Border Protection (CBP) of a forthcoming request for bids by IT contractors includes one of the most detailed inventories made public to date of the databases and interfaces used by CBP and its government and commercial partners (some of which are shown in the illustration above from the notice) for tracking, profiling, and control of travelers’ and our movements.

According to the 5-year plan in the draft Request For Quotations (RFQ), CBP’s Passenger Systems Program Directorate (PSPD) already outsources some of these databases to Saleforce.com, but plans to migrate them all to commercial cloud “Software-As-A-Service” contractors in 2020. According to the draft RFQ:

CBP’s vision for primary inspection processing of the future is to transform the way travelers are processed…  The paradigm will evolve from biographic data focused to biometric data centric. CBP will identify travelers biometrically based on information already in CBP holdings as an alternative to having the traveler present their travel document. A biometric-based approach allows threats to be pushed-out further beyond our borders before travelers arrive to the U.S…. Integration of facial recognition technologies is intended throughout all passenger applications.

Throughout the draft RFQ, facial recognition is described as a substitute for document checks, rather than as an (optional) alternative. “GE [Global Entry] kiosks are expected to be replaced with a facial recognition solution to identify GE members,” for example. There’s no mention of any provision in user interfaces for opt-out from facial recognition.

Moreover, “The vision for Global Entry of the Future (GE Next Gen) is a kiosk-less solution that uses facial recognition to identify GE members…. GE-Face aligns with CBP’s Biometric Entry-Exit strategy of identifying travelers with biometrics.”

A “kiosk-less solution” suggests that travelers will be identified by cameras that surveil them as they walk through, with neither the need to “present” themselves at a kiosk nor any way to pass through the airport or checkpoint without being photographed and identified — and having one’s presence at that place and time entered into a permanent ID-based government surveillance log.

Capturing photos of all US citizens — including those who currently opt out — so that their movements can be accurately logged is an explicit goal of the planned systems:

Simplified Arrival (SA) is a new and innovative approach that incorporates advanced facial recognition technologies into the primary inspection…. The new Simplified Arrival application will eventually replace TPAC and TPAC-Face. Simplified Arrival leverages facial recognition technologies in … the processing of arriving passengers and airline crew…. Capturing facial biometrics of all passengers adds additional security, as currently there is no biometric verification of U.S. Citizens, most Canadians, citizens of a few other countries and travelers who are exempted for other reasons such as age and class of admission. Using facial matching as the primary biometric verification modality provides a previously unavailable method to verify and facilitate travel for almost everyone, not just those travelers for whom DHS has fingerprints…. The Simplified Arrival process for air travel … Replaces document scan with facial recognition.

Not all CBP databases or systems and interfaces for populating and accessing them are included in the draft RFQ. These include the “Secure Flight”pre-crime program for profiling and tracking air travelers, which is used by both CBP and the TSA but “owned” by the TSA.

Also not mentioned in the draft RFQ is CBP’s Silent Partner pre-crime program for algorithmic profiling, scoring, and targeting of travelers for more intrusive searches and surveillance, and the associated rule-sets and blacklists of targeted travelers.

Silent Partner was first mentioned publicly in DHS testimony to Congress in 2011 as “an aviation security screening program…. the details of this program are classified.” Quiet Skies, a TSA program which uses a subset of the Silent Partner database to target domestic air travelers within the US, was made public by DHS whistleblowers in 2018.

More information about Silent Partner and Quiet Skies was released in Sai v. Pekoske (a pro se challenge to TSA “orders” originally filed as Sai v. Neffenger) and  Elhady v. Kable (a challenge by CAIR to DHS blacklisting originally filed as Elhady v. Piehota).

Only then did the DHS publish a years-belated Privacy Impact Assessment for Silent Partner and Quiet Skies. The PIA makes clear that these are pre-crime programs based on algorithmic profiling, not on suspicion of having committed any criminal or civil violation of law. But the profiling and scoring rules remain a secret to those against whom action is taken.

Jul 10 2019

Automated DHS searches of state drivers’ license photos

State agencies that issue drivers’ licenses are conducting warrantless searches of their databases of license photos, using automated face recognition software, at the request of  law enforcement agencies including the Immigration and Customs Enforcement (ICE) division of the Department of Homeland Security.

The use of automated facial recognition to search databases of drivers’ license mug shots was revealed in responses to requests made under the Freedom Of Information Act and  state public records laws by the Georgetown University Center on Privacy & Technology.  It was reported in recent days in the Washington Post, New York Times, and in two stories on NPR, and was discussed in a Congressional hearing today on the use of automated facial recognition by Federal agencies. (Earlier Congressional hearings on automated facial recognition were held on May 22nd and June 4th.)

Questions are being asked by members of Congress, state officials, and civil libertarians: What is the legal basis, if any, for these dragnet searches of drivers’ license photo databases? How have they have evaded judicial oversight?  Warrants or court orders were neither requested by DHS or other law enforcement agencies, nor demanded by the state agencies that carried out the searches in response to extrajudicial administrative requests.

A letter sent this week by a coalition of civil liberties organizations calls on Congress to suspend the use of facial recognition technology by the DHS. While that is appropriate, it doesn’t address how, from what sources, or on what legal basis databases of ID-linked mug shots of innocent individuals are being created and obtained by the DHS.

Additional questions ought to be asked about the implications of the latest revelations for the REAL-ID Act and the use of facial recognition by airlines, airport operators, and DHS officers and agents at airports and borders:

Read More

May 07 2019

Air travelers question use of facial recognition

A Tweet that went viral from an airline passenger questioning JetBlue Airlines about its use of automated facial recognition at departure gates has called new attention to the growing use of automated facial recognition to identify and track travelers.

Our friends at the Electronic Frontier Foundation have an excellent analysis in their Deeplinks blog of some of the unanswered questions raised by this practice. We’ve talked about these before, in our blog and in meetings with DHS officials:

  • What is the relationship between the government and its airline and airport “partners” for the use of mug shots of travelers and related identifying information?
  • Can travelers really opt out of airport mug shots, and if so how, especially if — as with ceiling-mounted cameras or other new airport designs for “touchless” passenger processing — facial images are automatically captured before travelers reach the point where they could ask to opt out
  • What, if any, restrictions apply to use or “sharing” of the images and tracking data by airlines, airport operators (which are often local government agencies or other parastatal entities), or DHS components or other government agencies?

We agree completely with EFF that travelers should “Skip the surveillance by opting out of face recognition at airports” and that both members of the public and members of Congress should question what is happening , why, and whether it is legally justified.

But we also want to call attention to two additional aspects of this problem that have been overlooked or misinterpreted in much of the recent discussion: retention of facial images and accuracy of automated facial recognition.

Read More

Mar 12 2019

Newly released DHS documents prompt new questions from Senators on facial recognition at airports

Newly released government records confirming plans by the Department of Homeland Security to take automated mug shots of all airline passengers have prompted an immediate bipartisan statement by Senators Edward Markey (D-MA) and Mike Lee (R-UT) renewing their  repeated previous calls for DHS to give public notice, take public comment, and adopt published rules — including “how [travelers] can opt out of the program altogether” — before deploying automated facial recognition at airports.

A petition for rulemaking on facial recognition at airports submitted to the DHS last year by the World Privacy Forum remains pending, but has not yet been acted on.

The report by Davey Alba published Monday by Buzzfeed News, in which we were quoted extensively, was  based on documents released in response to a Freedom Of Information Act (FOIA) request and lawsuit by the Electronic Privacy Information Center (EPIC).

The documents confirm that, as we’ve noted previously, the DHS intends and is already working systematically toward  a vision of worldwide biometric surveillance and control of air travel through automated facial recognition systems integrated and shared with airlines and airports. The most recently released DHS records show no provision for travelers to avoid being photographed, and no restrictions on commercial use, retention, or sale by airlines and airports of images captured under government duress.

As Edward Hasbrouck of the Identity Project told Buzzfeed News:

The big takeaway is that the broad surveillance of people in airports amounts to a kind of “individualized control of citizenry” — not unlike what’s already happening with the social credit scoring system in China. “There are already people who aren’t allowed on, say, a high-speed train because their social credit scores are too low,” he said, pointing out that China’s program is significantly based in “identifying individual people and tracking their movements in public spaces though automated facial recognition.”

“This is opening the door to an extraordinarily more intrusive and granular level of government control, starting with where we can go and our ability to move freely about the country,” Hasbrouck said. “And then potentially, once the system is proved out in that way, it can extend to a vast number of controls in other parts of our lives.”

Meanwhile, EPIC filed a follow-up FOIA lawsuit today for information about whether air travelers are, in fact, being allowed to “opt out” of being photographed. The DHS has claimed that US citizens can opt out of ongoing and expanding “pilot programs” and “tests” of automated facial recognition at airports.

But our own experiences and numerous reports from other travelers are that the DHS claim that US citizens can “opt out” often isn’t true: Travelers are often told that mug shots are required even for US citizens, and are prevented by “line minders” (contractors working for airlines and/or airports) from approaching Customs and Border Protection staff until after they submitted to being photographed.  When we and other civil liberties advocates pointed this out to senior CBP officials in a meeting a year ago, they flatly denied that this ever happened.  But no details of any “opt-out” notices, policies, or clauses in agreements between DHS, airlines, or airports have yet been disclosed.

As we noted in our comments to Buzzfeed News about these so-called tests, “CBP is ‘testing’ how to structure the program to make it technically work, and what tweaks the agency might need to make to appease, or suppress, or frustrate protests and legal challenges.  But the biggest thing they’re testing is how much legal resistance there will be — whether that’s people saying ‘no’ [to their faces being captured at the airport], or challenging it in court.”

Mar 11 2019

US government strategy for surveillance and control of travel

In December 2018, the White House announced that President Trump had sent Congress a  classified “National Strategy to Combat Terrorist Travel”.

Two months later, in February 2019, the White House released both this “National Strategy to Combat Terrorist Travel” (supposedly as signed in December 2018, and with no indication that it had ever been classified) and a companion “National Strategy for Aviation Security” (also unclassified and dated December 2018).

Together, these two documents give an overview of both the extent and the manner in which the US government intends — and believes that it has the authority — to surveil all travelers, monitor and log all movement of persons in the US and worldwide, and exercise administrative prior restraint over all such travel based on extrajudicial “pre-crime” predictions.

Nowhere in either of these vision statements is there any mention of the First Amendment, the right of the people peaceably to assemble, the right to travel, or international human rights treaties.

Nor is there any mention of existing legal means for restricting movement through court orders (injunctions or restraining orders), of judicial review of administrative controls, or indeed of any role at all for the courts.

While these documents were signed by President Trump, they express goals that have been pursued by both Republican and Democratic administrations.

Here are some of the main themes in these road maps for government action: Read More

Jan 04 2019

Issues for the revitalized Privacy and Civil Liberties Oversight Board

With its recent revival, the Federal government’s Privacy and Civil Liberties Oversight Board (PCLOB) has a chance to take a fresh look at how far the USA has gone since 9/11 in implementing a combination of “pre-crime” policing (à la Minority Report) and “social credit scoring” integrated with commercial service providers (à la China) as a means of control of what people can and cannot do, and where they can and cannot go.

The PCLOB didn’t have a quorum since early 2017, and was down to only one member. But three new members were confirmed in October 2018. An Executive Director – who may end up with longer-term influence than the members of the Board, especially given that the new members weren’t appointed and confirmed until just three months before one of their terms is scheduled to end – is currently being hired. Civil libertarians able to obtain a security clearance and willing to relocate to DC are encouraged to apply.

>What should the PCLOB focus on, with its limited time and resources? The PCLOB is an advisory committee with neither legislative nor prosecutorial authority. The best use it can make of its limited mandate is to ask hard questions and raise issues that Federal agencies won’t otherwise acknowledge or address.

The TSA and DHS were created in haste after 9/11 without consideration of the privacy and civil liberties implications of their new activities, many of which have never been explicitly approved by Congress. The reactivation of the PCLOB after the latest hiatus is a chance to take a fresh look at the big picture of what these agencies are doing, and what this means for privacy and civil liberties. It might be tempting to focus on “emerging” threats, but the first priority should be to assess the DHS surveillance and control systems that are already in place:

  1. Conversion of state licensing of motor vehicle operators into a national ID system. More than a decade after Congress enacted the REAL-ID Act of 2005, we are entering the endgame of DHS efforts to pressure states into participating in an outsourced, privately-operated, national ID database created to enable compliance with the REAL-ID Act. SPEXS already includes records sourced from states about more than 50 million Americans, but is not subject to any direct government control and has never been the subject of any publicly-disclosed review of its implications for privacy and civil liberties.

  2. Mass surveillance and permission-based predictive control of movement and travel. Congress has never debated whether air travelers should be required to identify themselves,whether the government should keep histories of innocent citizens’ movements (compiled from commercial airline reservations for common carrier travel, license plate readers for travel by private vehicle, and facial recognition for pedestrian movement), or whether existing judicial mechanisms for restricting the right to travel and movement through injunctions or restraining orders should be replaced with secret, extrajudicial administrative prior restraint and similar orders. How has travel been transformed from a right to a privilege exercised only by government permission? How does this implicate the 1st Amendment right to assemble and the right of freedom of movement recognized by international human rights treaties? How widely, and with what implications for privacy and civil liberties, has the precedent set by real-time “pre-crime” predictive control of travel expanded to other activities and transactions?

  3. Suspicionless dragnet administrative searches. Today, the most common hands-on interaction between a Federal agent and a person not suspected of any crime is a TSA pat-down. But there’s never been any comprehensive review of the legality or the implications for privacy and security of the proliferation of suspicionless administrative searches since the creation of the DHS and TSA: security theater in airports, warrantless searches at internal checkpoints (domestic airports, CBP roadblocks on roads that don’t cross the US border, and attempts to claim the right to impose searches on the public in other forms of transportation.

There’s much more that we and others could say about each of these issues, if the PCLOB choses to consider them. But the first challenge for the PCLOB is whether it will tackle these big-picture issues.

Dec 03 2018

Smile, travelers! You’re on candid DHS cameras.

The Department of Homeland Security has posted the latest update to a series of Privacy Impact Assessments attempting to whitewash the invasions of privacy and human rights inherent in a comprehensive system of automated facial identification of travelers.

The latest PIA reveals more than the DHS has previously admitted about the nature and scope of its planned use of automated facial ID technology.

The DHS plans to use image data aggregated from commercial surveillance systems operated by airlines and airports, as well as DHS cameras, including non-obvious cameras, to identify air travelers (including both domestic and international travelers), international ferry and cruise passengers, and travelers crossing US land borders in vehicles or on foot.

Automated identification of travelers based on facial images would be used as the basis for who is, and who is not, allowed to travel, based on travel histories and algorithmic “risk assessments” that form the US counterpart of, and predecessor to, China’s control of  travel and other activities through facial recognition and “social credit” scoring.

The latest PIA makes a variety of claims about how the risks to privacy and human rights inherent in this scheme will purportedly be “mitigated”. Some of these “reassurances” are implausible, while others are already contradicted by the facts on the ground. And none of them would cure some of the ongoing violations of Federal law in current DHS practices.

Read More

Nov 02 2018

What China calls “social credit”, the US calls “risk assessment”

A viral video of an announcement on a Chinese high-speed train and a series of reports (here and here) on NPR have prompted a surge of interest this week in China’s “social credit” system:

Dear passengers: People who travel without a ticket, behave disorderly, or smoke in public areas will be punished according to regulations, and the behavior will be recorded in individual credit information system. To avoid a negative record of personal credit, please follow the relevant regulations and help with the orders on the train and at the station.

Despite unwarranted comparisons to US financial credit scores, “social credit” scoring in China is used by the government and para-statal entities, not just private companies, and not just for financial decision-making.

One of the NPR stories as well as a report last month by the Australian Broadcasting Co. include interviews with people who discovered they were barred by the Chinese government from travel on high-speed trains as a result of “social credit” scores, regardless of their ability to pay for tickets.

Dystopian? Yes.

Unjust? Yes?

“It can’t happen here?” No.

It already happens here, every day, to everyone who travels by airline or engages in bank or credit card transactions.

You may not realize it until you are mysteriously unable to obtain a boarding pass or complete a financial transaction, but each of these activities is already subject to secret, permission-based, extrajudicial prior restraint by the US government.

The default is “no”.  Since a little over 10 years ago, US Federal regulations have forbidden any airline from issuing a boarding pass unless and until it has sent the would-be traveler’s itinerary and identifying information to the DHS and has received back an individualized, per-passenger, per-flight, permission-to-travel message from the DHS. The DHS generates a secret “risk score” for each passenger, which determines how closely they are searched and questioned, whether the airline is instructed to call the police when they try to check in, and other aspects of how they are treated.

Even before airlines or banks get to the point of consulting the government, “carrier sanctions” and similar sanctions against financial institutions give them a financial incentive to err on the side of saying “no”, not “yes”.

You don’t have to be on a government blacklist for your air travel or financial transactions to be blocked by the US government or by airlines or banks acting at the government’s behest. There are multiple air travel blacklists (euphemistically and inaccurately called “watchlists”), but no-fly and transaction-processing decisions are also made in real time, on the basis of algorithmic “pre-crime” predictions (euphemistically and misleadingly called “risk assessments”, despite the lack of any evidence of a correlation between these scores and actual “risk”).

What China calls “social credit scoring”, the US calls “risk-based screening”.

Government blacklists and real-time pre-crime policing are being applied to control a growing range of activities of daily life. But air travel and financial transactions are the areas where the US government already has a fully deployed and operational real-time “social credit” system in which private service providers are seamlessly integrated with government agencies to surveil and control our everyday activities.

The question isn’t whether the US should have a “social credit” system — it already does — but whether it should be expanded to more aspects of our lives, or rolled back.

It can happen here. It is happening here. It will continue to happen here until we stop it.

China’s social credit system provides a useful object lesson in the three essential preconditions for a system of ID-based surveillance and control. We can block or impede the expansion of such schemes by undermining any of these three legs of the tripod:

  1. ID requirements to travel or engage in other transactions or activities — If you travel, pay, or act anonymously,  your individualized “score” can’t be used to control you. China’s “social credit” system is enabled by requirements to show government-issued ID to open a bank or mobile payment account or purchase a SIM card.  You can only rent a shared bicycle in China through an app, not by cash, and you can’t use the app without an ID-linked mobile phone and ID-linked payment account. So even if you travel around a Chinese city by shared bicycle, you can be tracked. Travel anonymously, and use cash or other anonymous forms of payment.
  2. Collection of ID-linked transaction and position data  — Chinese “social credit” scores and US “risk assessments” are based on travel, movement, and transaction histories. Some of this data is collected through biometric identification, primarily automated  facial recognition. Other data is “ingested” by the government from commercial databases such as travel reservations and financial transactions. Private companies can and should resist requests for this data, but can’t be counted on to do so. No airline, for example, has ever challenged government demands for warrantless access to the entirety of their reservation database, including free-text derogatory internal comments by front-line reservation and customer-service staff that are imported directly into permanent DHS files used for “risk” scoring. Once personally identified or identifiable data is collected, it’s almost impossible to resist demands for government access made in the name of “security”.  Any data that is collected about you can and will be used against you. The only real way to oppose this mass surveillance is #DoNotCollect. Just say no to requests for information, for consent to search, or for sharing of data with the government.
  3. Government control of movement, activity, and transactions — A key step in the implementation of the “social credit” system for air travel was the installation (at a cost to the airline industry of at least US$2 billion) of the control lines that transformed a reporting (i.e. surveillance) system into a “pre-crime” control system. It’s critical to defend against having our Constitutional and human rights redefined as privileges to be exercised only by prior permission of the government —  as the right to travel by common carrier has already been. Demand that restrictions on the exercise of rights be based on evidence-based court orders, not pre-crime fantasies.

As for the specific Chinese examples of travel by high-speed train, Amtrak, like the operators of Chinese trains, is a para-statal government-charterted corporation. In 2014, we made a FOIA request to Amtrak for records of Amtrak’s sharing of passenger data with the DHS and other law enforcement agencies. Amtrak has been releasing a trickle of responsive records, as we’ve been reporting. But Amtrak’s response remains incomplete, and this is now the oldest pending unanswered request in Amtrak’s FOIA queue.

 

Oct 15 2018

TSA announces “biometrics vision for all commercial aviation travelers”

Today the US Transportation Security Administration released a detailed TSA Biometric Roadmap for Aviation Security & the Passenger Experience, making explicit the goal of requiring mug shots (to be used for automated facial recognition and image-based surveillance and control) as a condition of all domestic or international air travel.

This makes explicit the goal that has been apparent, but only implicit, in the activities and statements of both government agencies and airline and airport trade associations.

It’s a terrifyingly totalitarian vision of pervasive surveillance of air travelers at, quite literally and deliberately, every step of their journey, enabled by automated facial recognition and by the seamless collaboration of airlines and airport operators that will help the government surveil their customers in exchange for free use of facial images for their own business purposes and profits.

The  closest contemporary counterpart to what the TSA envisions for the USA is the pervasive surveillance and control of travelers in China through automated facial recognition by the Public Security Bureau.

Read More

Oct 01 2018

Yes, the DHS wants mug shots of all air travelers

A new report by the DHS Office of Inspector General (OIG) gives perhaps the most detailed official picture to date of the US government’s plans for ed biometric identification, tracking, and control of international air travelers through automated facial recognition.

Contrary to specious claims in DHS propaganda that the current rollout of mug-shot machines at departure gates at airports across the country is “only a test,” the DHS OIG reports that US Customs and Border Protection (CBP) plans to expand the mug shot and automated facial image recognition program from 6 million air travelers in 2018 to 60 million in 2019, 120 million in 2020, and 129 million — 100% of international airline departures from the US — by 2021.

But that’s not all. “Over time, the program plans to … incrementally deploy biometric capabilities across all modes of travel — air, sea, and land — by fiscal year 2025,” according to the OIG report.

The scope of these plans should make clear that the only thing being “tested” is whether travelers will submit to this program, not whether it is justified or what interests it serves.

The OIG report mentions that US citizens have been “allowed” to opt out of the airport mug shot “pilot program “, but doesn’t say whether they were told they had a right to do so:

CBP allowed U.S. citizens to decline participation in the pilot. In such cases, CBP officers would permit the travelers to bypass the camera and would instead check the individuals’ passports to verify U.S. citizenship. When a U.S. citizen opted to participate in the pilot but did not successfully match with a gallery photo, the CBP officer would examine the individual’s passport but did not collect fingerprints. We observed biometric screening at four airports — a total of 12 flights — during our audit and witnessed only 16 passengers who declined to participate.

[Note the absence of any apparent notice that US citizens can “opt-out”.]

In preparing their report, OIG staff “met with a number of external stakeholders, including the Airlines for America trade association, Delta Airlines, JetBlue Airlines, and British Airways.” Notably, however, OIG made no attempt to consult consumer, civil liberties, or human rights organizations or to consider their objections to mandatory mug shots.

The only objections noted in the OIG report came from airlines and airport operators. But it would be a mistake to interpret this as “resistance” from the airline industry to biometric surveillance of airline passengers through automated facial recognition.

The OIG report makes clear that the only thing being disputed by airlines and airports is who will pay for equipment and staff, not whether these systems will be deployed: Read More