Feb 07 2020

The nightmare of airport facial recognition

[TSA Biometrics Roadmap, September 2018. Note that face ID will be used for all air travelers and that all use of physical ID credentials is “phasing out” in favor of facial recognition and digital tokens on mobile devices.]

[IATA airline vision for shared use of facial recognition by governments, airlines, and airports]

The ACLU has released an important white paper on airport facial recognition by ACLU senior policy analyst Jay Stanley. Citing some of our previous reporting and analysis, the ACLU white paper focuses, appropriately, not so much on the details of current use of facial recognition at airports, but on where governments and the aviation industry — who share a an explicitly-recognized interest in common use of facial recognition — say it will lead if we don’t stop them.

Driving the dystopian trend called out in the ACLU white paper is the malign convergence of interest between governments that want to use facial recognition and other techniques of compelled and automated identification for surveillance and control of travelers’ movements, and airlines, airports, and other businesses that want to share use of the same identification systems and data for business process automation and commercial tracking and profiling of travel customers.

Below are some key excerpts, but we encourage you to read the full ACLU white paper:

Customs and Border Protection’s new airport face recognition system has attracted a lot of attention and criticism, most recently last month when the agency backed away from suggestions that it would make the program mandatory for American citizens….

CBP officials argue that this program doesn’t involve mass surveillance. But CBP’s program still involves the mass collection of photographs of the general public….

The biggest harm from this program, however, is likely to come from the investment that it represents, the precedent it sets, and the path it puts us on as a society.

And where that path leads is a nightmare. It hardly takes a paranoid flight of fancy to foresee this program morphing into something far more comprehensive and dystopian — a world where face recognition is used throughout our public spaces to scrutinize our identity, record our movements, and create a world where everyone is constantly watched….

DHS and the aviation industry as a whole have a sweeping vision of expanded use of face recognition in the air travel context, and the government itself has already laid out — and begun following — a very specific, clear, and well-defined pathway for how the current program leads to a much broader implementations of face surveillance at the airport. And from there, it will be poised to expand far beyond the airport.

Here is what that pathway looks like:…

Read More

Jan 02 2020

Drivers’ license data sold to businesses, given to Feds

As we start the year of the once-a-decade US Census, it’s an appropriate time to start looking at some of the ways and the purposes for which data — including drivers license data — is used and shared by the Bureau of the Census.

State agencies that issue drivers’ licenses want us not to object to their demands for more and more personal information about matters unrelated to driving — digital photos, scans of birth certificates and social security cards, etc. — in order to obtain drivers’ licenses that comply with the Federal REAL-ID Act.

State driver licensing agencies say we shouldn’t worry — notwithstanding the requirement of the REAL-ID Act that drivers’ license and state ID data be made available electronically to all other states — because this data will only be shared “as permitted by law”.

But what does that mean? What sharing of this data does the law permit?

Recent reports show that drivers’ license data can be, and is, widely shared with both commercial entities and Federal agencies — including the Bureau of the Census, which will be conducting the decennial census in 2020 — for purposes unrelated to motor vehicle operation or drivers’ licenses. Both Federal and state agencies say that all of this is permitted by the Drivers Privacy Protection Act (DPPA).

Read More

Dec 12 2019

Port of Seattle to develop policies on use of biometrics to identify travelers

This week the Port of Seattle Commission — a special-purpose government body elected by the voters of King County, Washington, to administer both the Seattle-Tacoma International Airport and the maritime Port of Seattle — became the first airport operating or oversight body in the US to publicly discuss any policy for use of facial recognition and other biometrics to identify and track travelers.

Dozens of community members, technical experts, and members and representatives of local, national, and international civil liberties and human rights organizations including the Identity Project, the World Privacy Forum, the ACLU of Washington, the Japanese American Citizens League (JACL), Puget Sound Sage, the Seattle Privacy Coalition, cyber-security experts, and many others submitted written statements to the Port Commission or testified in person at the Port Commission meeting on December 10th in opposition to biometric tracking of travelers at Sea-Tac Airport and the Seattle cruise ship terminal.

The only testimony to the Port Commission in support of biometrics to identify travelers came from a representative of Alaska Airlines, who asked the airport to make available “common-use” biometric passenger identification infrastructure and systems that could be used by all airline tenants at Sea-Tac.

Contrary to some reports, the Port of Seattle Commission adopted neither a moratorium on current or additional deployments of biometric traveler identification systems at Sea-Tac and the Seattle cruise ship port, nor any binding rules for the continued or expanded use of biometrics.

Port Commissioners made explicit during this week’s public meeting that they have not yet made any decision on which current and/or proposed new or expanded biometric systems or uses, if any, or what regulations or contractual terms of airport leases to airline tenants related to biometrics the Port Commission will eventually approve.

The motion adopted by the Port Commission is a directive to Port staff who have approved years of biometrics deployments at Sea-Tac (including Automated Passport Control kiosks for biometric entry tracking of arriving international passengers) and the Seattle cruise ship port without, to date, any formal standards or meaningful assessment of their purpose,  justification, or impact. The Port Commission has now ordered what amounts to a “do over” by Port staff:

Through this motion, a port working group is established to develop further recommendations governing port policy related to use of public-facing biometric technology.

This working group is to be composed of Port staff and operate in line with general principles, procedural guidelines, and a schedule included in the Port Commission motion.

Port staff are to “engage active participation from an advisory group [to be named later by Port staff] composed of community partners, travelers, maritime and aviation industry partners, and other impacted stakeholders”. The Port Commission will only then decide whether, and if so on what terms, the Port will allow continued and/or expanded use of biometric systems to identify travelers on Port premises. “Policy recommendations shall be delivered to the commission by the end of the first quarter of 2020…. The commission … expects a policy governing the use of public-facing biometric technology to be delivered to the commission by the end of the second quarter of 2020.”

As we explained in our written testimony to the Port Commission, and in person near the start of the public comment period at the Port Commission meeting on December 10th, there’s a malign convergence of interest between airlines’ desire to use facial recognition for business process automation and personalization, and government agencies’ desire to use the same systems for profiling, surveillance, and control of travelers.

The unfortunate result has been the development of integrated common-use systems of commercial and government biometric tracking.

Read More

Dec 03 2019

Seattle Port Commission to consider rules for airport facial recognition

We’ll be in Seattle on December 10, 2019, to give public comments (see our detailed written testimony submitted in advance) at a meeting of the Port of Seattle Commission concerning a proposed resolution on use of facial recognition by airlines at the Seattle-Tacoma International Airport (SEA).

This will be the first time that any operator of a US airport has publicly considered any policies to govern use of facial recognition by airlines or on airport property.

The public authorities that operate almost all major US airports have a key role to play in oversight of traveler surveillance systems deployed on their premises by their tenants.

Read More

Nov 21 2019

What will the REAL-ID Act mean for Californians?

[Steve Gordon, Director of the California Department of Motor Vehicles]

The director of a $9 million state publicity campaign to persuade Californians that they will be “turned away at the TSA checkpoint” if they try to fly without ID and that “you will need to show federally-compliant identification in order to board a domestic flight within the U.S.” admits that he knows you can fly without any ID, and he’s flown without ID himself.

That admission by Steve Gordon, Director of the California Department of Motor Vehicles (DMV), came following a hearing in Los Angeles yesterday at which we also testified (written testimony, video starting at 1:10:23) before the California Assembly Budget Subcommittee responsible for oversight of the DMV.

California DMV Director Gordon said the DMV has an “overall budget north of $9 million” for an “awareness and motivational campaign” in all media — billboards, online keyword advertising buys , etc. — to “drive people to action” to apply for REAL-ID cards.

Gordon said that the DMV had changed its message from “You can apply for either a REAL-ID ‘compliant’ or ‘noncompliant’ drivers license or ID card” to, “You should get a REAL-ID card,” because it was “too confusing” to tell people they have a choice.

Read More

Oct 02 2019

Do I need ID to ride a train?

We’ve been trying for years to find out what the real story is with respect to ID requirements for travel by train, especially on Amtrak.

Amtrak and Greyhound ID policies and practices are of paramount importance to the mobility of undocumented people and people who, whether or not they are eligible for or have chosen to obtain government-issued ID credentials, don’t want to show their papers to government agents as a condition of exercising their right to freedom of movement.

Amtrak and Greyhound policies and practices will become even more important if the government and/or airlines further restrict air travel by people who don’t have, or don’t show, ID credentials that comply with the REAL-ID Act.

The latest responses to our requests for Federal and state public records reveal more about passenger railroad policies and practices, but still don’t give a clear answer.

What we can say at this point, based on the records disclosed to us to date, is that:

  1. There are substantial discrepancies and contradictions between what the TSA has told Amtrak to do, what Amtrak tells its own staff about what is required, what Amtrak tells travelers about what is required and the basis for those requirements, and what Amtrak staff actually do. Those variations make it impossible to determine unambiguously what “the rules” are for Amtrak travel, or what is “required”.
  2. Some of Amtrak’s claims, including its claim that passengers are required by the TSA to have and to show ID to travel by Amtrak, are blatant lies.
  3. TSA Security Directive RAILPAX-04-02, cited by Amtrak in its employee manual as the basis for demanding that passengers show ID, requires Amtrak to “request” (not demand) that passengers show ID, but does not purport to require passengers to respond to such requests and does not prescribe any sanctions on passengers for failure, refusal, or inabiity to show ID.
  4. Amtrak has instructed its staff that “If the customer responds they are 18 or older and do not have valid identification, … the Amtrak police must be notified by the quickest available means away from the customer,” but also that, “Failure to possess the proper photo identification is not, by itself, sufficient reason to have the customer removed from the train.” Amtrak has not yet responded to our FOIA request for Amtrak Police policies and staff directives for what to do in such cases.
  5. Although Amtrak is unquestionably an instrumentality of the Federal government, and transportation by Amtrak is unquestionably a Federal government activity, the list of ID credentials deemed acceptable by Amtrak does not correspond to the list of forms of ID deemed by the DHS to be acceptable for “Federal purposes” pursuant to the REAL-ID Act of 2005.  Amtrak says it accepts several forms of ID that do not comply with the REAL-ID Act. None of Amtrak’s ID policies, procedures, or staff directives disclosed to date mention the REAL-ID Act or when or how it might be implemented by Amtrak, although records of such policies or of discussions related to them would be responsive to soem of our pending FOIA requests.

Where does this leave undocumented long-distance travelers, including those who turn to Amtrak as a government-operated common carrier of last resort?

Read More

Aug 28 2019

Public/private partnerships for travel surveillance

In preparation for the annual Future Travel Experience – Global conference next month in Las Vegas, which will include tours of the TSA’s prototype biometric checkpoint and a “Biometrics Summit” featuring joint presentations by the TSA, CBP, and their partners, both the DHS and its airline, airport, and industry partners (Part 1, Part 2) have released new previews of their plans for collaboration in surveillance and control of air travel through automated facial recognition.

As we’ve noted before, one of the more significant lies being told by the US Department of Homeland Security about its plans for increased surveillance and tracking of travelers is  that airlines and airport operators have no commercial interest in retaining or using facial images and other biometric data collected on behalf of DHS components including the TSA and CBP.

In reality, airlines and airport operators are eager to share facial recognition insfrastructure (cameras, kiosks, etc.) and data with the DHS. Airlines, airports, and the DHS all see this collaboration as fundamental to their plans to transform the airline and airport passenger “processing” experience through a panopticon of shared-use biometric ID systems.

According to a  two-part post in the Future Travel Experience conference blog (Part 1, Part 2), “Biometric technology is expected to play a key role in shaping the seamless passenger experience of the future.”

One of the briefings at the FTE Global 2019 Biometric Summit will be given by CBP’s “Director of Entry/Exit Transformation”, who described his mission as “developing U.S. biometric entry/exit system through private sector partnerships”.

Some of the airline and airport executives quoted in the FTE blog post have begun to argue that airline passengers should be allowed to opt out of biometric identification. But there’s no mention of how that would work or how long those who opt out would be delayed.

The FTE blog post also notes that:

[A]s the use of biometrics is becoming more widespread and the technology is advancing quickly, there have been rising concerns around privacy and data security from a civil rights point of view. For instance, San Francisco became the first US city to ban facial recognition technology as part of an anti-surveillance ordinance, though the ban doesn’t affect federal agencies, such as San Francisco International Airport.

This claim that SFO is a Federal agency exempt from San Francisco legislation is wishful thinking on the part of proponents of biometric surveillance and control of air travelers. While SFO is located in unincorporated San Mateo County, the land and buildings are owned by the City and County of San Francisco and operated by an instrumentality of the City and County of SF. The San Francisco ordinance applies to all City and County departments, including SFO.

Most other major airports are, like SFO, operated by state, county, or municipal governments and/or by other public or publicly-chartered entities subject to state and local public records laws and accountable, at least in theory, to state and local elected officials. These entities could, and should, prohibit any use of automated facial recognition on their property or by their lessees or contractors. Only Federal agencies themselves could escape the jurisdiction of such conditions on use of airport property.

Contradicting the public claim that airlines and airports have no interest in using biometric data shared with CBP, the FTE blog says that, “CBP’s view is that we will see further expansion into other aspects of the travel continuum, such as bag drop, international boarding and improved arrival process.” And of course a CBP spokesperson also tells the FTE blog that, “This is not a surveillance programme .”

Meanwhile, the DHS has released a Privacy Impact Assessment for the Travel Document Checker Automation Using Facial Recognition to be tested and first deployed at LAS airport, with its unveiling to attendees of the FTE Global 2019 conference.

The PIA acknowledges, in a footnote, that, “For passengers who are unable to present verifying identity documentation, TSA offers an alternative identity verification process in which passengers answer knowledge-based questions.” But the PIA ignores the fact that this questioning is being conducted illegally, without the required OMB approval, in violation of the Paperwork Reduction Act and other statutes.

In late 2016, the TSA gave notice that it planned to request OMB approval for the form that air travelers without ID or with ID deemed unacceptable are asked to complete. But the TSA received numerous objections, including ours, in response to this notice, and has not yet submitted a request to OMB for approval of the form or the “knowledge-based” questioning of travelers (which is based on commercial data aggregated by the Accurint division of Lexis-Nexis).

The last time we tried to attend a government-industry lovefest like FTE Global, we were ordered to leave and our registration fee and, eventually, our travel expenses were refunded. We’d welcome reports from our readers, workers at the conference venue, or other whistleblowers or leakers as to what gets said at FTE Global 2019.

Aug 08 2019

CBP lies about US citizen with ID detained at non-border checkpoint, held for 26 days

Francisco Erwin Galicia, an 18-year-old Dallas-born U.S. citizen, was detained by US Customs and Border protection officers at a checkpoint in Falfurrias, Texas, on June 27th, while on his way to a youth soccer event with a group of relatives and friends, and held until July 23rd. He was held incommunicado for the first several weeks, and was kept in  CBP custody even after he was able to contact his family and a lawyer. He was released less than 24 hours after his detention was reported by the Dallas News.

As what happened to Mr. Galicia has been more widely reported,  he’s become a poster child for everything that’s wrong with the CBP and it’s checkpoints. That’s appropriate, but it’s also worth noting that:

  1. This isn’t the worst mistreatment that’s been imposed on US citizens by CBP. Mr. Galicia was held in the US rather than being deported (because, despite threats and intimidation, he refused to consent to “voluntary” deportation), held for less than a month, and released without gross physical injuries (although presumably with psychological trauma) Other US citizens, including those cases have been tracked and documented by Prof. Jacqueline Stevens and her students at the Deportation Research Clinic at Northwestern University, whose  have been deported from the US, spend years or in some cases decades abroad before being able to return, or suffered permanent physical injuries from maltreatment, neglect, or violence in custody or in countries to which they were wrongfully deported.
  2. This isn’t about border security, immigration, or US borders. Mr. Galicia wasn’t detained at the US border, while trying to cross the border, or on the basis of any particularized suspicion that he had done so or tried to do so. He was detained at a suspicionless checkpoint operated for general law enforcement purposes (mainly to find small amounts of marijuana and sometimes other drugs) 60 miles from the border. This is about controls on internal movement within the US.
  3. This isn’t about not having, not carrying, or not showing ID. The permanent checkpoint in Falfurrias has been in continuous operation for years, and Mr. Galicia knew that — whether it was legal or not — he’d have to be interrogated by CBP officers, and quite likely have to show his papers, to get to the next town. Mr. Galica was carrying, and showed the CBP officers at the checkpoint, his birth certificate, state ID card, and Social Security card. Ironically, this is exactly the combination of documents that would be required to obtain a “REAL-ID Act compliant” ID: three separate documents providing evidence of citizenship (birth certificate showing birth in the US), state residence (Texas state ID), and Social security number.
  4. It wouldn’t matter if Mr. Galicia were a dual citizen. CBP later claimed to have been confused by other documents carried by Mr. Galicia that they though suggested he might have been a Mexican citizen. But it’s not a violation of US law or a bar to US citizenship to hold by birthright, or to acquire, citizenship of Mexico or of any other country or countries. Millions of US citizens are legal dual citizen or multiple citizens, with the largest numbers of US dual and multiple citizens holding citizenship in Mexico, Canada, Ireland, the UK, and/or Israel in addition to US citizenship. Evidence of Mexican or any other citizenship is not evidence of lack of US citizenship.
  5. CBP officials lied about what happened to try to justify their actions, with one CBP official perjuring himself before Congress in testimony whose falsehood is proven by official CBP records served on Mr. Galicia and his lawyer.  Brian S. Hastings, Chief of Law Enforcement Operations for the US Border Patrol division of CBP, told the House Judiciary Committee in response to questions at an oversight hearing on July 25th that throughout his time in custody Mr. Galicia had never told the CBP officers who arrested or detained him that he was a US citizen. (The question from Rep. Ted Lieu and Rep. Eric Swalwell and the perjured answer by Chief Hastings begin at 4:45:00 of this video of the hearing.) But the Notice to Appear served on Mr. Galicia and signed by the acting Border Patrol agent in charge, alleges on behalf of CBP that Mr. Galicia was “found” at the CBP checkpoint in Falfurrias, “more than 25 miles from the United States border with Mexico”,  on June 27th, and “At that time, you… represented yourself to be a citizen of the United States,” as in fact Mr. Galicia was and is. Rep. Lieu and several other members of Congress have asked for better answers from CBP, but that’s not enough. By now, Mr. Hastings should have been charged with perjury. So far as we can tell, he remains at large, on the job and on the payroll of CBP.
Aug 05 2019

Questions about the REAL-ID Act

Fragmentary and jumbled records related to the REAL-ID Act of 2005 released by the US Department of Homeland Security in response to one of our Freedom Of Information Act (FOIA) requests don’t reveal much about DHS policy, but do provide a glimpse of DHS practices and plans.

The DHS has been threatening to harass, interfere with, or bar access to facilities or passage through checkpoints (including, but not limited to, those at airports) to people who don’t have, don’t carry, or don’t show ID; show ID that the DHS doesn’t deem compliant with the REAL-ID Act; or show ID issued by states or territories that the DHS deems insufficiently compliant with the REAl_ID Act.

These threats to deny equal rights to residents of noncompliant states and territories have been central to the DHS campaign to extort compliance from state and territorial officials reluctant to upload their residents’ data to an outsourced, privately-held national ID database.

But what sort of enforcement problem, at what scale, is this likely to pose for the DHS and those collaborators carrying out its REAL-ID directives? How many people will be affected, at what sorts of facilities and locations, in what circumstances?  Inquiring minds want to know, including opponents of the REAL-ID Act like ourselves, but also including officials at DHS headquarters trying to devise a workable REAL-ID enforcement plan.

Read More

Jul 12 2019

CBP settles lawsuit challenging demand for ID from arriving domestic airline passengers

The US Customs and Border Protection (CBP) division of DHS has agreed to a settlement with passengers who were ordered to show ID documents before they were allowed to leave a Delta Air Lines plane after it arrived in New York after a flight from San Francisco.

Nine of the passengers on the February 2017 flight , represented by the ACLU and cooperating lawyers from Covington & Burling, sued the CBP and CBP and Immigration and Customs Enforcement (ICE) officials. They complained that the warrantless, suspicionless dragnet search of the ID documents of everyone on the plane violated the 4th Amendment, and that the CBP policy for such searches was invalid.

In their answer to the court complaint, the defendants admitted “that the officers did not have a search warrant or probable cause to arrest Plaintiffs, the officers did not arrest Plaintiffs, and the officers did not have reasonable suspicion to conduct a Terry stop, nor did they conduct a Terry stop of the Plaintiffs.” But they claimed that this was an isolated incident, not a matter of CBP policy or practice. The CBP port director for JFK airport, who had told reporters that ID checks on arriving passengers were “routine” and happen “every day”, changed his story in court and submitted a declaration that had never heard of another such incident.

Noting the factual issue raised by the contradictions between the statements made by the same CBP officials to the press and to the court, the court denied the defendants’ motion to dismiss the complaint, and ordered the defendants to disclose their policies for “training of …  CBP officers as regards compliance with the Fourth Amendment to the U.S. Constitution in locations within the United States other than within a Customs security area.”

As the deadline for that discovery order was expiring, the defendants agreed to a settlement. The settlement requires CBP to pay the plaintiffs’ legal fees and train all CBP officers (a) that “CBP Office of Field Operations does not have a policy or routine practice of compelling or requesting that passengers deplaning domestic flights submit to suspicionless document checks”, and (b) that “to the extent feasible”, when CBP conducts “consensual encounters” (search and interrogation) of domestic airline passengers, they should inform those passengers that cooperation is voluntary and that “passengers who decline to cooperate will not suffer any enforcement consequence as a result”.

The settlement is a (small)step in the right direction. But it leaves unresolved several of the key legal issues raised by demands by law enforcement officers for airline passengers to show evidence of identity in order to be allowed to deplane:

  1. Does CBP (or any other law enforcement agency) have the legal authority to demand that airline passengers identify themselves? The settlement says that CBP doesn’t have a  “policy or routine practice ” of doing so, but is silent on whether it claims, or has, the legal authority to do so or to adopt such a policy or practice in the future.
  2. What about ID demands of arriving passengers that aren’t carried out pursuant to a “policy” or as part of a “routine practice”?  Are they reasonable or consistent with the Fourth Amendment? The ACLU continues to argue, and we agree, that, “If officers want to check [domestic] passengers’ identification documents, they can only do so with the passengers’ consent. And if a passenger does not consent, the officers cannot detain that person, even for a brief period, without reasonable suspicion of a violation of the law.” But the settlement is silent on the Constitutionality of such seizures or demands for ID, even if they affect every passenger on a particular flight.

Despite this settlement, it remains for a future case for the courts to squarely address and rule on the Constitutionality of demands for airline passengers to show ID.