A slow motion revolution in airport security that threatens the privacy of all traveling Americans is underway. The Department of Homeland Security (DHS) is using facial scanners at a handful of airports across the country to identify international travelers. Whether the scanners are efficient at catching imposters is unknown. In addition, the scanners are the latest DHS tools set to expand government surveillance capabilities. DHS should scrap plans to expand facial scanning capabilities and remove the scanners from airports.
Once reserved to the imaginations of science fiction novel and screenplay writers, facial recognition technology is now an increasingly common part of law enforcement toolkits across the globe. Police in Britain, Germany, China, and elsewhere have used or tested facial recognition technology. In the United States, about half of American adults are in a law enforcement facial recognition network. The facial images included in these databases do contain mugshots, but they also include photos collected by some state DMVs that are shared with the Federal Bureau of Investigation.
DHS is planning to deploy more facial scanners at airports across the country, but as a new study from Georgetown Law’s Center on Privacy and Technology shows, plans to expand facial scanning at airports raise serious efficacy and privacy concerns.
Biometric collection at airports in nothing new. In the wake of 9/11 Congress passed a range of legislation mandating the implementation of a biometric entry-exit system. However, Congress has not explicitly authorized the collection of Americans’ biometrics at the border or ports of entry. As the Georgetown paper points out, DHS collecting Americans’ biometrics without going through the required rulemaking process puts airport facial scans on unstable legal ground.
As if the questionable legality of the facial scanners being used on Americans wasn’t concerning enough, there are issues associated with efficacy. While TV shows such as CSI may lead people to think that facial scanning is exact, the technology is far from perfect.
A privacy impact assessment for DHS’ facial scanning program states, “CBP requires an accuracy goal of 96% [true acceptance rate] for facial images acquired in an airport/seaport exit environment.” But a system that is very good at identifying people who are not lying about who they are is hardly all that a airport security system needs to do. A good identify verification scheme will find those people (such as visa overstays) who are lying about their identity. Yet DHS has yet to measure how effective its facial scanning system is at catching those pretending to be someone they’re not.
Georgetown’s researchers explain:
DHS’ face- scan-based biometric exit program may also fail as a technical matter: DHS has never measured the efficacy of airport face scans at catching impostors traveling with fraudulent credentials. There is good reason to be skeptical of the system’s efficacy. Due to the challenges inherent to face recognition, it would be difficult for DHS to develop a system that is effective at catching every impostor without severely inconveniencing all other travelers.
Problematically, DHS uses the wrong metric to evaluate the system’s success. DHS currently measures performance based on how often the system correctly accepts travelers who are using true credentials. But if the aim of this system is to detect and stop visa overstay travel fraud—as DHS suggests—it is critical and perhaps more important to assess how well it performs at correctly rejecting travelers who are using fraudulent credentials. Yet DHS is not measuring that.
The lack of data showing the effectiveness of DHS’ scanners should prompt officials to stop subjecting travelers to facial scans. An inefficient facial scan system runs the risk of inconveniencing travelers who have been misidentified as criminals or persons of interest. But even if the DHS facial scan system was accurate at picking out travelers committing identity fraud, the privacy issues associated with facial recognition alone should prompt officials to scrap DHS’ facial scan program.
It’s unlikely that DHS’ facial scanners will be confined to departure lounges. Congress could mandate their deployment elsewhere. Indeed, the TSA Modernization Act would, if implemented as written, require TSA and CBP to “facilitate, if appropriate, the deployment of […] biometric technology at checkpoints, screening lanes, bag drop and boarding areas, and other areas where such deployment would enhance security and facilitate passenger movement.”
As the Georgetown researchers note, facial scanning technology could spread to areas in airports where the public engage in First Amendment-protected activities, such as protests:
DHS’ airport face scans raise important questions about the expansion of government tracking tools in public spaces. As currently envisioned, biometric exit is limited to certain areas of specific airports, but the program may be expanded to additional privacy-invasive applications and may be made interoperable with other law enforcement agencies’ systems at the state, local, or federal level. The effects of these policies on free speech and association could be significant.
In the not too distant future DHS could also merge its facial scanning technology with drones and body cameras, only exacerbating the privacy threat. Customs and Border Protection, a DHS agency, is seeking small drones with facial recognition capabilities, and body camera manufacturers are interested in artificial intelligence as well as facial recognition.
The costs associated with these scanners clearly outweigh the benefits. They pose a significant risk to our privacy and have not been shown to be effective at catching criminals. As such, they should removed from airports.