The US Government Will Be Scanning Your Face At 20 Top Airports, Documents Show
“This is opening the door to an extraordinarily more intrusive and granular level of government control.”
Posted on March 11, 2019, at 9:27 a.m. ET
In March 2017, President Trump issued an executive order expediting the deployment of biometric verification of the identities of all travelers crossing US borders. That mandate stipulates facial recognition identification for “100 percent of all international passengers,” including American citizens, in the top 20 US airports by 2021. Now, the United States Department of Homeland Security is rushing to get those systems up and running at airports across the country. But it’s doing so in the absence of proper vetting, regulatory safeguards, and what some privacy advocates argue is in defiance of the law.
According to 346 pages of documents obtained by the nonprofit research organization Electronic Privacy Information Center — shared exclusively with BuzzFeed News and made public on Monday as part of Sunshine Week — US Customs and Border Protection is scrambling to implement this “biometric entry-exit system,” with the goal of using facial recognition technology on travelers aboard 16,300 flights per week — or more than 100 million passengers traveling on international flights out of the United States — in as little as two years, to meet Trump’s accelerated timeline for a biometric system that had initially been signed into law by the Obama administration. This, despite questionable biometric confirmation rates and few, if any, legal guardrails.
These same documents state — explicitly — that there were no limits on how partnering airlines can use this facial recognition data. CBP did not answer specific questions about whether there are any guidelines for how other technology companies involved in processing the data can potentially also use it. It was only during a data privacy meeting last December that CBP made a sharp turn and limited participating companies from using this data. But it is unclear to what extent it has enforced this new rule. CBP did not explain what its current policies around data sharing of biometric information with participating companies and third-party firms are, but it did say that the agency “retains photos … for up to 14 days” of non-US citizens departing the country, for “evaluation of the technology” and “assurance of the accuracy of the algorithms” — which implies such photos might be used for further training of its facial matching AI.
“Government, without consulting the public is using facial recognition to create a digital ID of millions of Americans.”
“CBP is solving a security challenge by adding a convenience for travelers,” a spokesperson said in an emailed response to a detailed list of questions from BuzzFeed News. “By partnering with airports and airlines to provide a secure stand-alone system that works quickly and reliably, which they will integrate into their boarding process, CBP does not have to rebuild everything from the ground up as we drive innovation across the travel experience.”
The documents also suggest that CBP skipped portions of a critical “rulemaking process,” which requires the agency to solicit public feedback before adopting technology intended to be broadly used on civilians, something privacy advocates back up. This is worrisome because — beyond its privacy, surveillance, and free speech implications — facial recognition technology is currently troubled by issues of inaccuracy and bias. Last summer, the American Civil Liberties Union reported that Amazon’s facial recognition technology falsely matched 28 members of Congress with arrest mugshots. These false matches were disproportionately people of color.
“I think it’s important to note what the use of facial recognition [in airports] means for American citizens,” Jeramie Scott, director of EPIC’s Domestic Surveillance Project, told BuzzFeed News in an interview. “It means the government, without consulting the public, a requirement by Congress, or consent from any individual, is using facial recognition to create a digital ID of millions of Americans.”
“CBP took images from the State Department that were submitted to obtain a passport and decided to use them to track travelers in and out of the country,” Scott said.
“Facial recognition is becoming normalized as an infrastructure for checkpoint control,” said Jay Stanley, an American Civil Liberties Union senior policy analyst and a participant at meetings that CBP has organized with privacy advocates. “It’s an extremely powerful surveillance technology that has the potential to do things never before done in human history. Yet the government is hurtling along a path towards its broad deployment — and in this case, a deployment that seems quite unjustified and unnecessary.”
“The government is hurtling along a path towards facial recognition’s broad deployment — and in this case, a deployment that seems unjustified and unnecessary.”
In response, CBP intimated that there shouldn’t be any privacy concerns around its biometric facial recognition program. “CBP is committed to protecting the privacy of all travelers and has issued several Privacy Impact Assessments related to [its biometric entry-exit program], employed strong technical security safeguards, and has limited the amount of personally identifiable information used in the transaction,” the agency spokesperson said.
But this statement belies the far-reaching ambitions of the program, according to the documents reviewed by BuzzFeed News. CBP, the documents say, wants facial recognition at “initial operating capability” by year’s end, with the agency using it for as many as 30 international flights across more than a dozen US airports per day.
In the US, there are no laws governing the use of facial recognition. Courts have not ruled on whether it constitutes a search under the Fourth Amendment. There are no checks, no balances. Yet government agencies are working quickly to roll it out in every major airport in the country. It’s already being used in seventeen international airports, among them: Atlanta, New York City, Boston, San Jose, Chicago, and two airports in Houston. Many major airlines are on board with the idea — Delta, JetBlue, British Airways, Lufthansa, and American Airlines. Airport operations companies, including Los Angeles World Airports, Greater Orlando Aviation Authority, Mineta San Jose International Airport, Miami International Airport, and the Metropolitan Washington Airports Authority, are also involved.
“Airlines, airports, TSA, and CBP are facing fixed airport infrastructure with little opportunities for major investment, increased national security threats with pressures for solutions, and increased traveler volume,” CBP’s Concept of Operations document, released in June 2017, states. “Collectively, this is a status quo that is not sustainable for any of the main stakeholders, and failure to change will ultimately result in increases in dissatisfied customers, use of alternative modes of travel, and vulnerability to serious threats.”
In June 2016, CBP began its first pilot for facial recognition technology in airports at the Hartsfield–Jackson Atlanta International Airport. Once a day, for a flight from Atlanta to Tokyo, Japan, passengers’ passport photos were biometrically matched to real-time photographs. Before travelers proceeded to the passenger loading bridge to board their flight, CBP officers told passengers to scan their boarding passes, then a camera snapped a digital image of the traveler’s face; a CBP-developed back-end system called the Departure Information System used facial recognition to automatically compare photos during boarding against a photo gallery. Everyone between the ages of 14 and 79 was expected to participate.
“Failure to change will ultimately result in increases in dissatisfied customers, use of alternative modes of travel, and vulnerability to serious threats.”
The CBP’s stated goal here was simply to “identify any non-U.S. citizens subject to the exit requirements who may fraudulently present” travel documents. The agency said it had “no plans to biometrically record the departure of U.S. citizens.” But the CBP also said it “does not believe there is enough time to separate U.S. citizens from non-U.S. citizen visitors prior to boarding” … “therefore, facial images will be collected for U.S. citizens as part of this test so that CBP can verify the identity of a U.S. citizen boarding the air carrier.” CBP said that once a traveler is identified and confirmed as a U.S. citizen, their images are deleted.
Three months later, the agency switched to a daily flight from Atlanta to Mexico City. By the end of November 2016, CBP was running tests on an average of seven flights per week. From these tests, according to a DHS Office of Inspector General (OIG) audit of the government’s facial recognition biometrics program, published in September 2018, “CBP concluded that facial recognition technology … was the most operationally feasible and traveler-friendly option for a comprehensive biometric solution.”
In June 2017, CBP added three more international airport locations “to further assess facial matching technology as a viable solution,” according to the OIG report. Five more airports followed by October 2017. Today, 17 airports* are in the program, with three more in the works.
During its 2017 expansion, CBP’s Departure Information System was replaced by a more advanced automated matching system, called Traveler Verification Service (TVS). As CBP documents explained, TVS could “[operate] in a virtual, cloud-based infrastructure that can store images temporarily and operate using a wireless network.” Once a passenger boarded a plane, TVS also automatically transmits confirmation that there is a biometric match across other DHS systems.
CBP says it allows U.S. citizens to decline facial verification and to instead have their identities confirmed through the usual manual boarding process. “CBP works with airline and airport partners to incorporate notifications and processes into their current business models, including signage and gate announcements, to ensure transparency of the biometric process,” an agency spokesperson said in an email to BuzzFeed News. But of 12 flights observed by OIG during its audit in 2017, only 16 passengers declined to participate.
Comments are closed