In March 2017, President Trump issued an executive order expediting the deployment of biometric verification of the identities of all travelers crossing US borders. of which mandate stipulates facial recognition identification for “100 percent of all international passengers,” including American citizens, within the top 20 US airports by 2021. currently, the United States Department of Homeland Security will be rushing to get those systems up as well as running at airports across the country. although This specific’s doing so within the absence of proper vetting, regulatory safeguards, as well as what some privacy advocates argue will be in defiance of the law.
According to 346 pages of documents obtained by the nonprofit research organization Electronic Privacy Information Center — shared exclusively with BuzzFeed News as well as made public on Monday as part of Sunshine Week — US Customs as well as Border Protection will be scrambling to implement This specific “biometric entry-exit system,” with the goal of using facial recognition technology on travelers aboard 16,300 flights per week — or more than 100 million passengers traveling on international flights out of the United States — in as little as two years, to meet Trump’s accelerated timeline for a biometric system of which had initially been signed into law by the Obama administration. This specific, despite questionable biometric confirmation rates as well as few, if any, legal guardrails.
These same documents state — explicitly — of which there were no limits on how partnering airlines can use This specific facial recognition data. CBP did not answer specific questions about whether there are any guidelines for how some other technology companies involved in processing the data can potentially also use This specific. This specific was only during a data privacy meeting last December of which CBP made a sharp turn as well as limited participating companies via using This specific data. although This specific will be unclear to what extent This specific has enforced This specific fresh rule. CBP did not explain what its current policies around data sharing of biometric information with participating companies as well as third-party firms are, although This specific did say of which the agency “retains photos … for up to 14 days” of non-US citizens departing the country, for “evaluation of the technology” as well as “assurance of the accuracy of the algorithms” — which implies such photos might be used for further training of its facial matching AI.
“Government, without consulting the public will be using facial recognition to create a digital ID of millions of Americans.”
“CBP will be solving a security challenge by adding a convenience for travelers,” a spokesperson said in an emailed response to a detailed list of questions via BuzzFeed News. “By partnering with airports as well as airlines to provide a secure stand-alone system of which works quickly as well as reliably, which they will integrate into their boarding process, CBP does not have to rebuild everything via the ground up as we drive innovation across the travel experience.”
The documents also suggest of which CBP skipped portions of a critical “rulemaking process,” which requires the agency to solicit public feedback before adopting technology intended to be broadly used on civilians, something privacy advocates back up. This specific will be worrisome because — beyond its privacy, surveillance, as well as free speech implications — facial recognition technology will be currently troubled by issues of inaccuracy as well as bias. Last summer, the American Civil Liberties Union reported of which Amazon’s facial recognition technology falsely matched 28 members of Congress with arrest mugshots. These false matches were disproportionately people of colour.
“I think This specific’s important to note what the use of facial recognition [in airports] means for American citizens,” Jeramie Scott, director of EPIC’s Domestic Surveillance Project, told BuzzFeed News in an interview. “This specific means the government, without consulting the public, a requirement by Congress, or consent via any individual, will be using facial recognition to create a digital ID of millions of Americans.”
“CBP took images via the State Department of which were submitted to obtain a passport as well as decided to use them to track travelers in as well as out of the country,” Scott said.
“Facial recognition will be becoming normalized as an infrastructure for checkpoint control,” said Jay Stanley, an American Civil Liberties Union senior policy analyst as well as a participant at meetings of which CBP has organized with privacy advocates. “This specific’s an extremely powerful surveillance technology of which has the potential to do things never before done in human history. Yet the government will be hurtling along a path towards its broad deployment — as well as in This specific case, a deployment of which seems quite unjustified as well as unnecessary.”
“The government will be hurtling along a path towards facial recognition’s broad deployment — as well as in This specific case, a deployment of which seems unjustified as well as unnecessary.”
In response, CBP intimated of which there shouldn’t be any privacy concerns around its biometric facial recognition program. “CBP will be committed to protecting the privacy of all travelers as well as has issued several Privacy Impact Assessments related to [its biometric entry-exit program], employed strong technical security safeguards, as well as has limited the amount of personally identifiable information used within the transaction,” the agency spokesperson said.
although This specific statement belies the far-reaching ambitions of the program, according to the documents reviewed by BuzzFeed News. CBP, the documents say, wants facial recognition at “initial operating capability” by year’s end, with the agency using This specific for as many as 30 international flights across more than a dozen US airports per day.
within the US, there are no laws governing the use of facial recognition. Courts have not ruled on whether This specific constitutes a search under the Fourth Amendment. There are no checks, no balances. Yet government agencies are working quickly to roll This specific out in every major airport within the country. This specific’s already being used in seventeen international airports, among them: Atlanta, fresh York City, Boston, San Jose, Chicago, as well as two airports in Houston. Many major airlines are on board with the idea — Delta, JetBlue, British Airways, Lufthansa, as well as American Airlines. Airport operations companies, including Los Angeles World Airports, Greater Orlando Aviation Authority, Mineta San Jose International Airport, Miami International Airport, as well as the Metropolitan Washington Airports Authority, are also involved.
“THE MOST OPERATIONALLY FEASIBLE as well as TRAVELER-FRIENDLY OPTION”
“Airlines, airports, TSA, as well as CBP are facing fixed airport infrastructure with little opportunities for major investment, increased national security threats with pressures for solutions, as well as increased traveler volume,” CBP’s Concept of Operations document, released in June 2017, states. “Collectively, This specific will be a status quo of which will be not sustainable for any of the main stakeholders, as well as failure to change will ultimately result in increases in dissatisfied customers, use of alternative modes of travel, as well as vulnerability to serious threats.”
In June 2016, CBP began its first pilot for facial recognition technology in airports at the Hartsfield–Jackson Atlanta International Airport. Once a day, for a flight via Atlanta to Tokyo, Japan, passengers’ passport photos were biometrically matched to real-time photographs. Before travelers proceeded to the passenger loading bridge to board their flight, CBP officers told passengers to scan their boarding passes, then a camera snapped a digital image of the traveler’s face; a CBP-developed back-end system called the Departure Information System used facial recognition to automatically compare photos during boarding against a photo gallery. Everyone between the ages of 14 as well as 79 was anticipated to participate.
“Failure to change will ultimately result in increases in dissatisfied customers, use of alternative modes of travel, as well as vulnerability to serious threats.”
The CBP’s stated goal here was simply to “identify any non-U.S. citizens subject to the exit requirements who may fraudulently present” travel documents. The agency said This specific had “no plans to biometrically record the departure of U.S. citizens.” although the CBP also said This specific “does not believe there will be enough time to separate U.S. citizens via non-U.S. citizen visitors prior to boarding” … “therefore, facial images will be collected for U.S. citizens as part of This specific test generating sure of which CBP can verify the identity of a U.S. citizen boarding the air carrier.” CBP said of which once a traveler will be identified as well as confirmed as a U.S. citizen, their images are deleted.
Three months later, the agency switched to a daily flight via Atlanta to Mexico City. By the end of November 2016, CBP was running tests on an average of seven flights per week. via these tests, according to a DHS Office of Inspector General (OIG) audit of the government’s facial recognition biometrics program, published in September 2018, “CBP concluded of which facial recognition technology … was the most operationally feasible as well as traveler-friendly option for a comprehensive biometric solution.”
In June 2017, CBP added three more international airport locations “to further assess facial matching technology as a viable solution,” according to the OIG report. several more airports followed by October 2017. Today, 17 airports* are within the program, with three more within the works.
During its 2017 expansion, CBP’s Departure Information System was replaced by a more advanced automated matching system, called Traveler Verification Service (TVS). As CBP documents explained, TVS could “[operate] in a virtual, cloud-based infrastructure of which can store images temporarily as well as operate using a wireless network.” Once a passenger boarded a plane, TVS also automatically transmits confirmation of which there will be a biometric match across some other DHS systems.
CBP says This specific allows U.S. citizens to decline facial verification as well as to instead have their identities confirmed through the usual manual boarding process. “CBP works with airline as well as airport partners to incorporate notifications as well as processes into their current business designs, including signage as well as gate announcements, to ensure transparency of the biometric process,” an agency spokesperson said in an email to BuzzFeed News. although of 12 flights observed by OIG during its audit in 2017, only 16 passengers declined to participate.
According to Delta, less than 2% of its weekly 25,000 passengers going through the Atlanta airport’s Terminal F, which features “curb to gate” facial recognition systems, opt out of using the tech.
CBP officers also have wide latitude for how to handle travelers whose faces are obscured for religious reasons. A previously unpublished document detailing the standard operating procedure for the TVS described how officers may deal with airplane passengers donning religious headwear. “For travelers with religious headwear of which covers their face, officer discretion may be used consistent with CBP Policy,” This specific says.
There were also issues with matching. The OIG audit, which covered fieldwork by DHS via August to December 2017, a time of which TVS was actively in use, found of which CBP was able to provide biometric confirmation for only 85% of passengers processed. Its matches for certain age groups as well as nationalities were inconsistent; Mexican as well as Canadian citizens were particularly problematic. (This specific’s worth noting of which the CBP’s Concept of Operations document includes some discussion of “a data exchange with Mexico as well as Canada.”)
“The low 85-percent biometric confirmation rate poses questions as to whether CBP will meet its milestone to confirm all foreign departures at the top 20 US airports by fiscal year 2021,” the audit said. Confirmation rates for CBP’s biometric exit system have since risen to 98.6%, according to an agency spokesperson.
OIG also found of which CBP had “not previously established a metric for photo matching.” The way the TVS algorithm works, according to the OIG report, the threshold can be set to strict limits on what This specific considers a match although which would certainly result in a lower verification percentage, or to a lower setting of which would certainly verify more people although also likely increase false positives.
“In theory, they could move the threshold down to zero — which would certainly be a system of which says, ‘Only Clare will be allowed to board the plane, everybody will be Clare, so everybody can board the plane,’” said Clare Garvie, an associate at Georgetown Law’s Center on Privacy as well as Technology. “of which’s a system of which technically features a 100% match rate.”
“In theory, they could move the threshold down to zero — which would certainly be a system of which says, ‘Only Clare will be allowed to board the plane, everybody will be Clare, so everybody can board the plane.’”
Caryl Spoden, JetBlue’s head of customer experience, told BuzzFeed News of which for boarding, the image gallery JetBlue uses to compare faces will be made up of no more than 0 customers — the capacity of the airline’s A321 aircraft — generating the matching process “very accurate.”
“CBP sets their match rate goal for in-scope travelers, which are those aged 14–79, to be greater than 97%,” Spoden said. “They set the goal for [false positives], which will be when the system misidentifies a customer as another, to be less than or equal to 0.1%.”
“This specific sounds like CBP has finally set a false positive rate, which will be something of which hasn’t been mentioned within the past,” Garvie told BuzzFeed News.
The government’s end vision, according to an early “Biometric Pathway” document via December 2016, will be for CBP to build a vast “backend communication portal to support TSA, airport, as well as airline partners in their efforts to use facial images as just one biometric key for identifying as well as matching travelers to their identities.”
“This specific will enable … verified biometrics for check-in, baggage drop, security checkpoints, lounge access, boarding, as well as some other processes,” the document says. “This specific will create simplified as well as standardized wayfinding across airports.”
In some other words: surveillance throughout the airport.
“FUTURE BUSINESS AGREEMENTS OR COMMERCIAL OPPORTUNITIES”
If you ask the CBP how This specific will be storing as well as securing the biometric data This specific currently collects, the agency will tell you of which faces of U.S. citizens are stored for “up to 12 hours after capture” as well as of which airline as well as airport partners “must purge the photos, once they are transferred to CBP as well as must allow CBP to audit compliance.” although of which’s a fresh rule of which has only recently gone into effect. CBP did not respond to questions via BuzzFeed News on whether This specific rule has been applied retroactively.
“This specific will be obviously a change via what CBP has said previously,” said EPIC’s Scott, adding of which the first change in policy he was aware of was three months ago, mentioned during a December 2018 DHS meeting on data privacy as well as integrity.
“Through DHS’s Data Privacy as well as Integrity Advisory Committee (DPIAC) … discussions included review of current pilots, retention policies, future biometric vision, as well as alternative screening procedures,” the CBP spokesperson told BuzzFeed News. “CBP briefed the DPIAC in September 2017, in May 2018, as well as again in July 2018, where CBP provided a tour of biometric entry as well as exit operations at Orlando International Airport.”
although Scott told BuzzFeed News of which DPIAC’s review of the privacy issues raised by the use of facial recognition at airports will be “no replacement for soliciting public comments as required by federal law when agencies make modifications of which substantively impact the public.“
Previously, according to the first public CBP memorandum of understanding, signed sometime in fall 2017, “airline partners” had to find their own “technology partner” to provide the front-end equipment needed to capture a traveler’s photo, “in accordance with CBP’s specifications.” In exchange, the airline could seemingly use the data This specific gathered as This specific wished. “Nothing … preclude[s] any Party via entering into future business agreements or commercial opportunities,” the CBP’s memorandum of agreement states. In some other words, the understanding appeared to be of which there were no commercial limits for “airline partners”; if they wanted to sell or somehow monetize the biometric data they collect, there was nothing stopping them. (CBP did not respond to questions via BuzzFeed News asking for clarification of This specific document’s phrasing.)
“Nothing … preclude[s] any Party via entering into future business agreements or commercial opportunities.”
“When people think about DHS, what they don’t necessarily think about will be the power of the many billions of dollars in DHS contracts in what will be currently quite entrenched after almost 20 years,” Edward Hasbrouck, a consultant to the Identity Project civil liberties group, as well as a representative at meetings between CBP as well as advocates, said. The government’s airport facial recognition program, he said, will be just part of the creation of a fresh kind of “homeland security industrial complex.”
According to CBP, just like for its Atlanta pilot, photos of U.S. citizens are deleted when the system has successfully confirmed their identities. For noncitizens, however, photos taken upon arrival are stored in CBP’s system for 75 years.
Meanwhile, photos taken when noncitizens depart are saved for up to 14 days, according to a CBP spokesperson, for several reasons: confirming the travelers’ identities, evaluating the technology as well as the accuracy of CBP’s algorithms, as well as system audits. “The airlines are not permitted to use the photos for another purpose,” the spokesperson said.
Contacted by BuzzFeed News, Delta said This specific does not store or manage customer biometric information. The cameras of which the airline uses are configured so they do not develop the ability to save an image, the company said, as well as simply capture a traveler’s photo, which will be then encrypted as well as transmitted in a “de-identified” format, as well as sent to CBP for verification. Then, according to Delta, CBP sends a confirmation of which the customer can proceed.
Government documents show a more complicated process. One, called a “capability development plan,” dated February 2017, states of which CBP intends to do “matching as well as storing in a secure cloud environment.” Currently, the agency said, This specific does not have This specific capability, although This specific notes This specific will be “available within the commercial environment through open competition.” The CBP did not answer questions about which companies’ cloud services the agency as well as its third-party stakeholders use. although two tech giants, Microsoft as well as Amazon, currently have robust cloud services along with the “authority to operate” designation via high-level government agencies, like U.S. Immigration as well as Customs Enforcement (ICE).
Amazon told BuzzFeed News of which as a policy, This specific does not discuss specific customers who have not agreed to be a public reference. Microsoft declined to respond to inquiries via BuzzFeed News about any work This specific may do with CBP.
Metropolitan Washington Airports Authority, a partner of CBP as well as an entity of which oversees the operations of airports serving the U.S. capital, conveyed of which stakeholders can choose to work with whomever they like. A spokesperson said MWAA’s biometric facial recognition technology, VeriScan, uses cloud services.
According to the Concept of Operations document, “By partnering with some other stakeholders, CBP can facilitate a large-scale transformation of air travel of which, by using biometrics, will make air travel more secure … providing increased certainty as to the identity of airline travelers at multiple points within the travel process” as well as “build additional integrity into the immigration system.” Biometric capture, CBP explained, would certainly be “integrated” into the “systems as well as business processes” of some other stakeholders, including private ones like airports as well as airlines.
The idea will be for CBP to be able to scale up the effort considerably. “Instead of a program of which will be built as well as developed exclusively by CBP, as well as of which benefits only CBP missions,” the document states, “the result will be a series of interconnected initiatives undertaken by multiple stakeholders, both public as well as private, as well as through which all will significantly benefit.”
Pam Dixon, executive director of the globe Privacy Forum, said such an arrangement will be tantamount to “a mandatory situation where we’re giving the airlines our biometric data — as well as some other commercial partners — as well as we don’t even know who they are.”
“If the U.S. government wants to run This specific program, the U.S. government should take the pictures, as well as only they should have access to the photos.”
“WHEN DISCUSSING DATA COLLECTION, PLEASE BE SURE TO EMPHASIZE …”
CBP’s Public Affairs Guidance for a facial recognition pilot in Atlanta, which has not been previously made public, details the agency’s talking points as well as press strategy on its use of facial recognition tech, especially around privacy concerns. “Extreme care should be taken when communicating with external audiences. … This specific will be important to minimize any chance for CBP’s communications to be distorted into appearing unnecessarily invasive or broad,” the document reads. “When discussing data collection, please be sure to emphasize of which This specific test will be authorized by existing laws.”
Privacy advocates dispute This specific. According to the Identity Project’s Hasbrouck, the government’s program was executed without following the law at all. “DHS doesn’t come out in court as well as say, ‘We’re doing This specific right, as well as here’s why,’” he said. “Their response will be: ‘The courts shouldn’t even be looking at us. We should be allowed unfettered, secretive discretion to do This specific with administrative fiat.’”
“We were active participants in hearing them tell us what they were going to do.”
some other privacy as well as civil rights activists — representing EPIC, World Privacy Forum, as well as the ACLU — backed This specific up, saying their perspectives were not considered by CBP when the biometrics program was being developed as well as trialled, as government documents stipulate they should have been.
“[We were not] active participants within the development of CBP’s program,” said the ACLU’s Stanley. “We were active participants in hearing them tell us what they were going to do.”
“They wanted to get the Electronic Frontier Foundation as well as ACLU stamp of approval,” said Hasbrouck. “What they wanted to say was, ‘How can we do This specific inherently invasive thing in ways of which aren’t of which invasive?’ although most people, at least at the meeting I was at, said, ‘No, you shouldn’t be doing This specific at all.’” Hasbrouck added of which “any pretense or claim” by the CBP of which there will be still ongoing involvement via privacy advocates will be “completely unfounded.”
CBP held two meetings with privacy advocates: one in Washington, DC, in August 2017, as well as another in San Francisco several months later in January 2018. “They didn’t have a review of their pilots with the public,” said Dixon, “as well as they didn’t reach out to us [after of which] for further discussion.”
“The biggest thing they’re testing will be how much legal resistance there will be.”
In response, an agency spokesperson said, “CBP has worked with the DHS Data Privacy Integrity Advisory Committee as well as sought input via several privacy groups regarding the deployment of entry-exit operations. Overall, no fresh data or additional information will be collected on U.S. citizens under This specific program.”
Nowadays, all CBP will be “testing” will be “how to structure the program to make This specific technically work, as well as what tweaks the agency might need to make to appease, or suppress, or frustrate protests as well as legal challenges,” said Hasbrouck.
“although the biggest thing they’re testing will be how much legal resistance there will be — whether of which’s people saying ‘no’ [to their faces being captured at the airport], or challenging This specific in court.”
This specific will be not the 1st time DHS has seemingly overstepped its boundaries. within the mid-2000s, EPIC sued to obtain records, describing problems with the TSA’s airport body scanners: invasive screening practices, potential health risks, traveler complaints, as well as more. Then in 2011, EPIC sued again, asking the courts to compel DHS to undertake a public notice-as well as-comment rulemaking on the use of body scanners. As EPIC argued, “The TSA has acted outside of its regulatory authority as well as with profound disregard for the statutory as well as constitutional rights of air travelers.” The DC Circuit agreed, as well as for the 1st time, the public was allowed to comment on the body scanner program.
although This specific time, DHS appears to be arguing, a facial recognition program at the border will be so critical of which This specific should be implemented, even without going through all the steps of the rulemaking process. Three internal documents seen by BuzzFeed News state, “CBP will transform the way This specific identifies travelers by shifting the key to unlocking a traveler’s record via biographic identifiers to biometric ones — primarily a traveler’s face.”
Proponents of facial recognition praise the technology for improving the protection of the United States against external threats. Since the implementation of facial biometrics within the arrival process of U.S. airports, according to an agency spokesperson, CBP officers have “successfully intercepted a total of several imposters who were denied admission to the United States.” as well as CBP didn’t just catch impostors coming to the U.S. through airports. “Following implementation of the facial biometric technology demonstrations at the land border within the fall of 2018, CBP has identified 64 imposters who attempted to enter the United States by presenting genuine travel documents not legitimately issued to them,” the spokesperson said.
“This specific will be opening the door to an extraordinarily more intrusive as well as granular level of government control.”
Still, concerns about just how quickly facial recognition technology has been adopted, particularly in airports, have come up in Congress. In May, two U.S. senators sent a letter to DHS, urging of which formal rules be put into place before the airport biometrics program will be expanded. The senators, Democratic Sen. Ed Markey as well as Republican Sen. Mike Lee, were united in This specific bipartisan opinion, even in one of the most highly polarized political climates in recent memory.
“[This specific] will … ensure a full vetting of This specific potentially sweeping program of which could impact every American leaving This specific country by airport,” the two senators wrote.
Currently, no legislation has been introduced to curb what EPIC’s Scott calls the “mission creep” of facial recognition into airports.
For Hasbrouck, the big takeaway will be of which the broad surveillance of people in airports amounts to a kind of “individualized control of citizenry” — not unlike what’s already happening with the social credit scoring system in China. “There are already people who aren’t allowed on, say, a high-speed train because their social credit scores are too low,” he said, pointing out of which China’s program will be significantly based in “identifying individual people as well as tracking their movements in public spaces though automated facial recognition.”
“This specific will be opening the door to an extraordinarily more intrusive as well as granular level of government control, starting with where we can go as well as our ability to move freely about the country,” Hasbrouck said. “as well as then potentially, once the system will be proved out in of which way, This specific can literally extend to a vast number of controls in some other parts of our lives.” ●
* As of the time of publication, the airports included in CBP’s biometric facial recognition program are in Atlanta, Chicago, Seattle, San Francisco, Las Vegas, Los Angeles, Washington (Dulles as well as Reagan), Boston, Fort Lauderdale, Houston Hobby, Dallas/Fort Worth, JFK, Miami, San Jose, Orlando, as well as Detroit.
US Department of Homeland Security as well as US Customs as well as Border Protection documents referenced (in chronological order of document dates):
Land Border Integration (LBI) Task Order Modification Statement of Work (SOW), undated
Statement of Work (SOW), Land Border Integration (LBI) Transition O&M Bridge, May 2016
Public Affairs Guidance for Departure Information Systems Test at Atlanta (Draft), June 2016
Biometric Pathway: Transforming Air Travel, December 2016
Capability Analysis Study Plan for Biometric Entry-Exit, January 2017
Biometric Entry-Exit Program Mission Needs Statement, February 2017
Biometric Entry-Exit Program Capability Development Plan, February 2017
Capability Analysis Report for Biometric Entry-Exit, March 2017
Biometric Entry-Exit Program Concept of Operations, June 2017
Biometric Entry-Exit Concept of Operations (Requirements Decision as well as Action Memorandum), June 2017
Traveler Verification Service Standard Operating Procedure, June 2017
Technical Match Rates Over Time, September 2017
Memorandum of Understanding Between as well as Among US Customs as well as Border Protection as well as [Redacted Airline Company], Fall 2017