The Department of Homeland Security says that facial recognition technology will be used on 97% of passengers departing the US by 2023, according to The Verge.
Already deployed in seventeen international airports, including Atlanta, New York City, Boston, San Jose, Chicago, and two airports in Houston, DHS systems will photograph and scan passengers at their departure gate, cross-referencing their face against a library of face images from visa and passport applications, as well as those taken by border agents when foreigners enter the country.
The aim of the system is to offer “Biometric Exit,” which gives authorities as good an idea of who’s leaving the country as who’s entering it, and allows them to identify people who have overstayed their visas. Quartz notes that US authorities have traditionally relied on airline flight manifests to track who’s leaving the country. -The Verge
Last week, JetBlue customer MacKenzie Fegan was shocked after finding out that her face had been scanned in order for her to board the plane. "I just boarded an international @JetBlue flight. Instead of scanning my boarding pass or handing over my passport, I looked into a camera before being allowed down the jet bridge," she tweeted. "Did facial recognition replace boarding passes, unbeknownst to me? Did I consent to this?"
I just boarded an international @JetBlue flight. Instead of scanning my boarding pass or handing over my passport, I looked into a camera before being allowed down the jet bridge. Did facial recognition replace boarding passes, unbeknownst to me? Did I consent to this?— MacKenzie Fegan (@mackenzief) April 17, 2019
JetBlue wrote back:
You're able to opt out of this procedure, MacKenzie. Sorry if this made you feel uncomfortable.— JetBlue Airways (@JetBlue) April 17, 2019
When asked how they knew it was her, JetBlue said that the information was provided by DHS "from existing holdings," and later clarified "these photos aren't provided to us, but are securely transmitted to the Customs and Border Protection database. JetBlue does not have direct access to the photos and doesn’t store them."
So to be clear, the government provided my biometric data to a privately held company? Did I consent to this? How long is my data held by @JetBlue? And even if I opt out at the scanners...you already have my information, correct?— MacKenzie Fegan (@mackenzief) April 17, 2019
Would love more info about how my image was matched to a name on the flight manifest. I looked at the camera & a few seconds later the gate opened. Was my image, in the space of those seconds, sent to CBP, run through a database, matched to a name, and then sent back to @JetBlue?— MacKenzie Fegan (@mackenzief) April 17, 2019
So far over 7,000 passengers across 15,000 flights have been identified by the current system who have overstayed their visas. According to The Verge citing US Customs and Border Protection (CBP), approximately 600,000 people overstay their visas every year - which carries a maximum penalty of a 10-year ban from entering the US.
my Emirates flight from Dulles is using facial recognition scans on passengers as a part of the pilot with CBP. I asked the airlines about whether they had informed people and let them know about their options to opt out. They pointed to a board, not super visible from the queue pic.twitter.com/VNs5u6N1XZ— Tanvi (@Tanvim) March 8, 2019
According to a March report by BuzzFeed, the wheels are already in motion:
Many major airlines are on board with the idea — Delta, JetBlue, British Airways, Lufthansa, and American Airlines. Airport operations companies, including Los Angeles World Airports, Greater Orlando Aviation Authority, Mineta San Jose International Airport, Miami International Airport, and the Metropolitan Washington Airports Authority, are also involved. -BuzzFeed
According to a 346-pages of "as-yet-unpublished" documents obtained by the Electronic Privacy Information Center and reviewed by BuzzFeed News, US Customs and Border Protection is furiously rushing to meet the deadline for this "biometric entry-exit system" - which will use facial recognition technology on more than 100 million passengers in as little as two years, or roughly 16,300 flights per week.
As we noted in March, the biometric systems are being implemented "despite questionable biometric confirmation rates and few, if any, legal guardrails."
What's more, there are no limits to how airlines can use facial recognition data.
These same documents state — explicitly — that there were no limits on how partnering airlines can use this facial recognition data. CBP did not answer specific questions about whether there are any guidelines for how other technology companies involved in processing the data can potentially also use it. It was only during a data privacy meeting last December that CBP made a sharp turn and limited participating companies from using this data. But it is unclear to what extent it has enforced this new rule. CBP did not explain what its current policies around data sharing of biometric information with participating companies and third-party firms are, but it did say that the agency “retains photos … for up to 14 days” of non-US citizens departing the country, for “evaluation of the technology” and “assurance of the accuracy of the algorithms” — which implies such photos might be used for further training of its facial matching AI. -BuzzFeed
"CBP is solving a security challenge by adding a convenience for travelers," said an agency spokesperson in an email to BuzzFeed. "By partnering with airports and airlines to provide a secure stand-alone system that works quickly and reliably, which they will integrate into their boarding process, CBP does not have to rebuild everything from the ground up as we drive innovation across the travel experience."
Meanwhile, it appears that CBP has simply skipped part of the "rulemaking process" - foregoing public feedback prior to implementing the technology. Beyond "privacy, surveillance and free speech implications," this is worrisome according to BuzzFeed, which notes that last summer the ACLU reported that Amazon's facial recognition technology falsely matched 28 members of congress with arrest mugshots.
According to a Homeland Security OIG report, CBP was able to provide biometric confirmation for just 85% of passengers processed, while mexican and Canadian citizens were "particularly problematic" reports BuzzFeed.
"The low 85-percent biometric confirmation rate poses questions as to whether CBP will meet its milestone to confirm all foreign departures at the top 20 US airports by fiscal year 2021," said the audit - while a spokesperson said that the rate has risen to 98.6% since the report.
"I think it’s important to note what the use of facial recognition [in airports] means for American citizens," said Jeramie Scott - director of EPIC's Domestic Surveillance Project. "It means the government, without consulting the public, a requirement by Congress, or consent from any individual, is using facial recognition to create a digital ID of millions of Americans."
"CBP took images from the State Department that were submitted to obtain a passport and decided to use them to track travelers in and out of the country," said Scott.
"Facial recognition is becoming normalized as an infrastructure for checkpoint control," said ACLU senior policy analyst Jay Stanley. "It's an extremely powerful surveillance technology that has the potential to do things never before done in human history. Yet the government is hurtling along a path towards its broad deployment — and in this case, a deployment that seems quite unjustified and unnecessary."
CBP has suggested that privacy concerns are overblown, and that "CBP is committed to protecting the privacy of all travelers and has issued several Privacy Impact Assessments related to [its biometric entry-exit program], employed strong technical security safeguards, and has limited the amount of personally identifiable information used in the transaction," according to an agency spokesperson.