Thursday, March 14, 2019

The US Government Will Be Scanning Your Face At 20 Top Airports, Documents Show


In March 2017, President Trump issued an executive order expediting the deployment of biometric verification of the identities of all travelers crossing US borders. That mandate stipulates facial recognition identification for “100 percent of all international passengers,” including American citizens, in the top 20 US airports by 2021. Now, the United States Department of Homeland Security is rushing to get those systems up and running at airports across the country. But it's doing so in the absence of proper vetting, regulatory safeguards, and what some privacy advocates argue is in defiance of the law.

According to 346 pages of documents obtained by the nonprofit research organization Electronic Privacy Information Center — shared exclusively with BuzzFeed News and made public on Monday as part of Sunshine Week— US Customs and Border Protection is scrambling to implement this “biometric entry-exit system,” with the goal of using facial recognition technology on travelers aboard 16,300 flights per week — or more than 100 million passengers traveling on international flights out of the United States — in as little as two years, to meet Trump's accelerated timeline for a biometric system that had initially been signed into law by the Obama administration. This, despite questionable biometric confirmation rates and few, if any, legal guardrails.

These same documents state — explicitly — that there were no limits on how partnering airlines can use this facial recognition data. CBP did not answer specific questions about whether there are any guidelines for how other technology companies involved in processing the data can potentially also use it. It was only during a data privacy meeting last December that CBP made a sharp turn and limited participating companies from using this data. But it is unclear to what extent it has enforced this new rule. CBP did not explain what its current policies around data sharing of biometric information with participating companies and third-party firms are, but it did say that the agency “retains photos … for up to 14 days” of non-US citizens departing the country, for “evaluation of the technology” and “assurance of the accuracy of the algorithms” — which implies such photos might be used for further training of its facial matching AI.

“Government, without consulting the public is using facial recognition to create a digital ID of millions of Americans.”

“CBP is solving a security challenge by adding a convenience for travelers,” a spokesperson said in an emailed response to a detailed list of questions from BuzzFeed News. “By partnering with airports and airlines to provide a secure stand-alone system that works quickly and reliably, which they will integrate into their boarding process, CBP does not have to rebuild everything from the ground up as we drive innovation across the travel experience.”

The documents also suggest that CBP skipped portions of a critical “rulemaking process,” which requires the agency to solicit public feedback beforeadopting technology intended to be broadly used on civilians, something privacy advocates back up. This is worrisome because — beyond its privacy, surveillance, and free speech implications — facial recognition technology is currently troubled by issues of inaccuracy and bias. Last summer, the American Civil Liberties Union reported that Amazon’s facial recognition technology falsely matched 28 members of Congress with arrest mugshots. These false matches were disproportionately people of color.

“I think it’s important to note what the use of facial recognition [in airports] means for American citizens,” Jeramie Scott, director of EPIC’s Domestic Surveillance Project, told BuzzFeed News in an interview. “It means the government, without consulting the public, a requirement by Congress, or consent from any individual, is using facial recognition to create a digital ID of millions of Americans.”

“CBP took images from the State Department that were submitted to obtain a passport and decided to use them to track travelers in and out of the country,” Scott said.

“Facial recognition is becoming normalized as an infrastructure for checkpoint control,” said Jay Stanley, an American Civil Liberties Union senior policy analyst and a participant at meetings that CBP has organized with privacy advocates. “It's an extremely powerful surveillance technology that has the potential to do things never before done in human history. Yet the government is hurtling along a path towards its broad deployment — and in this case, a deployment that seems quite unjustified and unnecessary.”

“The government is hurtling along a path towards facial recognition's broad deployment — and in this case, a deployment that seems unjustified and unnecessary.”

In response, CBP intimated that there shouldn’t be any privacy concerns around its biometric facial recognition program. “CBP is committed to protecting the privacy of all travelers and has issued several Privacy Impact Assessments related to [its biometric entry-exit program], employed strong technical security safeguards, and has limited the amount of personally identifiable information used in the transaction,” the agency spokesperson said.

But this statement belies the far-reaching ambitions of the program, according to the documents reviewed by BuzzFeed News. CBP, the documents say, wants facial recognition at “initial operating capability” by year’s end, with the agency using it for as many as 30 international flights across more than a dozen US airports per day.

In the US, there are no laws governing the use of facial recognition. Courts have not ruled on whether it constitutes a search under the Fourth Amendment. There are no checks, no balances. Yet government agencies are working quickly to roll it out in every major airport in the country. It’s already being used in seventeen international airports, among them: Atlanta, New York City, Boston, San Jose, Chicago, and two airports in Houston. Many major airlines are on board with the idea — Delta, JetBlue, British Airways, Lufthansa, and American Airlines. Airport operations companies, including Los Angeles World Airports, Greater Orlando Aviation Authority, Mineta San Jose International Airport, Miami International Airport, and the Metropolitan Washington Airports Authority, are also involved.

“THE MOST OPERATIONALLY FEASIBLE AND TRAVELER-FRIENDLY OPTION”

“Airlines, airports, TSA, and CBP are facing fixed airport infrastructure with little opportunities for major investment, increased national security threats with pressures for solutions, and increased traveler volume,” CBP’s Concept of Operations document, released in June 2017, states. 

“Collectively, this is a status quo that is not sustainable for any of the main stakeholders, and failure to change will ultimately result in increases in dissatisfied customers, use of alternative modes of travel, and vulnerability to serious threats.”

In June 2016, CBP began its first pilot for facial recognition technology in airports at the Hartsfield–Jackson Atlanta International Airport. Once a day, for a flight from Atlanta to Tokyo, Japan, passengers’ passport photos were biometrically matched to real-time photographs. Before travelers proceeded to the passenger loading bridge to board their flight, CBP officers told passengers to scan their boarding passes, then a camera snapped a digital image of the traveler’s face; a CBP-developed back-end system called the Departure Information System used facial recognition to automatically compare photos during boarding against a photo gallery. Everyone between the ages of 14 and 79 was expected to participate.

“Failure to change will ultimately result in increases in dissatisfied customers, use of alternative modes of travel, and vulnerability to serious threats.”

The CBP’s stated goal here was simply to “identify any non-U.S. citizens subject to the exit requirements who may fraudulently present” travel documents. The agency said it had “no plans to biometrically record the departure of U.S. citizens.” But the CBP alsosaid it “does not believe there is enough time to separate U.S. citizens from non-U.S. citizen visitors prior to boarding” … “therefore, facial images will be collected for U.S. citizens as part of this test so that CBP can verify the identity of a U.S. citizen boarding the air carrier.” CBP said that once a traveler is identified and confirmed as a U.S. citizen, their images are deleted.

Three months later, the agency switched to a daily flight from Atlanta to Mexico City. By the end of November 2016, CBP was running tests on an average of seven flights per week. From these tests, according to a DHS Office of Inspector General (OIG) audit of the government’s facial recognition biometrics program, published in September 2018, “CBP concluded that facial recognition technology … was the most operationally feasible and traveler-friendly option for a comprehensive biometric solution.”

In June 2017, CBP added three more international airport locations “to further assess facial matching technology as a viable solution,” according to the OIG report. Five more airports followed by October 2017. Today, 17 airports*are in the program, with three more in the works.

During its 2017 expansion, CBP’s Departure Information System was replaced by a more advanced automated matching system, called Traveler Verification Service (TVS). As CBP documents explained, TVS could “[operate] in a virtual, cloud-based infrastructure that can store images temporarily and operate using a wireless network.” Once a passenger boarded a plane, TVS also automatically transmits confirmation that there is a biometric match across other DHS systems.

CBP says it allows U.S. citizens to decline facial verification and to instead have their identities confirmed through the usual manual boarding process. “CBP works with airline and airport partners to incorporate notifications and processes into their current business models, including signage and gate announcements, to ensure transparency of the biometric process,” an agency spokesperson said in an email to BuzzFeed News. But of 12 flights observed by OIG during its audit in 2017, only 16 passengers declined to participate.

According to Delta, less than 2% of its weekly 25,000 passengers going through the Atlanta airport’s Terminal F, which features “curb to gate” facial recognition systems, opt out of using the tech.

CBP officers also have wide latitude for how to handle travelers whose faces are obscured for religious reasons. A previously unpublished document detailing the standard operating procedure for the TVS described how officers may deal with airplane passengers donning religious headwear. “For travelers with religious headwear that covers their face, officer discretion may be used consistent with CBP Policy,” it says.

There were also issues with matching. The OIG audit, which covered fieldwork by DHS from August to December 2017, a time that TVS was actively in use, found that CBP was able to provide biometric confirmation for only 85% of passengers processed. Its matches for certain age groups and nationalities were inconsistent; Mexican and Canadian citizens were particularly problematic. (It’s worth noting that the CBP’s Concept of Operations document includes some discussion of “a data exchange with Mexico and Canada.”)

“The low 85-percent biometric confirmation rate poses questions as to whether CBP will meet its milestone to confirm all foreign departures at the top 20 US airports by fiscal year 2021,” the audit said. Confirmation rates for CBP’s biometric exit system have since risen to 98.6%, according to an agency spokesperson.

OIG also found that CBP had “not previously established a metric for photo matching.” The way the TVS algorithm works, according to the OIG report, the threshold can be set to strict limits on what it considers a match but which would result in a lower verification percentage, or to a lower setting that would verify more people but also likely increase false positives.

In theory, they could move the threshold down to zero — which would be a system that says, ‘Only Clare is allowed to board the plane, everybody is Clare, so everybody can board the plane,’” said Clare Garvie, an associate at Georgetown Law's Center on Privacy and Technology. “That’s a system that technically has a 100% match rate.”

In theory, they could move the threshold down to zero — which would be a system that says, ‘Only Clare is allowed to board the plane, everybody is Clare, so everybody can board the plane.’”

Caryl Spoden, JetBlue’s head of customer experience, told BuzzFeed News that for boarding, the image gallery JetBlue uses to compare faces is made up of no more than 200 customers — the capacity of the airline’s A321 aircraft — making the matching process “very accurate.”

“CBP sets their match rate goal for in-scope travelers, which are those aged 14–79, to be greater than 97%,” Spoden said. “They set the goal for [false positives], which is when the system misidentifies a customer as another, to be less than or equal to 0.1%.”

“It sounds like CBP has finally set a false positive rate, which is something that hasn't been mentioned in the past,” Garvie told BuzzFeed News.

The government’s end vision, according to an early “Biometric Pathway” document from December 2016, is for CBP to build a vast “backend communication portal to support TSA, airport, and airline partners in their efforts to use facial images as a single biometric key for identifying and matching travelers to their identities.”

“This will enable ... verified biometrics for check-in, baggage drop, security checkpoints, lounge access, boarding, and other processes,” the document says. “This will create simplified and standardized wayfinding across airports.”

In other words: surveillance throughout the airport.

Source


No comments:

Post a Comment