By Jerri-Lynn Scofield, who has worked as a securities lawyer and a derivatives trader. She is currently writing a book about textile artisans.
Last week, Jet Blue customer and US citizen MacKenzie Fegan was asked to look into the camera of a facial recognition scanner – rather than present a boarding pass or her passport – to be allowed to board a flight leaving the US.
She tweeted her concerns to Jet Blue, and the thread went viral.
I encourage readers to read the entire thread: it’s short and covers the crucial issues: consent; and how the information is acquired and stored.
I just boarded an international @JetBlue flight. Instead of scanning my boarding pass or handing over my passport, I looked into a camera before being allowed down the jet bridge. Did facial recognition replace boarding passes, unbeknownst to me? Did I consent to this?
— MacKenzie Fegan (@mackenzief) 17 April 2019
Techdirt highlighted the lame JetBlue response in A Seamless Journey Awaits You On The Outbound Flights: All You Have To Give Up Is Your Face:
JetBlue responded to Mackenzie Fegan with the sort of apology one offers on Twitter: I’m sorry this made you feel [x]. The option no one at JetBlue will point out to you remains an option.
You’re able to opt out of this procedure, MacKenzie. Sorry if this made you feel uncomfortable.
Note that it’s “this” and not “we.” This is how a corporate entity absolves itself of responsibility while nominally offering an apology. Good stuff.
How Long Has This Been Going On?
ABC News reports that certain US airports are indeed using facial recognition scanners to allow passengers to board flights, using a database compiled and maintained by U.S. Customs and Border Protection:
JetBlue announced the roll-out of its “fully-integrated biometric self-boarding gate” at JFK International Airport in a press release from November 2018.
The announcement boasted that passengers wouldn’t need to pre-register or anything and all they needed to do was approach the camera for a photo match and march their way into the plane.
JetBlue is not alone in participating in this scheme, according to Gizmodo, What Your Airline Won’t Tell You About Those Creepy Airport Face Scanners. American Airlines, British Airways, Delta, and Lufthansa have also signed on.
The Hill today examined the wider Department of Homeland Security (DHS) program:
DHS has been implementing its “biometric exit” program, which photographs some visitors when they are departing the U.S., for years, expanding to 15 major airports with plans to reach five more. President Trump in 2017 signed an executive order speeding up the rollout of the face-scanning technology, and Congress in 2016 authorized up to $1 billion over the next 10 years to implement the program.
The stated purpose of the program is to identify non-U.S. citizens who have overstayed their visas, but it captures the faces of U.S. citizens as well. The agency says it has successfully identified 7,000 people at major U.S. airports who have overstayed their visas.
The DHS report published last week, which was provided to the House and Senate judiciary committees, is the latest sign that Customs and Border Protection (CBP) — DHS’s largest federal law enforcement agency — is fast-tracking the implementation of the program at the country’s largest airports.
Privacy and Moi
I should mention, I’ve long been concern about privacy issues. So, as a new MIT student in 1979, I opted out of allowing the Institute to use my social security number as my student ID. I don’t consent to allow those whiz bang full-body scanners to scan me when I pass through US airports – and instead, I’m resigned to DHS taking their sweet time to find someone to hand inspect me. And I still don’t have a smartphone.
Nonetheless, the DHS facial recognition juggernaut trundles on, despite myriad problems.
I’ll just mention two here.
How Is It Secured and Verified?
Embedded in this misguided facial recognition system is our old friend the biometric identification fairy. Iv’e debunked this false god at length here. To repeat: one major problem with using biometrics to verify identity is that when such systems are hacked or corrupted – as they inevitably will be – victims will not be able easily to get new fingerprints, retinas, or faces to allow them access to whatever biometrics were being used to verify their identities.
Flawed Software: Misidentifications
Current facial recognition software is deeply flawed, and not randomly skewed.
So, previous reports indicate that facial recognition software provides less accurate results for women and people with darker complexions, according to Gizmodo:
Over and over again, facial recognition systems have been found to be less accurate when identifying women and people with dark complexions. Just last year, the ACLU found that Amazon’s face-scanning system matched 39 percent of non-white U.S. representatives to mugshot photos.
When it comes to CBP’s face-scanning program, we don’t even know how biased it may or may not be. Asked if the CBP’s facial scans had a disparate impact on any demographic groups, a CBP spokesperson told Gizmodo the agency was “still looking further into this question.” (A CBP official gave a similar answer in 2017.)
These are not the only misidentification concerns, according to The Hill:
DHS face scans have been shown to misrecognize U.S. citizens, as well as young and old people, at higher rates, according to a September audit of biometric exit by the DHS Office of the Inspector General.
U.S. citizens, according to the watchdog report, were up to six times more likely to be rejected by DHS than non-U.S. citizens last year. And individuals under the age of 29, who accounted for 18 percent of all passengers, accounted for 36 percent of all passengers rejected by DHS’s system.
DHS Position
What’s the DHS response been to objections over misplaced reliance on biometrics? Well, the same as it has been since the DHS originally announced its facial recognition program in 2017, as Techdirt DHS Goes Biometric, Says Travelers Can Opt Out Of Face Scans By Not Traveling first noted at that time: a waffly variation on: Don’t Fly.
Some of the reports I’ve seen indicate that people can at the moment opt out of the DHS procedures – although I’d not be surprised to see that option is limited to US citizens only. But I don’t think procedures for doing so are altogether transparent, even now, while this program is being phased in.
What Is to Be Done?
I’m not alone in my concerns about the DH roll-out of facial recognition to international travellers leaving the US through its airports – a project being undertaken with scant attention to transparency, oversight, public input – or evenlstandard rule making procedures of long-standing
In March, Senators Edward Markey and Mike Lee reiterated earlier calls for agency rulemaking on the issue, to set rules of the road – so far to no avail, according to heir press release:
Senators Edward J. Markey (D-Mass.) and Mike Lee (R-Utah) released the following joint statement regarding the release of new documents obtained from the Department of Homeland Security (DHS) and Customs and Border Protection (CBP) that detail the expansion of facial recognition technology to all international travelers traveling through the top 20 U.S. airports by 2021. The documents make it clear that American citizens will be swept up in this practice as the CBP admits there is not enough time to separate U.S. citizens from non-U.S. citizens. The documents also reveal that airlines do not currently face any limits on how they can use travelers’ facial data after being tasked by the CBP to retain the equipment necessary to implement facial recognition screening.
“Since the Department of Homeland Security began scanning travelers’ faces at U.S. airports, we have repeatedly called on the agency to honor their personal commitment to complete a rulemaking to establish privacy and security rules of the road,” said Senators Markey and Lee. “Despite these commitments, DHS has failed to follow through and appears to be expanding the program. Further, DHS has a statutory requirement to submit a report to Congress detailing the viability of biometric technologies, including privacy implications and accuracy. DHS should pause their efforts until American travelers fully understand exactly who has access to their facial recognition data, how long their data will be held, how their information will be safeguarded, and how they can opt out of the program altogether.”
Markey reiterated these concerns in a statement to The Hill, reported today:
“The Department of Homeland Security is plowing ahead with its program to scan travelers’ faces, and it’s doing so in absence of adequate safeguards against privacy invasions, data breaches, and racial bias,” Sen.Ed Markey (D-Mass.) said in a statement to The Hill. “Homeland Security should change course and stop its deployment of facial recognition technology until it meets that standard.”
The CBP to date has failed to complete parts of the formal rulemaking process that requires federal agencies to solicit public comments, notwithstanding the strenuous objections of privacy advocates.
Over to The Hill again:
“DHS wants to scan your face before it has issued formal rules to protect your privacy,” Harrison Rudolph, an associate at Georgetown Law’s Center on Privacy and Technology, told The Hill. “Without rules, there could be little that stands in the way of DHS breaking its privacy promises. That’s deeply alarming.”
…
Neema Singh Guliani, a senior legislative council at the American Civil Liberties Union, told The Hill that she is concerned by CBP’s refusal to establish rules around how passengers can opt out of face scanning.
“The agency has not undertaken any rulemaking to clarify how it’s going to use this information, what privacy protections will apply, what recourse individuals may have in the event that their privacy is violated,” Guliani said. “They haven’t provided clarity or information as to how U.S. citizens or others can opt out of face recognition.”
The Electronic Privacy Information Center (EPIC) has been active on this issue. It previously filed a lawsuit about a facial recognition program at the Mexican border, and last month released documents obtainedvia a Freedom of Information Act (FOIA) request on the airport program.
There’s precious little attention to privacy issues emerging on the 2020 agenda, as far as I can see.
Readers: What do you think?
52 comments
Comments are closed.
This has been going on since 2016. I was required to do this when returning from Germany in July of 2016. Looks like you’ll just have to drive across the ocean now if you wish to avoid this.
I 100% agree w/everything above, but the cat is out of the bag. Sorry JetBlue passenger, the foundation was set under GW, Obama couldn’t be bothered, and the glacial pace of implementation was done under Trump
Alas since the news/outrage/tweet cycle might as well be 99.8% Trump, no one cares about anything else–financial regulation, anti-trust, privacy, etc.
And given the toxic rhetoric spewing from punditry/DC/DNC-land, it’s become toxic for the left-of-center and right-of-center to work on mutually agreed upon issues—-like basic constitutional rights!
Nope, seemingly everything is outrage and identity based. shaking my head
“Alas, since the news/outrage/tweet cycle might as well be 99.8% Trump, no one cares about anythng else- financial regulation, anti-trust, privacy, etc.”
Yes, and thanks to all those Russiagate Truthers/Advanced Trump Derangement Syndrome carriers for that!
‘
Donald Trump is unsurpassed in diverting attention, doing such a total smackdown of that job!
Donald Trump as a Zaphod Beeblebrox? Now there is a thought. Be a nightmare if he too had a second head installed. One would be giving orders to bomb Iran while the other would be saying why are we wasting all this money in the middle east – and both saying this at the same time.
PS, I get a mental aneurysm whenever “progressive” pundits laud wunderkind Robert Mueller. The contemporary erosion of civil liberties started/coincided with Mueller’s leadership at the FBI.
But hey, MSNBC and CNN tell me Mueller is the bee’s knees, who am I to rant against that.
i like (sarcasm) the framing “our intelligence community”; i don’t know when spies became part of our collective extended family.
That “intelligence community” is building a dystopia fairly fast. I was thinking what the hell are those guys thinking when they are pushing for this new and big big brother step. Do they really believe that crime will diminish with facial recognition? Or is it that because some or much money was spent to develop the technology it has to be implemented no matter if it is non sensical and no sensible?
On the brigth side there is another reason not to fly and these are accumulating.
I don’t think it’s being put into place to deter crime.
Imagine the possibilities.
No, these systems are (maybe not intended to, but …) going to make “crime” increase!
When every minor infraction is officially recorded forever and everyone can also be efficiently tracked everywhere, law enforcement *has to enforce* every, single, comma of every law or they shall be deemed to be failing in their duty, have their budgets cut, and senior staff sent off to the desert to be guarding Trump’s Wall.
—
What is worrying is that, In any other successful dictatorship there has to exist many vast and inconsistent sets of laws and several competing security services, with fudged and overlapping enforcement priorities, so that everyone are always guilty of Something in the eyes of Someone.
Meaning that “They” always have the incentive and “legal” cover to pull someone in for a “little informal chat” with “Mr. Naked Light Bulb” and “Mr. Rubber Hose”. Of course totally only in the interest of National Security.
Don’t forget he was kicked upstairs to head the FBI 1 week before Nine one 1. And was the lead author of the very long Commission Report. He’s apparently the go-to guy!
Really great facial identity. Unless of course you get mis-identified by the software for someone else. A guy from New York is suing Apple as they and labelled him a thief for stealing from their stores using this technology. Even the detective arresting him could see that it was not the same person. So now this guy is suing-
https://www.washingtonpost.com/technology/2019/04/23/teen-sues-apple-billion-blames-facial-recognition-stores-his-arrest/?noredirect=on&utm_term=.6abec6314b40
It’s worse once your IDed at the mall, you’re pretty much IDed at most retail stores in North America. You get IDed once you walk into a store, you get tagged ‘a person of interest’ if your behavior is suspicious. This can only end badly. Is ending so. Just why are we doing this to ourselves?
We are not doing it to ourselves. The Ruling Class and various ruling class allied companies and industries and job-category-loads of surveillance systems technicians and technologists are doing it to the rest of us.
And it is for people-control.
Sadly the cat is out of the bag in many areas. I have had my face photographed and eye scanned to take work-related examinations, had my palm scanned to get into the doctor at a major NYC medical center and of course, DMV gets everyone’s photo in digital format now. The trend is pretty clear sadly.
Why didn’t you refuse to give your palm print?
Doesn’t HIPPA protect your information from third party vendors?
This sounds like an entry into job destroying technology so that the people that check you in at the hospital get fired. Tell them you don’t want that to happen when you refuse to use the palm scanner.
You will have a sympathetic audience and it will make them your allies.
Not sure if you were tested by a private or public entity for your work related examination.
A good lawyer suing and getting a contingency fee from a deep pockets examination service might put a stop to that nonsense, if private.
Bottom line, to use an ’80s phrase, people should refuse to cooperate, fight, object, raise hell and sue whenever possible to preserve our civil rights to privacy.
As far as facial recognition, offer to sell your picture for say $1,000, or a heavily discounted airline ticket to whoever captures the images and sells it as part of their commercial service.
Monetize your face.
I always refuse. I also refuse to give the schools my kid’s SSN. I know non-citizens attend the school and said I would follow same procedures they do. They never asked again.
‘I have had my face photographed and eye scanned to take work-related examinations’ – not if you’re dealing with nukes.
So what happens if you opt out? Do you get to use your boarding pass instead? Do you get removed from the boarding line and held in custody for an unknown number of hours with or without access to a lawyer you have to pay for yourself?
And what happens when you’re misidentified by these systems, which are extremely error prone and don’t even work for white men a lot of the time? Do you once again get pulled from the boarding line and held in custody for an unknown number of hours and have to pay for another flight out of your own pocket? There sure seems to be a lot of coercion and stress involved in these questions for people who are already worried about making their flight.
Well, I’m sure all these issues have already been resolved in a rights respecting way by the heroes at DHS, well known as the worst place in the nation to work (half of TSA employees have been “cited for misconduct”) and investigated by Congress for retaliation against their own employees.
China’s surveillance/“social credit” system is going international, with at least 18 countries – including Ecuador and Germany(!) – signing up for the surveillance packages, which include hi-rez cameras and software. Of course, countries buying the gear claim that it will be put to “benign use”, just to supplement “security processes” and the like. But China is the world’s foremost developer of mass surveillance technology, and other nations are rushing to “catch up”, as it were. The US, UK, France are amongst many countries building huge data bases, feeding into them facial and iris recognition info, traffic camera video, etc.
“We know where you are, where you are going, what you are doing, and – coming soon – what we believe you will be doing in the future”.
So what happens if you opt out?
All of the surrounding agents encircle you and sing “Happy Birthday” and clap TGIF-style until you acquiesce.
And what happens when you’re misidentified by these systems,
They have proper cause for a search, maybe some asset forfeiture with an arrest on top.
Well, I’m sure all these issues have already been resolved ….
Considering that they formed the TSA from all of the misfits, deadwood and deadbeats that the other agencies were given the once-in-ones-career opportunity to dump on the TSA … I’d say: Unlikely!
Sounds like Groucho glasses now needed to go with Faraday cage ID/credit car holder. One could drive instead of fly but will need to stay away from cities where stoplight cameras will photograph you through the windshield, not to mention your license plate. I believe Norway just said they would require GPS trackers in all cars. These are supposedly for road tax purposes and surely not for 24/7 Big Brother surveillance.
Don’t use self checkout at Target. They’ll scan your face.
South Korea is the most eerie place (from a privacy angle) in the world with license plate readers, street video camera, google phones (a la Samsung), face/voice detection and dashboard cams. I’ll bet you that their TV’s are smart TV’s too..
I think with the current pathetic “AI”, you could simply wear a small pixellated sticker on your glasses or cheek and it will “blow up” the algorithm. There is a lot of research being done on “adversarial imagery” and Rodney Brooks has a very readable series of blog entries on his “Robots, AI, and other stuff”-blog that should scare anyone away from current self-driving cars but of course won’t, as always the body count eventually will.
The GPS-thing is an EU-wide initiative. Part of many different “smart roads” and “safety” initiatives. Norway is not exactly part of the EU so they have to cook up some local reason to be eating that particular sausage. Post Brexit, the “Big, bad, EU totally made me do it!” has been going out of favour amongst politicians.
“I can hire the 10% to implement an automated dystopia for the 90%. The 10% are hoping to retain their negligible privilege. I’m hoping to discard their services too, eventually.” -Some Guy
Airports are already a nightmare in privacy matters even before facial recognition, but the cold truth is people don’t care. People keep using whatsapp, facebook etc (basically surveillance tools) and giving enormous amount of data to private companies even when there are plenty of other alternatives to communicate in more efficient and private ways. Apathy has brought us to this.
Thanks for posting this. As someone who travels internationally a few times a year, this is chilling.
Did you see this article about Apple stores?
Teen Sues Apple for $1 Billion, Claiming Facial Recognition Led to False Arrest
How does this work when you fly your own private jet?
That is, does this only concern those who fly commercial?
I believe you just have to file a flight plan. But here’s a recent story suggesting that lax small jet security may be controversial.
http://www.cnbc.com/2019/02/13/tom-ridge-at-center-of-questions-over-jetsmarters-security-screening.html
Not if you actually fly it and use vfr. Won’t win you any friends.
Saudi citizens being flown out by the FBI don’t have to comply!
The article’s title is the conclusion to which I came after having my genitals fondled three flights in a row because I wouldn’t go through the radiation machine. I don’t like having men groping around down there where I only let women go, and I won’t subject myself to it. As a result I haven’t flown since a trip to New Zealand for a friend’s wedding in 2011.
Which saddens me greatly, as I love to fly. Even been on a vomit comet Zero-G flight and would gladly do it again. But I will not subject myself to ball-fondling tyranny.
I visit my mother who lives in Spain for a couple of weeks each summer. It gives me an opportunity to relax and just chill. Last summer I never shaved while I was there and the e-passport gate refused to recognise my bearded self on my return. Maybe that is the answer for half the adult population?
Maybe it is not the answer because there has been some efforts in many countries to ban or limit the use of hats, hoods, hoodies, masks, veils, or anything really that might hinder identification. The last big pushes in the United States was during the Klu Klux Klan last rise to power in the mid twentieth century, the counter culture of the 60s, and some rumblings in the past two decades because of demonstrations, and suspected “terrorists”.
I have to add that since this technology is almost a coin toss in being correct why the use of it? I would suspect, that like the many, many bad field tests used by police officers to falsely arrest, search, and often imprison for months without trial, and
stealuse asset forfeiture on the property of the innocent, it is a feature, not a bug.$$$$$ just like the x-ray scanning machines sold to DHS by “skull” Chertoff.
Normally I wouldn’t send a me-too comment, but since you asked what we’re thinking, I agree 100% with your concerns. I fly a few times a year. A trip last month is the first time I encountered the face recognition thing, but at an adjacent gate to mine, not on my flight. It was presented as a gee-whiz, optional enhancement of your traveling experience. And I expect many of the people in my social and business circles, who are tragically vulnerable to gee-whiz gadgetmania, will think it’s really cool. Ugh.
The EU passport has included facial recognition data for at least ten years. This means you can have your passport and face scanned by a machine, after standing in a short line, or stand in a considerably longer line and present yourself to a “Border Force” operative.
I have no idea how accurate the scans are, though they have worked for me, an older white guy.
When I last flew to Frankfurt on United I was photographed on boarding – but this was in addition to presenting my boarding pass, and it was done by armed police officers. So perhaps something else was going on…
The surprises and delights of air travel!
The proliferation of facial recognition on the road to our Orwellian dystopia. Next up, movie theaters…note: this is voluntary and provides an incentive…but I also see it as an initial step in the “facial recognition of everything” trend…
Watching Ads Verified By Facial Recognition Earns Moviegoers Free Ticket
https://www.mediapost.com/publications/article/334864/
Security and facial recognition have troubled me for years. I am 66. About 2 years ago, I walked into a Chase bank branch for the first time. I never stopped by that branch before. I don’t believe I had entered a Chase branch since living in NYC in the 80s. My husband nor I have never banked at Chase.
I walked up to a cash machine with a large screen and that cash machine welcomed me BY NAME as I approached! My bank and debit card is from an internet bank with no brick and mortor offices in my town. It is a running joke that my name is constantly misspelled and mispronounced. Yet this machine knew my correct, full name before I pressed any buttons. It was unnerving.
You have been chipped!!
An 18-year-old from New York has filed a $1 billion lawsuit against Apple over a false arrest he says happened because of what he believes to be Apple’s face recognition system. NYPD officers arrested Ousmane Bah on November 29th after he was falsely linked to a series of Apple Store thefts in Boston, New Jersey, Delaware and Manhattan. Apparently, the real perpetrator used a stolen ID that had his name, address and other personal information. However, since the ID didn’t have a photo, the lawsuit claims Apple programmed its stores’ face recognition system to associate the real thief’s face with Bah’s details. However, An Apple spokesperson told Engadget that the company does not use facial recognition in its stores.
https://www.youtube.com/watch?v=luqckPZigK0
Also:
Mandatory viewing: https://www.youtube.com/watch?time_continue=229&v=PXLHdNlU3F8
As much as I agree what a detrimental move this is to our society, there isn’t anything we can do. We need a government that actually works to protect the rights of its citizens. Unfortunately that ship sailed a long time ago, if it was ever really afloat in the first place. Even if you beat airport scans, how long until city or private security cameras implement this technology?
Will power is real, and I wish all of those authors had instead spent more time writing about utopia’s.
Avoiding biometric facial scanning is simple. You just don’t get a driver license, passport, or any other government photo ID document from any country. https://arstechnica.com/tech-policy/2017/08/biometrics-leads-to-thousands-of-a-ny-arrests-for-fraud-identity-theft/
Other countries, including Canada, use biometric photos in passports and I assume driver licenses. Canada is more strict on their passport photo requirements than the US.
If you become a naturalized citizen in the US, they take a biometric photo and all of your fingerprints (they haven’t done footprints or DNA yet as far as I am aware)
Programs like Global Entry also use iris scans.
The only people they won’t be able to ID are going to be the undocumented immigrants. However, the move by some jurisdictions to have them get driver licenses means that they will have biometric photos attached to their names etc. so security cameras will be able to ID them in the future.
Time to buy your own airplane?
With global warming air travel may disappear in the future anyway.
I was scanned by DHS when departing the US two years ago. At the time I was told the picture, etc. would be deleted in about 2 weeks.
When I was scanned they also scanned my passport at the same time. So there was no mix up on who I was.
…optional for 1%ers???
What I don’t get is why private companies are getting involved in this. What’s in it for them? This tech is not mature, it might never be, it’s a money pit and it might offend a lot of customers? Why, then, are the airlines, among others, putting up with this? I guess they caved to all the security theatre after 9/11, so their backbone was permanently dissolved. But what about their profit motive?
Private is a misnomer imo… At the top, all these institutions are run by the same 1%, who all belong to the same planning groups and think tanks
Hi-speed trains had seemed to offer a quicker alternative until I found, at least in China, that the stations are far from the cities. That’s a shame. If they were 100+ feet under City centers they would be really useful.
Guy Fawkes mask?
For me, the best bit is from the press release by Sens. Markey and Lee:
So airlines could make extra $ by selling your biometrics to pathological Silicon Valley privacy violaters and trackers-of-everything like Facebook and Google, for instance. What could go wrong? The rapidly growing ability to use such data in digital “deep fakes” to frame someone for a crime strikes me as an especially creepy corollary.