Virginia spends $220 million on end-user hardware, print services
September 25, 2018
Two final contracts under the state's new multi-vendor IT sourcing model prepare the state for a transition the technology agency has been working on since 2015.
Airlines say it's more convenient, immigration authorities say it will keep borders safe, but privacy advocates say the expanding program has already reached too far.
Colin Wood is the managing editor of StateScoop. Before that, he was a staff writer for Government Technology magazine. Before that, he taught Engl...
Privacy advocates and federal agencies are at odds over the legality of a facial recognition program that was recently deployed at yet another airport.
Seattle TV station KIRO was the first to report last week a pilot project underway at Seattle–Tacoma International Airport that uses facial recognition scanners on international flights at a single gate operated by Lufthansa. Run as a partnership between the airline and U.S. Customs and Border Patrol, the project started in mid-June as a way to test the technology as a faster and more convenient way to get passengers onto planes.
Instead of showing their passports, passengers can instead allow scans of their faces, which can be compared with a repository of verified photos compiled by CBP before the flight. Passengers may also opt-out of facial scanning and instead present their passports as usual. While both immigration authorities and airlines are pushing to deploy the technology widely, privacy researchers from Georgetown University Law Center claim the program is "on shaky legal ground."
Facial recognition systems deployed by CBP, which are used at 17 airports globally, including 13 in the United States, are proving in early deployments to be an effective way to provide the "seamless passenger experience" that airlines are pursuing. Lufthansa says it was able to board nearly 350 passengers onto an A380, the world’s largest passenger airliner, in about 20 minutes using the technology.
A Lufthansa spokesperson told StateScoop that early facial-recognition pilots, particularly the one at Los Angeles International Airport, have been "very successful" as reducing boarding times — so much so that the airline plans to skip the pilot phase and directly launch the technology in another half-dozen airports later this year.
For CBP, the technology is being proposed primarily as a way to "enhance the integrity of the immigration system," according to a September 2017 report published by the Department of Homeland Security. A CBP spokesperson told StateScoop that the system provides benefits to air travelers because it's paperless and more convenient.
While facial recognition systems have been widely criticized for being less accurate when scanning non-white faces, the CBP spokesperson told StateScoop the agency has not found accuracy problems in testing so far. Based on scans of about 415,000 passengers, she said, the system has achieved a 99 percent match rate. Non-matches can be cases of passengers who may not have passports, like military personnel. Information on how the agency roots out false-positive matches was not available.
For federal authorities, facial recognition in airports promises to reduce travel fraud, such as when a visitor who wants to overstay a visa gives a passport to a friend who is leaving the country to create a false record of compliance. As a candidate in 2016, Donald Trump excoriated President Barack Obama for not being tough enough on this issue and called it a national security threat, one that some say allows an easy inroad for as much of a third of the nation's approximately 11 million undocumented immigrants.
The American Civil Liberties Union says the current use of facial recognition technology in airports threatens to create a precedent for more "general, suspicionless surveillance systems," but the CBP says it is "committed to its privacy obligations" and that the current use of the technology — to verify valid credentials for immigration purposes — will not expand.
DHS identified in a report last year that "there is a risk that CBP may retain U.S. citizen information longer than is necessary," but a CBP spokesperson told StateScoop the current policy for the CBP to retain images collected at airports only for as long as needed and 14 days at the longest, may soon be even further reduced and codified through a public rule-making process.
Researchers from Georgetown's Center on Privacy and Technology say the federal government is already overstepping its authority. Customs officials cite several laws as a mandate from Congress that the agency isn't simply choosing to implement this program, but that it's required to.
DHS says the 2002 Enhanced Border Security and Visa Entry Reform Act, signed by President George W. Bush just eight months after 9/11, and the Intelligence Reform and Terrorism Prevention Act of 2004, among other laws, require the use of biometric scanning to verify identities of people departing the United States. And the executive order Trump signed in March banning citizens of eight foreign countries from entering the country requires DHS to “expedite the completion and implementation of a biometric entry-exit tracking system for in-scope travelers to the United States.”
But Georgetown Law researchers Harrison Rudolph, Laura Moy and Alvaro Bedoya, argue that while Congress has passed at least nine pieces of legislation allowing biometric data to be collected by foreign nationals, it has never authorized the collection of Americans' biometric data. They also say that was never the intention of those provisions in the 9/11 Commission report, which contained the original language that allowed the projects to be created in their current forms today.
"If Congress wanted to tell DHS to collect Americans’ biometrics at the border, it easily could have done so," the researchers write. "It never has. Without explicit authorization, DHS cannot and should not be scanning the faces of Americans as they depart on international flights, as it is currently doing."
The researchers also say the technology is not as accurate as the government says — they say the system erroneously rejects about 4 percent of travelers using valid credentials. They also say DHS has failed to conduct a federally required rule-making process, though the agency says it now plans to follow through on that requirement.
Ultimately, though, the concerns of the researchers are the same of those of the ACLU and other watchdogs: a small change in an airport in Seattle, or elsewhere, with no public discussion could lead to much bigger changes in the future.
The researchers write that "as currently envisioned, the program represents a serious escalation of biometric scanning of Americans, and there are no codified rules that constrain it. It may also lead to an even greater and more privacy-invasive government surveillance system."
A list provided by CBP shows the airports where it operates biometric exit and arrival stations.