FOIA Documents Detail DHS/CBP's Rules-Free Rollout Of Biometric Scanning Program

from the where-we're-going-we-don't-need-rules dept

The push is on to implement biometric screening at major US airports. The DHS has been pushing this for awhile, telling concerned travelers all they need to do to opt out is not travel. The pilot programs don't seem to have produced anything in the way of actionable results, but the administration's insistence that the US is surrounded by terrorists has dropped a lead foot on the DHS's gas pedal, resulting in an accelerated process that ignores both concerns about biometric scanning tech and the concerns of the traveling public that will be subjected to it.

EPIC's numerous FOIAs have resulted in an impressive stash of documents detailing the DHS's biometric scanning surge.

According to 346 pages of documents obtained by the nonprofit research organization Electronic Privacy Information Center — shared exclusively with BuzzFeed News and made public on Monday as part of Sunshine Week — US Customs and Border Protection is scrambling to implement this “biometric entry-exit system,” with the goal of using facial recognition technology on travelers aboard 16,300 flights per week — or more than 100 million passengers traveling on international flights out of the United States — in as little as two years, to meet Trump's accelerated timeline for a biometric system that had initially been signed into law by the Obama administration. This, despite questionable biometric confirmation rates and few, if any, legal guardrails.

The documents contain little that suggests the DHS will be addressing the numerous concerns that have resulted from its biometric scanning rollout. Nothing delivered by the CBP shows any limits placed on partnerships with the private companies supplying the tech, including their use of the wealth of data supplied by travelers. Data-sharing appears to be part of the CBP's plan, and there's nothing in the paperwork suggesting the government will deter private companies from exploiting the biometric data their scanners collect.

What little the CBP did have to say about its biometric scanning program is that it's definitely going to happen and it's definitely going to keep expanding. And it's going to do this under the cover of darkness as the CBP moves forward with the program it sells as a "convenience for travelers."

The documents also suggest that CBP skipped portions of a critical “rulemaking process,” which requires the agency to solicit public feedback before adopting technology intended to be broadly used on civilians, something privacy advocates back up.

Minimal oversight meets minimal transparency. It's the sort of officious brushoff we've come to expect from terrorism-related government programs. The less the public knows, the less likely it is to express its concerns in actionable ways. The rollout also has the advantage of operating in a legal vacuum. There's not a lot of casework on the suspicionless gathering of biometric data. It could be argued someone's face has no privacy expectations when it's being worn out in public, but it doesn't necessarily follow that the government should be able to collect this data en masse and hold onto it for an indefinite period of time.

So far, data shows facial recognition tech isn't the miracle proponents believe it is. Deployed systems have tended to produce a large number of false positives. And if they're kicking out false positives on a regular basis, they're also likely missing the people the systems are supposed to identify and remove from circulation. The government's refusal to discuss the limitations and use of this tech publicly only adds to the problem. The public's best source of info comes from documents sued out of the agency's hands. Forced transparency isn't really transparency.

Filed Under: airports, biometric scanning, cbp, dhs, facial recognition, homeland security, surveillance, travel


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Bru Wing-Crisis - out of coffee!, 13 Mar 2019 @ 12:12pm

    Yeah, saw this in "Total Recall".

    It's as though we live the 21st century and all the sci-fi is coming true.

    But since Schwarzenegger foiled not only facial recognition but the X-ray gadget, so can anyone. Don't panic. But keep towels handy.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Mar 2019 @ 12:19pm

    It could be argued someone's face has no privacy expectations when it's being worn out in public

    Do we really want to encourage violent sociopaths to kill people, steal their faces, and wear the stolen faces in public?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Mar 2019 @ 12:26pm

    DHS left part of their rump uncovered?

    So, they skipped part of the rulemaking process? That sounds like an APA (Administrative Procedure Act) violation if you ask me....now, is there anyone around with standing to challenge this?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Mar 2019 @ 12:59pm

    I'm sure Hitler would be proud!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Mar 2019 @ 1:43pm

    They could tie this in with their "social score" data and ding you every time you are seen not smiling, because as we all know it is required to be happy as there is nothing wrong.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Mar 2019 @ 7:41pm

      Re:

      We already have social scores. They're called bank accounts.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 14 Mar 2019 @ 7:16am

        Re: Re:

        "We already have social scores. They're called bank accounts."

        and that is huge part of the problem.

        Soon, your credit score will become a method used to determine your societal worth, based solely upon bullshit.

        reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 14 Mar 2019 @ 11:44am

    I sense a new rise in punk, metal and Hip Hop

    Soon everyone will wear KISS / ICP make up while they travel.

    It's part of my religion. It can be part of yours too.

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 14 Mar 2019 @ 12:57pm

    Biometrics...

    Biometrics DONT work unless you do them properly..

    1..

    You have to do more then 1 thing..Facial ID is abit simple..in the past and now, it dont work well. 1 bald man can look like another, very easily.
    2.
    Hand prints, can help, the WHOLE HAND, not 1-2 fingers.
    3.
    there has to be a 3rd, even if its tattoo, Foot size, body scan, An x-ray...

    3 points of reference.

    If the USA keeps pissing off everyone int the world, it might be nice.
    But it also leads to every person in the USA being Bagged/tagged,. to have Proof of ID..

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Mar 2019 @ 10:25am

    And if they're kicking out false positives on a regular basis, they're also likely missing the people the systems are supposed to identify and remove from circulation

    Setting aside the actual topic of this article completely (and make no mistake, I am firmly in camp stop-spying-on-me-and-my-fellow-air-travelers), I want to point out that this probably isn't correct.

    Facial recognition technology relies on machine learning to use information from images to assign a probability that a particular image is of a particular person. (E.g., Picture A has an 87% probability of being Joe Shmoe.) So whoever is getting the results here has to set a threshold, above which they accept that Picture A is of Joe Shmoe.

    Thus, the false positive rate is likely due to setting a low threshold for classifying a match (although there is a VERY DISTINCT possibility that it's also because the people training the facial recognition technology did it stupidly), which means that they are actually not likely to be missing the people they're looking for (if you predict everyone's a terrorist, you won't miss any terrorists). Of course, that leads into another problem TechDirt has discussed in the past, which is finding a needle in a haystack of needles, further emphasizing how stupidly pointless this whole exercise is.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.