Facial Recognition at U.S. Airports: The “Future” is Now
By Annie Lane | July 12, 2019
At many U.S. airports, passengers face long lines and multiple checkpoints for checking bags, obtaining boarding passes, screening carry-ons, and verifying identity to get to the gate. The Transportation Security Administration (TSA) hopes to streamline the process with facial recognition technology. As part of the Department of Homeland Security (DHS), the TSA is responsible for domestic and international air travel security in the US. The TSA estimates screening 965 million passengers annually, or roughly 2.2 million passengers daily. That number is growing at a rate of about 5% per year. Facial recognition systems promise to expedite the process and support the increasing passenger volume. Beyond security checkpoints, the TSA is partnering with airlines like JetBlue and Delta to achieve a “curb-to-gate” vision with photos granting access at each checkpoint.
While facial recognition technology could unlock efficiencies, it also creates new risks and privacy concerns. A massive database of passenger images must be collected, stored and protected. Passengers have a right to provide consent, especially since the accuracy of facial recognition technology is questionable. The application of facial recognition technology by government agencies is also under the bipartisan scrutiny of Congress.
How Facial Recognition is Applied in Airports
The TSA lays out their plan to increase security and improve passenger security through automation of manual screening tasks in their Biometric Screening Roadmap. Traditionally, the Transportation Security Officers at the checkpoint compare the presented photo ID to the face of the person standing in front of them and matches the name on the boarding pass. The TSA has started screening pilots with U.S. Customs and Border Protection (CBP) to evaluate the facial recognition technology. In the pilots, at the Traveler Document Checker point, a camera takes a picture of the passenger’s face. This photo is then transferred to the cloud where an algorithm attempts to match the photo to the stored facial template database managed by CBP to identify the passenger. Upon finding the match, the passenger is permitted to proceed.
Storage and Security of Biometric Data
This system requires the storage of photos in a central database accessible to the federal agency. At the federal level, there is a collection of passport and visa photos. Applying this technology is a challenge for domestic flights because each state has their own database of driver’s license photos. However, a recent investigation by the Washington Post reveals that other federal agencies, including the FBI and ICE, have been accessing these state databases without due process required by the 4th Amendment. While the TSA is not currently involved in this invasion of privacy, this violates the principle of consent and betrays the public’s trust of the government’s use of facial recognition.
No data system is fully secure against attacks, so the huge database necessary becomes a desirable target. Increased access to the database introduces additional vulnerability. This is a legitimate concern – this June, the CBP reported that Perceptics, a private contractor, was hacked. The hack compromised around 100,000 images of license plates and travelers collected at border checkpoints. The CBP placed blame solely on Perceptics and chose to suspend the company rather than take any responsibility. Based on this recent response, we cannot expect the CBP or TSA to accept accountability for this new database as they partner with private companies.
Consent and Opting-out
The TSA biometric roadmap highlights that all passengers will have the opportunity to opt-out of the biometric screening. They can be screened manually using traditional methods. While it’s essential to provide the opportunity to provide consent and provide alternatives, these alternatives may come at a cost. The manual screening will likely takes longer and there may a social cost as strangers observe defiance of the “norm”. Two different passenger accounts confirm this and observe that opting out is not a clear choice for JetBlue and Delta’s boarding facial recognition systems. Even if a passenger opts out at the gate, their images have still been gathered in CBP’s cloud database as part of the flight gallery to be accessed by the private airline.
Accuracy of Facial Recognition
The system accuracy goal is correct identification of 96% of legitimate passengers. Even if this accuracy level is achieved, 1 in 25 passengers would require additional screening. While the majority of passengers may have a better experience, a subpopulation will face inconveniences. The [National Institute of Standards and Technology’s April evaluation of various facial recognition algorithms found that black and female subjects had consistently lower accuracy than white and male subjects. This means a particular subpopulation will disproportionately bear the burden of the technology. While prevalence of facial recognition is increasing, fairness has not been sufficiently addressed.
While facial recognition technology is already deployed at some American airports, there are opportunities to put the brakes on the program. The DHS has standards for gathering public opinion and assessing privacy risks including the creation of Privacy Impact Assessments. The House Oversight and Reform Committee and the House Homeland Security Committee both held hearings this summer on government use of facial recognition. We must hold our representatives accountable for protecting unnecessary invasions of privacy by government agencies.