The Transportation Security Administration released a last week to turn U.S. airports into the first large-scale, comprehensive application of face surveillance technology on the American public. This is not good news for privacy and civil liberties.
Under the TSA plan, which reads like a parody of warnings against 鈥渟lippery slopes鈥 in the expansion of surveillance technology, the agency would first streamline its partnership with the Customs and Border Protection鈥檚 new biometric exit program, which matches certain international travelers with their passport photos at the aircraft gate.
Meanwhile, facial recognition technology will supplant fingerprints as part of the use of biometric check-in within the insidious TSA PreCheck program. The agency will then incorporate facial recognition into it鈥檚 developing that seeks to use biometrics and computers to replace agents in checking passengers鈥 IDs at security.
Finally, this would all culminate in the agency seeking to extend 鈥渂iometric solutions to the general flying public.鈥
We know that the Department of Homeland Security has a sweeping technocratic vision for an all-biometric airport. In a briefing last year by DHS officials on CBP鈥檚 entry-exit facial recognition program, officials talked excitedly of a world where 鈥測our face is your passport鈥 and biometrics are used not only for official status and identity checks but for everything in an airport, down to the purchase of goods in the duty-free shop. As The Verge last year, officials see current programs expanding into 鈥渁n airport-wide system Customs officials call 鈥楾he Biometric Pathway.鈥欌 One CBP official declared, 鈥淲e鈥檙e going to build this for [Biometric] Exit鈥. But why not make this available to everyone? Why not look to drive the innovation across the entire airport experience?鈥
In the past couple of years, I鈥檝e had discussions with and seen the presentations of a number of government officials and airport, airline, and other industry players on the subject of the future of airline security. The airport security community is looking at a wide variety of advanced tracking and surveillance technologies and has definitely embraced biometrics in a big way. One of the ideas floating around is 鈥渨hole-airport security,鈥 including 鈥渃urb-to-gate passenger analysis.鈥 That means extending the security architecture beyond the checkpoint, spreading it out across the airport through tracking of various kinds, including such things as video analytics. Face surveillance, of course, is key to that vision.
Some overseas airports have already tried to launch similar efforts. In China, where of face surveillance is part of an intensive regime of monitoring and control, the Shanghai airport has the technology at check-in, security, and boarding gates. The Caribbean island of Aruba has launched a program with the hilariously Orwellian name 鈥.鈥 It promises 鈥渢raveler-centric biometric technology, from curb to boarding!鈥 Travelers are told, 鈥淔ace it! You will love it!鈥
The TSA promises that its vision will be based on 鈥渙pt-in鈥 principles. That is certainly good 鈥 though it鈥檚 not hard to imagine that the ability to opt out will be either retracted by the TSA (as we have seen ) or rendered so inconvenient as to be reduced to a protest for the stubborn. More broadly, the agency鈥檚 vision will not be possible without building a comprehensive face surveillance infrastructure that, once in place, will likely be technologically impossible to opt out of without wearing a mask.
In its new roadmap, the agency declares, 鈥淭SA will build the strategic, architectural, policy, requirements, and process infrastructure needed to support鈥 its facial recognition systems, as well as 鈥渞obust requirements and architecture foundation, strategic policy and legal alignment.鈥
That is a big part of what鈥檚 wrong with this approach to airline security. Having developed that infrastructure, the TSA will be creating something that is highly likely to spread beyond airports. The same bureaucratic imperatives for tracking and identification that are driving the TSA鈥檚 push for biometrics also fuel many other agencies, from and to local police departments to major retailers. And airport use of facial recognition threatens to normalize what is the most dangerous and easily abused biometric.
Having 鈥測our face as your passport鈥 might be very convenient when you鈥檙e at a government checkpoint. But we don鈥檛 want to have to 鈥減resent our passport鈥 at every turn in American society, including walking down the sidewalk. If we build a system that turns our faces into passports that anyone can scan and store at any time, that鈥檚 exactly what鈥檚 likely to happen.
The TSA tries to argue that facial recognition has already been normalized thanks to technologies such as the iPhone X. But those who want to deploy controversial and invasive technologies are always quick to declare them 鈥渘ormalized鈥 鈥 and it is far too early to conclude that people will approve of these technologies. As I have argued before, people will always know the difference between facial recognition that is used by them and facial recognition that is used on them.
Doubling down on the wrong path
The TSA鈥檚 embrace of facial recognition should be seen as the latest step in the evolution of a security system oriented around identifying people. The government made a decision during the Bush administration to move away from an exclusive focus on improving physical security 鈥 making sure that nobody, no matter who they are, can get a weapon onto an aircraft 鈥 and to divert resources into identity-based (aka 鈥渞isk-based鈥) security.
That decision was a giant mistake.
There are several problems with identity-based security. One is that knowing somebody鈥檚 name does not tell you whether they are likely to pose a threat to aviation. You have to know more than just their name (and gender and date of birth 鈥 the data currently collected about all travelers). 鈥淚dentity鈥 is an empty shell unless you flesh it out with information about a person. And just how much information does a government agency need to establish whether a person is a threat? As the 老澳门开奖结果 has long argued, there will never be enough to satisfy the government. There is a logic of identity-based security, and it inevitably leads toward a regime of expanding information collection, surveillance, and tracking of individuals.
Even if the government were to collect unconscionable amounts of background information about every traveler, there is still no clear or defined way to use such data to judge the risk that person poses.
The push for more data on domestic American passengers included the ill-fated post-9/11 CAPPS II program, which envisioned doing background checks and generating security ratings on every flier using a wide array of commercial data. Under heavy political opposition, that program was eventually pared back to simple (though still very problematic) watchlist checks. And now we have the TSA PreCheck program, which positions the agency to begin putting more informational meat on the bones of traveler 鈥渋dentity.鈥 The TSA is clearly angling to expand not only the number of people enrolled in PreCheck, but also the data used in its background checks. As one TSA official said in a presentation I attended last year, the use of commercial data by the agency 鈥渋s back on the table, and we鈥檙e looking at ways to do it.鈥
Even if the government were to collect unconscionable amounts of background information about every traveler 鈥 their history, lifestyle, interests, associations, speech 鈥 there is still no clear or defined way to use such data to judge the risk that person poses. The current PreCheck program centers on a criminal background check, for example 鈥 but is there even any evidence that people with criminal records are more likely to attempt to attack a plane? Fortunately, attacks on aviation are rare. Predicting criminal behavior is always problematic, but there is virtually no data for attacks on aircraft.
And that is another big problem with the identity-based approach to aviation security: It is never subject to feedback or testing. The TSA has invested huge sums in its PreCheck program based on certain assumptions about who is a lesser threat to aviation. Now it proposes to invest significant resources in building a giant airport face-surveillance infrastructure. Yet, we have no idea whether this approach would be effective at actually protecting aviation, because unlike strategies for physical security, there is no real way to test it. Unlike say, systems for reducing common crimes such as credit card fraud, there is no way to get ongoing feedback on whether these systems are moving in promising directions or are utterly useless. More collection of data about travelers won鈥檛 change that. And in the absence of feedback, the TSA is able to just go along its merry way pretending it鈥檚 a rational system.
In short, the TSA鈥檚 desire to go all-in on airport biometrics represents an enormous further investment in a misguided approach to airline security that paves the way for future expansions in the collection and use of personal data on passengers 鈥 including insidious new forms of threat scores, security rankings, blacklists, whitelists, etc. 鈥 all without necessarily improving security. Instead of devoting its limited resources to such 鈥渞isk-based security,鈥 the TSA should be focusing more on physical security. There is a lot of new research and thinking underway on, for example, enhanced scanners, improved explosive detection, and more efficient 鈥渟creening at speed鈥 in which passengers are physically scanned as they walk down a hallway,
Identity-based security will increasingly have negative consequences, and pervasive facial recognition is both one of those consequences and a way of opening the door to others.