Anyone who has traveled abroad recently and returned to the U.S. via a major airport has probably witnessed the new kiosks in use by U.S. Customs and Border Protection (CBP). CBP began testing the systems in 2015 as part of its biometric entry and exit programs to screen out people arriving in the U.S. with false documents. The system is now in use at 14 U.S. airports.
I experienced the new system when I returned from London via LAX last winter. The process is simple enough. Once I deplaned I was directed to the Customs area, where a kiosk containing a camera and touchscreen stood waiting for me. I answered a few questions about my trip and had my photo taken, much to my dismay after a 10-hour overnight flight! I was then given a receipt that included my horrible photo and a barcode, which I presented to the border patrol agent, who quickly checked my documents and sent me through to collect my baggage. What I didn’t know was what happened behind the scenes: my photo was compared to my passport photo using facial recognition technology to ensure I was who I claimed to be.
The idea behind the system is to speed up the traveler verification process and improve security. Speed and security are growing priorities for CBP, which has seen a four percent increase in the number of non-U.S. citizens entering the country over the past year. CBP says the facial recognition system allows them to vet more travelers in less time than traditional processes. And the process did seem fast, even though I ultimately missed my connection anyway because our flight sat on the runway at LAX for an hour before we could even get to Customs.
There are several legislative mandates that direct the Department of Homeland Security to record the arrival and departure of non-U.S. citizens by collecting biometrics. But why facial recognition? CBP said it looked at other options before choosing facial recognition technology, including fingerprint and iris-based systems. Facial recognition became the agency’s tech of choice because the agency already has visa holders’ faces on file, and unlike fingerprints, faces are easy to check. The new system reportedly “virtually eliminates” the ability for someone to use a genuine document that was issued to someone else when passing through Customs.
In late August, the system flagged a man attempting to enter the U.S. with false documents at Washington Dulles International Airport, according to CBP. After getting off a flight from São Paulo, the man presented a genuine French passport as his ID. But biometric technology confirmed the man was not a match to the passport he presented. Officers searched him and found his real ID card from the Republic of Congo in his shoe. CBP said it was the first instance where the new system caught a person attempting to illegally enter the U.S.
Naturally, CBP’s new system has raised privacy and security concerns. Some privacy experts say the technology is being rushed into use before it has been properly evaluated.
“Right now, there is very little federal law that provides any type of protections or limitations with respect to the use of biometrics in general and the use of facial recognition in particular,” Jeramie D. Scott, national security counsel for the Electronic Privacy Information Center (EPIC), recently told the Washington Post. EPIC also recently filed a Freedom of Information Act requests seeking details about the program.
Other critics predict CBP will invariably share photos with agencies like the FBI, who could run them against its database to locate people with outstanding warrants. And of course, there are also data security concerns. CBP has assured the public it’s using a secure cloud-based system and no personally identifiable information (PII) is ever exchanged. But that doesn’t placate wary consumers who have heard it all before and know cybercriminals are diligently looking for ways to hack even the most secure systems.
Racial bias is another concern. Many of the facial recognition systems currently available on the market are powered by machine learning and AI. Asem Othman, team lead for Biometric Science at Veridium, recently told Security Info Watch that many of the data sets companies have used to train these systems have consisted primarily of Caucasian male images which can “subsequently have a negative effect on their ability to match people of other races and genders with their correct identities.”
CBP has met with representatives from privacy advocacy groups on several occasions to discuss various concerns. The agency also published several Privacy Impact Assessments before launching the new system. But privacy advocates say the government still has work to do. Specifically, it needs to improve explanations of how it intends to use the information it collects and how long the information will be kept, among other things.
CBP has taken a proactive approach on deploying the technology, but that apparently hasn’t been the case with other federal agencies. According to various reports, the TSA has been experimenting with facial recognition systems at check-in for years, including taking photos of passengers when they collect their boarding pass and using it (without their knowledge) to track them as they move through the airport.
Whether it’s blatant or more subtle, use of facial recognition technology by federal agencies is not likely to go away anytime soon. That’s because it’s an easy, secure way to ensure a faster or more seamless process. CBP has already said it plans to increase the use of the technology at airports and other types of border crossings in the near future. And airports in other countries – including Ottawa International and Heathrow in London – are now using the technology to compare faces captured at security screenings with a separate capture at the boarding gate.
The moral of the story: Next time you plan to take an international flight, be sure you’re ready for your close up!