"Having a conscience now is a grief-soaked proposition." Stephen Jenkinson
The Department of Homeland Security has posted the latest update to a series of Privacy Impact Assessments attempting to whitewash the invasions of privacy and human rights inherent in a comprehensive system of automated facial identification of travelers.
The latest PIA reveals more than the DHS has previously admitted about the nature and scope of its planned use of automated facial ID technology.
The DHS plans to use image data aggregated from commercial surveillance systems operated by airlines and airports, as well as DHS cameras, including non-obvious cameras, to identify air travelers (including both domestic and international travelers), international ferry and cruise passengers, and travelers crossing US land borders in vehicles or on foot.
Automated identification of travelers based on facial images would be used as the basis for who is, and who is not, allowed to travel, based on travel histories and algorithmic “risk assessments” that form the US counterpart of, and predecessor to, China’s control of travel and other activities through facial recognition and “social credit” scoring.
The latest PIA makes a variety of claims about how the risks to privacy and human rights inherent in this scheme will purportedly be “mitigated”. Some of these “reassurances” are implausible, while others are already contradicted by the facts on the ground. And none of them would cure some of the ongoing violations of Federal law in current DHS practices.
Data collection and retention by travel companies: Collection of facial photos by third parties such as airlines and airport operators, when they could be collected directly by DHS, violates the Privacy Act: “Each agency that maintains a system of records shall collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual’s rights, benefits, and privileges under Federal programs”, which include the right to travel by Federally-licensed common carrier.
Requiring travelers to provide information — names, ID numbers, photos, etc. — to airlines or other travel companies, as a condition of travel, gives travel companies a free ride. They gat to use this valuable personal information for their own purposes such as profiling and personalized pricing, while blaming the government for mandating its collection.
CBP is developing business requirements with its airline, airport authority, and cruise line partners that will specify that the partners must immediately delete the photos, captured for the purpose of identity verification through the TVS [Traveler Verification Service], as soon as the photos are transmitted to the TVS. In addition, any associated partner IT system must provide a method for CBP to audit compliance with this requirement.
As travel companies expand their demands for personal information as a condition of transportation, it becomes ever more important to determine what restrictions are placed on such demands by common carrier laws and by Consitutional and international provisions recognizing the right to freedom of movement and travel.
Notice and opt-out: In another attempt to ameliorate our criticism, the latest PIA claims that US citizens aren’t currently being required to submit to mug shots:
This is contrary to what we’ve observed at many airports, where line-minders (employed by airlines, airports, or unidentified third-party contractors) routinely tell arriving international travelers that they are required to show a photo receipt from one of the APC kiosks before they are allowed to approach any of the inspection stations or CBP staff.
No copies of opt-out notices are included in the PIA, and none are visible in any of the photos of mug-shot camera stations at departure gates. So far as we have seen, there are none.