TSA’s Facial Recognition Tech Raises Questions About Bias and Data Security

The Transportation Security Administration’s (TSA) trial rollout of biometric facial recognition technology at airport security checkpoints has raised questions about the risks it poses to travelers’ privacy and the possibility of discrimination. 

The TSA’s program gives passengers the option to insert their ID into a machine while looking at a camera until a screen below flashes, “Photo Complete.” Then the passenger passes through the checkpoint. The TSA says the images are then deleted and that the camera only turns on when a person places their ID card in the scanner, according to Jason Lim, the TSA’s identity management capabilities manager.

The TSA is testing the technology at 16 major airports, and the agency insists that the program is voluntary. However, in a March 14 interview with Kyle Arnold of The Dallas Morning News, TSA Administrator David Pekoske said that if the TSA gets its way, biometric screening technology will eventually not be optional

But even without mandating facial recognition, fears of delay or poor treatment by TSA staff may lead travelers to submit when they’d rather not. “Whenever there is a power imbalance between powers, consent is not really possible,” says Meg Foster, a justice fellow with the Georgetown Law Center on Privacy and Technology. “How does TSA expect them to see and read an inconspicuous notice, let alone tell a TSA agent they want to opt out of face recognition? Especially if it may not be clear to them what the consequences of opting out will be.” 

The TSA stresses that there is no “discernable difference in the algorithm’s ability to recognize passengers based on things like age, gender, race and ethnicity” due to its use of advanced camera technology. But past research paints a different picture. In a 2018 study on the facial analysis of three commercial gender classification algorithms by the Gender Shades Project at the Massachusetts Institute of Technology, researchers found that “darker-skinned females are the most misclassified group.” An independent assessment from the National Institute of Standards and Technology in 2019 also found that face recognition technologies are “least accurate on women of color.  

Additionally, the TSA risks travelers’ privacy by collecting personal data and sending it to the Department of Homeland Security (even if the TSA asserts that the data is anonymized, encrypted, and eventually deleted)

The Cybersecurity and Infrastructure Security Agency noted last year that the federal government is failing to recruit enough cyber talent, making the government’s information security vulnerable to hacks. Recent years have seen numerous data breaches of federal agencies, including a breach of the U.S. Department of Transportation just last week. 

As William Owen, the communications director at the Surveillance Technology Oversight Project, explains, “Even if the plan is to eventually delete all photos and IDs, the data collection during the current pilot program leaves more than enough time to put passengers’ most sensitive information at risk.”

These issues led a group of five senators to write a letter to Pekoske in February of this year about the TSA’s “alarming use of facial recognition technology” at American airports. “American’s civil rights are under threat when the government deploys this technology on a mass scale, without sufficient evidence that the technology is effective on people of color and does not violate American’s right to privacy,” the letter stated.

Sens. Jeff Merkley (D–Ore.), Cory Booker (D–N.J.), Bernie Sanders (I–Vt.), Ed Markey (D–Mass.), and Elizabeth Warren (D–Mass.) called for an immediate “halt” of the TSA’s tech deployment until questions about discrimination, transparency, and data storage are answered. Similarly, Jeramie Scott of the Electronic Privacy Information Center recommended an outside audit to determine “that the technology isn’t disproportionally affecting certain groups and that the images are deleted immediately.”

Like all TSA techniques, facial recognition is just one more piece of security theater. Requiring passengers to partially undress, limiting how much shampoo they can fly with, and subjecting them to random searches have not made the skies safer. Using an algorithm to match their faces to government identification won’t either. But unlike those other indignities, it will potentially expose them to a government data breach.

The post TSA’s Facial Recognition Tech Raises Questions About Bias and Data Security appeared first on Reason.com.