Biometric facial recognition technology used in airport security is on “shaky legal ground” in the US, according to a recent report.
US Customs and Border Protection’s biometrics programme, run by the Department for Homeland Security (DHS), monitors passengers departing nine American airports. It was first set up in the wake of the 9/11 attacks and plans are in place to roll it out further.
It uses biometric facial recognition technology to snap travellers and compares their image with the DHS database – its primary goal to verify identities and stop people travelling under false names.
But the Center on Privacy and Technology at the Georgetown University Law Center claims that neither DHS or CBP (US Customs and Border Protection) has ever justified its need or confirmed its legality.
The report says further rolling out the program in the States could cost up to one billion dollars and, currently, “may make frequent mistakes”.
It says: “DHS’ biometric exit program stands on shaky legal ground. Congress has repeatedly ordered the collection of biometrics from foreign nationals at the border, but has never clearly authorized the border collection of biometrics from American citizens using face recognition technology.
“Without explicit authorization, DHS should not be scanning the faces of Americans as they depart on international flights—but DHS is doing it anyway. DHS also is failing to comply with a federal law requiring it to conduct a rulemaking process to implement the airport face scanning program—a process that DHS has not even started.”
The report says that DHS’ current face scan-based program “may not comply with federal law” because the program “may exceed the authority granted to DHS by Congress because Congress has never explicitly authorized biometric collections from Americans at the border”.
It also suggests an unregulated biometric system at airports could lead to “an even greater and more privacy-invasive government surveillance system” and greater use of “privacy-invasive commercial technology by the airlines and technology vendors”.
It calls for the DFS to justify there is a problem to solve, stop scanning faces until a rulemaking proceeding is completed, prove the scans can identify imposters without inconveniencing others, prohibit secondary users of the data it gathers and provide data privacy guarantees to its airline partners.
The biometric facial recognition technology is used at nine US airports – in Boston, Atlanta, Chicago, Las Vegas, Miami, New York, Washington DC and two in Houston – as well as UK airports including Heathrow, Gatwick and Manchester.