Facial recognition deployed at major US airports without public comment or checks and balances, but US citizens can opt out.

“This is opening the door to an extraordinarily more intrusive and granular level of government control.”

Source: The US Government Will Use Facial Recognition In Top Airports

In the absence of laws or legal precedents addressing the constitutionality of its use, U.S. Customs and Border Patrol has deployed facial recognition technology at at least 17 airports. Airlines and governments of other countries are doing this as well, in a vacuum of international regulations to protect travelers’ privacy and information security.

US citizens can opt out of facial recognition at domestic airports, EFF explains how. Non-US citizens do not have this option, nor do US citizens at foreign airports.

AirlinePrivacy.com shows the airlines that use facial recognition and those that don’t.

In the US, there are no laws governing the use of facial recognition. Courts have not ruled on whether it constitutes a search under the Fourth Amendment. There are no checks, no balances. Yet government agencies are working quickly to roll it out in every major airport in the country. It’s already being used in seventeen international airports, among them: Atlanta, New York City, Boston, San Jose, Chicago, and two airports in Houston. Many major airlines are on board with the idea — Delta, JetBlue, British Airways, Lufthansa, and American Airlines. Airport operations companies, including Los Angeles World Airports, Greater Orlando Aviation Authority, Mineta San Jose International Airport, Miami International Airport, and the Metropolitan Washington Airports Authority, are also involved.

CBP says it allows U.S. citizens to decline facial verification and to instead have their identities confirmed through the usual manual boarding process. “CBP works with airline and airport partners to incorporate notifications and processes into their current business models, including signage and gate announcements, to ensure transparency of the biometric process,” an agency spokesperson said in an email to BuzzFeed News. But of 12 flights observed by OIG during its audit in 2017, only 16 passengers declined to participate.

According to Delta, less than 2% of its weekly 25,000 passengers going through the Atlanta airport’s Terminal F, which features “curb to gate” facial recognition systems, opt out of using the tech.

The government’s end vision, according to an early “Biometric Pathway” document from December 2016, is for CBP to build a vast “backend communication portal to support TSA, airport, and airline partners in their efforts to use facial images as a single biometric key for identifying and matching travelers to their identities.”

“This will enable … verified biometrics for check-in, baggage drop, security checkpoints, lounge access, boarding, and other processes,” the document says. “This will create simplified and standardized wayfinding across airports.”

According to the Concept of Operations document, “By partnering with other stakeholders, CBP can facilitate a large-scale transformation of air travel that, by using biometrics, will make air travel more secure … providing increased certainty as to the identity of airline travelers at multiple points in the travel process” and “build additional integrity into the immigration system.” Biometric capture, CBP explained, would be “integrated” into the “systems and business processes” of other stakeholders, including private ones like airports and airlines.

The idea is for CBP to be able to scale up the effort considerably. “Instead of a program that is built and developed exclusively by CBP, and that benefits only CBP missions,” the document states, “the result is a series of interconnected initiatives undertaken by multiple stakeholders, both public and private, and through which all will significantly benefit.”

This is not the first time DHS has seemingly overstepped its boundaries. In the mid-2000s, EPIC sued to obtain records, describing problems with the TSA’s airport body scanners: invasive screening practices, potential health risks, traveler complaints, and more. Then in 2011, EPIC sued again, asking the courts to compel DHS to undertake a public notice-and-comment rulemaking on the use of body scanners. As EPIC argued, “The TSA has acted outside of its regulatory authority and with profound disregard for the statutory and constitutional rights of air travelers.” The DC Circuit agreed, and for the first time, the public was allowed to comment on the body scanner program.

But this time, DHS appears to be arguing, a facial recognition program at the border is so critical that it should be implemented, even without going through all the steps of the rulemaking process. Three internal documents seen by BuzzFeed News state, “CBP will transform the way it identifies travelers by shifting the key to unlocking a traveler’s record from biographic identifiers to biometric ones — primarily a traveler’s face.”

As of the time of publication, the airports included in CBP’s biometric facial recognition program are in Atlanta, Chicago, Seattle, San Francisco, Las Vegas, Los Angeles, Washington (Dulles and Reagan), Boston, Fort Lauderdale, Houston Hobby, Dallas/Fort Worth, JFK, Miami, San Jose, Orlando, and Detroit.

Aspects of Aadhaar, India’s biometric ID, struck down as unconstitutional.

aadhaar-1537929142.jpeghttps://www.livelaw.in/breaking-sections-33247-national-security-exception-gone-private-entities-cannot-demand-aadhaar-data/ (Includes full text of the decision.)

Sections 33(2),47 & 57 Of Aadhaar Act Struck Down; National Security Exception Gone; Private Entities Cannot Demand Aadhaar Data [Read Judgment] | Live Law

Among the aspects that were ruled unconstitutional:

  • Disclosure of information “in the interest of national security” without authorization from a Joint Secretary or higher ranking officer and a Judicial Officer.
  • Permitting private entities to use Aadhaar for authenticating their users/customers.
  • Disclosure of an individual’s information without providing the individual an opportunity to challenge the order.

The court further held that Section 139AA of the Income Tax Act, 1961 is not violative of right to privacy as it satisfies the triple test (I) existence of a law; (ii) a ‘legitimate State interest’; and (iii) such law should pass the ‘test of proportionality’,

However, the bench held that the move of mandatory linking of Aadhaar with bank account does not satisfy the test of proportionality. It has been also held that Mandatory linking of mobile number with Aadhaar is held to be illegal and unconstitutional as it is not backed by any law.

Justice D.Y. Chandrachud wrote a strong dissent (includes the full text of the dissent) to the ruling’s upholding of the Aadhaar Act’s constitutionality. The bill was passed by classifying it as one that could bypass Rajya Sabha, the Upper House of the Parliament.

“The passing Aadhaar Act as money bill is a fraud on the constitution”, Justice Chandrachud observed. The decision of Speaker to classify a bill as money bill is amenable to judicial review. The judgment also highlighted the importance of Rajya Sabha in passing laws.

“If a constitution has to survive political aggrandizement, notions of power and authority must give compliance to rule of law.”, he observed in his dissenting judgment.

Justice Chandrachud deemed the entire Aadhaar project to be unconstitutional.

“Constitutional guarantees cannot be compromised by vicissitudes of technology”, he observed.

Section 57 of the Act was held to be violating Articles 14 and 21 of the Constitution. Allowing private enterprise to use Aadhaar numbers will lead to exploitation of data.

Holding that Aadhaar had potential for surveillance, it was stated that the architecture posed risk on potential violation of leakage of database. Source code is of foreign corporation. “The data must all the time vest with the individual”, said the judgment. It was held that many provisions of Aadhaar Act provide for invasive collection of biometric data.

India Pushes Back Against Tech ‘Colonization’ by Internet Giants – The New York Times

https://www.nytimes.com/2018/08/31/technology/india-technology-american-giants.html

The overlapping tensions in India’s online business, policy and data protection

India wants to curb the dominance of foreign (mainly US) tech giants in India’s online consumer marketplace to facilitate the growth of homegrown counterparts. For this, it is looking at China’s success in establishing its own tech heavyweights by virtually walling off its citizens’ online access from the rest of the world. However, India also needs foreign investment, and Indians would not tolerate China-style restrictions on access to the web.

European regulations on the storage and use of user data are another approach for the Indian government to rein in foreign companies’ offerings in the country. While the European regulations are aimed at protecting the privacy of its residents, the Indian government wants to exempt itself from restrictions on access to its residents’ online data.