Facial recognition deployed at major US airports without public comment or checks and balances, but US citizens can opt out.

“This is opening the door to an extraordinarily more intrusive and granular level of government control.”

Source: The US Government Will Use Facial Recognition In Top Airports

In the absence of laws or legal precedents addressing the constitutionality of its use, U.S. Customs and Border Patrol has deployed facial recognition technology at at least 17 airports. Airlines and governments of other countries are doing this as well, in a vacuum of international regulations to protect travelers’ privacy and information security.

US citizens can opt out of facial recognition at domestic airports, EFF explains how. Non-US citizens do not have this option, nor do US citizens at foreign airports.

AirlinePrivacy.com shows the airlines that use facial recognition and those that don’t.

In the US, there are no laws governing the use of facial recognition. Courts have not ruled on whether it constitutes a search under the Fourth Amendment. There are no checks, no balances. Yet government agencies are working quickly to roll it out in every major airport in the country. It’s already being used in seventeen international airports, among them: Atlanta, New York City, Boston, San Jose, Chicago, and two airports in Houston. Many major airlines are on board with the idea — Delta, JetBlue, British Airways, Lufthansa, and American Airlines. Airport operations companies, including Los Angeles World Airports, Greater Orlando Aviation Authority, Mineta San Jose International Airport, Miami International Airport, and the Metropolitan Washington Airports Authority, are also involved.

CBP says it allows U.S. citizens to decline facial verification and to instead have their identities confirmed through the usual manual boarding process. “CBP works with airline and airport partners to incorporate notifications and processes into their current business models, including signage and gate announcements, to ensure transparency of the biometric process,” an agency spokesperson said in an email to BuzzFeed News. But of 12 flights observed by OIG during its audit in 2017, only 16 passengers declined to participate.

According to Delta, less than 2% of its weekly 25,000 passengers going through the Atlanta airport’s Terminal F, which features “curb to gate” facial recognition systems, opt out of using the tech.

The government’s end vision, according to an early “Biometric Pathway” document from December 2016, is for CBP to build a vast “backend communication portal to support TSA, airport, and airline partners in their efforts to use facial images as a single biometric key for identifying and matching travelers to their identities.”

“This will enable … verified biometrics for check-in, baggage drop, security checkpoints, lounge access, boarding, and other processes,” the document says. “This will create simplified and standardized wayfinding across airports.”

According to the Concept of Operations document, “By partnering with other stakeholders, CBP can facilitate a large-scale transformation of air travel that, by using biometrics, will make air travel more secure … providing increased certainty as to the identity of airline travelers at multiple points in the travel process” and “build additional integrity into the immigration system.” Biometric capture, CBP explained, would be “integrated” into the “systems and business processes” of other stakeholders, including private ones like airports and airlines.

The idea is for CBP to be able to scale up the effort considerably. “Instead of a program that is built and developed exclusively by CBP, and that benefits only CBP missions,” the document states, “the result is a series of interconnected initiatives undertaken by multiple stakeholders, both public and private, and through which all will significantly benefit.”

This is not the first time DHS has seemingly overstepped its boundaries. In the mid-2000s, EPIC sued to obtain records, describing problems with the TSA’s airport body scanners: invasive screening practices, potential health risks, traveler complaints, and more. Then in 2011, EPIC sued again, asking the courts to compel DHS to undertake a public notice-and-comment rulemaking on the use of body scanners. As EPIC argued, “The TSA has acted outside of its regulatory authority and with profound disregard for the statutory and constitutional rights of air travelers.” The DC Circuit agreed, and for the first time, the public was allowed to comment on the body scanner program.

But this time, DHS appears to be arguing, a facial recognition program at the border is so critical that it should be implemented, even without going through all the steps of the rulemaking process. Three internal documents seen by BuzzFeed News state, “CBP will transform the way it identifies travelers by shifting the key to unlocking a traveler’s record from biographic identifiers to biometric ones — primarily a traveler’s face.”

As of the time of publication, the airports included in CBP’s biometric facial recognition program are in Atlanta, Chicago, Seattle, San Francisco, Las Vegas, Los Angeles, Washington (Dulles and Reagan), Boston, Fort Lauderdale, Houston Hobby, Dallas/Fort Worth, JFK, Miami, San Jose, Orlando, and Detroit.

Aspects of Aadhaar, India’s biometric ID, struck down as unconstitutional.

aadhaar-1537929142.jpeghttps://www.livelaw.in/breaking-sections-33247-national-security-exception-gone-private-entities-cannot-demand-aadhaar-data/ (Includes full text of the decision.)

Sections 33(2),47 & 57 Of Aadhaar Act Struck Down; National Security Exception Gone; Private Entities Cannot Demand Aadhaar Data [Read Judgment] | Live Law

Among the aspects that were ruled unconstitutional:

  • Disclosure of information “in the interest of national security” without authorization from a Joint Secretary or higher ranking officer and a Judicial Officer.
  • Permitting private entities to use Aadhaar for authenticating their users/customers.
  • Disclosure of an individual’s information without providing the individual an opportunity to challenge the order.

The court further held that Section 139AA of the Income Tax Act, 1961 is not violative of right to privacy as it satisfies the triple test (I) existence of a law; (ii) a ‘legitimate State interest’; and (iii) such law should pass the ‘test of proportionality’,

However, the bench held that the move of mandatory linking of Aadhaar with bank account does not satisfy the test of proportionality. It has been also held that Mandatory linking of mobile number with Aadhaar is held to be illegal and unconstitutional as it is not backed by any law.

Justice D.Y. Chandrachud wrote a strong dissent (includes the full text of the dissent) to the ruling’s upholding of the Aadhaar Act’s constitutionality. The bill was passed by classifying it as one that could bypass Rajya Sabha, the Upper House of the Parliament.

“The passing Aadhaar Act as money bill is a fraud on the constitution”, Justice Chandrachud observed. The decision of Speaker to classify a bill as money bill is amenable to judicial review. The judgment also highlighted the importance of Rajya Sabha in passing laws.

“If a constitution has to survive political aggrandizement, notions of power and authority must give compliance to rule of law.”, he observed in his dissenting judgment.

Justice Chandrachud deemed the entire Aadhaar project to be unconstitutional.

“Constitutional guarantees cannot be compromised by vicissitudes of technology”, he observed.

Section 57 of the Act was held to be violating Articles 14 and 21 of the Constitution. Allowing private enterprise to use Aadhaar numbers will lead to exploitation of data.

Holding that Aadhaar had potential for surveillance, it was stated that the architecture posed risk on potential violation of leakage of database. Source code is of foreign corporation. “The data must all the time vest with the individual”, said the judgment. It was held that many provisions of Aadhaar Act provide for invasive collection of biometric data.

Settlement Reached in NYPD Muslim Surveillance Lawsuit

Link

New York, NY – Today, a group of Muslim owned businesses, mosques, individuals, and student groups have finalized a settlement agreement with the New York Police Department (NYPD) in Hassan v. City of New York, a federal lawsuit challenging the suspicionless, discriminatory surveillance of American Muslims in New Jersey. Filed in 2012 in federal court in New Jersey, Hassan was the first lawsuit brought on behalf of American Muslims unlawfully surveilled under the NYPD’s program. The plaintiffs are represented by Muslim Advocates, the Center for Constitutional Rights, and Gibbons P.C.

As a series of Pulitzer Prize-winning reports by the AP revealed, under the surveillance program, the NYPD spied on at least 20 mosques, 14 restaurants, 11 retail stores, two grade schools, and two Muslim Student Associations in New Jersey. The monitoring included video surveillance, photographing license plates, community mapping, and infiltration by undercover officers and informants at places of worship, student associations, and businesses. Internal NYPD documents, including a list of 28 “ancestries of interest,” revealed that the NYPD used racial and ethnic backgrounds as proxies to identify and target adherents to Islam. By its own admission, the NYPD’s surveillance of Muslims failed to produce a single lead.

Under the terms of the settlement, the NYPD has confirmed it will reform its discriminatory and unlawful practices by agreeing to:

– Not engage in suspicionless surveillance on the basis of religion or ethnicity;

– Permit
plaintiff input to a first-ever Policy Guide, which will govern the
Intelligence Bureau’s activities, and to publish the Guide to the
public;

– Attend a public meeting with plaintiffs so they can
express their concerns about the issues in the lawsuit directly to the
NYPD Commissioner or senior ranking official;

– Pay businesses and
mosques damages for income lost as a result of being unfairly targeted
by the NYPD and pay individuals damages for the stigma and humiliation
harms they suffered for being targeted on the basis of their religion.

Settlement Reached in NYPD Muslim Surveillance Lawsuit

The Internet With A Human Face – Beyond Tellerrand 2014 Conference Talk by Maciej Ceglowski

Link

About surveillance as the internet’s dominant business model.

Ethan Zuckerman’s recent The Internet’s Original Sin is inspired by this talk:

The fiasco I want to talk about is the World Wide Web, specifically, the advertising-supported, “free as in beer” constellation of social networks, services, and content that represents so much of the present day web industry. I’ve been thinking of this world, one I’ve worked in for over 20 years, as a fiasco since reading a lecture by Maciej Cegłowski, delivered at the Beyond Tellerrand web design conference.  Cegłowski is an important and influential programmer and an enviably talented writer. His talk is a patient explanation of how we’ve ended up with surveillance as the default, if not sole, internet business model.

The Internet With A Human Face – Beyond Tellerrand 2014 Conference Talk by Maciej Ceglowski