< PrevNext > Saving Face: Legislators Will Battle Over Regulating Biometrics in Travel By Elizabeth West / January 24, 2020 / Contact Reporter Share The U.S. Department of Homeland Security in December backed off the idea of requiring facial scans of U.S. citizens entering and leaving the United States. After seeming to propose the rule in its November unified agenda, DHS came under fire from privacy advocates as well as the National Institute of Standards & Technology, which concluded in a recent cross-study that gender and racial bias is baked into facial recognition algorithms across the board. If there's not enough packed into that opening paragraph to concern travel managers, here's something to consider: Airlines are rolling forward with a bunch of facial recognition initiatives at international airports throughout the U.S.—and there are plenty of other initiatives already in play in Europe and other regions. China has the most sophisticated and invasive initiative in place. But let's focus on the United States. There are two layers of U.S. facial recognition applications currently in play. The first is the official application used by U.S. Customs and Border Protection to screen non-citizens as they arrive and depart. This includes digital fingerprinting and taking scans of visitors' faces upon arrival. DHS asserts biometrics achieve more accurate and speedier results than relying on humans to perform the same tasks. As a result, CBP has rolled out optional facial recognition-powered clearance for U.S. citizens at a number of major international airports. The biometric lanes are optional for U.S. citizens, but privacy advocates say that springing such a choice during the travel process does not adequately inform citizens about how their information will be used, how long it is retained or what the alternatives are. Casting the manual option as slower and more arduous, they say, also unfairly penalizes those who choose it and actively pushes citizens toward the biometric choice. The second application is commercial. Airlines—particularly Delta in the U.S.—are rolling out biometric boarding processes at major airports throughout the country. The technology works in tandem with CBP, snapping a photo at the gate and sending that to the CBP to match it with photos already associated with the flight manifest. It's slick; it's easy; and, according to the airlines, it significantly reduces the time it takes to board large aircraft. And it's optional for all passengers; plus, airlines are required to purge photos after 24 hours. And customers like it. According to the International Air Transport Association, they want more. IATA's 2019 Global Passenger Survey found that "70 percent of passengers are willing to share additional personal information including their biometric identifiers to speed up processes at the airport." The report also noted that the percentage willing to do this "increases in correlation with the number of flights taken per year." That means business travelers. So the question isn't whether biometric identification will continue its march through airport processes, but how. And how will it be monitored? Because there are risks. Data security: A CBP data breach disclosed in June underscored that U.S. government data is hackable. The incident last year involved a CBP subcontractor that transferred data to its own servers—outside of official protocol—which were then hacked, transferring photos and license plates of an estimated 100,000 people. The subcontractor continues to work for CBP, according to the Washington Post. Baked-in bias: The NIST study showed that facial recognition technologies have systemic weaknesses in terms of successfully matching women and individuals of certain races to a large universe of photos. Currently, CBP and airlines are comparing photos to small data sets, which mitigates mismatches. Depending upon the application, misidentification could be simply an inconvenience or could place an individual into a context of suspicion. Mission creep: While we may not like to consider this, it happens. And the proposed rule from DHS last fall was a sign that facial recognition could easily be leveraged beyond its original intent, which actually had its basis in a post-9/11 initiative. Requiring U.S. citizens to submit to facial scans when leaving or entering the country stretched outside the mandate of the 9/11 initiative, which focused only on foreign nationals. It also seems to stretch beyond congressional authorization, which approved funding for the initiative in 2017 based solely on collecting data from foreign nationals. Even though DHS stepped back from its proposed rule that would have required U.S. citizens to submit to facial scanning, there's nothing in particular stopping the administration from proposing it again. The fact that customer demand is moving in the direction of biometrics nearly guarantees that airlines and airports will push to do more with facial recognition technology as well. Certain states have begun to prepare for such eventualities. The California Consumer Privacy Act and the specific Biometric Information Privacy Act in Illinois are starting to address how biometric information can be handled from a commercial standpoint. We can expect more state legislatures to get into the fray on this—and we may be looking at a patchwork of legislation as a result. I predict legislation will begin to formulate on a federal level as well. How far will it go? Currently, legislators on both sides of the aisle have misgivings about how broadly facial recognition and other biometric identification technologies should be implemented. Democratic Sen. Edward Markey of Massachusetts and Republican Sen. Mike Lee from Utah, for example, both are vocal about the use of the unregulated technology. What these or other legislators might propose and how it might be received by each party remains to be seen—but is definitely something to watch in 2020.