US surveillance watchdog says expanded use of facial recognition at airports should be voluntary

The U.S. Privacy and Civil Liberties Oversight Board (PCLOB) on Friday released findings from a six-year probe of facial recognition technology (FRT) usage at airport checkpoints, concluding that more transparency is needed and procedures should be improved to further protect the data privacy of passengers and accuracy of results.

In recent years, the use of FRT at airport checkpoints has exploded, prompting a bipartisan congressional bill introduced Thursday by lawmakers who expressed alarm about what they called unchecked surveillance. The Transportation Security Administration (TSA) plans to expand the use of FRT to 430 airports nationally and “eventually make it mandatory,” according to a one-pager released by Sen. Jeff Merkely, a bill sponsor.

The PCLOB report stressed that participation in the FRT program must remain optional.

It is also important that the consistency of the FRT accuracy improve, particularly when accounting for different demographic populations, the report says. FRT has historically produced less accurate results when analyzing Black and other minority individuals’ faces.

The TSA, which oversees the airport FRT program, must do more to “clearly justify the benefit gained by employing [checkpoint cameras], operate transparently, and provide robust protection against risks to the public’s privacy and civil liberties,” the report says.

Civil liberties advocates have long condemned the use of FRT at airport checkpoints arguing that such widespread filming in airports could lead to a surveillance state.

The PCLOB report did not shy away from that concern noting that because TSA’s process for photographing travelers is performed mainly by software, “both capturing the image and attempting to match the image to one in the gallery can be automated and performed rapidly.”

“This also increases the efficiency and speed of the system, while also suggesting the potential ability of FRT systems to perform surveillance in large public spaces.”

The TSA did not immediately respond to a request for comment.

Civil liberties advocates portrayed PCLOB’s findings as a win for their cause, saying the report underscores that the use of FRT at airports can pose serious risks to privacy and that there are few clear benefits to the technology’s use. 

“It notes that there is little — if any — evidence to support claims that facial recognition technology makes travel safer or more efficient,” Cody Venzke, senior policy counsel at the ACLU, said of the report.

“Congress must also step up and place firm guardrails around this technology to prevent it from harming travelers and to prevent our data from being retained and repurposed for uses we never consented to."

The PCLOB report notes that in some cases images can be retained for up to 24 hours.

Biometric data is also exceptionally sensitive, the report says, recommending that the Department of Homeland Security (DHS), which houses TSA, should analyze the security and privacy risks associated with the “potential to reverse engineer biometric templates and identify methods to mitigate these risks.”

PCLOB directs DHS to explore how to use technologies which will enhance privacy protections by ensuring the secure creation, processing, storage and querying of biometric templates.

Despite the ample concerns and recommendations for improvement articulated in the report, PCLOB does note that its review shows that risks embedded in TSA’s current FRT program are “significantly mitigated.”

PCLOB issued several key recommendations to TSA and DHS including that the agency should:

• Test and publicly report results showing the abilities of both human officers and the FRT system itself.

• Create standards tracking varying accuracy results depending on demographics and mandate that vendors ensure maximum accuracy across races. 

• Make the system more transparent by releasing a privacy impact assessment and publicizing information about the algorithms and training data relied upon. 

• Put procedures in place for probing and responding to FRT inquiries and complaints from travelers.

• Research how to further limit how long images are retained, deidentify data and deploy technologies to better protect travelers personal data and minimize risks that the data will be compromised or misused.