TSA’s roadmap for airport surveillance moves in a dangerous direction

The TSA PreCheck program has long been billed as a convenient way for travelers to cut down on security wait times and speed through airports. All a traveler has to do is to sign up, pay a fee, and allow TSA to collect fingerprints for a background check. However, the roadmap outlines TSA’s plans to expand use of those prints beyond the background check to other uses throughout the airport, such as for security at the bag drop or for identity verification at security check points.

TSA has already rolled this out as a pilot program. In 2017, at Atlanta’s Hartsfield-Jackson Airport and Denver International Airport, TSA used prints from the PreCheck database and a contactless fingerprint reader to verify the identity of PreCheck-approved travelers at security checkpoints at both airports. TSA now proposes to make the pilot program permanent and to widen the biometrics used to include face recognition, iris scans, and others.

Even more concerning, the roadmap outlines a strategy to capture biometrics from American travelers who haven’t enrolled in PreCheck and who never consented to any biometric data collection from TSA. Instead of giving passengers the option to opt in, TSA plans to partner and share information with other federal and state agencies like the FBI and state Departments of Motor Vehicles to get the biometric information they want.

While Congress has authorized a biometric data collection exit program for foreign visitors—supposedly to help monitor visa compliance by using biometrics to track foreigners leaving the country—the roadmap explicitly outlines plans for TSA and CBP to collect any biometrics they want from all travelers—American or foreign, international and domestic—wherever they are in the airport. That data will be stored in a widely shared database could be used to track people outside the airport context. For example, TSA’s Precheck as well as Clear have already begun using their technology at stadiums to “allow” visitors a faster entry.

This is a big, big change. It is unprecedented for the government to collect, store, and share this kind of data, with this level of detail, with this many agencies and private partners. We know that security lines are a huge pain, but we are concerned that travelers getting used to biometric tracking in the airport context will be less concerned about tracking in other contexts and eventually throughout society at large.

Device security and national security are not the same
The roadmap also makes the huge assumption that people will not object to this expanded collection. It states that “popular perceptions [of biometrics] have evolved to appreciate the convenience and security biometric solutions can offer in the commercial aviation sector.” In other words, it claims that travelers using biometrics like fingerprints and facial recognition programs to unlock their phones and laptops, will be less concerned about Department of Homeland Security agencies collecting biometrics to store in government databases for unspecified, myriad uses.

The problem with this claim is that those two things are not the same.

Apple software, for one example, allows consumers to use biometrics (currently, fingerprints and faceprints) to unlock their devices. However, Apple has specifically built in privacy and security protections that prevent the biometric data from being stolen. Apple does not enable third party software to access the original biometric data. Plus, unlike federal agencies, Apple stores the original biometric information on your phone, not in a central, searchable database intended for use by multiple government and private partners over many years.

Additionally, TSA seems to be ignoring the risk that relying heavily on biometric data for identification may actually create new national security risks that the federal government is ill-equipped to handle. For example, India’s infamous Aadhaar biometric database, which was built by the Indian government to reduce corruption and expanded for use by other public and private groups, keeps getting hacked. It is not only cheap to buy the information of one of the 1.19 billion people in the database, but the hacks also allow for new information to be entered into the database. Rather than increasing security, India’s biometric database created more problems and opportunities for corruption.

ImplementationiIssues and cost overruns 
Finally, this roadmap glosses over the weaknesses of facial recognition technology as a means to identify travelers and ignores the challenges CBP has already faced rolling out their biometric exit program.

We’ve written many times before about the significant accuracy problems with current face recognition software, especially for non-white and female people. For example, earlier this summer the ACLU published a test of Amazon’s facial recognition program, comparing the official photos of 435 Members of Congress with publicly available mugshots. The ACLU found 28 false matches, even in this relatively small data set.

CBP has claimed to have a 98% accuracy rating in their pilot programs, even though the Office of the Inspector General could not verify those numbers. According to the FAA, 2.5 million passengers fly through U.S. airports every day, meaning that even a 2% error rate would cause thousands of people to be misidentified every day. 

TSA’s roadmap does not acknowledge these accuracy problems, much less outline an efficient way to allow wrongly identified travelers to complete their trips. Additionally, the roadmap does not acknowledge the need to allow travelers to opt out of the system.

But even if the claims about the advances in biometric software and technology are true, the Office of the Inspector General has also reported that CBP consistently and substantially underestimated the cost of their biometric exit program to the American taxpayer. To close some of the funding gaps, CBP would have to depend on the airports and airlines to purchase the necessary biometric equipment and to provide staff to implement the program. In short, for CBP and TSA to achieve their goals, they must force American travelers to hand over their biometric data to private companies.

What’s next
TSA should not move forward on this plan without addressing the serious security concerns and without providing a reliable, convenient way for travelers to opt out of the program. Even if biometrics provided a reliable identification system for travelers, the kind of system and database the roadmap outlines could make it more difficult for people to travel, in direct conflict with the agency’s mission “to protect the nation’s transportation systems to ensure freedom of movement for people and commerce.”

India McKinney is Legislative Analyst at the Electronic Frontier Foundation (EFF). This article is published courtesy of EFF.