Here’s what the bill would do. Section 216 of the TSA Modernization Act, titled “Biometrics Expansion,” includes a provision requiring the TSA administrator and the CBP commissioner to “facilitate, if appropriate, the deployment of […] biometric technology at checkpoints, screening lanes, bag drop and boarding areas, and other areas where such deployment would enhance security and facilitate passenger movement.”
It’s unlikely that travelers’ facial scans will be reserved for DHS purposes. Under DHS policy, facial images and templates are deleted after 14 days. However, the official running CBP’s facial scan pilot program told the website Ars Technica that the agency could keep facial scans longer if necessary. In addition, DHS’ facial scan privacy impact assessment states that CBP can share facial information with state, local, and federal authorities.
There is already widespread sharing of facial images between these authorities. As research from Georgetown Law’s Center on Privacy and Technology revealed, about half of American adults are already in a law enforcement facial database, thanks in part to the fact that 12 states allow the Federal Bureau of Investigation (FBI) to access their DMV data and four states allow the FBI to access mugshots as well as DMV photos. Agents using the FBI’s facial recognition unit can search almost 412 million facial images, including those from these 16 states. Tens of millions of innocent American drivers can be found in these databases. At the very least, the FBI and other law enforcement agencies should take steps to delete data related to innocent Americans from facial recognition databases.
As if the widespread sharing of innocent people’s facial images wasn’t concerning enough, DHS has already expressed an interest in facial recognition drones. If DHS does deploy facial recognition drones we should expect to see this technology at interior checkpoints. Thanks to federal law, CBP has the authority to search vehicles within 100 miles of U.S. boundaries, an area where around two thirds of Americans live.
Apple’s new iPhone and recent news from Facebook are the latest evidence that facial recognition will be an increasingly common feature of modern life. Nonetheless, as Americans become accustomed to using their faces to unlock phones, confirm logins, or buy train tickets we must remain wary of the privacy risks associated with the government using facial recognition.
If facial recognition becomes a ubiquitous feature of American law enforcement it will assuredly impact law‐abiding citizens. Many Americans who take part in First Amendment‐protected activities, such as protests at airports and interior checkpoints, may be understandably hesitant if police are able to identify them via body cameras or drones with facial recognition capability. Although hardly ubiquitous, such technology is coming.
If the TSA Modernization Act is enacted as written there is a very good chance that facial recognition technology will become a regular feature of American airports. Sadly, chances are that many Americans will willfully submit to facial scans, if only for convenience’s sake. After all, millions of Americans do not opt‐out of the full‐body scanners TSA currently uses, despite the fact that they’re free to do so.
In the wake of 9/11 there were sudden and dramatic changes. The executive branch established DHS and TSA, Congress passed and the president signed the PATRIOT Act. But there were less dramatic and gradual developments. It became normal to see full‐body scanners at airports and passengers removing their shoes and throwing away harmless liquids at security lanes. If passed, the TSA Modernization Act will pave the way for passengers submitting to facial scans also being an ordinary sight at American airports. The slow‐moving infringements on our privacy should have stopped long ago, but halting such infringements late is better than never.