Can Facial Recognition Do Its Job and Still Respect Privacy?

Government use of facial recognition technology put one in the win column last week, when U.S. Customs and Border Protection (CBP) officers nabbed a man using a fake passport to enter the country at Dulles International Airport in Virginia. The 26-year-old man, who was arriving from Sao Paulo, Brazil, presented a French passport to a CBP inspector (while hiding his actual Republic of Congo ID in his shoe), according to the CBP. The CBP’s facial comparison technology confirmed that the man’s face didn’t match the one in the passport photo, and a follow-up search led to the discovery of his hidden ID.

It was the first time an imposter was caught at a U.S. airport using facial recognition technology, and demonstrated the effectiveness of a new system that was only on its third day of the job. But it’s also unlikely to assuage the concerns of privacy and civil rights groups—and even avid facial recognition users like Microsoft—about the potential risks of unfettered, widespread use of the technology.

Biometric identification for international travelers dates to a 2004 mandate by Congress, which was updated in 2013 and given to CBP. Early this year, the agency began integrating its face recognition system at eight airports for arrivals and three airports for departures. The systems are now used at 14 airports, including Dulles, CBP said. Orlando International Airport in June announced that it would be the first to use the system for all arriving and departing international passengers.

For CBP and the Department of Homeland Security, it represents another layer of protection. “Terrorists and criminals continually look for creative methods to enter the U.S., including using stolen genuine documents,” said Casey Durst, director of CBP’s Baltimore Field Office. “The new facial recognition technology virtually eliminates the ability for someone to use a genuine document that was issued to someone else.” As a side benefit, CBP says that using facial recognition to automatically match a photo of someone at the inspection station to their passport photo actually speeds up the whole process.

But to those raising red flags about facial recognition, comparing a traveler’s photo to photos in DHS’s databases is only the tip of the iceberg. CBP says the process takes about two seconds and has a 99 percent accuracy rate. But groups such as the American Civil Liberties Union contend that facial recognition’s overall accuracy rate isn’t that high, and has been shown to demonstrate bias, particularly against women and people of color. They also note that its growing use—including in video surveillance—adds to the size of already large government databases. It creates threats to privacy, they say, and increases the chances of innocent people being targeted. The ACLU has also raised concerns about surveillance photos being surreptitiously stored.

Some members of Congress likewise want to show caution. Senators Edward Markey, D-Mass., and Mike Lee, R-Utah, in December 2017 objected to implementing facial recognition at airports. They released a joint statement on that issue after the Orlando airport’s request for DHS to establish a formal rulemaking process before further expanding the program.

CBP says, meanwhile, that it does have some privacy protections in place. U.S. citizens can opt out of the biometric process, simply showing their passports instead, although some critics have said that CBP doesn’t do a good job of letting people know that. DHS and CBP have filed three Privacy Impact Statements regarding the program. CBP also says it limits the amount of personal information it collects with the photos.

CBP maintains that the system provides essential protections while doing enough to protect privacy. But because the program also stands to add millions of photos to government databases—Orlando’s airport alone will collect an estimated 5.9 million a year—concerns about misuse of the systems are likely to persist.

Recent