Facial recognition has become a rather touchy subject. Earlier this year, a $35 billion class action lawsuit was filed against Facebook over claims that it harvested consumer biometric data without consent. In San Francisco, the subject is so ripe that the city is considering banning all facial recognition technology within city limits.
The U.S. government thinks it’s a touchy subject, too. First, the Federal Trade Commission (FTC) explored facial recognition and recommended that certain companies “provide consumers with an easy-to-use choice not to have their biometric data collected and used for facial recognition.” Now, the Department of Homeland Security (DHS) is following suit by rolling back its intended expansion of facial recognition in a renewed commitment to protecting traveler privacy.
Currently, by law, Customs and Border Patrol* (CBP) is required to biometrically record foreign nationals’ entry to and departure from the United States. That mandate came out of the 9/11 Commission, which decided that a system like that was “an essential investment in our national security.” (*U.S. Customs and Border Protection is the DHS agency that manages, controls, and protects U.S. borders at ports of entry.)
But on the consumer side of the privacy ledger, going that far may have been overarching. After three face-to-face meetings with privacy experts to determine how far is too far in using “biometric facial comparison” process at U.S. ports of entry, DHS has made four key moves in what it says is the best interest of the traveler. These include:
Reducing the maximum period it retains new photos of U.S. citizens from 14 days to 12 hours;
Establishing rigid requirements which guarantee that airlines and other travel-related partners do not retain traveler photos for their own business purposes;
Working with all travel-related partners to give travelers adequate privacy notice by improving the signage and announcements at departure gates; and
Publishing 10 Privacy Impact Assessments to let the public know how DHS will collect, use, and store any and all personally identifiable information that’s part of the biometric process.
“CPB is committed to keeping the public informed about our use of facial comparison technology,” commented John Wagner, Deputy Executive Assistant Commissioner of the CBP Office of Field Operations. “We are implementing a biometric entry-exit system that protects the privacy of all travelers while making travel more secure and convenient.”
Potential to expose consumer data
While DHS’ intentions seem to be all well and good, security experts say that the potential for exposing personal data still looms large when it’s in the government’s hands.
“Despite these efforts, the government’s collection of its citizens’ biometric identity data is troubling for many especially since agencies already have mishandled the security of stored data,” writes ThreatPost’s Elizabeth Montalbano.
“In June, for instance, a data leak at the CBP exposed photos of the faces and license plates for more than 100,000 travelers that passed through checkpoints on the U.S.-Mexican border. The Office of Personnel Management also experienced a significant data breach in 2015 that resulted in the theft of fingerprint data of 5.6 million people.”
Should consumers be concerned?
Is facial recognition so hot of a potato that consumers need to run as fast and as far away from it as they can? When we put the privacy concerns question to David Chen, Co-Founder and Director of Engineering at Orbbec, he said no.
“Now, with the assistance of 3D camera technology, the accuracy of facial recognition has been dramatically improved and is capable of handling financial-grade security to make your devices more secure,” Chen told ConsumerAffairs.
“While some people may still hold serious privacy concerns, actually they can rest assured knowing that all the face data will be stored as encrypted mathematical models and any applications that use facial recognition software will only be able to keep that encrypted data locally to ensure maximum privacy protection.”
If that’s not enough to put you at ease, consumers should know that they have the right to opt out of the biometric facial comparison process, and all it takes is notifying a CBP officer or airline representative. In lieu of that, anyone who opts out does have to present their passport for visual inspection.