Officials at Dulles International Airport in Virginia unveil new biometric facial recognition scanners in September 2018.Bill O'Leary/Getty
In 2018, the federal government started scanning people’s faces as they drove into and out of the country at the Anzalduas International Bridge, which connects the Rio Grande Valley of Texas to Mexico. Customs and Border Protection said collecting these biometric images would enhance security and make identifying travelers more efficient. But less than a year later, a data breach compromised 100,000 facial images and 105,000 license plate images. Nineteen facial images from the breach were posted to the dark web.
Now, CBP wants to expand facial surveillance beyond Anzalduas and other sites that were part of a pilot program, even as the program saw potential security vulnerabilities in at least four airports, according to a report from the Department of Homeland Security inspector general. The expansion will start with facial recognition at more airports and will ultimately scan everyone arriving and exiting by land or sea as well, though citizens will be able to opt out. Noncitizens who refuse to be photographed could be denied entry.
Last month, multiple civil rights groups filed an objection to the CBP proposal. Evan Greer, deputy director of the digital rights advocacy nonprofit organization Fight for the Future, which was among the groups to object to the proposal, said government agencies and the private corporations they work with have a history of failing to safeguard data.
“If your credit card leaks, you can get a new credit card,” Greer said. “If your social security number leaks, you can get a new social security number. If a biometric scan of your face leaks, you can’t get a new face. The security risks associated with collecting huge numbers of people’s biometric information, storing it in these databases so that they can run scans and checks against it, frankly threatens security and safety at airports rather than increases it.”
In Anzalduas, the data leak came after CBP granted Perceptics, a subcontractor, access to the computer system containing photos of drivers and passengers. Although Perceptics had access only for the purpose of performing maintenance on cameras and other related equipment, it also downloaded images from CBP’s system. The agency hadn’t given permission for the images to be downloaded, but a report by the Department of Homeland Security inspector general found that CBP also hadn’t fulfilled its IT security responsibilities to prevent a download.
The images, saved to a USB hard drive and transported to Perceptics’ corporate office in Knoxville, Tennessee, were then uploaded to the company’s server. Later, a ransomware attack hit Perceptics’ corporate network.
Perceptics was briefly suspended from further contracts with the federal government, but the suspension was lifted just a few months later.
While the federal government has collected biometric data for years, including fingerprints from noncitizens, facial surveillance has demonstrated significant racial and gender bias.
“Those mugshot databases are disproportionately filled with faces of Black men because of our country’s decades-long history with the criminal justice system,” Greer said. “Those watch lists are disproportionately following the faces of Muslim men because of our country’s decades-long legacy of criminalizing Muslims and politically active Muslims.”
A study by the National Institute of Standards and Technology looked at 189 software algorithms and found high rates of false positives when matching photos of Asians, African Americans, and Native groups. Another study by MIT and Stanford looked at three programs that produced an error rate of less than 1 percent for light-skinned men but at least 20 percent for dark-skinned women.
Guadalupe Correa-Cabrera, an associate professor at George Mason University who specializes in Mexico-US relations, also worries about the accuracy of the technology. While living in Brownsville, Texas, she witnessed the evolution of technology employed by CBP as she regularly crossed the border. Facial surveillance acts as a “virtual wall,” she said, combining with tools such as drones, sensors, and radars.
“You have less freedom of movement because the government is going to know where you’re at,” she said. “And if you become a political target, this is going to make your life very, very difficult.”
Noting the inaccuracy of facial recognition technology, along with evidence of its use at protests and rallies, a bill in the Senate proposes a moratorium on government use of the technology until a commission can set guidelines.
As CBP eyes facial surveillance as the future of security checks, companies are keen on meeting demand. From 2017 to 2019, CBP spent $228 million on the facial recognition pilot programs. Since then, CBP has cited the pandemic as further evidence for the need for facial surveillance, arguing that it lessens contact during travel.
“One of the most concerning trends I’ve seen around that is seeing tech vendors sort of shamelessly exploiting the pandemic to peddle this software,” Greer said. “Suddenly, they rebranded overnight as ‘facial recognition: the touchless software that will keep you safe from the virus.’ That is not a claim that is supported by any public health guidance or experts.”
Greer worries that the pandemic will lead travelers to accept greater surveillance since they’re primarily concerned with avoiding the coronavirus. “People are desperate to start traveling again and feel safe while they do it,” Greer said. “So it creates this sort of dangerous, perfect storm where I worry people will accept what they see as a sort of acceptable expansion of surveillance to quote-unquote ‘keep people safe’ that—in the end—will actually put people in greater danger.”
