DHS's New Airport Face-Scanning Program Is Expensive, Flawed, And Illegal
from the 3-out-of-3.-nice-job,-fellas. dept
We, the people, are going to shell out $1 billion for the DHS to scan our faces into possibly illegal biometric systems. Those are the conclusions reached by the Georgetown Law Center on Privacy and Technology. A close examination the face scanning system the DHS plans to shove in front of passengers of international flights shows it to be a waste of money with limited utility.
DHS' biometric exit program… stands on shaky legal ground. Congress has repeatedly ordered the collection of biometrics from foreign nationals at the border, but has never clearly authorized the border collection of biometrics from American citizens using face recognition technology. Without explicit authorization, DHS should not be scanning the faces of Americans as they depart on international flights—but DHS is doing it anyway. DHS also is failing to comply with a federal law requiring it to conduct a rulemaking process to implement the airport face scanning program—a process that DHS has not even started.
But American citizens will be included, according to the DHS. Its response to US travelers' wondering why they're being treated like terrorism suspects is that they're welcome to opt out of the collection. All they have to do is not fly. The DHS insists it's only targeting foreign visitors, but the system will scan everyone. The agency also promises not to retain face scans of US citizens, but it's highly doubtful it will keep that promise. The government has rolled out a variety of biometric collections, each one intermingled with existing law enforcement and terrorism databases. Collect it all and let the courts sort it out: that's the government's motto.
On top of the illegality and lack of proper deployment paperwork, there's the fact the program really just doesn't do anything useful. As the Center points out in its thorough report, there was originally a point to scanning incoming foreign visitors and comparing them to government databases: catching incoming criminals and members of terrorism watchlists. But there's no solid rationale behind the push to scan faces of foreigners as they leave the country.
The DHS has a theory, but it's not a good one.
DHS, for its part, has never studied whether there is a problem that necessitates a change in its approach to tracking travelers’ departures. DHS claims that the aim of the program is to detect visa overstay travel fraud and to improve DHS’ data on the departure of foreign nationals by “biometrically verifying” the exit records it already creates for those leaving the country.
Visa overstay travel fraud could—in theory—be a problem worth solving. Foreign nationals who wish to remain in the country undetected past the expiration of their visas could be arranging to have others leave the country in their place using fraudulent credentials. But DHS has only ever published limited and anecdotal evidence of this.
The DHS -- despite rolling this out -- still has no idea if it will do anything more than stock its database of human faces. Five years after being asked to demonstrate how biometric exit scans would be an improvement over the status quo, the DHS has yet to provide answers. In fact, it's hasn't even been able to deliver an estimate as to when its report answering these questions will be delivered.
This dovetails right into the DHS's lackadaisical roll out of its biometric program. So far, the tech has only been installed in a few airports, but even in this limited trial run, the agency seems uninterested in ensuring the system's accuracy. The DHS claims the program is doing great because it's not returning a lot of false positives. But that's the wrong metric if you're hoping to catch people on the way out of the country.
DHS currently measures performance based on how often the system correctly accepts travelers who are using true credentials. But if the aim of this system is to detect and stop visa overstay travel fraud—as DHS suggests—it is critical and perhaps more important to assess how well it performs at correctly rejecting travelers who are using fraudulent credentials. Yet DHS is not measuring that.
The Center recommends DHS suspend the program indefinitely. It should not be put back into place until the DHS has clear legal authorization to do so and with all of the required privacy impact paperwork filed. It should spend some more time studying the tech to see if it can actually perform the job the DHS wants it to. The end goal for the tech -- overstay travel fraud -- seems like a spurious reason for expanded surveillance in US airports, especially when isn't interested in limiting this biometric collection to foreign citizens only. But chances are none of these recommendations will be followed by the DHS -- not while answering to a presidential administration that has done its best to portray most foreigners as inherent threats to the US way of life.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: airports, dhs, face scanning, homeland security, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
Sir, we are going to need you to go to secondary inspection. Our cameras can't make out your license plate so it's obvious you have something to hide.
[ link to this | view in chronology ]
Re: Re:
They cannot chase me into Mexico
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Where the cameras are are where the K-rails are right at the border. This is what makes using I-5 the best way to into Mexico, if you want to hide your plates from DHS/CBP cameras and get away with it.
Of course, before going into Mexico, I take the plates out of the frames, and tape them up inside my windows, so that no Mexican cop that comes by with a screwdriver can get to my my plates, as they are locked inside my car.
Becuase of there the cameras are aimed, their DHS/CBP cameras will see is an empty license plate frame as I pass through by the K-rails right at the border itself.
Taping the plates up in my winodows does not violate either Mexican law, or US federal law, only state law where it may apply.
If you want to hide your plates from DHS/CBP cameras without beint stopped by CBP, going down I-5 is the best way, as CBP does not currently have any southbound controls going into Mexico on I-5.
[ link to this | view in chronology ]
Re:
"...one of these anti-camera license plate covers on my plates..."
Do those work? I thought Mythbusters debunked them years ago...
[ link to this | view in chronology ]
it gets worse
If only that were true!
The sad reality is that if you're unfortunate enough to live in or near a US border city, road travel in those "Constitution-free" zones can involve much more invasive and draconian 'security' checks, by men in uniform who are much meaner, more ruthless (and potentially more deadly) than the TSA will ever be.
https://www.texasmonthly.com/articles/the-best-little-checkpoint-in-texas/
[ link to this | view in chronology ]
Re: it gets worse
[ link to this | view in chronology ]
Re: it gets worse
[ link to this | view in chronology ]
Re: Re: it gets worse
Uh, aren't those exceptions called "Amendments"?
That and: for the government, isn't it the case that the government is allowed to do do nothing, unless there's a law specifically authorizing it to do something?
Y'know, the reverse of the case for people.
[ link to this | view in chronology ]
Re: Re: Re: it gets worse
"Uh, aren't those exceptions called "Amendments"?"
They are Amendments NOT exceptions. There really is a difference... like really really!
"That and: for the government, isn't it the case that the government is allowed to do do nothing, unless there's a law specifically authorizing it to do something? "
This entire sentence makes no logical sense.
The government has powers not privileges. This means they act with authority which works on a different logical principle than "allowed to". Additionally the government is not required to do anything even if there is a law "authorizing" it to do something as you so put it.
"Y'know, the reverse of the case for people."
Based on what context? Your premise is already flawed. People DO have rights as defined by some of these Amendments, and as the AC stated, there is no "exception" in the Constitution be it an Amendment or Article that states that the American government can suspend its Constitutional obligations to the under any circumstances! Even if you were on fucking pluto the American government is constitutionally required to obey the Constitution when dealing with its citizens.
Proximity to Border, Barking Dog, and probable cause are NOT constitutionally JUSTIFIED! The Constitution has been excessively corrupted and people are too stupid to even understand how.
[ link to this | view in chronology ]
Re: Re: Re: Re: it gets worse
The government has no right to do anything, unless explicitly granted that right by some relevant authority (i.e., the Constitution).
The people have the right to do anything, unless explicitly denied that right by some relevant authority (which receives its power to so deny from a right granted to the government in the Constitution).
Or in other words: "the government is allowed to do nothing, unless there's a law specifically authorizing it to do something", and "[this is] the reverse [of what is true] for [the] people".
The first two I'll allow (at least on the face of them, and probably all the way), assuming you're talking about these things as being invalid justifications for searches - but the term "probable cause" in modern usage is based in the Constitution itself, or at least in one of the amendments thereto.
There's disagreement about exactly what meaning the use of the term in the Constitution does have, because of unfortunate and (at least in modern terms) unclear phrasing, but the term itself is certainly in there.
[ link to this | view in chronology ]
What a wonderful boon for terrorists
Given that the DHS hasn't yet demonstrated that it can secure a fart, there's zero reason to think it can secure this database either. It will be hacked the moment it goes live (if not before) and the data will be sold to anyone who can pay. So let's have a round of applause for the DHS, once again spending enormous amounts of US taxpayer dollars to make US taxpayers less secure.
[ link to this | view in chronology ]
Re: What a wonderful boon for terrorists
The database backend is the most vulenerable part. Because it has to be exposed to the Inernet, so the programs that need it to run can access it, it also makes it vulnerable to hacking, where there are no user logs.
That is why, before going into Mexico, I will put one of these anti-camera license plate covers on, so the DHS cameras that scan every license number leaving the United States will not record my license plate, and it will not end up going in their database.
[ link to this | view in chronology ]
Re: Re: What a wonderful boon for terrorists
You do know that's a fantasy, right?
If a human can read the plate, then so can a camera. They're not using different laws of physics. If a human can't read the plate, it's illegal and you'll be stopped so that it can be cleared and recorded.
[ link to this | view in chronology ]
Re: Re: Re: What a wonderful boon for terrorists
Another way is take the plates out of its frame and tape it up on your window, which do when I go to Mexico to defend myself against one thing that Mexican cops do.
They go around with a screwdriver and remove the the plates of any car they think is illegally parked. By taping up in the the windows, and then locking the car when I am gone, they cannot get to the plates. More people are discovering this.
This will also foul up the Homeland Security's camera system, as the cameras will not get a very good picture of a plate inside your window.
[ link to this | view in chronology ]
Re: Re: Re: Re: What a wonderful boon for terrorists
If your eyes can see the plate from an angle, then so can a camera. It's the same light. Nothing about a camera stops it from seeing at an angle. If your eyes can't read the plate from an angle, then the cover is illegal. Good luck avoiding a ticket, let alone crossing the border.
Sure, you can rig a demo to con customers of your magic camera shield. Say, using polarized lenses. But chances are the border camera won't have a polarized lens let alone have it aligned just the right way for the trick to work in real life.
Mythbusters put some of the claims to the test.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: What a wonderful boon for terrorists
Not necessarily.
One difference to consider is that the human eye has a far greater "exposure latitude" than practically any non-biological means to capture an image, and that fact alone could conceivably be exploited as a 'copy protection' method to thwart license plate readers.
Like all forms of anti-copy protection, these things work (or attempt to work) by exploiting the differences between the way that one "set of eyes" reads something and the way that a different "set of eyes" reads it. Not very different in principle from a "copy protected" audio CD that can be read (and played) by a standalone CD player yet is invisible to a computer's CD-ROM drive.
But then, every type of copy protection method ever invented has eventually been defeated, in a never-ending arms race between content producers and consumers. And just like the arms race between police radar guns and radar detectors, it's likely that anything that thwarts license plate readers will soon be defeated by newer and better plate readers.
And just like the many bogus products that claim to enable people to pass drug tests, there is often far more hype than actual science envolved.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: What a wonderful boon for terrorists
That relied on different behavior of audio CD and CD-ROM drives. Only the CD-ROM drives looked for a data track on the outer rim. (And this was defeated with a magic marker. You could also just un-check the auto-run feature in Windows, which should have been done anyway.)
An eye and a camera on the other hand will be seeing the same light.
As Mythbusters testing showed, the reflective sprays and whatnot were fully defeated over a decade ago. And that's with the probably false assumption that they EVER worked.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: What a wonderful boon for terrorists
It is only a felony if you do it with intent to make some kind of monetary gain.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: What a wonderful boon for terrorists
Some motorcylcists say "Loud pipes save lives". I say loud car stereos save lives. Yet some places now have these automated enforcement systems to detect either a loud engine or a loud car stereo.
I have a loud stereo that is not as annoying, becuase I do nto have that thumpa-thumpa bass.
However, with cities deploying the "noise snare", I can use one of these license plate frame covers to keep the cameras on the things from being able to get plate number, and keep me from getting a ticket in the mail.
I play my stereo loud for safety, to let people know I am there. It has avoided an accident on several occasions. It not just for my entertainment, its for my safety, too, I blast my stereo, and I have home-brew setup that can be pretty damn loud, but not have the thumpa-thumpa bass
This is what I am talking about
https://www.phantomplate.com/photoshield.html
It is an anti-camera plate cover that will work against all red-light, speed, and surveillance cameras.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: What a wonderful boon for terrorists
However, if I am, say, right close to the border, I will just simply not stop for any CHP officer, if I am aleady past the Camino De La Plaza Exit on I-5, I would just simply punch it and continue on towards the border. The CHP has jurisdiction in Mexico, and would have to break off the pursuit once I was across the border.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: What a wonderful boon for terrorists
That's aside from forwarding it to Mexican authorities. If needed. You know, because if you arrive at the border with a police pursuit, they're going to stop you themselves and probably hand you back.
This happens occasionally here on the Canadian border. There's even a protocol for border-crossing hot pursuits.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: What a wonderful boon for terrorists
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: What a wonderful boon for terrorists
Or a unicorn could block it.
In Ontario alone there are 2900 convictions a year for obstructing plates. It doesn't sound like they have any problem at all connecting obstructed plates to owners.
The obstructed plate you describe doesn't stop you from being pulled over and asked for a viewing of your license and registration. Should you successfully make a run for the border, it's simply a different police force stopping you.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: What a wonderful boon for terrorists
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: What a wonderful boon for terrorists
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: What a wonderful boon for terrorists
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: What a wonderful boon for terrorists
[ link to this | view in chronology ]
Re: Re: What a wonderful boon for terrorists
Technical point 2: But the database logs don't matter in the case of data transmission which never touches the database.
To explain: if I were a very underpaid, undertrained, undereducated DHS front line employee then I might well accept $10K/month in tax-free cash income in order to flag the photos of any woman traveling alone and landing in eastern European countries or other places amenable to kidnapping and human trafficking. I'd siphon the data off before it even GOT to the database and see that it arrives in the destination city before the flight. What happens next? Not my problem, as long as I get my payoff.
Given the high rates of corruption and criminality among DHS employees, I suspect that last paragraph is closer to history than to speculation.
[ link to this | view in chronology ]
Re: Re: Re: What a wonderful boon for terrorists
After I blocked all proxy access, he did manage to break into the database and access posts that way. I know this because he would re-post stuff elsewhere on the blog portion of the site. Becuase MySQL had no logging, I had no way to prove it was him. It was a case of I knew who it was, but could not prove it.
[ link to this | view in chronology ]
Re: Re: Re: Re: What a wonderful boon for terrorists
Look at the manual SQL has comprehensive logging, and control over the logs. All your claims prove is that you are an incompetent server administrator.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: What a wonderful boon for terrorists
If MySQL has logging now, it would be a recent affectation.
This one dude did not like me, becuase I would do my own homebrew play-by-play of certain sporting events, particularly figure skating.
What I would do is tune to any stream of a skating event, and then give play by play reports of what was going on, which is protected by the first amendment as freedom of the press.
My broadcasts sounded so good, that this one dude really thought was in the arena, instead of in my home, and he was also with some kind of security detail, and they were looking all over arenas when I was not there, wanting to take care of the problem in their way, actually making physial threats of violence against me, if they could find me.
How I did is was I used one function that the 64-bit drivers for RealTek sound cards have. I could put it in Karaoke mode, which would cancel out the commentators voice, but leave the sounds in the arena in tact. Then I could my own commentary via the online radio station I had, only having to pay royalties for whatever music was used.
The 1st amendment protects homebrew play by play, which I did.
People liked me, especially in Europe, because I was not filtered out. I took steps to make I was never in any filtering lists. I blocked all the IP ranges of the major filtering vendors at the firewall level, so that my site would be never be cataloged or blocked.
While that would have broken British laws, because British laws on violating workplace internet policies are broader than in the USA, I was never subject to prosecution in Britain
Because my servers were in the United States, I only had to comply with United States laws. British laws did not apply to my servers, if even someone in Britain accessed my servers.
A server in the United States is only subject to American laws, and not British law.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: What a wonderful boon for terrorists
According to the online manual, logging has been there since at least version 5.5, which was released in 2010.
https://dev.mysql.com/doc/refman/5.5/en/server-logs.html
https://en.wikipedia.org/wiki/MySQL#H istory
Wikipedia seems to indicate that logging was added in version 5.1, released in 2008. I hope you weren't using 5.0, which was released in 2005.
Interesting story about the voiceover. The NFL's overly broad copyright claims before every game are pretty annoying. Not sure if any other leagues are as bad.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: What a wonderful boon for terrorists
MySQL 5.2 did not have any logging.
[ link to this | view in chronology ]
Re: Re: What a wonderful boon for terrorists
Absolutely not true. The database server can be firewalled off from the internet and only accessible from specific internal addresses.
[ link to this | view in chronology ]
Re: Re: Re: What a wonderful boon for terrorists
When I had my online radio station, I had backup servers in two different locations, and the database had to be exposed to the Internet, so that any one of them could access if needed.
If you have backup servers in multiple locations, then the database has to be exposed to the Internet for everything to work.
[ link to this | view in chronology ]
Re: Re: Re: Re: What a wonderful boon for terrorists
No you do not, there are ways of connecting to remote services over a SSH tunnel, at least so long as you were using Linux servers. That means that remote backup servers etc. can be kept off of the general.
[ link to this | view in chronology ]
None of that matters.
[ link to this | view in chronology ]
Re: None of that matters.
[ link to this | view in chronology ]
Re: Re: None of that matters.
[ link to this | view in chronology ]
Here in Canada, flights to Toronto from western Canada or Halifax tend to pass briefly through American airspace. So they're considered international flights on at least one level; passenger manifests must be turned over to the Americans well ahead of time and flights have been turned back if someone with a name they randomly don't like is aboard.
You can be sure that the agreement goes both ways. That anyone flying between Alaska and the mainland US is having their information stored in two countries.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
"two part" immigration forms are very common, some places will scan your passport in and out of the country at the airport as a matter of standard operations.
Arguing that it's pointless to track who is leaving is entirely missing how a good tourist / visitor visa system should work (not saying the US has a clue, just saying in general).
[ link to this | view in chronology ]
Re:
The US has the virtual three-part form.
An American needs a passport or other special pass to enter Canada not because Canada requires it, but because America requires it for their citizen to return.
And the US has agreements with Canada and many other countries such that when an American flashes their passport to enter a third country, a record of this is sent to the US.
[ link to this | view in chronology ]
Re: Re:
While it's true that the US has always been much more uptight than Canada about people crossing the border, passports or visas or other travel permits were never required of US citizens or permanent residents (and unlike in Europe, most people have never had a passport). Unless things have recently changed.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Even though Ted Cruz renounced is Canadian citizenship, he is still considered a Cuban citizen, because his parents were born there.
Cuba considers anyone born abroad to a Cuban citizen to be a Cuba. Marco Rubio, despite being born in America, is considered by Cuba to be a Cuban citizen, becuase his parents were born there.
That law goes back to Batista's time.
[ link to this | view in chronology ]
Re: Re: Re:
There are also a few places that do not like you having multiple citizenship status. The US immigration service isn't really happy about it in many cases, and they can (and do) demand that you make a single citizenship declaration for a visit to the US.
Some places don't care, some places freak out.
[ link to this | view in chronology ]
Re: Re: Re: Re:
With CalExit, if that ever happens, I will instantly become a USA/California dual national, because my father was born in Montana, born in the Republic Of California to an American father will make me a USA/California dual national.
Of course some control freaks in the US Government will never let CalExit happen without a fight, becuase a number of tech companies will no longer to be subject to US laws.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
America is everything it tries to blame other nations for being.
We spy on, meddle will, bomb, and propagandize every other nation on earth while we won't hesitate to bitch when other nations do it against us.
[ link to this | view in chronology ]