Insert Face to Fly

by Ege Uz

As air travel ground to a halt during COVID-19, U.S. Customs and Border Protection (CBP) has been rolling out their new facial recognition program across airports in the U.S. The program, called Traveler Verification Service (TVS), is a cloud-hosted facial recognition software used to identify travelers through photos taken of them in realtime at the airport, most prominently during passport control, and security checks in boarding gates. Since its initial pilots in 2016 and 2017, the TVS has been put to use in 20 international airports in 14 states, and CBP has stated that they’ve processed over 23 million travelers using facial recognition technology in 2020.¹

I first encountered the TVS this February, as I was flying out from New York. It was a new step in the usual airport security procedures, between the airline check-in and the TSA checkpoint. Approaching the booth manned by a CBP officer, I was asked to hand over my passport and ticket, and then to take my mask off to look up at a camera affixed to the booth. I did so, and after a few seconds, was told I could proceed. With no written or verbal indication that I can remember, I didn’t even find out until a month after the fact that the procedure involved facial recognition.

Here’s what I found about how the TVS works after the fact. After the officer took my photo, it was sent to a server running TVS, where it was compared (based on biometric data) to a pool of other photos. The pool is composed of biometric images of all of the passengers on the flight that I’m supposed to be on, including my own. These photos are retrieved from a variety databases that belong to CBP and its parent agency, the Department of Homeland Security (DHS), If the photo taken matches my image from the pool, I am verified by the system to be who I say I am.²

That may be the end of my interaction with the TVS, but what about the photo taken of me? What happens to the photos sent to the TVS depends on who they are of, vis-a-vis citizenship. U.S. citizens get to object to being subjected to facial recognition and instead ask for manual identification (which still employs biometrics). If they don’t object, their images are retained in the TVS servers for 12 hours before being deleted. Non-citizens —as in, immigrants, tourists, work/student visa holders— instead have their photos stored in the server for 14 days, where it is used for system audits and tech evaluations. The image is also shared with other biometric databases and systems across the DHS, as well as other with federal departments such as the Department of Justice. The most notable of these systems is the Automated Biometric Identification System (IDENT), the DHS’s central database of biometric information, within which the image would be stored for a whopping 75 years. And unlike citizens, noncitizens cannot object to any of these proceedures or demand to be processed in any other way.³

As an immigrant to the U.S., I’m part of the second group, whose images are collected and operationalized without asking for consent, and will populate DHS datasets for decades to come. I’ve travelled between the U.S. and my home country of Turkey so many times over the years that the DHS could construct a timeline of me going through puberty if they wanted to. And while the TVS is a significant milestone in the use of facial recognition technology and biometric data collection, these practices are not new: they have been deployed and developed on immigrants and noncitizens before being rolled out to affect Americans. It’s important to keep that fact in mind as it points to the larger pattern in how the U.S. develops its policy around domestic security, policing and surveillance: by co-opting practices and technology it applies to its “aliens”. Examining the TVS in-depth, I will attempt to illustrate how its development parallels the extensive surveillance and data collection that the U.S. already imposes on non-citizens, with the potential to go far beyond.

Visions of Facial Recognition

Aside from privacy concerns, there are plenty of reasons to be critical of facial recognition technology and oppose its increased use in any field. One reason is, as studies indicate, it’s largely inaccurate in actually recognizing faces, especially faces of people of color, and women. The use of commercial facial recognition software in policing across cities in the US have already led to the wrongful arrests of Black people. CBP touts a “match rate of more than 97 percent” across their applications of facial recognition technology (including the TVS),⁴ which, with over 23 million people scanned, still means an estimated 460,000 to 690,000 people being misidentified each year.

Another reason, particular to airports and border security, is that using facial recognition to identify travelers as opposed to doing so manually does not make much of a difference when it comes to detecting identity fraud. A total of zero people were caught using false identification at the airport in 2020⁵, with the grand total of such cases since the TVS’s official rollout in 2018 being seven.⁶ That gives airport facial recognition a track record of zero identity fraud cases caught, versus hundreds of thousands of people being misidentified in 2020. It’s perhaps because of this that CBP officers are instructed to fall back to identifying people manually in cases where the TVS provides a no-match result⁷— rendering the program little more than a redundancy to existing procedures in its current iteration.

Despite these prevalent issues around facial recognition, the CBP and DHS have placed it at the center of their future visions of airport security and border control. In their 2020 Trade and Travel Report, CBP states that they’ve increased their use of facial recognition despite travel decreasing and that they see “biometric [facial recognition] technology as the way of the future”, and a “vital element of national security and enforcing U.S. immigration laws.”⁸

Although the report doesn’t mention the TVS by name, other CBP and DHS documents reveal that it is central to this future vision. The overview for the 2017 Privacy Impact Assessment (PIA) for the TVS describes the larger ambitions of the program:

“By partnering with stakeholders on a voluntary basis and using biometric technologies, CBP is facilitating a large-scale transformation of air travel that will make air travel more: (1) secure, . . . (2) predictable, . . . and (3) able to build additional integrity to the immigration system.”⁹

According to ACLU senior policy analyst Jay Stanley, the TVS is the first step of a “very specific, clear and well-defined pathway” towards “a much broader implementations of face surveillance at the airport”.¹⁰ Formulations of this pathway can be found across public documents by CBP and DHS. One document by the Transportation Security Administration (TSA), another agency of the DHS, lays out the broad vision for expanding the use of biometrics in airports, starting with international travelers, then expanding to TSA PreCheck members, and finally to all domestic travelers.¹¹

Within the context of this vision, the TVS’s major achievement is that it’s the first time the technology is deployed during international departures from the U.S. Prior facial recognition programs had been limited to use in international arrivals.¹² As a result, CBP is able to collect biometric data on more U.S. citizens than it had been able to before, while increasing the amount of points where it can collect data from non-citizens.

However, the scope of the expansion goes beyond who gets subjected to facial recognition. One worrying trend is the international adoption of CBP’s facial recognition technology, facilitated via international partnerships. Currently, these partnerships involve biometric data collected by partner countries being shared with the U.S. in order to create a record of the departure.¹³ However, as of January 2020, CBP is developing programs collaborating with U.S.-based and international airlines, “in which the airline collects the photos of travelers en route to the United States at the airport of origin and securely transmits the facial images to CBP’s TVS for identity verification”¹⁴. The list of over 60 airports found on CBP’s webpage on biometrics include airports in countries such as Canada, Ireland and the United Arab Emirates¹⁵, where one may expect to see this program in use soon.

Another development in the works is the capabilities of the facial recognition technology that is employed. In their 2021 Privacy Impact Assessment for the TVS, CBP states that they are “increasingly employing technologies that do not require subjects to present their face directly to the camera. . . to collect face images with minimal participation from the subject.”¹⁶ Acknowledging that this “poses increased privacy risks since the individual may be unaware that their photo is being captured”, they currently address it using “both physical and either LED message boards or electronic signs, as well as verbal announcements”¹⁷. Stripping off the euphemistic language, this evokes a future where any camera present at the airport, from any angle or distance, may be sending your image data to the TVS to identify you and/or populate biometric databases.

Putting all of this together, this vision of airport security and facial recognition seems quite bleak. As Jay Stanley puts it:

“It hardly takes a paranoid flight of fancy to foresee this program morphing into something far more comprehensive and dystopian— a world where face recognition is used throughout our public spaces to scrutinize our identity, record our movements, and create a world where everyone is constantly watched.”¹⁸

The paranoid flight of fancy I’m taken on by all of this leads me towards an airport that is characterized by a state of total surveillance, where information is extracted out of people constantly, passively, simply as a precondition of being at the airport, and without necessarily them knowing about it or consenting to it. Reflecting on my own experience as a traveler and immigrant to the U.S. coming from Turkey, it doesn’t feel too far off, as I’ve often felt like I’ve had to provide information about myself and open myself to scrutiny without much of a choice.

Total Surveillance

Across their documents and communication, CBP states that they’re mandated by the government to deploy and develop the TVS (and facial recognition in a broader sense), citing a number of laws that begin with the 1996 Illegal Immigration Reform and Immigrant Responsibility Act, which “authorized the U.S. Government to use an automated system to record arrivals and departures of non-U.S. citizens at all . . . ports of entry”.¹⁹ Though that is where CBP begins their history, the language shifts significantly in the laws following 9/11, as is often the case with policies relating to surveillance. After 9/11, the authorization transformed to be “for the creation of a nationwide biometric entry-exit system”,²⁰ which has significant differences. First, the scope was expanded and abstracted from non-U.S. citizens to nationwide. Second, what was meant to be recorded changed, from arrivals and departures to biometric data, relating directly to people’s faces, fingerprints, identities. “The 9/11 Commission determined that implementing such a system [the TVS] is ‘an essential investment in our national security’”²¹, one CBP article from 2019 ends, positioning the program as a product of the national paranoia that 9/11 has caused, not a vision that seeks to go beyond it.

Another system that emerged out of 9/11 is IDENT, the biometric database that the TVS both pulls image data from to make comparisons (by jumping through a few bureaucratic hoops), as well as saves facial images into for 75 years. When it was established in 1994, IDENT was a database of fingerprints. After the formation of DHS it was expanded gradually to store further biometric and biographical data, and was deployed on international border checkpoints starting in 2004. As a result today, it has come to hold the biometric images and fingerprints (alongside a slew of personally identifying information) of 200 million people, and shares this data with all DHS agencies, including CBP, TSA and ICE, which share data back into it during their operations²².

The first time I flew to the US was in 2012, so I was recorded into IDENT on all of my trips, providing a new biometric photograph and new fingerprint records each time. Each individual data point, as well as their totality, are not only used to track and identify me, but are also used for comparisons done to track and identify others, or to train and improve the facial recognition model. Alongside the biometric information, I provide my biographical information, such as my age, nationality, gender and race, as well as information about the encounter— each possibly a correlational feature used in one algorithm or another, employed by god knows which DHS agency. Of course, the track record began the moment I took action on my intent to travel to the US— when I apply for a visa. When I applied for my green card in 2016 to begin my immigration process, the amount of information I submitted into the federal data sprawl increased to include my address history, my marital history, employment history, as well as information on any spouses or children²³, with the same being asked of my petitioner (my mom).

Consider, without thinking about whether any of this data should be collected or not, the magnitude of data collected on an individual through these processes. How granularly it describes someone. How many correlations can be plucked out of the various data points. Due to the extent to which IDENT data is presently used and shared across federal agencies, and the extent to which facial recognition and other biometrics-based, machine learning driven technologies have become prevalent, the people who provide this biometric data have become highly valuable sources of information. Within this surveillance capitalist framework, it only makes sense to expand and build upon data collection policies and practices employed on non-citizens— with how much of a framework there already is in place, legitimizing an immense collection of data, at numerous points during the travel.

Under the current iteration of the TVS, U.S. citizens who consent to its use on them are nevertheless exempt from having their image be recorded in IDENT, or be shared with any other DHS system or database. In contrast, for travelers coming into the U.S. from abroad, there is no escaping IDENT— with or without facial recognition. The TVS therefore may seem lenient compared to its predecessors that operated solely in international arrivals. However, when historicized from the perspective of non-citizens being subjected to facial recognition programs, the TVS marks the point where participation is made mandatory. Preceding systems that employ facial recognition (or used to employ other means of biometric identification but now use facial recognition), were opt-in programs, or voluntary, yet opt-out programs. While the TVS is mandatory for non-citizens, its implementation also mirrors the tactics employed by these nascent programs in order to develop and spread the technology.

If you still have doubts whether the TVS will expand and calcify into something more invasive and draconian, I urge you to consider that there are three times as many domestic travelers in the U.S. as international travelers²⁴, ask yourself whether your country would stop themselves from tapping into that fertile data capital.

Ege Uz is a second year MFADT student. He likes the Internet, and dislikes airports.