> Another risk that is set in motion by TSA’s use of face verification is the very real possibility that our face eventually becomes our default ID and creates a de facto national ID controlled by the government.
For one, why are people afraid of a national ID? I remember this argument being used to delay RealID changes in some states. Other countries have a national ID and it hasn’t lead been billed as a privacy nightmare.
Second, we have a national ID already called a passport. That’s valid ID in the US and issued by the Federal government. I have one and so far the Feds haven’t come for me while I’ve slept or thrown me into whatever lies at the bottom of this slippery slope argument. Am I missing something?
Third, what makes the Feds worse than my State government? What stops Florida or New Mexico from turning State ID databases into a surveillance tool? Is it possible we really have 50 slippery slopes to deal with? Again, I don’t understand where the fear is.
1. People don’t trust the government and are wary of giving it more power
2. You’re missing that your face is different than a piece of paper. You can choose to refuse to show ID in some cases. You could keep your face covered, but that has ramifications you might not desire
3. The Feds are worse because they are already much more powerful than any state government.
It’s really not hard to see where the fear is. This might be one of the most obtuse comments I have seen on here
identity “verification” by ssn is stupid; almost every other democracy has national id systems and residential verification and it works better and is easier to get benefits or prove yourself than real id and any other absurd american invention.
Some state governments already perform facial recognition when issuing drivers licenses. There have been stories of twins being unable to obtain an ID because it was flagged as fraud due to matching facial features.
What a confusingly-written article.
The 1:1 case is not too unreasonable, if you ask me. Store a cryptographically signed photo on a chip in the ID card, and the machine can compare that to the real-life human presented. There are obviously drawbacks with biases in the comparison algorithm, but that's not really any worse than a human doing the same. From a privacy perspective it's not too bad - provided they delete their copy of the photo after the card is issued. This isn't any different from having the photo printed on the ID card, if you ask me.
The 1:many case, on the other hand, is a bit of a problem. This requires the creation of a mass database with everyone's pictures in it. The privacy implications are obviously enormous, as it would also enable the identification of previously-anonymous people "in the wild".
And then there's obviously the issue that it simply cannot possibly work on a larger scale: with a 1:1 comparison you have to look for a close-enough match of a single picture pair, but with a 1:many comparison you have to identify one person out of millions of possible matches. There needs to be some lenience in the matching (people use makeup and get rhinoplasties) but people's faces already look quite similar - once you get to the million-people scale, there are pretty much guaranteed to be some false positive matches in there!
"From a privacy perspective it's not too bad - provided they delete their copy of the photo after the card is issued. This isn't any different from having the photo printed on the ID card, if you ask me."
If you have a government ID they already have your picture in a database. I know for a fact this is true if you have a US passport and I would be shocked if each state doesn't have a database with all Drivers License/state ID pictures.
I can get my license reissued with my old photo as long as it’s within X number of years. This was handy during COVID when renewing entirely by mail was rolled out, but I also did it on a prior license renewal as well.
I’m generally opposed to government intrusion on rights, but I don’t think I have the inherent right for the government to have no photos of me. I’m sure the Dept of State, Customs/Border Patrol, and my local motor vehicles dept has my photo on file.
>> I don’t think I have the inherent right for the government to have no photos of me.
Why? The government should have no info on you at all unless and until they have an articulable reason to suspect you to be in violation of the law. Then they should only be allowed to retain data about for the duration of your criminal history (which could be for life )
Customs and Border patrol should not even be allowed to ask you any questions or stop you at all upon reentry to the country unless again they have a clear and articulable reason to believe you are in violation for the law
same with the TSA.
the fact that we have allowed general "detainment" in the name of safety was the start of the slippery slope that they continue to advance further and further to more or less cancel all 4th and 5th amendment protections to the point now where those protections basically do not exist with in a 100 miles of any border which is like 80% of the nation.
it is absurd to simply accept this as normal, and inline with individual freedom. it is not
> The government should have no info on you at all ...
Are you meaning for citizens of the country, or visitors to the country?
If you're meaning for citizens... um... how would the government know you're a citizen if it has no records of you? Ditto for knowing who to collect tax from, although a Good-and-Services-Tax could remove that particular need. ;)
I think the issue here is that it is both reasonable for the government to have a photo to facilitate some services, and also extremely dangerous for a centralized database to exist due to the kinds of surveillance this enables.
If we could be certain that the collected photos would be used only for the specific uses cases deemed necessary and acceptable, and never for the purpose of enabling new forms of surveillance, then it seems reasonable for the government to have this info.
But I don’t think that’s the reality. Or at least there aren’t checks and balances in place that I’m aware of that ensure the collected photos are not used for other purposes. It’s ultimately a problem of trust, and trust has been deeply eroded.
I disagree with the customs and border comment. I think a nation has a right to know who is entering the country. Otherwise you just have open borders. In addition other countries want to know who you are. So you need a passport
I just went and got my license renewed in my home state while I’m living overseas. The last time I had a license photo taken there, I was maybe 17. The clerk made sure to turn the screen around so we could both laugh at my old photo, so at least they keep them in one state.
The mass database with everyone's pictures in it is called the DMV. It was created decades ago; we don't need to engage in speculation about what it "would" do.
There is not a single DMV. Every state has its own DMV with its own database.
Yes, and many of those DMVs share those photos with upstream agencies, which reduces the problem.
... then they came for my doppelganger and there was no one to implicate me.
TSA presumably can narrow down the search space to the people with tickets at that airport for that day
My concerns here are not about the search cost, but about holding everyone's data.
"And then there's obviously the issue that it simply cannot possibly work on a larger scale: with a 1:1 comparison you have to look for a close-enough match of a single picture pair, but with a 1:many comparison you have to identify one person out of millions of possible matches. "
i should probably flesh out my reasoning more on this but i think we should preserve the ability for people to do wrong rather than trying to box it out. practically, it functions as a useful last resort of the system is very screwed up and we can probably punish noncompliance in other cases.
i think if we successfully remove the ability for people to break laws, regardless of whether it's done in a "privacy-preserving" way, that would be bad. but then again i'm against the feds knowing who anyone is so i'm probably biased.
This statement seems pretty poorly thought out. I think the argument that's being made is actually that there should be comprehensive privacy legislation, not that the TSA's use of facial recognition is bad/dangerous.
I see three risks being pointed out:
1. "the potential privacy and bias risks" -> however it doesn't expand or explain these risks. I'm on team privacy in general, so I definitely worry about this, but I think it's almost comical that any description of this risk is absent.
2. While facial ID is currently optional, "there is no guarantee that will remain the case" -> this is a textbook slippery slope argument, which means they're arguing not that the current practice is bad but that someday they might start doing something bad.
3. "the very real possibility that our face eventually becomes our default ID" -> another slippery slope argument that has even less to do with the TSA. This would require a major effort by the rest of government, so this is more a "watch out for that big cliff over there" argument than a slippery slope argument.
After all that, I think the topic sentence of this statement should be" > This is [bad] because the United States lacks an overarching law to regulate the use of facial recognition to ensure the necessary transparency, accountability, and oversight to protect our privacy, civil liberties, and civil rights.
The slippery slope argument is a pet peeve of mine. It is a real, valid concern - in fact when this strategy works people often switch to calling it boiling the frog, which is not usually contested for some reason (even though it is the same thing)
Slowly making changes is a normal strategy at this point, saying anything less than the worst case is a "slippery slope" is no longer relevant imo. It is a valid risk that should at the very least be a point of discussion
Right. "slippery slope" is a fallacy only when the slipperiness of the slope is taken for granted. In this case there is plenty of evidence that this slope is in fact slippery.
Since I'm bashing on fallacies here, I'd also like to call out the naturalistic fallacy as a frequently abused one.
If your ancestors managed to survive in the natural environment, and there is something novel in the synthetic environment, then the synthetic alternative does in fact deserve more scrutiny because you have less evidence about it.
"Natural doesn't mean safe" type reasoning only really applies when the natural and synthetic thing are being put in equally novel situations--which is a pretty rare setup. Like, how often do you consider eating a plant which nobody has ever eaten before?
> The slippery slope argument is a pet peeve of mine.
Do you mean that an argument which consists of a claim of an inevitable slide to a bad conclusion from a certain starting point is your pet peeve? Or that a rebuttal to such an argument, which consists of pointing out that the former may be a slippery slope fallacy, is your pet peeve? It gets confusing because the key phrase of the former is "we're on a slippery slope", while the key phrase of the latter is "that's a slippery slope fallacy."
The slippery slope argument is a logical fallacy. However as you say, when incremental changes are regularly used as an effective strategy to obtain a larger objective it becomes a valid concern.
The logical fallacy still holds even if the majority of all policy utilizes the incremental strategy, but only because there are edge cases that invalidate the argument.
The problem for people outside of the strategy room, is that we don't know whether there is a broader objective or not, and even when a broader objective is realized it's almost impossible to prove that the end result was the original intent.
Why does there need to be a broader objective?
Even absent a broader objective we should still look to history and understand that government only ever increases its own power, only ever reduces the liberty of the citizen.
Government actions move in one direction, to yell into the void "well that is a slippery slope fallacy" as if that means we should simply ignore all of the lessons history has to teach us about giving up liberty for perceived safety is crazy to me.
I am not sure what value there is in proclaiming a slippery slope fallacy or how that it a rebuttal to the very real historical record.
It's part of a broader objective because many of these projects are fueled by both private organizations and public for-profit organizations. Yes, this is indeed part of a broader objective to sell more of this technology. Lots of ARPA money out and about right now.
>2. While facial ID is currently optional, "there is no guarantee that will remain the case" -> this is a textbook slippery slope argument,
And? Years ago you could say the same thing if OP complained about the TSA starting to use biometrics. And you would be disregarding their very real concerns, especially when they would have been right about them. I believe this is also the case now. OP has a valid point.
> you would be disregarding their very real concerns, especially when they would have been right about them.
Which TSA concerns were they right about and what dates?
Matching pictures doesn't indicate a person smuggling items onboard, and the hijack avenue ended on 9-12 when in-flight procedures changed. Ramp workers and flight crew, and even TSA, go around the TSA screening and can smuggle anything that somebody holding their family hostage at home tells them to carry.
They are piloting this at an airport near me. When I asked if I could opt out the employee said “no”. It was only later I was told that I could (upon returning home and looking it up)
FaceID as government ID is not a good idea, and it’s fine to start somewhere in my opinion though of course I would prefer outlawing biometrics entirely as identifiers.
Every article I've read about the TSA's program included the journalist either being denied an alternative to the facial recognition process or being pressured to do it. In an environment where being late for a plane could cost people their travel plans, coercion is pretty easy.
I fly a lot. I always opt out, usually in Atlanta but I think in other airports. There are signs up they say you can opt out.
This is both in the precheck security line and when boarding international flights.
It was an issue once with a Delta employee who didn’t know I could opt out. And once with border control in Ireland (where ICE has a presence). There, the ICE employee manually verified me but still insisted I get a photo taken.
Otherwise, it’s not been an issue to opt out so far. The staff might be a little annoyed, but it goes just as fast.
As an opposite point - the airports I've been to have been pretty easy to opt-out, though they usually have snippy comments about "saying it up front".
That being said, did your airport not have signs talking about the pilot, and it being optional? I would of pointed to that if I was told no.
The full body scans are also voluntary. I opt out of all of that nonsense with three words "no thank you".
EPIC hasn't been the same since they kicked out Marc Rotenberg. Sad to say.
Even GDPR only applies to private entities, and the same polity who did that have used their willingness to regulate data handling and software architecture to, if anything, minimize end-user privacy vs. the state.
Some countries have their equivalent of GDPR applied to the government entities as well. Turkey and India are such examples.
These questions come up and I always wonder about the edge cases. I'm an identical twin. My twin can get get past my faceID consistently, from first release until today. What happens when twins with bad blood start abusing facial recognition?
Other signal will be fused in. Otherwise, you’re counting on the possession of your government credentials as the control. You could just as easily swap IDs.
Leakage is expected, leading to iteration on edge cases. Some leakage will always be inevitable, no system is perfect.
The legal system is the final recourse mechanism if malicious activity (identity fraud) is detected.
Currently you need to look kind of close and have the other person's ID. With the 1:many pilot it would just check your face against a database of ID photos of PreCheck enrolled travelers, so you only have to be at the right place at the right time, and look very close. Not a huge concern in general, but for an evil twin it's much easier to get past TSA if they know which plane their twin will take.
I don't see how that's the case with the TSA's program. It really sounds like you present your ID and a boarding pass and that's it.
Present state. They are moving towards facial recognition with no need for ID presentation or boarding pass. No need for the ID when they have your photo on file (this is how Global Entry re-entry kiosk works), and your identity is tied to airline PNR.
(enrolled in the CBP program 1:many program mentioned)
> The legal system is the final recourse mechanism if malicious activity (identity fraud) is detected.
We're screwed, then.
What kind of abuse are you imagining? Presumably with this system, the TSA agent's query is like: "Does this person's photo match the photo for the identity they are claiming to be?", and not do something like compare your face to every other person's face and return the most likely identity for your face.
So, in that instance, your evil twin could steal your ID and travel as you, but they could do that before this system was in place anyway.
The article mentions a "one to many" system which is exactly this - it compares you to every face in the database and decides who you are, eliminating the need to show physical ID.
Unless both twins are flying on the same day, you could solve this by rejecting matches of people who don't hold a boarding pass for that airport.
Or you could just require a physical ID as backup if the system can't return a match (due to identical twins or otherwise).
> you could just require a physical ID
It's actually not necessary to have an ID to get through TSA, so please don't encourage it.
Then your twin might be able to enter an airport terminal without first spending a couple hundred dollars on a ticket.
Would a combo touch+faceID be sufficient for distinguishing twins?
Touch ID alone should suffice, identical twins have different fingerprints. Similar, but not identical. There's some amount of entropy captured in the womb which affects their development. 
> Fingerprints aren’t included in these genetic similarities. That’s because the formation of fingerprints is dependent on both genetic and environmental factors in the womb.
> The chances of identical fingerprints in identical twins is slim-to-none. While anecdotal articles online often discuss the possibility of a chance that the science could be wrong, no research has found that identical twins can have the same fingerprints.
> [...] As a result, identical twins may have similarities in the ridges, whorls, and loops in their fingerprints. But upon closer examination, you’ll notice differences in some of the smaller details, including spaces between ridges and divisions between branch markings.
Fingerprints are more unique than faceID.
Even if someone totally unrelated who looks a lot like you is caught in the act by facial recognition, it can be really bad. “Here are videos of the defendant caught on the act of three separate crimes!” can be pretty convincing when you’ve been dredged up as the closest match.
My son can, too.
whenever biometrics pops up on HN i always have to post the reminder that a biometric is _both_ a username & password bundled as one login credential. People like to compare biometrics to passwords, but that's a bad analogy because passwords can be changed whereas no one in tech likes to admit that a username should be changeable too.
> a biometric is _both_ a username & password
It's just a username. As implemented the systems only require a username. It's also not even that, it's a temporal identifier, as faces change, sometimes in ways that we all expect and sometimes, not. To the extent that we've even performed facial transplants in response to some of these cases.
If biometrics were going to work, we'd be using fingerprints already. For all the same reasons we don't use fingerprints, we won't be able to use facial identification.
It's not "just" a username, in a way that I can type arbitrary username easily, but spoofing biometrics is somewhat harder, at least in a controlled environment. And that's the only reason why it's used - it is essentially a replacement for situations such an agent quickly checking a photo ID (low-effort high-volume quick-and-dirty weak authentication).
Not that I'm fond of this, just saying that it's not exactly just an username.
There is no culture of using secrets for authentication in any public setting. It all had always relied on biometrics, since times immemorial (people knowing how one looks like, then scaled up with printed documents, now scaled up again with machine-assisted recognition). Essentially, with some exceptions like high-security facilities, people had always relied on their public identities (self-asserted or asserted by a trusted third party, depending on the requirements) to get access.
And not even a unique user name. Twins and other relatives can pass for each other.
And with facial recognition, two people don't even have to be related. I knew a guy who looked so much like me that he grew a mustache purely so that our own friends could tell us apart (which is how I know I look terrible with a mustache). There's zero chance that facial recognition could distinguish us.
He and I weren't even remotely related.
Which means a second factor is needed -- and we already have IDs.
you can't change it, it's not a password (though the mustache example in this thread is an amusing/distressing counterpoint :-)
When will the temporary post 9-11 policies end? They aren’t really needed anymore, if they ever were.
The TSA violates the 4th amendment millions of times a day and has a 95% failure rate at its job simultaneously.
Read it for yourself and ask if searching every single person trying to fly is "reasonable" or if they have a warrant: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
I think a metal detector search of the person and X-ray of bags is reasonable in terms of an invasiveness of search which is no greater than required for the legitimate safety concern and proportionate to the risk.
I think the AIT machines are not reasonable (by nature of being more invasive than required), which is why I opt-out 100% of the time, much to the frustration of my wife when we’re traveling together, but I don’t care.
I think the TSA agrees the AIT is likely enough to be unreasonable to not want it tested in court, hence they allow opt-out.
I was at JFK recently and was shocked how fast the Global Entry facial recognition system was compared to say UK one. I literally had barley registered on the camera before it gave me a green tick.
New Zealand has been using facial recognition (& iris I believe) at airport border control for over a decade. New Zealand is probably still a bit sensitive over France bombing Greenpeace here last century. https://nzhistory.govt.nz/politics/nuclear-free-new-zealand/...
I don't like it, but it is where the world is going. The USA has been taking fingerprints of international travelers for a long time!
still not clear to me why ID matters if they're going to x-ray me
To remove, for the airlines, the old grey market of resold "non-refundable" tickets that which the original purchaser can no longer utilize that existed before the ID requirement.
There is more profit in being able to sell an unoccupied seat twice (once for the unused non-refundable ticket, a second time when the original ticket does not show up at the gate) than in allowing tickets to be resold on the grey market.
Then the airlines should be doing the ID checks. But they don't bother, because the TSA basically does it for them.
Pretty sure the stated reason for the TSA checking IDs is to keep people on the no-fly list from flying. (Worth nothing that the no-fly list is not without its problems). It also allows trusted traveler programs to work.
Why do they care, though, if their margins are going to remain at X% anyway, because of market forces? They're just adding extra steps to the whole thing so a random passenger can benefit from my lost ticket money, rather than someone I explicitly choose.
Because if a ticket is sold privately to another rather than going unused, the airline only gets paid once. If the airline can resell the seat, they get paid for it twice.
Nearly all US airlines except budget airlines allow fee-free credits up until day-of flight...
non-refundable doesn't mean what you think it means. you get a voucher for the ticket price (minus a fee) you can use on a later date so they aren't really selling the seat twice.
Not for basic fares
Even United Basic gives travel credit for cancellation. This whole double charge thing is fantasy.
Defense in depth.
I imagine there are still ways naughty people could wreak havoc even if they only have access to items that appear benign on an x-ray.
Buy a beer on the other side of security, it's served in a glass. Take it to the bathroom, wrap in towel, break. You now have many shivs. Distribute to your compatriots.
Get compatriot hired to Benny's Shrimp Shack and Burger Emporium. Have him pass a knife roll over the counter from the kitchen.
Get a compatriot hired as a cleaner. Have her pass you a bag of bleach and a bag of ammonia.
Security theater is wonderful.
I've worked with a lot of very good facial recognition technology. They all have demonstrated biases for white males. Even in the ideal scenario they are far too inaccurate (<97%) to be used for identification, unless your false reject rate is extremely high (>30%). And if it is a less ideal scenario (elderly Latina, Asian woman, etc) you'll be lucky to get 80% accuracy without high false reject rates.
When it comes down to it, accurate facial recognition is at best 99% accurate. But being wrong 1 in 100 times is a horrible number for an authentication system. Anything else you ever use for authentication (password, iOS face scanning, PIN, etc) would be considered a complete joke if it only got to 99% accuracy.
Can somebody explain to me, succinctly and without the slippery slope nonsense immanent in this link, why facial recognition is seen by some reasonable people to be a problem? I’m not interested in why anarcho-fascists or tinfoil hat libertarians or Luddites think it’s a bad idea - I’d like to know why your average reasonable man would have a problem with this. As somebody with both a law and a science degree, I just can’t understand the outrage. We already have to take our photos for passports and our IDs - how the fuck is this substantively different? I get the sense this a situation that proves that rule that somebody, somewhere will always find a way to be outraged about everything in 2023.
Because it gives the government a direct up to date photo of you, while it's already tracking where you are going. It's just that much easier to decide you have committed a crime. And find you.
However, the slippery slope holds true when you complain about previous actions. I.e. the government knowing where you go when you fly, and searching your private belongings without a warrant.
This isn't the first thing on the slope. With just those two examples this is the 3rd. I'll believe the slope isn't slippery when they repeal the patriot act.
Edit: finished first thought.
> I’m not interested in why anarcho-fascists or tinfoil hat libertarians or Luddites think it’s a bad idea - I’d like to know why your average reasonable man would have a problem with this.
I think this is an overly adversarial view of people trying to take a long and systems based view of this, but even if we do focus on the immediate practicalities, there are a couple of obvious ones.
First, and foremost, I don't trust TSA to get it right. Facial recognition is one of many technologies that works well enough most of the time that it might be fine for non-critical infrastructure, but there are enough issues with it that at the scale of imposing it on all passengers we should anticipate a lot of negative impact. This can include both the possibility of bad actors being allowed to travel because they can find effective ways to defeat the system, and innocent people being negatively impacted through no fault of their own. Early on the system may be opt-in, and in the medium term there may be reasonable paths to opt out, but once the system is mandatory- or a significant default, people will be punished with a significantly degraded experience because the technology doesn't work well for them.
There's also the infosec angle. I don't trust TSA to get security right any more than I trust them to get facial recognition working right. We've already seen leaks of images from millimeter wave scanners. Although a photo of your face may not be as private as the images leaked from those scanners, there are a lot of potential negative outcomes from someone getting a hold of a corpus of facial recognition data, especially if it contains more than just a raw photo and includes information that could help someone to impersonate you.
I flew through HKG last week. Biometric scan to transit from incoming to outgoing space, then at gate, I only had to be scanned by my eyeballs and face, I didn't even have to present my boarding pass.
This was unexpected.
Yeah. I transited Beijing only once, and it was enough to scare me away forever. Sooooo many cameras.
Also at JFK, flying out international recently. Was weird and I hope I don't get used to it.
Returning to Canada on my Canadian passport now no longer involves talking to a human at all. Scan passport, then facial scan, quick touch-screen questionnaire, and that's that. Fast and convenient, but disturbing.
I'm used to the humiliating invasions of privacy and overtones of fascism etc when traveling to the US where it can be "excused" because I'm a foreigner there. But I don't particularly feel great about the biometric stuff in my own country.
I kind of miss the "welcome back, I hope you didn't smuggle anything in" routine TBH.
A federal government agency implementing and using facial recognition technology can't possibly be any more dangerous than I think
This reads as something ChatGPT 3 generated: wordy,repetitive,and simply states again and again that is bad, very bad, without providing any actual or imagined scenarios.
just because technology exists doesn't mean we have to use them is a lesson I fear will take the world a long ass time to realise and internalise.
I'm not exactly sure of the connection, but I just got a message that I must enroll in the new, mandatory CLEAR program which appears to use facial recognition. Is this one of the two pilot programs they're talking about here?
Can you elaborate? Where is CLEAR mandatory?
It's mandatory in order to continue using clear, not for travelers in general. They're being a little dodgy about what it all entails.
> Members will need to upgrade to CLEAR’s NextGen Identity+. This will power CLEAR’s Lane of the Future rolling out over 2024.
> NextGen Identity+ will unlock the CLEAR Lane of the Future. The CLEAR Lane of the Future, which will be rolling out over 2024, will deliver an even faster, more predictable airport experience for our Members. It will allow CLEAR Plus Members to verify their identity with their face (instead of iris or fingerprints) and eliminate the need for Members to stop at a CLEAR pod.
This is because CLEAR screwed up for years and wasn't properly verifying identity. The TSA smacked them for it earlier this year when a significant fraction of the CLEAR user base turned out to be effectively unverifiable. It's mostly unrelated to the article.
Do most privacy-oriented here who fly a lot just not bother with Global Entry then?
I think this is doubleplus good, we need to stop the double negative bad people of eastasia who want to use violence and terror to take away our way of life.
Thus by ensuring that the government is tracking every person that goes through an air port at all times we can ensure we stop the bad people of eurasia for hurting our people and this is doubleplus good.
It makes me feel all warm and fuzzy to know that the state is willing to go to such great lengths to stop bad things like an older sibling watching over my shoulder.
Of course we all know that the TSA is a vital component of national security given all the times they successfully done...... anything?
Time for the ICP face paint while traveling
Isn't it ironic that they're doing what they blamed the Chinese for doing?!
I don't see facial recognition going away anytime soon since (other than fingerprints) is being rolled out to answer "this document is a legit document, but is the holder of this document the person on the document".
Anyone's guess why facial recognition is being used in favor of fingerprints is anyone's guess since fingerprints are way more accurate.
I would guess (really, just a guess) that
1. government IDs have photos but not all contain fingerprint data.
2. facial recognition can be done at a distance. In the future, you could be verified walking the building.
3. (tin foil hat) People associate giving fingerprints to the govt with criminals moreso than they do pictures.
Yeah, I don't see any argument here. There is just an assumption that "an effective person identification system is bad", and a bunch of words distracting from the fact that they are begging the question.
Story time! They probably had different reasons but I had funny encounters with the TSA involving hoodies.
One time I missed a flight in Miami and the next flight was 6-8hrs later. I decided to hang around the airport. Eventually I became sleepy, put my bags next to me, sat down where there are no passengers, put headphones and covered myself with a large hoodie to keep it dark enough for a nap. A couple of hours later I take off my hoodie for a peek and this uniformed TSA guy is sitting in front of me and staring at me, I stared back for a few seconds, checked the time and went back to sleep. A while later I am rested so I get up, now there are 2-3 people around me but the TSA guy is still staring at me. We had a staring contest for like 5-10min the I got bored and started wasting time on my phone. A little later, I was hungry and my departure time was within 1h so I ignored the guy and went to my gate area and ate an expensive tuna sandwich before leaving miami.
Second story, same hoodie I think, I was similarly taking a nap (forgot the airport), I hear a small commotion and look up there are TSA people standing around one is trying to make it look like they are not trying to look at me, then another TSA worker brought a k-9 dog straight to me without saying a single word and had the dog take its time sniffing me and all my stuff. I didn't mind tbh. Then they had the dog sniff around a couple of nearby seats and took it away. Not a big deal, I just couldn't figure out what they were thinking? Did they think I was a terrorist but needed a nap before my attack?
Also, I don't know if facial recognition flags people but I can tell by their body language when I am standing line if they will do a chemical test, to the point I prepare my hands and volunteer them before the guy even asks (they comment on how I am too used to it lol).
People complain about this stuff but personally I care more about all the surveillance they buy that then gets paired with your facial/biometrics and sticks with you for life.
Also, had a rookie TSA agent follow procedure one time and tell me I can request a private pat-down if I so wish. I told him "sure" just to see what they do, they knew I was fooling around so they didn't pat me down properly but they took me to a private room for the pat down. Worth mentioning because it sounded like they are supposed to inform you of that for each pat down and if you are legitimately a person sensitive about being touched and fondled in public you have that option (they even leave the cash on the dresser before they leave /s ).
I say all this but I do understand that the TSA workers on the ground are well meaning folks keeping everyone safe. I have much respect for them even if I don't always agree with TSA/DHS policy, which ulitimately is a product of the american voter's will.
As someone who flies into and out of the US fairly regularly-ish ... the way I'm treated by Homeland Security when I fly with my wife & son vs. alone, is a bit shocking.
Alone: I'm asked what I am doing there (despite having a US passport; so it shouldn't matter), why I live in a foreign country instead of the US, what I do for a living, why I have a backpack on instead of suitcase, etc. While they sit there holding my passport hostage, scrolling through who knows what data... sometimes I even "randomly" get sent to a back room to have all my stuff dumped out and my phone confiscated. It's like they want to make _really_ sure I never come visit my parents.
With my family: welcome home! Have fun!
If you want to sneak into the US, just go with a wife and kids. /s
I did go with a wife and kids but no US passport, got pulled into a small room and questioned till we missed our connection flight, US customs is so obnoxious is the number 1 reason why I avoid travelling to the US...
Yeah, I (well, she) had this experience entering the US with a non-American girlfriend, 10+ years ago. She was pulled aside, grilled, treated terribly, and emerged in tears 30+ minutes later. It really made me angry, because it's not as effective _security_-wise as what we were used to flying the other way. Immigration agents at Heathrow were generally so polite and accommodating (eg, let me go through the EU citizens path, when we were traveling together), that I typically revealed more about my travel plans than I probably _had_ to, and / or may have been wise. It's dumb and self-defeating, and should be a source of shame for all USA-ians.
If you're a USA citizen you're under no obligation to answer any of their questions, and in fact answering any of them can only really hurt you. You shouldn't ever answer questions from any form of cop without your lawyer present, and even at the border you still don't have to, though they have more unconstitutional but legal leeway to seize your stuff and hold you as punishment.
American cops across the board are getting more bold in their degradation of civilians and we shouldn't stand for it.
Even tsa only has one thing they're legally allowed to do: determine you don't have weapons you're trying to bring onto the plane. Whenever I have to deal with TSA I say I forgot my ID. "But you're in the international terminal you need your passport to board." Aw bummer I guess the airline won't let me fly, here's my boarding pass. They pat me down of course but they eventually let me in, every time, cause they have to.
If every American exercised their rights with the TSA the charade would collapse instantly as lines extended to hours long and security protocols were relaxed so people could get to their flights. I got to witness this firsthand after defcon once when all the attendees arriving at the airport around the same time were refusing to show ID to TSA and refusing to do the genital scanner, and a bunch of tourists were stuck in line for hours with strange people in black hoodies extolling to them the dangers of their Facebook account, until TSA finally just started pushing people through the metal detector as fast as they could.
> While they sit there holding my passport hostage, scrolling through who knows what data
Legally it's their passport, not yours. A passport is the property of the US government at all times.
Yeah, that doesn’t make it any less terrifying…
tl;dr: slippery slope
> This statement by TSA Administrator Pekoske highlights one of the main risks of TSA using facial recognition in any capacity—there is no guarantee that how TSA initially uses facial recognition will not change or expand beyond the current stated purpose.
Which, if you think about it, would be an equally valid statement about the risks of NOT using facial recognition: that approach would also provide no guarantee that TSA would not use facial recognition in bad ways in the future.
In fact, it is very hard to guarantee that something won't happen.
I'm a biometric skeptic, but this is not a super compelling article. There are better arguments: biometrics can be fooled, biometric measurements are essentially an immutable password which can be leaked/abused, they can be unfair to people with physical differences, etc.
Just saying X can lead to Y so X is bad is just so... lazy.
One way to guarantee that a mass database of biometric data isn't leaked or abused is to not gather it in the first place.
So, yes, it is easy to guarantee that a mass database of biometric data isn't abused if you can prevent it from being gathered. We're making no efforts in that direction, so we're running every day towards a future in which the holder of such a database can deepfake anyone doing anything.
Agreed, and that seems like a good argument.
Which is why it's so strange to say that one of the greatest risks of the TSA's program is that they could do a totally different program in the future. It's literally like saying that going to the gym is risky because you might get into BASE jumping.
There are better arguments. Hence, this piece is weak.
That is one of the greatest risks, because while you may agree to give them your biometrics for air travel, you may not agree to do it for another purpose, but it's too late at the point where they already have it.
It effectively means that if I don't want them to potentially give it to LEOs, I have to opt out of any services they are gatekeeping behind it.
That's not a slippery slope argument, it's an argument that there is no way for me to review how the information they collect is actually being used.
I don't think you read the EPIC post, or the part I quoted. You're creating a new, more reasonable argument that is loosely aligned with the second, lesser concern that EPIC had.
I wonder if when these things leak and become ever-more damaging, biometrics will basically become worthless and we will pivot to hardware tokens or something else.
There seems to be little resistance to this in the USA, and we’re also okay with abysmally bad forms of identification (SSN, birth certificates).
The security state has been demonstrated to be greasing the slope again and again and again.
And judging by the comments in here, most people are OK with it because we shouldn't demonize an "effective" form of identification.
Are we reading the same thread? I'm not seeing any comments defending the practice, or calling it effective, or accusing people of "demonizing" a technology.
> Which, if you think about it, would be an equally valid statement about the risks of NOT using facial recognition: that approach would also provide no guarantee that TSA would not use facial recognition in bad ways in the future.
The key difference is one of those scenarios gives the TSA a larger database of candid photos linked to an ID compared to just the one photo on record.