When privacy finally dies, it will be, if nothing else, extremely convenient for travellers.
This winter, US airline Delta is launching a $US600,000 ($809,060) face recognition pilot program, introducing four face-scanning machines at the Minneapolis-Saint Paul International Airport. Called "biometric bag drop", the machines "will be equipped to test facial recognition technology to match customers with their passport photos through identification verification", letting passengers check their own bags and save time.
"This is the next step in curating an airport experience that integrates thoughtful innovation from start to finish," Delta's Senior VP, Gareth Joyce, said in the press release. "We're making travel easier than ever for our customers and continuing to deliver a leading customer experience."
Essentially, passengers will hold up their passports and the machines will confirm that the photos match their faces. Beyond this, the press release is sparse on privacy details, though a spokesperson tells us Delta will comply with all privacy laws.
Image Credit: Delta via PRNewswire
That's still troubling.
Airports across the world are increasingly reliant on face recognition software to track passengers. As part of the "extreme vetting" overhaul of US travel rules, the US federal government is already exploring face recognition for US citizens in airports, requiring face scans at security checkpoints.
Delta insists its machines won't store passenger photos, but the pilot program still seems like a cutesy, "don't you hate those long airport lines?" infomerical-style prelude to total surveillance. And whether Delta misuses the data or not, the system could serve as an important step toward normalising scanning passengers' faces at airports.
The privacy concerns for face scanning at airports are numerous. First of all, who will be doing it? The Department of Homeland Security and Customs and Border Protection are federal bodies, subject to a certain threshold of transparency about what data they can collect and what it's used for. Private companies don't have a threshold and would defer simply to privacy laws. Unfortunately, biometric data collection is largely unregulated in the US — only two states, Texas and Illinois, currently protect against it. So private companies even dipping their toes in biometrics and face scanning should cause alarm.
Even when it's regulated, however, face recognition is still troubling. A landmark 2016 study from Georgetown Law found as many as half of all US adults are in the FBI's federal face database, the majority of whom have never committed a crime. First designed for felony convicts, the database rapidly expanded when the FBI began sourcing images from passport photos and driver's licenses, with most people never knowing their faces are being indexed. Through search warrants, the FBI could conceivably use almost any face database to expand their own — and in a future where face scanning is normalised as part of travel, simply entering an airport could mean being added.
The airport setting and reach of law enforcement is especially important here because passengers are checked against the No Fly list or other other criminal databases. Combining face scanning with bag checks or checkpoints would lead to databases that combine biometric data with travel history, which is extremely sensitive information. The US State Department is already building similar databases with their extensive social media screenings for refugees.
Imagine a private company owning a massive face recognition system that matches biometric data with travel history and faces to criminal databases. Delta's new bag check machines may make air travel a little easier, sure, but the underlying tech flies dangerously close to the event horizon of unprecedented surveillance.