U.S. officials weigh introducing biometric exit data rules for partners
Federal officials are considering writing protections for the biometric data of travelers into the rules of the biometric exit program, but in the meanwhile, how to store the data, and for how long, is up to companies participating in the Traveler Verification Service, The New York Times reports.
Companies participating in the program are mostly airlines and some cruise lines, and few provide any data protection guarantees, according to the Times. DHS Office of Field Operations Deputy Executive Assistant Commissioner John Wagner told the Times the companies have no interest in retaining biometric passenger data, but also said “that would really be up to them.”
That’s not good enough for some privacy advocates.
“C.B.P. is a federal agency. It has a responsibility to protect Americans’ data, and by encouraging airlines to collect this data, instead they are essentially abdicating their own responsibility,” says Jennifer Lynch, senior staff attorney at the Electronic Frontier Foundation (EFF).
Georgetown University Center on Privacy and Technology criticized the biometric exit program in a report published late last year.
“Are there privacy protections in the contracts that D.H.S. has reached with the airlines?” center associate Harrison Rudolph told the Times. “Do they require the disposal of any data collected? Do they require audits? Are there use limitations to ensure that travelers’ photos aren’t used in ways they don’t expect? Without any enforceable rules, it’s too easy for D.H.S. to break those promises.”
Customs and Border Protection published a privacy report in June 2017, which said federal officials would perform a privacy evaluation to assess airline compliance with privacy protection requirements within a year, but agency representative Jennifer Gabris recently said that the evaluation is not finished because the program has not yet reached interim operating capability. The Times says airlines contacted emphasized the limited trial stage the program is at. It also says that JetBlue is the only one that goes beyond a generalized privacy policy, and that it only specifically addressed the protection of passenger biometrics after inquiries from the publication.
Vision-Box, SITA, and NEC Corporation provide the biometric infrastructure for the trials, and have their own privacy policies.
The airlines hope to add at least another half-dozen airports to the trials, and Acting Customs and Border Commissioner Kevin McAleenan told a Senate Finance Committee panel last year that the program could reach all major U.S. airports by 2021 after President Donald Trump signed an executive order to expedite the program’s completion. Advocacy groups have criticized the program, while senators Edward J. Markey (D-MA) and Mike Lee (R-UT) have called for the program to be delayed while privacy and legal objections are addressed.
Article Topics
biometric data | biometric exit | biometrics | CBP | data protection | DHS | privacy
Comments