TSA biometrics program is evolving faster than critics’ perceptions
By Neville Pattinson, Head of Federal Government Sales at Thales Group’s DIS Identity & Biometric Solutions
When Senator Jeff Merkley (D-OR) introduced a legislative amendment to halt the expansion of the Transportation Security Administration’s use of facial recognition, many people experienced a sense of déjà vu.
This may in part be due to the past attempts by Merkley and others, which like the latest try have all been rejected by Congress. It is also a familiar pattern of objection to new technology for anyone who remembers the introduction of millimeter wave and backscatter X-ray body scanners at airports.
Just as that advanced security technology has become a familiar and uncontroversial part of airport routines for air passengers across the country and around the world, the use of biometrics is becoming better understood, and therefore accepted and even welcomed by travelers.
What past airport technology adoption tells us
The development of signage for TSA’s body scanners over time gives us a good example of how this is likely to play out.
When body scanners were first introduced into American airports, travelers were divided. Some expressed support for improving security through technology, some were immediately against them, and many felt uncertain.
As reported by CNN back in 2010, some rights advocacy groups protested against the introduction of the scanners and urged American air travelers to opt-out of using them.
Fears about radiation turned out to be more rationally applied to overexposure to the sun.
The body scanners allow security officials to “see through” people’s clothing, which on their introduction raised understandable privacy (and modesty) concerns for travelers. The TSA adapted its processes, as well as the signage that informs passengers about the use of the technology, in response to public concerns, and body scanners have become an unremarkable and uncontroversial part of aviation security.
The general pattern is of legitimate concern about a new technology boiling over into hyperbole-fueled worries before subsiding into a better-informed acceptance, which then becomes an expectation of the benefits. The pattern is seen in many examples from the biometrics world, and outside of it.
Catching up with the latest in a fast-moving field
Senator Merkley is not the only voice raised in concern. The Government Accountability Office (GAO) published a report earlier this year about the state of biometrics and the role America’s government plays in the technology’s development and use. GAO states that stronger protections are needed against bias in biometric systems, and that more operational testing is needed.
The GAO review was out of date, however, by the time it was published. It refers to the 2019 edition of an ongoing NIST assessment of bias in facial recognition, and makes no mention of the newer edition, published in 2022. Similarly, the review includes a reference to DHS’ Biometrics Rally, which tests face biometrics performance in operational conditions, but only within a single footnote, and does not cite the results of DHS’ previous evaluations.
These updated resources from federal government bodies represent an important next step which has already been completed to bring the technology used in airports to the point where it can be universally trusted.
Likewise, robust measures are in place to protect against the legitimate concerns travelers have about the new deployments.
Responsible biometrics
Contrary to the impression left by critics like Senator Merkley, TSA’s biometrics programs actually represent a good example of how organizations should approach responsible use of the technology.
Privacy impact assessments (PIAs) are not only carried out for each new or changed process, but also published and enforced. The images of U.S. citizens captured by the TSA may be evaluated and used for testing, but they are deleted within 12 hours.
Travelers have the choice of opting out of biometric identity verification, in which case they go through a manual ID check, just like decades ago.
As happened previously with body scanners, TSA has adapted the signage it uses to notify the public about its use of biometrics. Airports where TSA uses biometrics now have signs that state in bold letters that participation is optional, explain how it works and include QR codes for additional information.
The technology is also highly accurate, with tests showing 99.97% accurate verifications. In the cases which do not match, the traveler must then go through the same manual procedure used previously and also in cases where people opt out.
TSA does not use biometrics to match people against mugshots from local police departments, for deportations or surveillance.
In contrast, the proliferation of CCTV cameras observing people on their way to the airport and back home is not mentioned by Senator Merkley. The much narrower, more tightly controlled application of biometrics in the airport for identity verification presents far less risk to people’s privacy and data protection rights than these unregulated private camera deployments.
Biometrics technology providers are also using their experience to help the TSA make sure it has its ethical bases covered.
“TrUE” technology for responsible biometrics is a concept introduced by Thales. The name is an acronym for the key characteristics of responsible implementation of any technology involving personal identifiable information.
In this context “TrUE” stands for:
- Transparent – We undertake to explain the rules by which our technology is deployed and designed, to the extent possible under the rules governing data confidentiality and protection of sensitive information,
- Understandable – We can explain and justify the use of the technology and the results, in such a way that users can understand the data used to arrive at a conclusion,
- Ethical, meaning it follows objective standards protocols, complies with applicable laws, and promotes non-discrimination and equality and will educate and lobby for appropriate guard rails to be implemented.
This TrUE principle can be applied to may topics – not just identity or biometrics. As a technology innovator, we consider it very important to establish a set of guidelines on digital trust and responsibility as a way to proactively demonstrate commitment to build an inclusive and safe digital future.
About the author
Neville Pattinson is the Head of Federal Government Sales at Thales Group’s DIS Identity & Biometric Solutions team based in Austin, TX. Pattinson is a leading expert and thought leader on digital identity solutions such as smart cards, electronic passports, various biometric technologies and mobile digital identity to keep identity credentials secure, private and trusted.
Article Topics
airports | biometric identification | biometrics | digital trust | ethics | facial recognition | responsible biometrics | Thales Digital Identity and Security | TSA
Comments