The US Transportation Security Administration (TSA) is expanding its facial recognition pilot program 到今年年底,将在机场安检处从115条安检通道增加到200条. 该程序使用相机凭证认证技术(CAT-2 ID系统), 它可以将旅客在机场安检处拍摄的实时照片与驾驶执照或政府身份证上的照片进行比较. 该系统还支持分阶段推出数字身份证,包括移动驾照.
该试点项目始于罗纳德·里根华盛顿国家机场(Ronald Reagan Washington National Airport),当时正值2020年新冠肺炎疫情推动非接触式服务,目前已在16个机场部署. 运输安全管理局表示,这种自动面部识别程序的准确率接近100%, with human agents looking at a facial match. The technology is also expected to make identity verification faster, saving each traveler a few seconds to a minute.
隐私 concerns about leveraging facial recognition by TSA
然而,该计划的扩大也存在一些潜在的担忧. I will outline several of them below:
Biometric surveillance. 生物特征监测技术收集和分析所有进入该空间的个人的生物特征数据, even if the data are later deleted. 这会产生一种被持续监视的感觉,并导致“寒蝉效应”,” which restricts fundamental rights and freedoms. Over 2 million travelers pass through TSA checkpoints daily, 如此大规模地部署面部识别技术引发了人们对政府获取如此大量数据的担忧. In February, five senators sent a letter to the TSA 要求该机构停止这一项目,因为“政府对美国人进行越来越多的生物识别监控,对公民自由和隐私权构成了威胁。.”
算法的偏见. A 2019 study by the National Institute of Standards and Technology 研究人员对超过800万人的1800万张照片进行了测试,发现亚裔和非裔美国人被面部识别技术误认的可能性是白人男性的100倍. 该研究还发现,在所有种族中,美洲原住民的假阳性率最高. Women were more likely to be misidentified than men, 与其他年龄组相比,老年人和儿童更容易被误诊. 美国的算法在“一对一”搜索亚洲人时也显示出很高的错误率, 非裔美国人, Native Americans and Pacific Islanders. TSA尚未公布其面部识别误报率的数据, and concerns about demographic equitability remain.
不同意. The facial recognition pilot program is currently optional, and travelers can opt out by using a lane without this technology. 然而, 目前尚不清楚旅行者是否可以为面部识别提供知情同意,也不清楚他们是否有权选择退出这项技术,而不会遇到更长的等待时间等不利体验. 该机构的 2022年的路线图 vision also states that “TSA continues to expand its capabilities, 包括生物识别技术, 实时验证和验证身份和审查状态(仅发生生物识别捕获) 在需要时 or when individuals opt-in).” The “在需要时” use cases have not been specified.
Lack of transparency and assurance. 运输安全管理局表示,身份验证后,面部图像会立即删除. 公众 隐私 Impact Assessment (PIA) 提到扫描和实时图像仅保留到下一个事务处理或运输安全官员(TSO)注销系统时. Additionally, the system auto logoff is set at 30 minutes of inactivity. 但是,尚未进行独立审计以证实这些说法.
Insufficient security controls. 在某些情况下, 面部图像可保留长达24个月,用于测试和性能评估. 延长的保存期限引发了对此类敏感数据安全控制有效性的更多担忧. In 2019, the Department of 首页land Security disclosed that photos of travelers were taken in a data breach, accessed through the network of one of its subcontractors.
Risk mitigation measures and technical safeguards
PIA详细说明了用于解决隐私风险的若干保障措施和风险缓解机制, such as privacy training for TSA personnel, access provisioning on a need-to-know basis, 对所有传输和静止的数据采用联邦数据加密标准, limits on the use of personal information temporarily stored, and deleting images after identity verification. The agency also claims to have data minimization practices, such as not collecting facial data by default, 只有当旅行者扫描他们的物理或数字身份证时,摄像头才会打开.
我们需要更多的问责制和透明度,以解决对运输安全管理局面部识别项目扩张的质疑. 可以使用独立测试和审计来确保隐私得到保护,并确保该技术不会对某些群体产生不成比例的影响.
隐私vs。. security tradeoff debate: to be continued
Along with this facial recognition program expansion, TSA is running 另一个飞行员 在某些机场,参与的旅客根本不需要扫描他们的身份证件. 达美航空公司可选的TSA PreCheck数字ID允许旅客将TSA PreCheck已知旅客号码或全球入境号码存储在达美航空应用程序的SkyMiles档案中. 它使用面部识别来执行一对多匹配,将旅行者的实时照片与政府已有的照片数据库进行比较, typically from passports. If they opt into the program at check-in, 他们可以只用他们的脸来验证他们的身份,而不用出示他们的物理身份证, digital ID or boarding pass. 面部识别的扩大使用也需要进行评估,这样我们就不会为了机场的公共安全而损害隐私. 隐私和. security is a false tradeoff, 利用生物识别技术的技术应该在设计时考虑到隐私.
作者简介: Nandita Rao Narla是DoorDash的技术隐私和治理主管, where she leads the privacy engineering, privacy assurance and privacy operations teams. 以前, 她是数据可视性和数据风险情报初创公司NVISIONx的创始团队成员.ai. As an Advisory manager at EY, she helped Fortune 500 companies build and mature privacy, cybersecurity and information governance programs. Nandita是Techno Security扩展现实安全倡议(XRSI)的顾问委员会成员 & Digital Forensics Conference, and IAPP - 隐私 Engineering. Nandita持有Carnegie Mellon University的信息安全硕士学位, a BTech in Computer Science from JNT University, and privacy and security certifications such as FIP, CIPP /美国, CIPT, CIPM, CDPSE, CISM, CRISC和CISA.
