美国运输安全管理局(TSA)是 扩大其面部识别试点项目 used at airport screening checkpoints from 115 security lanes to 200 lanes by the end of the year. The program uses Credential Authentication Technology with Camera (CAT-2 ID system), which compares live photos of travelers taken at airport security checkpoints with the photo on their driver’s license or government ID card. The system also supports the phased rollout of digital IDs, including mobile driver’s licenses.
The pilot program began at Ronald Reagan Washington National Airport amidst the 2020 COVID pandemic push for contactless services and is currently deployed at 16 airports. TSA says this automated facial recognition program brings accuracy levels close to 100 percent from the mid-80s, 让人类探员观察面部匹配. 该技术还有望加快身份验证的速度, 为每位旅客节省几秒到一分钟的时间.
对运输安全管理局利用面部识别的隐私担忧
然而, there are several potential concerns with the expansion of this program. 我将在下面概述其中的几个:
生物监测. 生物监测 technologies collect and analyze biometric data for all individuals who enter the space where it is deployed, 即使数据后来被删除. This creates a perception of being watched constantly and leads to “chilling effects,这限制了基本权利和自由. 每天有超过200万旅客通过TSA检查站, and deploying facial recognition technologies at this scale raises concerns over government access to such large volumes of data. 今年2月,5名参议员 给运输安全管理局写了封信 demanding the agency halt this program because “increasing biometric surveillance of Americans by the government represents a risk to civil liberties and privacy rights.”
算法的偏见. A 2019 这项研究是由美国国家标准与技术研究所进行的 tested 18 million photos of over 8 million people and found that Asian and African-American people were up to 100 times more likely to be misidentified than white men by facial recognition technology. The study also found that Native Americans had the highest false-positive rate of all ethnicities. 女性比男性更容易被认错, and the elderly and children were more likely to be misidentified than other age groups. Algorithms from the United States also showed high error rates for “one-to-one” searches of Asians, 非裔美国人, 美洲原住民和太平洋岛民. TSA has not released data on its facial recognition false-positive rates, 对人口公平的担忧依然存在.
不同意. 面部识别试点项目目前是可选的, 旅客可以选择使用没有这项技术的车道. 然而, it is unclear if travelers can provide informed consent for facial recognition and are aware of their rights to opt out of this technology without encountering adverse experiences such as longer wait times. 该机构的 2022年的路线图 愿景还指出,“TSA将继续扩大其能力, 包括生物识别技术, to validate and verify an identity and vetting status in real-time (biometric capture only occurs 在需要时 或者当个人选择加入时).“在需要的地方”用例没有被指定.
缺乏透明度和保证. TSA says facial images are deleted immediately after identity verification. 公众 私隐影响评估(PIA) mentions that scanned and live images are retained only until the next transaction is processed or when the Transportation Security Officer (TSO) logs off the system. 此外,系统自动注销设置为30分钟不活动. 然而, independent audits have yet to be performed to validate these claims.
安全控制不足. 在某些情况下, facial images may be retained for up to 24 months for testing and performance evaluation purposes. The extended retention period raises additional concerns about the effectiveness of security controls for such sensitive data. 2019年,国土安全部披露了这一点 旅行者的照片在一次数据泄露中被拍了下来通过其一个分包商的网络访问.
风险缓解措施和技术保障措施
The PIA details several safeguards and risk mitigations mechanisms that are in place to address privacy risks, 比如对运输安全管理局工作人员进行隐私培训, 在需要知道的基础上访问供应, adoption of federal data encryption standards for all data in transit and at rest, 临时存储的个人信息的使用限制, 并在身份验证后删除图像. 该机构还声称有数据最小化的做法, 比如默认不收集面部数据, where the camera turns on only when the traveler scans their physical or digital ID.
We need more accountability and transparency to address the skepticism around TSA’s facial recognition program expansion. Independent testing and audits can be used to ensure privacy is protected and provide assurance that the technology is not disproportionately impacting certain groups.
隐私vs。. 安全权衡辩论:有待继续
随着面部识别程序的扩展,运输安全管理局正在运行 另一个飞行员 at select airports where participating travelers would not be required to scan their identity documents at all. Delta Air Lines’ optional TSA PreCheck Digital ID allows travelers to store their TSA PreCheck Known Traveler Number or Global Entry Number in their SkyMiles profile in the Delta app. It uses facial recognition to perform one-to-many matches comparing travelers’ live photos to a database of photos the government already has, 通常是护照. 如果他们在登记时选择参加这个项目, they can use only their face to verify their identity without presenting their physical ID, 电子身份证或登机牌. The expanded use of facial recognition also needs to be evaluated so we do not compromise privacy for public safety at airports. 隐私和. 安全是一种虚假的权衡, and technologies leveraging biometrics should be designed with privacy in mind.
作者简介: Nandita Rao Narla is the Head of Technical 隐私 and 治理 at DoorDash, 她在哪里领导隐私工程, 隐私保证和隐私运营团队. 以前, she was part of the founding team of a data visibility and data risk intelligence startup NVISIONx.ai. 作为安永的顾问经理, 她帮助财富500强公司建立和完善隐私, 网络安全和信息治理项目. Nandita serves on the advisory boards for Extended Reality Safety Initiative (XRSI), Techno Security & 数字取证会议和IAPP -隐私工程. Nandita holds an MS in Information Security from Carnegie Mellon University, JNT大学计算机科学学士学位, 以及隐私和安全认证,如FIP, CIPP /美国, CIPT, CIPM, CDPSE, CISM, CRISC和CISA.
