In what could prove to be a Frankenstein combination of invasive technologies, the Department of Homeland Security is considering a project to arm Customs and Border Patrol (CBP) with drones using facial recognition scanning at the border. Specifically, the proposal states that “DHS is interested in sUAS [small drone] sensor technology with the following attributes …. Identification of humans via facial recognition or other biometric at range” and describes the potential for “A USBP agent [t] deploy a sUAS to make observations …. [T]he sensor technology would have facial recognition capabilities that allow it cross-reference any persons identified with relevant law enforcement databases.”
Such plans raise a host of important questions to which Congress should demand, and the public deserves, answers before DHS proceeds any further.
Would this program create a new face print database?
The most fundamental question is whether CBP would use this potentially huge ingestion of face print data (unique identifiers of persons similar to a fingerprint, but based on their facial features) of individuals crossing the border to create a new mass database. Just last month, both Republicans and Democrats on the House Oversight and Government Reform Committee grilled the FBI over Members’ serious concerns with the FBI’s own face print database. Building a new one at DHS would present at least as many privacy and surveillance problems. When, how and by whom data can be accessed, what limits exist on its use, and the degree to which meaningful auditing protocols apply will all be key issues that must be addressed before any such database is developed.
Will preserved face prints be limited to those who clearly crossed the border unlawfully (and how would it make that determination)? If not, how will citizens, lawfully present non-citizens, and others the program is not intended to target be treated?
While the purpose of this potential program seems to be to identify people who crossed the border unlawfully, drones scanning faces at or near the border could also pick up American citizens, lawfully present noncitizens, and others who the program was not designed to target. CBP should explain which face prints it plans to retain and why, and the standard it will use to determine whether a print fits the intended retention categories. Of course, the broader the retention categories, the greater the risks of improper surveillance and infringing on privacy rights. These risks increase even further if scanning is permitted throughout the “border zone.”
Over what geographic area will face scanning drones be deployed?
While many people (reasonably) think of the border as a relatively narrow demarcating line, the federal government takes a very different view. The Department of Homeland Security treats the 100 miles adjacent to the border as a “border zone”—an area in which it claims heightened powers and recognizes a much more limited set of constitutional rights and civil liberties protections—despite the fact that this zone actually includes the majority of the country’s population. If face scanning drones are deployed to scan the broader border zone, DHS’s program could be co-opted to conduct mass surveillance on both non-citizens and citizens alike, and over highly populated areas including entire cities and states in range of coasts and borders, raising huge privacy and constitutional concerns.
How will CBP find scanned faces once they are inside the U.S.? Will they use their own cameras, or rely on other government agencies?
Once CBP has developed face prints of individuals who it believes crossed the border unlawfully, how will it use those data to later find these individuals in the United States? Potentially, DHS could scan for matches using its own cameras or those controlled by the agency via a contractor, similar to its license plate reader program. If this is the case, it’s important to know how many cameras will be involved, their cost, how they will be managed, and whether they will be positioned to target sensitive events (such as religious ceremonies, protests, people using medical facilities or the judicial system, etc.). Further, it will be critical to find out whether such a large addition of new cameras with facial recognition scanning will be used for other purposes. If CBP relies on cameras belonging to other government agencies – which could range from cameras aboard FBI spy planes to local “Blue Light” police surveillance cameras and traffic cameras – to track people illegally inside the U.S., then we should know what rules will manage this coordination, as well as how access, auditing, use limits, and oversight in general will occur.
What U.S. government databases will the system compare faces scanned at the border against?
If CBP is using external databases to identify the faces it scans at the border – either in general or for purposes of prioritization – it’s important to know the details of such use. Which agencies will be employed? Will the FBI database be used? If so, will only mugshots be scanned against, or DMV photos as well? If the latter, how will use of a photo database composed of individuals whose photos were taken with no suspicion of wrongdoing be justified? How will accuracy problems with the FBI database be addressed? We need answers to these questions to understand the scope of this potential program before it moves forward.
Will CBP accept or request photo ID databases from other nations in order to identify faces scanned by drones during border crossings?
In addition to using U.S. government databases, CBP could also turn to foreign databases, as infamous former Maricopa County, AZ sheriff Joe Arpaio did when he requested and received the photo ID from every driver’s license in Honduras. If CBP makes such a request, it’s important to know specifics. For example, would CBP only run scans against profiles of criminals convicted in their country of origin? Of people subject to arrest? Of individuals not suspected of any wrongdoing? And even if a DHS request contains some criminal law-based limit, it’s important to ensure that efforts are made to differentiate violent offenders from individuals that might have been labeled as criminals in their home country for engaging in dissent or other anti-government behavior that would be constitutionally protected in the United States. Helping undemocratic regimes oppress dissidents should not inadvertently become a CBP priority.
Will faces scanned at the border be input into the FBI database as “metadata profiles” of individuals crossing the border at a certain time?
The FBI facial recognition database is massive. It is largely composed of individuals with no connection to wrongdoing and who were added without notification or consent. The database has been plagued by accuracy and accountability problems, and subject to fierce criticism by both Democratic and Republican lawmakers. We should be debating how to constrain and properly limit this database, not expand it. But the CBP drone program raises the specter of expansion on a large scale, with new profiles defined not by an individual ID but the metadata denoting the time and location of their border crossing. We need new, effective limits on the FBI facial recognition database before another mass source of face prints is added.
What type of cameras would be used for this effort? How much do cameras that can scan faces from this distance cost? How many are being deployed?
Effectively developing a face print from a video can be difficult, especially at a distance. In order for this potential program to work as DHS intends, it’s going to require cameras with very high quality zoom capabilities or resolution. We should know exactly what type of cameras are being used, how many will be deployed, and how much they cost. This is not just a fiscal concern. As I’ve previously noted, aerial surveillance is a serious and growing privacy threat. And if facial recognition drones are “loaned out” to state and local law enforcement – as has occurred with military and federal agency drones in the past – it could significantly augment the aerial surveillance power of local police departments throughout the country.
Given the wide variety of important, unanswered questions regarding this program, it’s critical that Congress hold hearings and DHS respond to privacy and civil liberties concerns before proceeding further. Although the program still seems to be early in the planning process, we’ve seen a troubling pattern over the last few years of agencies charging ahead with overly invasive technologies and asking for forgiveness rather than permission when they go too far: The FBI with facial recognition, DHS with license plate readers, and a host of agencies with stingrays. Given the range of potential harms, DHS needs to put the breaks on this program, and let stakeholders weigh in before it moves forward.