[HN Gopher] Why TSA's Implementation of Facial Recognition Is Mo...
___________________________________________________________________
Why TSA's Implementation of Facial Recognition Is More Dangerous
Than You Think
Author : underseacables
Score : 91 points
Date : 2023-11-20 21:02 UTC (1 hours ago)
(HTM) web link (epic.org)
(TXT) w3m dump (epic.org)
| brookst wrote:
| tl;dr: slippery slope
|
| > This statement by TSA Administrator Pekoske highlights one of
| the main risks of TSA using facial recognition in any capacity--
| there is no guarantee that how TSA initially uses facial
| recognition will not change or expand beyond the current stated
| purpose.
|
| Which, if you think about it, would be an equally valid statement
| about the risks of NOT using facial recognition: that approach
| would also provide no guarantee that TSA would not use facial
| recognition in bad ways in the future.
|
| In fact, it is very hard to guarantee that something won't
| happen.
|
| I'm a biometric skeptic, but this is not a super compelling
| article. There are better arguments: biometrics can be fooled,
| biometric measurements are essentially an immutable password
| which can be leaked/abused, they can be unfair to people with
| physical differences, etc.
|
| Just saying X can lead to Y so X is bad is just so... lazy.
| jvanderbot wrote:
| One way to guarantee that a mass database of biometric data
| isn't leaked or abused is to not gather it in the first place.
|
| So, yes, it is easy to guarantee that a mass database of
| biometric data isn't abused if you can prevent it from being
| gathered. We're making no efforts in that direction, so we're
| running every day towards a future in which the holder of such
| a database can deepfake anyone doing anything.
| jjjjmoney wrote:
| I wonder if when these things leak and become ever-more
| damaging, biometrics will basically become worthless and we
| will pivot to hardware tokens or something else.
|
| There seems to be little resistance to this in the USA, and
| we're also okay with abysmally bad forms of identification
| (SSN, birth certificates).
| brookst wrote:
| Agreed, and that seems like a good argument.
|
| Which is why it's so strange to say that one of the greatest
| risks of the TSA's program is that they could do a totally
| different program in the future. It's literally like saying
| that going to the gym is risky because you might get into
| BASE jumping.
|
| There are better arguments. Hence, this piece is weak.
| ang_cire wrote:
| That is one of the greatest risks, because while you may
| agree to give them your biometrics for air travel, you may
| not agree to do it for another purpose, but it's too late
| at the point where they already have it.
|
| It effectively means that if I don't want them to
| potentially give it to LEOs, I have to opt out of any
| services they are gatekeeping behind it.
|
| That's not a slippery slope argument, it's an argument that
| there is no way for me to review how the information they
| collect is _actually_ being used.
| brookst wrote:
| I don't think you read the EPIC post, or the part I
| quoted. You're creating a new, more reasonable argument
| that is loosely aligned with the second, lesser concern
| that EPIC had.
| plagiarist wrote:
| > Which, if you think about it, would be an equally valid
| statement about the risks of NOT using facial recognition: that
| approach would also provide no guarantee that TSA would not use
| facial recognition in bad ways in the future.
|
| The key difference is one of those scenarios gives the TSA a
| larger database of candid photos linked to an ID compared to
| just the one photo on record.
| hooverd wrote:
| The security state has been demonstrated to be greasing the
| slope again and again and again.
| Eumenes wrote:
| And judging by the comments in here, most people are OK with
| it because we shouldn't demonize an "effective" form of
| identification.
| nati0n wrote:
| These questions come up and I always wonder about the edge cases.
| I'm an identical twin. My twin can get get past my faceID
| consistently, from first release until today. What happens when
| twins with bad blood start abusing facial recognition?
| browningstreet wrote:
| My son can, too.
| oh_sigh wrote:
| What kind of abuse are you imagining? Presumably with this
| system, the TSA agent's query is like: "Does this person's
| photo match the photo for the identity they are claiming to
| be?", and not do something like compare your face to every
| other person's face and return the most likely identity for
| your face.
|
| So, in that instance, your evil twin could steal your ID and
| travel as you, but they could do that before this system was in
| place anyway.
| phantom784 wrote:
| The article mentions a "one to many" system which is exactly
| this - it compares you to every face in the database and
| decides who you are, eliminating the need to show physical
| ID.
|
| Unless both twins are flying on the same day, you could solve
| this by rejecting matches of people who don't hold a boarding
| pass for that airport.
|
| Or you could just require a physical ID as backup if the
| system can't return a match (due to identical twins or
| otherwise).
| toomuchtodo wrote:
| Other signal will be fused in. Otherwise, you're counting on
| the possession of your government credentials as the control.
| You could just as easily swap IDs.
|
| Leakage is expected, leading to iteration on edge cases. Some
| leakage will always be inevitable, no system is perfect.
|
| The legal system is the final recourse mechanism if malicious
| activity (identity fraud) is detected.
| cmiles74 wrote:
| I don't see how that's the case with the TSA's program. It
| really sounds like you present your ID and a boarding pass
| and that's it.
| PartiallyTyped wrote:
| Fingerprints are more unique than faceID.
| r00fus wrote:
| Would a combo touch+faceID be sufficient for distinguishing
| twins?
| arcticbull wrote:
| Touch ID alone should suffice, identical twins have different
| fingerprints. Similar, but not identical. There's some amount
| of entropy captured in the womb which affects their
| development.
| therobot24 wrote:
| whenever biometrics pops up on HN i always have to post the
| reminder that a biometric is _both_ a username & password bundled
| as one login credential. People like to compare biometrics to
| passwords, but that's a bad analogy because passwords can be
| changed whereas no one in tech likes to admit that a username
| should be changeable too.
| akira2501 wrote:
| > a biometric is _both_ a username & password
|
| It's just a username. As implemented the systems only require a
| username. It's also not even that, it's a temporal identifier,
| as faces change, sometimes in ways that we all expect and
| sometimes, not. To the extent that we've even performed facial
| transplants in response to some of these cases.
|
| If biometrics were going to work, we'd be using fingerprints
| already. For all the same reasons we don't use fingerprints, we
| won't be able to use facial identification.
| alistairSH wrote:
| And not even a unique user name. Twins and other relatives
| can pass for each other.
| JohnFen wrote:
| And with facial recognition, two people don't even have to
| be related. I knew a guy who looked so much like me that he
| grew a mustache purely so that _our own friends_ could tell
| us apart (which is how I know I look terrible with a
| mustache). There 's zero chance that facial recognition
| could distinguish us.
|
| He and I weren't even remotely related.
| spullara wrote:
| there was also zero chance a TSA agent could distinguish
| between you either though
| eichin wrote:
| you can't change it, it's not a password (though the mustache
| example in this thread is an amusing/distressing counterpoint
| :-)
| awinter-py wrote:
| still not clear to me why ID matters if they're going to x-ray me
| alistairSH wrote:
| Control.
| pwg wrote:
| To remove, for the airlines, the old grey market of resold
| "non-refundable" tickets that which the original purchaser can
| no longer utilize that existed before the ID requirement.
|
| There is more profit in being able to sell an unoccupied seat
| twice (once for the unused non-refundable ticket, a second time
| when the original ticket does not show up at the gate) than in
| allowing tickets to be resold on the grey market.
| stavros wrote:
| Why do they care, though, if their margins are going to
| remain at X% anyway, because of market forces? They're just
| adding extra steps to the whole thing so a random passenger
| can benefit from my lost ticket money, rather than someone I
| explicitly choose.
| JohnFen wrote:
| Because if a ticket is sold privately to another rather
| than going unused, the airline only gets paid once. If the
| airline can resell the seat, they get paid for it twice.
| phantom784 wrote:
| Then the airlines should be doing the ID checks. But they
| don't bother, because the TSA basically does it for them.
|
| Pretty sure the stated reason for the TSA checking IDs is to
| keep people on the no-fly list from flying. (Worth nothing
| that the no-fly list is not without its problems). It also
| allows trusted traveler programs to work.
| spullara wrote:
| non-refundable doesn't mean what you think it means. you get
| a voucher for the ticket price (minus a fee) you can use on a
| later date so they aren't really selling the seat twice.
| oh_sigh wrote:
| I imagine there are still ways naughty people could wreak havoc
| even if they only have access to items that appear benign on an
| x-ray.
| withinboredom wrote:
| As someone who flies into and out of the US fairly regularly-ish
| ... the way I'm treated by Homeland Security when I fly with my
| wife & son vs. alone, is a bit shocking.
|
| Alone: I'm asked what I am doing there (despite having a US
| passport; so it shouldn't matter), why I live in a foreign
| country instead of the US, what I do for a living, why I have a
| backpack on instead of suitcase, etc. While they sit there
| holding my passport hostage, scrolling through who knows what
| data... sometimes I even "randomly" get sent to a back room to
| have all my stuff dumped out and my phone confiscated. It's like
| they want to make _really_ sure I never come visit my parents.
|
| With my family: welcome home! Have fun!
|
| If you want to sneak into the US, just go with a wife and kids.
| /s
| objclxt wrote:
| > While they sit there holding my passport hostage, scrolling
| through who knows what data
|
| Legally it's their passport, not yours. A passport is the
| property of the US government at all times.
| withinboredom wrote:
| Yeah, that doesn't make it any less terrifying...
| alliao wrote:
| I did go with a wife and kids but no US passport, got pulled
| into a small room and questioned till we missed our connection
| flight, US customs is so obnoxious is the number 1 reason why I
| avoid travelling to the US...
| eszed wrote:
| Yeah, I (well, she) had this experience entering the US with
| a non-American girlfriend, 10+ years ago. She was pulled
| aside, grilled, treated terribly, and emerged in tears 30+
| minutes later. It really made me angry, because it's not as
| effective _security_-wise as what we were used to flying the
| other way. Immigration agents at Heathrow were generally so
| polite and accommodating (eg, let me go through the EU
| citizens path, when we were traveling together), that I
| typically revealed more about my travel plans than I probably
| _had_ to, and / or may have been wise. It's dumb and self-
| defeating, and should be a source of shame for all USA-ians.
| gustavus wrote:
| I think this is doubleplus good, we need to stop the double
| negative bad people of eastasia who want to use violence and
| terror to take away our way of life.
|
| Thus by ensuring that the government is tracking every person
| that goes through an air port at all times we can ensure we stop
| the bad people of eurasia for hurting our people and this is
| doubleplus good.
|
| It makes me feel all warm and fuzzy to know that the state is
| willing to go to such great lengths to stop bad things like an
| older sibling watching over my shoulder.
|
| Of course we all know that the TSA is a vital component of
| national security given all the times they successfully
| done...... anything?
| epwr wrote:
| This statement seems pretty poorly thought out. I think the
| argument that's being made is actually that there should be
| comprehensive privacy legislation, not that the TSA's use of
| facial recognition is bad/dangerous.
|
| I see three risks being pointed out:
|
| 1. "the potential privacy and bias risks" -> however it doesn't
| expand or explain these risks. I'm on team privacy in general, so
| I definitely worry about this, but I think it's almost comical
| that any description of this risk is absent.
|
| 2. While facial ID is currently optional, "there is no guarantee
| that will remain the case" -> this is a textbook slippery slope
| argument, which means they're arguing not that the current
| practice is bad but that someday they might start doing something
| bad.
|
| 3. "the very real possibility that our face eventually becomes
| our default ID" -> another slippery slope argument that has even
| less to do with the TSA. This would require a major effort by the
| rest of government, so this is more a "watch out for that big
| cliff over there" argument than a slippery slope argument.
|
| After all that, I think the topic sentence of this statement
| should be" > This is [bad] because the United States lacks an
| overarching law to regulate the use of facial recognition to
| ensure the necessary transparency, accountability, and oversight
| to protect our privacy, civil liberties, and civil rights.
| xhkkffbf wrote:
| EPIC hasn't been the same since they kicked out Marc Rotenberg.
| Sad to say.
| sailfast wrote:
| They are piloting this at an airport near me. When I asked if I
| could opt out the employee said "no". It was only later I was
| told that I could (upon returning home and looking it up)
|
| FaceID as government ID is not a good idea, and it's fine to
| start somewhere in my opinion though of course I would prefer
| outlawing biometrics entirely as identifiers.
| cmiles74 wrote:
| Every article I've read about the TSA's program included the
| journalist either being denied an alternative to the facial
| recognition process or being pressured to do it. In an
| environment where being late for a plane could cost people
| their travel plans, coercion is pretty easy.
| strombofulous wrote:
| [delayed]
| powera wrote:
| Yeah, I don't see any argument here. There is just an assumption
| that "an effective person identification system is bad", and a
| bunch of words distracting from the fact that they are begging
| the question.
| alliao wrote:
| just because technology exists doesn't mean we have to use them
| is a lesson I fear will take the world a long ass time to realise
| and internalise.
| ifeja wrote:
| clickbait headline
| whodidntante wrote:
| This reads as something ChatGPT 3 generated: wordy,repetitive,and
| simply states again and again that is bad, very bad, without
| providing any actual or imagined scenarios.
| robocat wrote:
| New Zealand has been using facial recognition (& iris I believe)
| at airport border control for over a decade. New Zealand is
| probably still a bit sensitive over France bombing Greenpeace
| here last century. https://nzhistory.govt.nz/politics/nuclear-
| free-new-zealand/...
|
| I don't like it, but it is where the world is going. The USA has
| been taking fingerprints of international travelers for a long
| time!
| ggm wrote:
| I flew through HKG last week. Biometric scan to transit from
| incoming to outgoing space, then at gate, I only had to be
| scanned by my eyeballs and face, I didn't even have to present my
| boarding pass.
|
| This was unexpected.
| telesilla wrote:
| Also at JFK, flying out international recently. Was weird and I
| hope I don't get used to it.
| crote wrote:
| What a confusingly-written article.
|
| The 1:1 case is not too unreasonable, if you ask me. Store a
| cryptographically signed photo on a chip in the ID card, and the
| machine can compare that to the real-life human presented. There
| are obviously drawbacks with biases in the comparison algorithm,
| but that's not really any worse than a human doing the same. From
| a privacy perspective it's not too bad - provided they delete
| their copy of the photo after the card is issued. This isn't any
| different from having the photo printed on the ID card, if you
| ask me.
|
| The 1:many case, on the other hand, is a bit of a problem. This
| requires the creation of a mass database with everyone's pictures
| in it. The privacy implications are obviously enormous, as it
| would also enable the identification of previously-anonymous
| people "in the wild".
|
| And then there's obviously the issue that it simply cannot
| _possibly_ work on a larger scale: with a 1:1 comparison you have
| to look for a close-enough match of a single picture pair, but
| with a 1:many comparison you have to identify one person out of
| millions of possible matches. There needs to be _some_ lenience
| in the matching (people use makeup and get rhinoplasties) but
| people 's faces already look quite similar - once you get to the
| million-people scale, there are pretty much guaranteed to be some
| false positive matches in there!
___________________________________________________________________
(page generated 2023-11-20 23:00 UTC)