Ask HN: Opinions on facial recognition at air ports?
Both the EU and the US have introduced face scanning at airports to "increase security". EU rules are currently stricter and US rules allow some opt-outs for people that are uncomfortable with it. But it's only a matter of time before it becomes de facto mandatory for everyone. They claim that data is not retained or shared with other parties. Yeah, right, I totally believe that... Can something be done about this? I'm convinced that very few customers think face scanning is an improvement.
What is my concern? That my passport, state ID/driver's license, or portrait photos used for identification will leak? The data is already out there and of low value imho. I voluntarily added my finger printers for Global Entry to speed transiting the US border as a US citizen. If one has nation state adversaries, this is not the OSI layer where you would or could defend against them. It's a governance and political issue, not a tech issue.
I'm concerned about false positive matches against lists of bad people. There have to be robust procedures to make sure that we don't exclusively trust AI.
That’s not how it works. It doesn’t go through every single known “bad person” in the two seconds that it uses to verify you against a known picture of you.
The person at the security desk can already do that, with better odds of being right.
The person at the security desk doesn’t go through a list of your pictures. It’s a combination of having to have RealID and a computerized list of names.
Again, having your facial recognition or not having facial recognition has absolutely nothing to do with it.
They already have the data from your id. So I’m not too concerned about its use where your id is required, what I’m terrified about is its expansion and use elsewhere.
What’s the big deal? You had to give them your Federal ID anyway. The government already knows where you are going what tine you checked in and they have multiple copies of your ID on the state and federal level if you have a passport.
Given how many pictures governments and corporations collect from public places, the GP's concern seems moot. I'll try to articulate my reasons as follows:
- In every authentication system (the airports' face scanning ones and others) there's a point at which a yes/no decision must be made: is this person authentic or is not?
- This yes/no "decision module" must base its determination solely on a series of bits presented to it by the image sensor.
- Every series of bits can be spoofed because the decision module can't tell whether the bits originated from a real image sensor or from a very convincing AI or elsewhere. The only exception to this is when the bits include a cryptographic signature, generated using a private key, securely embedded within the image sensor.
- The chance of such spoofing is minuscule if the sensor and the decision module coexist within a single piece of hardware that's tamper-proof. The decision module for airport face scanners can't be, given the large number of faces that must be queried. When such a decision module and its image sensor are separated by a network, possibilities for intrusion and spoofing can no longer be ignored.
- A helpful analogy is how we decry passwords stored as plain text in backend databases; after the inevitable compromise, these passwords get used to attack other systems. If backend systems store face data as a set of images (as I believe most do), how's that different in principle from storing passwords in a DB, in plain text?
- I'll grant that a careful designed system will allay my fears. The backend should store nothing but salted hashes and the image sensors must send only signed images of the subject.
- Stepping back, my ultimate concern with face authentication systems is that their technical details are opaque and they're used in situations where recourse is limited at best.
> Given how many pictures governments and corporations collect from public places, the GP's concern seems moot.
That data is not centralized. If anytime you entered a gas station surveillance footage of you were associated with your passport and added to a centralized registry, I think you'd be worried too. That's what's going on here.
Where you are every minute is centralized if you use a cell phone. Even if your phone isn’t sending GPS data back somewhere, it’s still constantly pinging cell phone towers.
The big deal is that you are coerced into giving up extremely detailed and personal information. Your face at a security checkpoint or gate does not look identical to your face on your passport. Happy, sad, frustrated, tired? Last time you shaved? Stubble or beard? Hair in a mess? Glasses? Use and style of makeup (for women)? Dental status? Stained teeth? If you're dumb enough to smile or if they force you to in the future (for "security reasons")? One or more pimples?
All of the above is contained in a SINGLE photo. MULTIPLE such photos every time you fly tell a whole lot about you. Way more than I'm comfortable giving up to companies and governments I don't trust will handle the data responsibly.
So you’re concerned with the number of photos with regards to tracking even though the government already has your ID with your photo and they can easily find out everywhere you went if you carry a cell phone?
I’ve gone through security over a dozen times in the last year and never had a problem with it recognizing my face. My wife changes hairstyles very often and it doesn’t have an issue. These are solved problems.
What extremely sensitive information? Your photo they already have?
If you don't understand the difference between ONE photo and DOZENS of photos taken over several years, I can't help you. Go troll someone else.
And what exactly threat do you think you are avoiding by not having more pictures taken of you? Honestly,if you carry your phone around with you or using credit cards, worrying about extra photos is completely non sensical tin foil hat wearing territory.
What is the big deal exactly? How is that any different from regular surveillance cameras, facial recognition on passport machines or by officers? Why aren’t you worried that an officer will steal your “data”? Or an airline will leak it.
It's one of the many things about airports and flying that makes me avoid them to the greatest degree possible.
Do you have a state drivers license - with your photo? A passport - with your photo?
That's not an important point for me. It's worth it to me to go to efforts to minimize the amount of surveillance being foisted on me where I can, even if there is other surveillance I can't avoid. Especially when that surveillance is connected to databases.
Every little bit helps, so I maintain every little bit of my privacy and autonomy that I can. Airports and flying are places and activities that are notorious for getting you spied on, so I avoid them whenever possible.
I understand that you, and others, are not quite so sensitive about these issues. There's nothing wrong with that. We all make our own choices.
What surveillance are you trying to avoid? Once you buy your ticket, the government already knows where you are going as does your credit card company. The airline sends the exact ticket information to the credit card company.
If you use your credit card to buy purchases when you drive everywhere, it’s easy to model where you are going.
Even if you use cash, if you take your cellphone with you, the mobile carrier keeps a fairly accurate record of where you are based.
It’s not about “sensitivity”, there are a million ways you are being tracked everywhere, avoiding airports means nothing
> What surveillance are you trying to avoid?
As I said, as much as I possibly can.
> there are a million ways you are being tracked everywhere, avoiding airports means nothing
I disagree. It may not mean much, but it means something. Particularly in combination with avoiding a lot of other "meaningless" privacy intrusions.
You may not feel that avoiding being spied on is a worthwhile activity anymore. That's fair. It's worthwhile for me. I may not be able to do much to avoid this kind of oppression, but I'm not willing to just roll over and take it, either.
How I feel about it is irrelevant. You’re preventing absolutely nothing by refusing to go into an airport when there are much better ways that the government can track you - including your cell phone and credit card usage. It means nothing that you are avoiding airports.
It not only doesn’t “mean much”. It means nothing.
[delayed]
We disagree. That's OK.
If nothing else, though, it means something to me: it means avoiding a place than I am incredibly uncomfortable being in, and I'm not rewarding systems and behaviors that I think are harmful. That's a win all by itself.
>Both the EU and the US have introduced face scanning at airports to "increase security".
Totally fine with me. Imagine all the cameras you walked by even getting to the new cameras you seemingly have problems with? If you're at an airport, people have their phones out recording all the time. It's public. I want the CBSA to be recording, databasing, post-analyzing including the ability to feed a photo into their database and know who that is. That's the border.
The big question, I'm not sure. Should the data be freedom of information act accessible? I think we side on privacy here; ban the government from sharing the ID information.
>EU rules are currently stricter and US rules allow some opt-outs for people that are uncomfortable with it.
Here in Canada, no significant rules. You can ride on an international flight fully covered except eyes to see where you're going. We recently increased privacy having everyone ride with a mask.
You can opt out of the radiation/xray scans for health and religious reasons.