Comment by fc417fc802
2 days ago
> a human comparing my face to my ID is functionally equivalent
Not at all? A human isn't committing you to long term memory let alone entering a detailed sketch into a centralized database.
2 days ago
> a human comparing my face to my ID is functionally equivalent
Not at all? A human isn't committing you to long term memory let alone entering a detailed sketch into a centralized database.
No. TSA deletes the information it captures after 24 hours.
https://www.tsa.gov/travel/frequently-asked-questions/does-t...
Regardless of the fact that they can simply lie to you, it doesn't say that. The question is "Does TSA protect all data (e.g., photos)...?" What does protect mean? The stated common case is that a photo is ephemeral and is removed (from where?) after it is used. Now, they're using it for facial recognition. They didn't get a facial recognition system by deleting photos, so we know based on the premise that some representation of the data in the photo (your likeness) exists in persistent form.
But that's just generous reading, anyway. There are so many ambiguities that it's not really worth the trouble to attempt any rigorous analysis of it.
"In rare instances TSA will collect and temporarily retain photos and data..." How rare? Doesn't matter: then what happens?
"...data collection mode events are limited in time and place..." Damn unrelenting spacetime.
"TSA’s facial comparison technologies adhere to DHS and TSA cybersecurity requirements." Restatement of the problem.
To get actual answers (at least during sane political administrations), the System of Records Notice (“SORN”) is what you want. Whereas the info sites for these programs are typically useless, SORNs are the authoritative document that the federal government issues to identify and characterize systems that store records about data subjects, and include information about retention polices, exceptions, etc.
The last I read the SORN for TSA’s facial recognition, they did commit to deleting identifiable data within 24 hours.
CBP operates their facial recognition under a different SORN, and there are many more caveats, although they also commit to deleting identifiable data within 24 hours for US citizens (only).
That was in late 2024 anyway.
> Now, they're using it for facial recognition. They didn't get a facial recognition system by deleting photos, so we know based on the premise that some representation of the data in the photo (your likeness) exists in persistent form.
If we want to be truly generous in interpreting it, the new sample would be deleted and the comparison is done against the photos they have on file from your ID/passport (although, since a foreigner can do it on their first visit to the US, it might just be based on scanning the document you provide). Of course, single-sample-per-person facial recognition is pretty limited, but it's security theater anyways.
2 replies →
It says, "If you use TSA PreCheck Touchless ID, your information is deleted within 24 hours of your scheduled departure time."
Yes, they could be lying. That would be illegal.
1 reply →
Agreed. Provides no obvious benefit to either me or society at large. Normalizes collection of biometrics. Implementation details not easy to verify - they could be lying or could silently change things later.
The entire scheme has a very high abuse potential. Equipment and personnel set up at major ports and their presence normalized. Turnkey authoritarianism at its finest.
I just flew from the US to Europe; at each point where I had to get my picture taken, the machine had a label on it that clearly said they would delete my data after 24 hours. (Or after use, I don't remember the precise time frame.)
Were they lying? Possibly. But this is not a matter of them trying to use weasel wording to trick you into thinking they're claiming something they're not.
2 replies →