CDT Comments to DHS’ Data Privacy and Integrity Advisory Council on Facial Recognition Privacy in Draft Report

CDT respectfully submits these comments in response to the request for public comment from the Department of Homeland Security (DHS) Data Privacy and Integrity Advisory Council (DPIAC) on its draft report Privacy Recommendations in Connection with the Use of Facial Recognition Technology.

In this case, a very limited tasking from the DHS Privacy Office to the DPIAC has resulted in a very limited set of recommendations. The tasking, and the DPIAC report, do not grapple with the glaring reality that Congress has not authorized Customs and Border Protection (CBP) to employ facial recognition technologies against U.S. citizens, but CBP is doing it nonetheless. Facial recognition technologies have also been shown to have inaccuracies, to result in discriminatory treatment of people with dark skin, and, when authorized to be used in a limited context, to spread to other contexts without adequate scrutiny.

Facial recognition technology may prove to be a useful tool for law enforcement like CBP, however there are other significant associated privacy and civil liberties concerns abound. As CBP acknowledged, “facial recognition poses a unique set of privacy issues. Facial images can be captured at a distance, covertly, and without consent.” Safeguards are needed to prevent abuse. DHS failed to take advantage of the opportunity to task DPIAC with engaging with and provide guidance on these important issues.

Our comments on this report center on four points that highlight our broader concerns with CBP’s use of facial recognition technology: 1) CBP has exceeded its legal mandate by employing facial recognition technology on U.S. citizens; 2) Facial recognition technology is discriminatory and inaccurate; 3) The biometric entry-exit system is prone to mission creep; and 4) Congressional oversight and legislation is needed to address these problems.