bjourne
17 hr. ago

Ask HN: Opinions on facial recognition at air ports?

Both the EU and the US have introduced face scanning at airports to "increase security". EU rules are currently stricter and US rules allow some opt-outs for people that are uncomfortable with it. But it's only a matter of time before it becomes de facto mandatory for everyone. They claim that data is not retained or shared with other parties. Yeah, right, I totally believe that... Can something be done about this? I'm convinced that very few customers think face scanning is an improvement.
3
21
B
balderdash
7 hr. ago
They already have the data from your id. So I’m not too concerned about its use where your id is required, what I’m terrified about is its expansion and use elsewhere.
T
toomuchtodo
16 hr. ago
What is my concern? That my passport, state ID/driver's license, or portrait photos used for identification will leak? The data is already out there and of low value imho. I voluntarily added my finger printers for Global Entry to speed transiting the US border as a US citizen. If one has nation state adversaries, this is not the OSI layer where you would or could defend against them. It's a governance and political issue, not a tech issue.
R
raw_anon_1111
16 hr. ago
What’s the big deal? You had to give them your Federal ID anyway. The government already knows where you are going what tine you checked in and they have multiple copies of your ID on the state and federal level if you have a passport.
S
sanjayjc
1 hr. ago
Given how many pictures governments and corporations collect from public places, the GP's concern seems moot. I'll try to articulate my reasons as follows:

- In every authentication system (the airports' face scanning ones and others) there's a point at which a yes/no decision must be made: is this person authentic or is not?

- This yes/no "decision module" must base its determination solely on a series of bits presented to it by the image sensor.

- Every series of bits can be spoofed because the decision module can't tell whether the bits originated from a real image sensor or from a very convincing AI or elsewhere. The only exception to this is when the bits include a cryptographic signature, generated using a private key, securely embedded within the image sensor.

- The chance of such spoofing is minuscule if the sensor and the decision module coexist within a single piece of hardware that's tamper-proof. The decision module for airport face scanners can't be, given the large number of faces that must be queried. When such a decision module and its image sensor are separated by a network, possibilities for intrusion and spoofing can no longer be ignored.

- A helpful analogy is how we decry passwords stored as plain text in backend databases; after the inevitable compromise, these passwords get used to attack other systems. If backend systems store face data as a set of images (as I believe most do), how's that different in principle from storing passwords in a DB, in plain text?

- I'll grant that a careful designed system will allay my fears. The backend should store nothing but salted hashes and the image sensors must send only signed images of the subject.

- Stepping back, my ultimate concern with face authentication systems is that their technical details are opaque and they're used in situations where recourse is limited at best.

B
bjourne
15 hr. ago
The big deal is that you are coerced into giving up extremely detailed and personal information. Your face at a security checkpoint or gate does not look identical to your face on your passport. Happy, sad, frustrated, tired? Last time you shaved? Stubble or beard? Hair in a mess? Glasses? Use and style of makeup (for women)? Dental status? Stained teeth? If you're dumb enough to smile or if they force you to in the future (for "security reasons")? One or more pimples?

All of the above is contained in a SINGLE photo. MULTIPLE such photos every time you fly tell a whole lot about you. Way more than I'm comfortable giving up to companies and governments I don't trust will handle the data responsibly.

A
aristofun
16 hr. ago
What is the big deal exactly? How is that any different from regular surveillance cameras, facial recognition on passport machines or by officers? Why aren’t you worried that an officer will steal your “data”? Or an airline will leak it.
M
mikewarot
13 hr. ago
I'm concerned about false positive matches against lists of bad people. There have to be robust procedures to make sure that we don't exclusively trust AI.
R
raw_anon_1111
13 hr. ago
That’s not how it works. It doesn’t go through every single known “bad person” in the two seconds that it uses to verify you against a known picture of you.
J
JohnFen
16 hr. ago
It's one of the many things about airports and flying that makes me avoid them to the greatest degree possible.
R
raw_anon_1111
16 hr. ago
Do you have a state drivers license - with your photo? A passport - with your photo?
I
incomingpain
13 hr. ago
>Both the EU and the US have introduced face scanning at airports to "increase security".

Totally fine with me. Imagine all the cameras you walked by even getting to the new cameras you seemingly have problems with? If you're at an airport, people have their phones out recording all the time. It's public. I want the CBSA to be recording, databasing, post-analyzing including the ability to feed a photo into their database and know who that is. That's the border.

The big question, I'm not sure. Should the data be freedom of information act accessible? I think we side on privacy here; ban the government from sharing the ID information.

>EU rules are currently stricter and US rules allow some opt-outs for people that are uncomfortable with it.

Here in Canada, no significant rules. You can ride on an international flight fully covered except eyes to see where you're going. We recently increased privacy having everyone ride with a mask.

You can opt out of the radiation/xray scans for health and religious reasons.