I opted out at Boston International Airport. It involved arguing with the TSA for about 5 minutes while holding up a 150 person line. Then the supervisor came over, told me that I "was required to have to have my photo taken" and opting out consisted of checking a box in the software to not save my photo. My alternative was to not get on the flight.
The whole idea of opting out is a scam. They are 100% planning to force mandatory facial recognition on the general public.
And I do, every time! They don't really care, although some make a half-hearted pitch about how the image gets deleted right away.
I opt in, and am always very excited to participate in this beta. Opting out isn’t going to change the deployment scale.
Hope it does.
I’m also the person who consistently opts out of airport body scanners too, much to the embarrassment of whomever is unfortunate enough to be travelling with me. It is my petty indignation- if you want to violate me then I’m going to make it resource consuming for you also, should I have the capability.
Reactions of the airport staff are surprisingly mixed, many don't mind at all - though universally they will force you to wait for 10-30minutes, though Gatwick staff in particular consistently repeats that “this won’t always be possible”, which is a weird statement to make to be honest, but I've travelled through there many times and they try to talk me about of it this way.
Has the ability to opt out changed the TSA operating model? Or does it satisfy some emotional response in those who do while adding slightly more time to aggregate screening for the opt out population? I understand the desire, but the lever you're trying to pull is in concrete. Redirect your efforts to somewhere effective.
By participating in Global Entry and opting into CBP and DHS/TSA "one to many" credential and identity proofing (colloquially "facial recognition"), it makes my life much easier while traveling. If I have strong data security and privacy concerns along the lines of "this will eventually lead to dystopian government interaction outcomes," the only place that is solved is at the ballot box and within the legislative and legal frameworks. The databases relied on for matching already exist [1].
The fact that it still exists indicates that it's likely to be the case, it's clearly frustrating for them and they would get rid of the option if they thought they could.
People like me are probably padding the stats in favour of a small but consistent "preference". There's no way they're not watching the statistics and making decisions based on that. If they think a small enough minority opt out they will remove the option.
By participating in Global Entry and opting into CBP and DHS/TSA "one to many" credential and identity proofing (colloquially "facial recognition"), it makes my life much easier while traveling. If I have strong data security and privacy concerns along the lines of "this will eventually lead to dystopian government interaction outcomes," the only place that is solved is at the ballot box.
That's not my concern, petty bureaucracy and trampling the dignity of people nonchalantly is.
What I'm referring to is much larger than just the TSA, it's a global industry selling security theatre, imagining the techniques of tomorrows bomb threat are anything they've seen before, forcing you to throw your liquids away and then charging you through the nose for water on the other side.
"But you can take an empty bottle, there are fountains!"
That's the discretion of the security agent you happen to get, I've had bottles thrown out because they had "flOz" written on the side despite being empty.
I travel a lot, so it's probably just the fact I want a consistent experience above else, and the rules are different depending on airport and very selectively enforced. Though they might argue that this is a feature to thwart terrorism.. (he says while rolling eyes)
If it makes you feel better, carry on, just don't expect it to change outcomes. It clearly doesn't. Opt outs are not tracked [1]. TSA opt outs are the equivalent of a close door elevator button that does nothing [2].
[1] https://www.muckrock.com/foi/united-states-of-america-10/tsa...
[2] https://www.sciencealert.com/the-close-door-buttons-in-eleva...
And a very on topic quote from the above citation:
"Perceived control is very important," Harvard psychologist Ellen J. Langer told Christopher Mele at The New York Times. "It diminishes stress and promotes well being."
Do you really think that if everyone opted out of the scan, and took five minutes to process instead of five seconds, nothing would change?
Protest definitely does change something. The only problem is that not enough of us are doing it.
If you're opposed to these scans, it is your moral duty to opt out, and to make everyone's life harder while doing it. That's exactly how things change.
Do you really think that everyone is going to opt out? If so, can you please provide evidence when and why they haven’t already? Or is it more likely that a small, vocal minority will continue to be vocal? And that vocal minority will remain perpetually upset that everyone else does not protest with them? I am using the entire existence of the TSA until now in evaluating.
I am simply the messenger for the bad news, based on observations of the system at scale. “If the people would just rise up” is not an argument, unless you’re going to show evidence that there is a scenario in which a non insignificant amount of the traveling public opt out, which is…unlikely in my opinion.
See y’all in the related thread 1-3 years from now when this is common practice.
Do you really think that everyone is going to opt out?
You sure as shit don't need everyone to opt-out. You just need enough folks standing around in a queue for the supervisor to get uncomfortable with how long the line is getting for them to dispense with the theater and start waving everyone through only metal detectors.
I am willing to make a LongBet of $10k to a charity of the winner's choice on this prediction we are arguing over. Please let me know if you would like to take the other side of the bet. You win if protests occur and stops deployment of facial recognition technology for identity proofing travelers at security checkpoints within the US, I win if protests are simply annoying and deployment in the US moves ahead without issue. Timeline is within the next five years.
Let me know and we'll spin it up so we're accountable for our predictions: https://longbets.org/
Let me know and we'll spin it up so we're accountable for our predictions:
I am not and was not making a prediction. I was using my field observations to refute the implied assertion that everyone would need to refuse automated screening in order to cause that part of the screening to be bypassed by folks who are not refusing to participate.
The fact is: defeatism is guaranteed failure, while activism is potentially a success.
It’s government software right? There’s no chance the opt out button works.
the only place that is solved is at the ballot box and within the legislative and legal frameworks
This WAS solved at the ballot box. The law written by our elected representatives requires airport security to allow a reasonable opt-out[1].
DHS ensures alternative processing is available to resolve match or no match outcomes. The mechanism or process to opt-out and complete alternative processing may not impose additional burdens or requirements on the individual beyond what is necessary to complete the verification process.
Many of the responses in this thread are indicating that the implementation of this opt-out is excessively burdensome, such that opting out could easily cause a traveler to miss their flight.
We should all be concerned that the authority granted an extraordinary enforcement power over a functionally mandatory part of modern life ignores limitations that that we "made at the ballot box" because it finds them inconvenient.
[1] https://www.dhs.gov/sites/default/files/2023-09/23_0913_mgmt...
the only place that is solved is at the ballot box and within the legislative and legal frameworks
This WAS solved at the ballot box. The law written by our elected representatives requires airport security to allow a reasonable opt-out[1].
Perhaps I did not express my thought cohesively, let me expound. By "solving" in this context, I mean with regards to data collection, retention, storage, and processing of sensitive personal information, biometrics specifically (quoting myself below):
If I have strong data security and privacy concerns along the lines of "this will eventually lead to dystopian government interaction outcomes," the only place that is solved is at the ballot box and within the legislative and legal frameworks.
Current state, the event of you traversing a checkpoint is logged in a system of record, with a human proofing your credentials against your live face. These systems automate the proofing process. Your photo exists in government databases (state for state ID and driver's license, and federal for passports and global entry/CBP). Your event of travel is logged, and also provided ahead of flights to TSA/DHS via PNR data exchanges. My government, today, already has the necessary information to cause me harm without using facial recognition to compare my ID to my live face and PNR.
What material risk to privacy does swapping a human checking your ID with facial recognition incur in this context? And how does opting out materially improve your privacy posture? It very well may be that the opt-out is excessively burdensome, but if the opt out is ceremony and provides no actual benefit, then why do I care if it is excessively burdensome? Because someone believes the opt out process is providing a benefit when it, in reality, provides no benefit? That is a belief system challenge, not an objective risk to be assessed and potentially mitigated. Fear is a feeling, danger is real. If there is evidence that the opt out process materially improves someones privacy and data security posture, certainly, then it is worth expending effort to defend opt out use and overly burdensome efforts to exercise. Otherwise, I find it inconvenient to argue over the travel security checkpoint equivalent of an elevator close door button (in this context, the opt out process).
Fight for and expend effort on effective improvements in outcomes, not ceremony.
It's been nearly a decade since I've had to deal with the assholes at the airport, but I'd always make sure to wait close enough to the line to not end up forgotten about. This would also cause the occasional person in line to think I was in line ahead of them, so they'd stop and wait behind me until an agent manually coaxed them forward. Sometimes they'd ask me if I was waiting and I'd get to say something like "oh, no, I'm not going near that thing". But the turbulence would generally make the agents see my waiting there as a higher priority to take care of.
Back in the day, there was a commercial bulletin board software called TBBS ("The Bread Board System"). It differed from most BBSs in that it could handle multiple lines on a single computer, through a built-in multitasking implementation. Most TBBSs allowed new users to dial in and create new accounts by entering their name and choosing a password on the first login. TBBS had a companion product called TDBS ("The DataBase System") that allowed writing interactive programs for use by users. One of these programs that became popular was a light adventure MUD called Illusions. I had a two line demo of TBBS/TDBS I got from somewhere (I think legitimately, actually), and I downloaded a demo copy of Illusions to play with on my own machine. Looking at its databases, I found something curious - the players' characters and the non-playing characters were stored in the same database, with the user name for all of the NPCs being "aa non-playing character". It turns out the game did not check for a user using that name. And of course TBBS knew nothing of Illusions's design choices. And so by creating a new login account so-named, I was able to play as the NPC characters, moving them around town and chatting with other players to much amusement. At least until the sysop realized what was happening. That is all to say, I too have had the experience of choosing to play as a non-playing character.
(another fun fact: the companion product for connecting TBBS to the nascent Internet was called an IPAD - Internet Protocol ADapter)
I don't know what article you intended to post this on, but it sounds interesting and I'd like to see it!
It's a high effort way of calling the GP an NPC, so just an insult.
Ah, I missed that sentence on my first read. Kind of a shame because the NPC meme is dumb as shit and the rest of the post was interesting.
As a model for attempting to understand the world and root causes, the NPC meme is obviously wrong and dumb. But as a coping mechanism for those trying to distance themselves from herd behavior and withstand the social pressure that leads to it, it has some utility. Also note I did not say or imply the OP is an NPC, rather I said that they're choosing to act like one. And I totally get picking which battles you spend your effort on, but when you're intellectually justifying choosing the expedient option as if it's the right one, you've gone too far.
(also fwiw, everything in my original comment is true. it's not LLM drivel or anything)
Yes, this was the most fun I had in this entire thread.
If you email the mods with a link to the thread you intended to write this in (hn at ycombinator dot com), they should be able to move this comment for you so that it receives the attention it deserves and is preserved appropriately for future forum enjoyment. Please delete this comment if a mod takes action.
You can also opt out of the cylindrical x-ray.
The correct incantation is: "I would like to opt out of the millimeter wave."
If you do this, then someone of the same gender will run their gloved hands over (somewhat sensitive) areas of your body, then test the gloves for explosive residue.
At my age, I probably shouldn't care about any of this, but I don't like needless x-rays.
Not to suggest that you shouldn't opt out for any reason you want, but the mm wave scanner doesn't use x-rays. I don't think the x-ray scanners were ever widely deployed and none of them are in use anymore. You're exposed to so much radiation just sitting in an aircraft at 35,000 feet that anything beamed at you during security screening would have to be of very little consequence.
You're exposed to so much radiation just sitting in an aircraft at 35,000 feet that anything beamed at you during security screening would have to be of very little consequence.
I've heard this before, but this really isn't how radiation works.
The higher dosages you're exposed to and the longer, the more likely the negative affects.
But it's strangely additive, like getting wet. Which is a poor analogy but the most fitting I can think of.
You might get "more wet" by standing in the rain than getting splashed with puddle, sure, but you're still increasing your "wet-ness" by not drying out before getting splashed.
Only this wet gives you cancer if you stay wet too long, or get too wet.
> this really isn't how radiation works.
Yes, actually it is, at least as far as the risks of security scanners vs. flying are concerned. The radiation you get exposed to in an airplane at altitude is largely ionizing radiation. The radiation you get exposed to in security scanners is not. So in addition to the much shorter time of exposure, and hence the much smaller overall dose, the type of radiation in security scanners is much, much less damaging to your body even at comparable doses.
> it's strangely additive
I'm not sure what you mean by this, but if you mean that the additional radiation from security scanners is somehow "additive" with the radiation you are exposed to in the airplane, no, that's not correct. They're different types of radiation and do different things to your body. There's no cumulative effect between them.
If you were correct the repeated exposure to low doses of radiation would not be cause for concern.
Truthfully, the amount of radiation you are exposed to does accumulate its negative affects, we certainly consider it as such for every work environment for a reason.
You are confident in this, and more eloquent than me at 2am, whoever I cannot let that falsehood stand.
As far as ionising radiation goes, if its ionising then its ionising, there’s not “different types”- however the parent is correct that millimetre waves do not penetrate the skin and are considered non-ionising
If you were correct the repeated exposure to low doses of radiation would not be cause for concern.
It's not a cause for concern, no. Tons of people live and work at high elevations, in granite buildings, and many other places where the background ionizing radiation level is far higher than normal.
You'd do well to consult this chart: <https://xkcd.com/radiation/>, paying particular attention to the expected radiation exposure from background sources, comparing that to the "Lowest one-year dose clearly linked to increased cancer risk" amount, and also noting that the repeated phrase "All the doses in the $COLOR chart combined".
You'd also do well to clear fifteen or thirty minutes from your day and read this letter, published in 1997: <https://radiationeffects.org/wp-content/uploads/2015/05/Rock...>. Do take it slow and don't skim. It's an essay written to be read, rather than for SEO, so you absolutely will miss important details if you skim.
> the amount of radiation you are exposed to does accumulate its negative affects
What kind of radiation? If you mean ionizing radiation, the evidence, as far as I know, is mixed; some indicates there is buildup over time, some indicates that there are threshold effects and single doses below threshold, separated in time, do not accumulate. We do have lifetime dose limits as well as single exposure dose limits for such radiation because the evidence is mixed and we can't rule out that there are accumulation effects.
But if you mean non-ionizing radiation, such as is used in the millimeter wave security scanners, there is no evidence of accumulation of effects over time from low doses (i.e., doses that do not cause immediate harmful effects) that I'm aware of. Do you know of any?
I think the issue is that people don’t think about limiting their airline flights, so why think about limiting mmwave?
Not that it isn’t additive, it’s that people don’t care like they don’t care that eating a banana vs eating another item [0].
I agree that's a poor analogy. Nonetheless, millimeter wave scanners don't use ionizing radiation.
They are still using backscatter X-ray scanners in parts of Europe, for example Berlin. That airport does allow you to opt out of them.
And in the US, backscatter X-rays have found continued use in jails and prisons. There is actually one that is used in Cook County (Chicago) that is a conveyor belt you stand on to get a full 5 seconds of X-ray exposure. Opting out of the prison scanner may be possible depending on your circumstances, but undoubtedly more difficult
Does Berlin actually tell you anywhere that you can opt out? Flew through there recently and didn't see anything... prior to having TSA Pre I'd always opt out in the USA, would love to know if it's as simple in Germany for when I fly through.
Not that I saw. But I saw people talking about it online. I did the same thing I do in the US, tell the scanner guy I’d like to opt out. I think they wanded me, no pat down. No fuss.
that's good to know but disappointing to learn!
X-rays are sub-nanometer waves. Millimeter wave scanners are fancy radar (with microwave photons)
I always opted out of x-ray backscatter machines, but mm-wave scanners aren't worth the hassle.
https://theintercept.com/2015/05/27/tsa-body-scanner-lobbyis...
https://www.propublica.org/article/tsa-removes-x-ray-body-sc...
The whole implementation of these scanners was layers of corruption.
Still worth it IMO - as long as they have to train people to maintain the manual process, its a signal that there are people out there who won't just fold.
They have to do manual pat downs for people who "fail" the scanner, either because there was something that warranted a double check or the computer randomly assigned someone to receive extra scrutiny.
I've walked out of the security perimeter to reschedule after a flight cancellation in an airport with <10 passengers in the terminal. Upon reentering I was "randomly" selected for an explosives swab despite passing the first time with the same bag and not walking more than 50 feet away from the TSA checkpoint.
I "Failed" the scanner once because I was wearing too much deodorant! It decided the titanium or aluminum in my extremely sweaty armpits was clearly explosive.
I felt sorta bad for the TSA guy who had to grope my sweaty armpits to make sure I wasn't a terrorist somehow
Are these things regulated by the FDA? And if not, why not?
No, because they are not medical devices. There is about a four page safety study that was done paid for by the manufacturer, and that is it.
TSA employees are not even allowed to wear dosimeters, as I recall
For bonus points make sure to refuse to send your bags through the X-ray scanner, blocking everyone else behind you as well, until the agent is ready for your manual pat down. When they demand you put your bags through, speak in a loud commanding voice, “Do not touch my bag! It must remain in my sight!”.
If they’re not prepared for passengers to opt out, the public needs to be aware and the only way they’ll be aware is by delaying hundreds of passengers directly behind you.
This is a great way to spread awareness that anyone who cares about privacy rights is a crazy and annoying weirdo.
This is the primary reason I pay for TSA Precheck, to automatically opt out of the scanner without requesting a groping.
Why do people want to opt out? This perplexes me as “the government” already has scans of your face. So these devices aren’t used to collect data.
I’m also perplexed when my parent won’t give the State department their SSN, but received SSN benefits, and Medicare, and pays taxes to the IRS. They say they don’t want “the government” to have their data, but oddly think the government doesn’t already have a dossier on them.
I love the scans as they speed up security. I traveled recently, internationally to and from the US and it was nice to just scan my face and show my passport and not need to scan my qrcode boarding pass.
This perplexes me as “the government” already has scans of your face. So these devices aren’t used to collect data.
Citation extremely needed. Why would the government have a preexisting scan of my face?
Driver’s license. Passport. Student id. Employment id (for the millions employed by the government). Etc etc etc
Not to mention the data legally purchased from data brokers and illegally captured by NSA/etc.
Photo != Biometric scan
Yes, when it comes to face scanners at the airport. You’re standing in front of a government camera for a driver’s license or student id and it can (and likely will) take the same image data that the TSA cameras do.
A high rez image is a type of biometric scan if you’re using it for facial recognition.
Yes, when it comes to face scanners at the airport. You’re standing in front of a government camera for a driver’s license or student id and it can (and likely will) take the same image data that the TSA cameras do.
This is wrong. The TSA cameras are steroscopic and capture significantly more detail.
Additionally, there is no oversight or information given about how that data will be used, sold, how long it will be kept for, etc.
If you want to be entirely complacent that's your choice. But it isn't 'silly' for those of us that understand what's going on to oppose it, and it's disingenuous to easy because we have drivers licenses there is no reason to oppose it.
Yes, when it comes to face scanners at the airport. You’re standing in front of a government camera for a driver’s license or student id and it can (and likely will) take the same image data that the TSA cameras do. This is wrong. The TSA cameras are steroscopic and capture significantly more detail.
Additionally, there is no oversight or information given about how that data will be used, sold, how long it will be kept for, etc.
If you want to be entirely complacent that's your choice. But it isn't 'silly' for those of us that understand what's going on to oppose it, and it's disingenuous to easy because we have drivers licenses there is no reason to oppose it.
Never had relatives genocided by governments, eh?
Many. And having my social collected by the IRS does not impact my or my existing family’s chances of genocide.
Well, I'm glad for you, your belief in institutions outweighs any historical truth. Must be nice.
"The government" is not a monolithic entity that has instant access to all data stored by all branches.
The more places your SSN is stored, the higher the likelihood of that information being misused by those with "legitimate" access, or stolen by malicious actors.
The same thing applies to pretty much anything about you (name, DOB, address, etc.), which should be sufficient reason alone to not want it spread around more than absolutely necessary.
The State department isn’t collecting it for random reasons or for use as an identifier. It collects it for diplomatic purposes. So it is limited for a specific purpose.
I agree that SSN shouldn’t be collected inappropriately, but for purposes where it’s necessary, complaining that “the government” doesn’t need it, is silly, I think.
Diplomatic purposes? What does that mean? And what about people without an SSN?
When did we start calling this "face scanning"?
Isn't it just literally taking a photo, like any digital camera?
To me "scanning" implies a 3D point cloud. Apple's TrueDepth camera, with a projected dot cloud, that it uses for Face ID -- that's scanning, as opposed to just a photo.
Are airports actually performing 3D scans now?
Or are they still just normal digital cameras, but people are calling it "scanning" because they want it to sound scarier than "photos"?
It's a stereoscopic camera, so you get depth and such.
So just like a smartphone camera nowadays?
Smartphone cameras aren't stereoscopic by default... yet, but that's probably coming. Rumors are that the iPhone 16 will have a stereoscopic camera layout on some or all models, for example.
iPhone 15 pro added it.
I still wouldn't call that "scanning", I'd just call it "two photos".
The quality/accuracy is not like an actual 3D scan.
But I'll certainly place it in an intermediate category... either "stereoscopic photos" or "spatial photos" if you want to use Apple's name for it.
I just think "scanning" should be reserved for, you know, the things we traditionally call scanning. That are more than just photos -- stereoscopic/spatial or not.
"face scan" doesn't imply "3d face scan", it just implies additional data beyond a regular photograph. Isn't a 3d scan just a bunch of 2d scans lumped together? How many photos need to be taken before it's okay to call it a "scan"?
How many photos need to be taken before it's okay to call it a "scan"?
I think that's actually a really interesting question.
To me, intuitively, it's pretty clear that if you took 100 photos of someone's head being rotated 1° each time, to put together a model of their face, that's a scan.
It's also clear that, intuitively, just 2 photos, or even 4 photos at 25° each, is not a scan. They're just a few individual photos.
All of which feels pretty analogous to, how many pixels does a bitmap need in both dimensions to call it a photo?
A 4x4 bitmap is not a photo. While a 100x100 bitmap certainly is, even if we'd call it thumbnail size. But we'd all agree it's a photo.
So where's the transition? I'd suggest a value of 20 is kind of a gray area threshold. A 20x20 image maybe you can say is starting to turn into a photo. Similarly, a collection of 20 images taken at regularly spaced angles maybe you can say is starting to turn into a 3D scan.
Uncle Sam is using your money so generally pays top dollar for the best stuff. A comment in the top thead, with “counterpoint” in it seems to confirm the 3d scan.
I was flying home from dallas a few months back. They had a giant sign in the security line that said (maybe not verbatim) - We're trying out a new face recognition security system. This is completely optional. If you don't want to participate, just tell the agent "I'd like to opt out".
I get to the front of the line, tell the lady "I'd like to opt out" - she looks at me like I was speaking Algonquin. So I repeat "I'd like to opt out". Her - "What are you talking about??". So I point to the sign sitting two feet away from her and say "your sign says the face scan is optional and I can opt out???"
"Just say you want a pat down, we don't know what you're saying".
To say their training on this being "optional" is lacking is quite the understatement... You have signs telling people what to tell the agent, verbatim, and the agent acts like they have no idea what you're talking about... speaking of big government at its finest...
To say their training on this being "optional" is lacking is quite the understatement... You have signs telling people what to tell the agent, verbatim, and the agent acts like they have no idea what you're talking about... speaking of big government at its finest...
It makes more sense if you think about it as a giant jobs program, but one that detracts from society instead of adding to it.
Don't get me started, our country makes my brain hurt. The Works program was considered so successful at eliminating unemployed folks, we killed it. Because why would we need to continue building roads and bridges, and fixing old roads and bridges, and giving people meaningful work to do vs. just handing out food stamps? That problem is solved... (Please note I'm not against food stamps/welfare programs, I just think having that be the ONLY option is detrimental to able-bodied folks that just want to feel like they're contributing to society but also can't find steady employment for various reasons).
I dug into this, and apparently the Works program was terminated because WWII happened, which obviously depleted people who were using it as a bunch were being either shipped off to war or hired up for war industries. The fact it hasn't been spun up again is worth investigating but it seems its termination had nothing to do with how successful it was.
It wasn't terminated because of WWII, it was terminated because it was determined it was "no longer needed". Nobody in their right mind would have though WWII would continue in perpetuity.
Unemployment ended with war production for World War II, as millions of men joined the services, and cost-plus contracts made it attractive for companies to hire unemployed men and train them.[19][page needed][31]
Concluding that a national relief program was no longer needed, Roosevelt directed the Federal Works Administrator to end the WPA in a letter December 4, 1942. "Seven years ago I was convinced that providing useful work is superior to any and every kind of dole. Experience had amply justified this policy,"
It was no longer needed, because of the war effort. Roosevelt didn’t say it would never again be needed. Roosevelt created it, and in ending it he endorsed it. There’s no indication that he would be opposed to re creating it future, but he opposed having a (temporarily) useless agency operating when not needed.
> If you don't want to participate, just tell the agent "I'd like to opt out".
I get to the front of the line, tell the lady "I'd like to opt out"
Come on man, you're talking to humans that have a lot going on in their minds, including your security and everyone else's. They can't do perfect Bayes inference to figure out what's going on in your brain. What the heck are you opting out of? Democracy? Your marriage? Life itself? Realize none of those are positive indications of someone who's likely to be a safe traveler. Try to make things easier on them.
Just saying "I'd like to opt out" with no added context on what you're opting out of is really following the instructions like a computer would. It makes you look like the programmer in those jokes who buys a dozen loaves of bread because he was told "buy a loaf of bread; if they have eggs, get a dozen".
I'll be honest, I don't mind if the federal government has my face information. I already have a passport and a driver's license, I live here, I pay taxes, the federal government already has all my information.
My issue is if any private company gets to use it or store it. I will never join Clear and I tell everyone I meet not to trust them.
What are they going to do with my biometrics? Waymo, cruise, etc are driving around scanning us every day. My fingerprint is used on my phone. My palm is scanned at Whole Foods.
Clear is the easiest way to fly and I’ll never go back (until it’s as packed as TSA pre…).
Congress has been taking a long hard look at Clear and might consider their practices and business model to be illegal, as they rightfully should.
Why would they need a palm scan at Whole Foods?
Congress has been taking a long hard look at Clear and might consider their practices and business model to be illegal, as they rightfully should.
Where is Clear considerably faster than TSA pre-check? It’s the same wait for either nearly every time I’ve seen them next to each other. I’m sure it varies by airport though.
While agree I find hilarious to say that you don't mind give data to government, because you are forced to and then complain of giving them to other companies.
You don't have to give your personal data to any company, while to government you are forced to do it. It's huge difference.
Flying back to the US earlier this year in June, I declined to have my face scanned. The agent was rude and aggressive because I “didn’t tell him I wanted to opt out before he started.”
He went overboard in terms of harassment and intimidation but he did not win. Fuck that guy.
Also who cares whether the photo is immediately deleted? The metrics are what matter and those are kept.
Good for you. There is no shortage of assholes at the border. It's gotten to the point where when I encounter a polite one, I think "what's his angle?" Maybe he's just not a jerk projecting his sense of powerlessness onto strangers. Imagine!
That said, I don't envy their job. But it seems to be a systemic attractor of asshole.
I think it must be their training, at least in part. Does acting this way catch people who are trying to deceive them?
Border guards in other countries are often very polite.
Does acting this way catch people who are trying to deceive them?
The retired cops who will charge your department $100k for "training" will absolutely tell you they are teaching you how to detect liars.
Actual studies have shown their techniques (things like microexpressions etc) are not only ineffective, but make you WORSE THAN RANDOM CHANCE at detecting lies. A person who has received no "training" in these stupid systems are better at detecting lies.
But cops love other cops and former cops, and have a shitload of money in their budget for stupid nonsense training like "Killology", and apparently have absurd and unscientific worldviews that they refuse to escape. So they keep booking the retired cop who tells them "that hoodlum who you feel is sketchy is definitely sketchy so trust your instinct" and do not book the scientist who tells them "actually everything you know is mostly wrong, and you shouldn't ever trust your gut".
It’s your right. But the agent is probably annoyed because it takes longer for them, you, and everyone in line.
It’s like your right to write a check or pay in nickels as well. But people get annoyed because you exercising your right and preference inconveniences them. Maybe also why people get annoyed by bicyclists going 15mph in a lane they legally get to use.
There’s lots of things that are correct and right but others don’t like much.
But the agent is probably annoyed because it takes longer for them, you, and everyone in line.
The agent has probably been trained by law enforcement in "compliance tactics": shame, cajole, embarrass, and intimidate the person who's refusing to do what you demand of them so that they do what you demand.
The agent could have done what agents in more-civilized countries consider to be their job and continued to process the returning citizen as they were entitled to be processed. He chose -instead- to delay the returning citizen and everyone else by throwing a coercive tantrum.
It's such a challenge coming up against this stuff. So many people will (understandably) just accept it and go along with it. Surveillance is normalised. Data breaches of our most sensitive data are normalised. Companies simply giving all this sensitive data to law enforcement is normalised. Fighting back is hard if it even occurs to you that you can and should.
My husband's workplace tried to force him to enrol in biometrics along with the rest of his company. It was just for doing timesheets. We'd have fought it if it were for identity verification and security as well, but no, it was just for bloody timesheets. Giving away immutable biometric data to a crappy third party company who has data breaches every six months just for bloody timesheets just felt extraordinarily ridiculous and audacious. My husband did encourage his colleagues to consider not signing it but nobody gave it much thought (or was worried about being fired).
We recently needed to verify our identities to a financial institution and they pushed hard to use a (different) third party biometrics system instead of the good ol fashioned just not doing that. We needed to provide them with all the normal ID documentation anyway. Why the hell would we sign up for biometrics on top of that?
I suppose my point is that people generally choose the path of least resistance (understandably). Turning the tides on biometrics garbage being normalised, the default, and probably the only way in the future is something I can't really see happening.
One nitpick, was the timesheet biometrics like a cheap fingerprint scanner on the wall like they have at restaurants? Because I believe those work like smartphone fingerprint scanners, you enroll on the device and it’s just a hash. The bank example is probably a real image of the fingerprints like done for passports etc.
And I believe the hash is salted so that it’s only useful for that timesheet system. So an individual’s biometrics could not be extracted or reused for other purposes.
Of course, I’d like to see auditing of the device and data to confirm everything.
It probably was one of those machines, thus was pretty low risk. The hashed data probably stayed on prem thus was pretty low risk. I don't know because when asked for literally any information at all beyond the three short paragraph 'privacy policy' provided (it had no information in it beyond 'we can do what we want; we are not responsible for anything' standard stuff and nothing else), including why they were refusing to allow my husband to use the other options provided on the same hardware like an RFID card or punching in a code, they refused to give any info. All of the stuff I asked to begin with were things usually covered in FAQ pages for such products, so nothing particularly sensitive and they refused. I also asked them for the model number of the hardware, clarifications about what the company's agreements with the vendor contained in relation to employee data, proper privacy policy, brief information on if they remediated their security issues after their last massive security breaches, whether they still ran on VB6, and some reasonably simple information again and they would not say anything. They expected (reasonably, it turns out) people to sign a three paragraph privacy policy without literally any of the information pertaining to the actual hardware, software, or governing contract involving their potentially extremely sensitive information. I don't care if the crappy scanners are about as high resolution as using the fingerprint features on a laptop and were salted and hashed, a workplace pushing that can actually just see me in court. It is not necessary. I don't actually care if it's one of the lower risk implementation options (for now!) because they shouldn't be allowed to demand any of this of staff in the first place in my not at all humble opinion. Even if they answered all my questions, and even if it were those lower risk implementations, he wouldn't have enrolled in it on anyway, because as they were told them from the start, privacy policies are as legally robust as pinky promises. Biometrics of any kind for bloody timesheets is mind bogglingly ridiculous.
I didn't really expect an explanation but I did ask why the business was prioritising something so expensive and seemingly unnecessary when they have three half implemented tech solutions rolled out across the country that would improve productivity massively if finished. I was being rude asking them that but I was curious, and they had continually responded to simple and clear questions and concerns about infosec with such garbage as 'but the whole company is doing it' and 'you're creating a lot more work for one of the ladies in the office because we're forcing you to use paper timesheets now instead of any of the logical options available to us. You should feel so bad at all the extra work you're making her do'. They couldn't even pretend to take the questions we asked seriously. They were the ones that kept interrogating for why he was never going to allow it; the only reason these questions were asked was because they kept pushing. It was such an insulting waste of our time. Hell no can they be trusted. Aside from management and HR being rude, threatening, and patronising (hardly unique), it's otherwise a pretty good job he enjoys.
Because I believe those work like smartphone fingerprint scanners, you enroll on the device and it’s just a hash.
"Probably X, but depends on the implementation" isn't very reassuring.
I, on the other hand, worked at a gym where members checked in with fingerprints instead of cards. Full scans showed on the till screen when people came in.
I have never _even once_ gone through the TSA naked scanner since they were put in after 9/11.
A pat down is invasive, but the pat down is ephemeral by its own nature.
Just wait until the TSA announces they trained an AI model on sorted naked images.
There are no “naked” images. Unless you consider x-rays and other similar imaging systems to create “naked” images.
There are no “naked” images.
Untrue. For years there absolutely were.
<https://www.snopes.com/fact-check/tsa-full-body-scans-privat...>
Unless you consider x-rays and other similar imaging systems to create “naked” images.
These are used in medical scenarios with your fully-informed consent. TSA was absolutely not forthcoming about the capabilities of their checkpoint scanners, and they earned the moniker "pornoscanner" for a very good reason.
Additionally, even ignoring the fact that most medical x-rays are used to look inside of you rather than at your skin (why would one use a fancy machine for a surface inspection when the Mk. 1 eyeball is Right There?), the context is completely different in a way that's very, very important.
This is categorically false unfortunately. Peruse the government’s own website for proof.
"TSA dick detector" then.
What's funny is other (possibly less trustable) countries will have your scan anyway... try "opting" out of the face scan when you arrive in India.
sounds like a good reason to not go to india.
Well that is a choice each individual does. I have never visited the USA either, and I have absolutely no plan to do so in my lifetime.
I think they (Palantir, Five Eyes, etc) already have everything on you and the face scan is just an added touch. You can opt out but then you’re just part of a much smaller subset that’s even easier to keep track of.
The TSA is putting a high resolution, 3D camera two inches away from your face and then are storing it in a readily accessible government database with no legal barriers to access (With Palantir, or any other private company the government would need to find a Judge to sign off on a national security letter or a subpoena).
With Palantir, or any other private company the government would need to find a Judge to sign off on a national security letter or a subpoena
Erm, only if the private company wants to keep the data from the government? But given we're talking about surveillance companies that make their money selling surveillance records, I'm pretty sure they're eager to give it to the government (for a price).
These scans are likely to be property of a dictator. Please prepare for that.
Likely? They already are.
But are you guaranteed this opt out will not be used against you in future circumstances?
No, but you're not guaranteed opting in won't be used against you either, and I'm more worried about that.
I saw these installed at a couple airports I was at recently. I opted out myself, but to my horror, 100% of the line, except for me, simply agreed to the facial scan. Even though there are signs in the security line talking about how the new process is a trial with the option to opt out, the TSA agent simply said “step up to the camera” and everyone complied. It felt like I was watching dystopia forming live because people are too ready to accept authority.
If a few educated people on hacker news opt out, it means nothing. The practice of invasive biometric scanning will be normalized by the masses who just comply. Just like with other existing security procedures. Soon the scans will be mandatory but also everywhere else in society. I’m not sure what a good defense is against this.
This is not suprising as people actively opt-in to give out every single detail of their life to third parties social medias on a regular basis.
Have they been scanning the faces of minors? Toddlers? Do parents need to opt out for them separately?
Yes.
The Vox article refers to an Algorithmic Justice League[1] article which footnotes the TSA article that says you can opt out [2]. I have to fly next week and if I have the guts to try this I'll definitely have the TSA article handy, not, er, the Vox article.
[1] https://www.ajl.org/campaigns/fly
[2] https://www.tsa.gov/news/press/factsheets/facial-recognition...
have been opting out for a while, including at Boston, never had an issue.
If you opt out, you can't use automated immigration and boarding systems at many airports. At Singapore's Changi, for example, their process for entering and exiting the country is incredible, fully automated (unless the system determines you need further verification by a human, but this still saves more time than only human verification for everyone). This is the same for boarding, you scan your boarding pass and it verifies your picture with a camera, then you just get on the plane.
I opt-in to everything. Global Entry, Pre, Clear Plus, Face Scan, uploaded my genome and medical data. I shall be the experiment. If you read on the Internet about "Guy who uploaded all his data gets what was coming" you'll know I did the wrong thing. But so far, so good. The stuff I didn't upload is in publicly available databases too. SSN etc. hahaha
I noticed last year that they’d simply say “photo” at the time they were to take it. Not, would you like to? (Because you’d say no)… nor you must. It’s mildly awkward, so they must’ve been trained explicitly to just say “photo” which is not a question or a command.
Wondering if this is a thing in Europe too? I did not know you could opt-out of this in the US but every time I go through one of those machines I always wonder where that data is stored, how long it is kept around and why.
I'm more bothered by the fact that customs agents can demand people unlock their phones [0].
The government already has your picture, but letting them copy device data over is a much more significant invasion of privacy
Also kind of pointless too, because anyone with something actually important could just encrypt it, upload it somewhere, and wipe the device. Good luck putting the packets through customs
[0] https://www.washingtonpost.com/technology/2022/09/18/phone-d...
Interesting read, I (a Norwegian citizen) traveled to the US (OSL -> CPH -> SFO and back) in July and was surprised by some parts of the procedures at the airport. Some notable parts of my experience:
- There is no longer the paper form you filled out on the plane/prior to customs. You fill out online forms (visa or ESTA in my case) months before you travel.
- Upon arrival customs and immigration took my fingerprints and photo. My passport and ESTA were in order and I have traveled to the US several times before (and well, I am a privileged ethnicity from western Europe), and the agent didn't do any questioning about purpose of travel, accommodation, etc this time. That has happened to me on previous trips though. This type of questioning always makes me feel uncomfortable and afraid to say something wrong, so that was a relief. I would certainly not begin to argue with the agent about opting out of the biometrics at this stage.
- My checked bags were not inspected by customs. On a previous US trip I did find a notice that the bag had been inspected.
- On departure, at the TSA bag check there were the full body scanners you step into and raise your hands. I didn't see any information about opting out anywhere, though I wasn't actively searching for it. There was nothing in particular that made me consider that my face was being scanned in detail here.
- At the gate I was surprised that boarding check was via facecam. This was the first time I have seen this and I had not considered that my pictures from before could be used this way. Everywhere else and all other times I have traveled you board with the barcode/QR on the boarding card and without any ID check.
So in my experience (as an admittedly privileged traveler) the system is optimized for efficiency and "convenience", but certainly not for privacy. There isn't much information to find about what you must do and what you are able to opt out of. Just do the same thing as the person in front of you in the line, ad infinitum. I know I should be more concerned about privacy in general, but the stress of travel and anxiety about doing something "wrong" and somehow getting in trouble with these agencies make me (and probably most others) accept these things.
Thank you for reminding me to renew my ESTA for this year.
I have a Passport, Global Entry and Pre Check. The digital ID and face scanning in general has actually been a pretty positive improvement. They already have the data anyways, might as well skip the showing my id nonsense.
That said I do think it should be default opt-out.
One interesting thing, in Arizona to get a "Real ID" drivers license that you can use in for flights, they make you use a face scanning app that runs on your cell phone. So sometimes they're getting the face scan done before you even go to the airport. I wonder if they can scan it at the airport no matter what, and just compare you to previous face scans? Hard to tell when these things actually happen.
I used to opt out of everything, and get searched manually but now I have given up. I applied for clear, I let them take my pic, I do everything because at this point I know they already know everything about me. It's sad, it's 1984-come-to-fruition, but I am too old and tired to keep tilting at windmills.
They've won.
I seem to recall one of the TSA screening lines at JFK had a sign indicating that one could opt out. I’m disappointed if airports do not have similar signage.
I misread the title at first. "Why would you opt out of a font?"
Last time I opted out of facial recognition when re-entering the US, I got put through an additional baggage and security scan with my passport literally locked in a box.
Those that leaked because of the CBP’s poor security practices? [0]
I really can’t wait for tomorrow’s hackers using the next generation of Sora to make fake video of me doing god knows what [1] thanks to the CBP’s next data leak.
And I can’t opt out, because I’m an evil foreign national. Or rather I can; it just means giving up on travelling to or through the US.
[0]: https://www.oig.dhs.gov/sites/default/files/assets/2020-09/O...
[1]: https://edition.cnn.com/2024/02/04/asia/deepfake-cfo-scam-ho...
They already have your photo if you have a driver's license or US passport or basically any form of government ID. The whole point is to compare it to what they already have.
So I don't really understand the privacy concerns here, but maybe I'm missing something. Is there something that these cameras record that is different from the biometrics they already have from your ID photos?
(You're also obviously already being constantly recorded by surveillance cameras in the airport, of course.)
It’s the principle.
State the principle.
The right for privacy and not being constantly filmed, monitored and recorded. That principle.
If you voted for the lawmakers in power, it's your responsibility to hold them accountable for their actions and to check at that level.
If you didn't vote for them, these laws still represent the choice of the majority (or at least of their representatives).
Either way, surveillance laws are a direct consequence of our democratic process and must be acknowledged as such.
Did you reply to the right post?
You say "it's your responsibility to hold them accountable for their actions and to check at that level"- but all I see in the parent comments is people discussing politics. People saying "I think this law is bad" is a critical part of the exact democratic process you seem to hold in high regard. That's how you get a consensus among the electorate that can push representatives to oppose future surveillance legislation and repeal existing stuff.
(If you replied to the wrong comment, and meant to say this to somebody proposing overthrowing democracy or whatever, disregard my comment, obviously!)
I suggest to go and talk with the people who make the laws rather than make on-the-spot scandal with the agents.
Because here, we have a series of people who don't like the law (potentially for good reasons).
If the law is like that, it's because we have a "majority" (unless democracy is cheated) who voted for such things (additional control during plane boarding, to have border guards, to allow spying on private messages, etc).
The "majority" defended their right; the right to feel safe.
A bit like someone who does Open Carry in a state who doesn't want you to show weapons.
It may be not dangerous if you openly have a weapon, but other people still voted against that for their own reasons.
Opting-out isn't "making a scandal".
You can both opt-out and "talk with the people who make the laws", one doesn't preclude the other.
That is an idealistic view not grounded in reality at all.
You are describing a direct democracy, not the representative democracy that actually exists.
There are plenty of examples of laws, existent and nonexistent, whose status has little to do with the preferences of the general public. One need only look where there is a conflict between the general public’s interest and that of the government. Surveillance is prime territory.
Not worried about leaks?
"I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered. My life is my own."
-- Patrick McGoohan, The Prisoner
Well we don't have a right to privacy anymore so it's hard to argue even a basic principle, thanks SC.
The ability to go do something anonymously, perhaps some act of protest or resistance or sabotage, and then resume normal life afterwards without having to live forever after as a fugitive, it contributes to the legitimacy of a system that requires us to occasionally make compromises like being groped by TSA.
So long as I can assume an anonymous role on occasion, and other people can too, I must think twice before doing anything destructively rash. Nobody else has bombed this thing yet, and they surely could, so perhaps it exists with the consent of the people around it.
But if surveillance and control exceeds some ill defined threshold such that its not clear that so many of us actually could get away with fighting back against the machinery of control that surrounds us. Well then one must question whether it actually exists with our consent. And in that case, if we're lucky enough to be able to get away with dismantling it, it very well may be our responsibility to do so.
That's the principle. There must still be some line not yet crossed. Because otherwise there's nothing to do besides fight. So we don't let them cross whatever the arbitrary line is because most of us are not prepared for the fight.
The issue with that "principle" is that it takes one person, who could very well be from a different society with different ideas of consent, or just a suicidal lunatic or someone in for an insurance scam, to ruin it for everyone.
There is no real way around this.
I'm not sure if we're worried that the outliers are at the top exerting illegitimate control or at the bottom undermining it without justification but either way I agree that there are no easy answers here. It's just something you've got to navigate if you want to have a society.
you can take private flights, there is no TSA
if you can't afford your rights, that's a you problem, in America
I mean that's definitely an opinion you can have.
But I think society has decided people who want to engage in acts of resistance and sabotage shouldn't be allowed in airports.
As you might be aware there's quite a history of people using the aviation system to make a political point via sabotage.
The principle to exercise your rights, for any reason you please and without having to explain yourself.
That's definitely a reasonable point of view.
There's another point of view though that says that the aviation system is particularly fragile, and of course it has a history of being used for acts of extreme violence.
So there's a compelling state interest question here. Like I think people definitely DO and SHOULD have the right to be secure in their own homes, in their personal papers, and to be free from surveillance of their personal life.
I'm extremely amenable to the idea that you should be able to "exercise your rights, for any reason you please and without having to explain yourself" in that regard.
I think it's also clear that the rights one has are going to be circumscribed when participating in the aviation system.
So it's more a matter of degree than principle.
Sadly enough, this is the one most people who ask me why I opt out of face rec at airports don't seem to "get". They probe for more info, as if there needs to be some extraordinary reason for opting out to be justified over simply going along with it.
"They already have your photo". Yes, I know. I gave it to them in exchange for documents that grant international travel privileges. The rules/laws also say I can opt out of face rec and are posted on that big ass sign. I exercised my rights as a citizen to apply for documents within the rules allowed. Now I am excising my rights to the part that says I can opt out of having my pic taken every time I want to get on a plane.
I would like more clarity on the storage of the bio info derived from the photos. My guess is they keep updating profiles every time they take the pic, but discard the actual photo. This is not why I opt out, but like the salami slicing up-thread, I would guess they are waiting for everyone to get use to the pic at TSA before removing the opt-out clause and letting everyone know they are storing it to update profiles - for your safety. I am just waiting for that big leak, and then massive bio id fraud that will be harder to clean up than it is now. I know someone that has been a victim of id fraud (complete nightmare), I can't even imagine how one would clean that up once bio fraud becomes the norm.
The entitlement in your imperative demonstrated the principle.
State the principal that says totalitarians have the right to oppress. Don't make bad faith arguments that burden the innocent to state the obvious.
"I don't want to" is enough as long as I'm not legally obliged.
It doesn't matter for my purposes whether you agree with this as a principle.
Privacy is a concern but it’s more a matter of conditioning. Every time you actively consent to it, you’re submitting to the conditioning and further enabling the system to move in this direction as a whole.
I remember, it must have been in the late '90s, when Windows added the ability to get "important security updates" via the internet and a lot of people were turning it off. I remember a comment on slashdot about how we would all become conditioned to accept it.
Wow, did they also predict we’d “become conditioned” to upgrade Windows without using a CD-ROM?
Note the difference between what you said: "here's a different way of doing a thing that you're already doing, and don't mind doing, and understand the reasong for doing"
...and the thing that I said: "here's a thing that you don't want to do, and don't see the need for, but don't worry because it wont happen often" (then over time it starts happening often.
The former is not conditioning. The latter is.
The whole “boiling the frog” meme is that nobody notices the rights being curtailed over time. I understand the whole “not in public” thing but there’s still got to be a point where the depth and/or breadth of information gathered is too much.
It’s less of boiling the frog and instead a deliberate salami slicing tactics coined by Hungarian communists. It’s more apt in that we are aware of what is being done but unable to resist because each small change is ‘trivial’ until they have the whole salami and by then it’s too late.
It should be noted the frogs regulate their body temperature by jumping in and out of water and thus do react to even slow increases of temperature.
so what is the whole salami?
It's not unreasonable to know exactly who is on which flight imho.
It is slightly worse to have face recognition in public spaces, but your identity is not a secret. As long as this information is not available for private uses (aka, it is only used by law enforcement), i don't see the privacy implications of public facial recognition.
I’m old enough to remember a time when it didn’t really matter, the wrong person getting on the wrong flight was more of an issue for that person and maybe the airline.
Governments, like many other institutions, tend to find ways to generate demand for their services. By the time it happens the response is; ‘of course we need these things’, and in time that will be replaced by ‘that’s the way it has always been’ by people who don’t know any better. Just because it’s normal now doesn’t mean it always had to be this way.
I’m not going to summarize everything the whole salami encompasses - that’s a rather big topic that’s probably best left as an exercise for the reader.
It's not that they took my picture at the DMV to put it on my license. It's the idea that through this picture, they're going to decide if I can fly or not, and I have no process to challenge that determination.
Why is the government allowed to decide if I can fly domestically or not?
Why is my biometric data required to fly? This is why I can't fly. I refuse real ID. I refuse a passport. These are not prescriptive rights the government has over my affairs.
Do they also have my drivers license information?
Participation in large scale societal interaction requires some trust. Throughout the history, we've slowly decided to compromise by giving up on privacy and increasing that trust in specific circumstances. You can argue whether post-9/11 changes are necessary or it's just a security theater, but it does bring a peace of mind for everyone else on the plane (e.g. "all these hundreds of random people at least are not in no-fly list").
It doesn’t bring me peace of mind to know I have the privilege of flying, today, while other innocent people are banned by a racist authoritarian government. It gives me fear that I could be the next victim.
Have _we_? What mechanism did _we_ decide this by? Why is there zero alternative mechanisms for boarding a flight if I refuse to share my "biometrics" with the state?
We were given specific intelligence on the 9/11 attackers and their plans before they were enacted. The "shoe bomber" was let on a plane and only stopped by alert passengers. Private plane passengers do not have to go through security checks. Your peace of mind is a total lie.
"They already have this info" is one of four forms of "privacy nihilism" commonly argued against the right to privacy. I forget all four, but one other one is "I have nothing to hide anyway"
I found your comment by idly searching the word "nihilism" in the Algolia HN search box. I was delighted to learn about privacy nihilism and am curious what the other forms are, haha
The super duper classified high security no-flight list was shared internationally via a public ftp server with the username and password anonymous:anonymous.
A hacker that disclosed that responsibly got into lots of troubles for exposing that. [1]
So I'd argue indeed I assume that TSA and border control use the most incompetent and most lying way to solve anything when the control mechanism are privacy laws. They literally care 0% about that. If they say they delete something, I assume they keep a physical copy.
And I totally understand people worrying a lot about that, given the golden age of deep fakes we live in. Imagine what's possible 10 years ahead when that biometric data can be used to imitate and authenticate you.
[1] https://news.ycombinator.com/item?id=34446673
Counterpoint, I have opted out at multiple airports including Boston without event. They all know opting out is a thing, they press one button to turn off the camera, I hold up a piece of paper over the cameras anyway just in case, and they have never said anything.
One reason to opt out even though everyone says “they already have your picture 1000 different ways” is that these cameras are not normal cameras, they are stereoscopic close-range cameras that take a 3D image of your face. That takes facial recognition accuracy up to 95%+, from 70% or less on a normal photo.
Furthermore, they say they do not retain the image. That may or may not be strictly true. But they do not say they are deleting the eigenvector, facial measurements, a hash of the image, or any other useful derivatives of the image
So what? Do you think that the thousands of cameras you encounter every day aren’t doing this already?
I think the aim for culture is to limit what we can do with these data, rather than to try to prevent collection of these data. Cameras are too plentiful and powerful to not expect your image linked to your identity. Especially for governmental, lawful uses like immigration screening.
Would you consent to DNA screening every time you fly? You have to draw the line somewhere and I would rather draw the line here (not consenting to airport face scans).
If it was noninvasive and already pervasive, yes.
It’s not that I like facial scanning. It’s that it is pervasive and can do nothing about it.
OTOH maybe we shouldn't make it too easy for them by giving in without any resistance whatsoever. Fight this to delay or derail the next thing which will be even more.
It’s not like we chose. Cameras and transistors are just absurdly cheap and have millions of other purposes. So we’d have to shut down tons of other useful functions to change it.
Just like dna sampling will one day be so cheap that air conditioners test for every person and every germ they see. It will be so cheap as hard to stop. I guess we can resist digital stuff making dna cheaper. But we’ll have to stop all the other benefits (real time, targeted anti-virals, etc).
What? No. The problem with this stuff is the privacy-invasion aspect.
For example, ubiquitous camera installations in public spaces and businesses are 100% fine if they're truly closed-circuit systems that have no storage capability. If all these cameras offer is tele-vision, then there's no privacy problem.
So, if this sort of stuff was guaranteed to be used for a purpose that's beneficial to individual clients and the public at large (rather than scraping up pennies by selling the recordings to data brokers and data analysis firms), there'd be no problem at all.
The solution becomes clear: make video, audio, still image, biometric, and behavioral data toxic waste.
* If a company ever uses such data in any way that's not clearly and conspicuously disclosed in plain English to their clients, fire every executive member of that company and permanently bar each of them from holding any executive or management position ever again.
* If a company ever sends any payment (whether monetary, or in goods and/or services rendered) to a company that is (or owns) a data broker, customer/consumer data analysis firm, or similar, then that company is considered to have engaged the services of said company and presumed to be sending the data of their clients to said company. Fire every executive member of that company and permanently bar each of them from holding any executive or management position ever again.
This doesn’t seem realistic to me because those data are useful for so many valid purposes and the tech is ubiquitous. So we’d have to regulate and it would be expensive and futile.
Your solutions are difficult to enforce (eg, “fire every executive” doesn’t work even in things like Enron or mine disasters).
No shit? You don't say.
Seriously, regulations and laws are how you get companies to act against their own best interests.
You seem to have forgotten the second part of the punishment. I'll quote the punishment again:
I don't remember any Enron executive being barred from holding any executive or management position ever again. Do you?
Oh? Someone comes to the relevant regulator, or Federal law enforcement with evidence of this crime happening. By law, FedGov will be obligated to investigate. Either they corroborate the evidence and deliver the punishment, or they do not and they do nothing.
This punishment is so extreme that you will only have to catch a few companies to prevent nearly everyone else from breaking this law. (After all, what executive team would risk decades of each of them getting a seven-to-eight-figure salary just so that a couple of them can get a one-off bonus one or two orders of magnitude smaller?)
There are all sorts of things that are cheap and easy, but society considers so dangerous that they are restricted by law. That doesn't stop all ne'er-do-wells, of course, but it stops most.
That’s circular reasoning. It is all the more reason to oppose this crap today so it does not become pervasive. Think of anything that you don’t like but is pervasive. Don’t you wish the people that came before you would have opposed that a bit harder so you don’t have to deal with it now?
The noninvasive part of your argument does matter, but I feel that’s much harder to define as everyone will draw the line somewhere different.
I don’t think it’s circular as things become pervasive not because of slippery slope of just a few cameras and then adding more, but because the tech in those cameras became cheap from other trends.
In that cameras aren’t cheap inherently, but because chips and storage and power are so cheap it leads to cheap cameras. So people chose all of the other non-camera functions that also led to cheap camera.
For dna, I wouldn’t be a fan of just gradually adding dna identifying machines until it’s pervasive. I’d like to not do that. But what I mean is that dna sequencing will become so cheap due to other factors that it will be pervasive to just add id machines to air conditioners or whatever.
I have no idea where you live, but I for one do not encounter “thousands of cameras” every day. It’s not even close to that.
I live in woods a couple hours from any city.
My car has 2 cameras, my house has 4, my neighbors on either side have a bunch. Most folks around here also have dash cam in their car. All the businesses (pizza places, auto parts shops, small engine etc) have cameras everywhere. Local PD has new axon body cams. We for some reason have red light/traffic cams. State Routes, Interstates have cameras roughly every half mile.
If you are even remotely analagous to most people on HN, you are recorded at least once a day 1. without your knowledge 2.without consent.
recorded a dozen times =/= thousands of cameras. likely not even 100 cameras.
my neighbors all have door cams but the liklihood of them seeing me as I drive by is low. even if I get tagged by literally 20 cams on the way to work and on the way back, plus another 20 getting lunch, I'm still nowhere near "thousands"
you must not live in a city or suburb then? cameras in cars, cameras on doorbells, many security cameras with multiple angles at most stores, shops, places of employment, large fraction of houses, city streets, etc
I don’t live in the US. Maybe that’s the difference?
It would sure be nice to place those limits, but in the meantime it’s still worth opting out right?
Worth it to some people. People opt out of vaccines too, or not using smartphones. I think it’s a situation where people can opt out, legally and ethically, but few will.
Yes I agree completely. But given the capacity, isnt it a good move? I wasn’t making any statements about what most people have the time and energy for.
Of course that's happening. It's still worthwhile to reduce the amount of this sort of thing where possible, though.
I agree that the real, serious issue isn't the photos themselves as much as the databases that hold them.
That said, why not address both problems? Particularly since we can't ever actually know if photos are being stored or not, but we (usually) can see the camera. In terms of verifiability, restricting the use of cameras is better than restricting the use of the data.
Interesting, I'm fairly sure the cameras at one US airport I was (maybe Salt Lake City?) were just bog standard Logitech C920 like my previous webcam. Do you have more information on the cameras?
Haven't seen the setup but it seems possible to me that there may be several cameras, one that is clearly visible and used to give visual feedback in the computer screen so that you put your face in the right place, and another one that actually do the biometric scan.
The automated passport gates have way more, but the manual photo checks by guards are indeed a mounted C920.
Single sensor face rec is already above 95% on surveillance cameras, which do not have ideal positioning, even when they are intended specifically for face rec.
Accuracy is heavily dependent on how large the populations you’re dealing with. If you’re comparing footage from surveillance camera vs a database of 100+ million people that’s tough. Most algorithms are being tested at 10^5 vs 10^6.
Worse, unlike false positive with fingerprints the suspects will likely look similar to the cops not just the algorithm. There’s a major incentive to opt out simply as a result of false positives.
Even if its a non-special camera.. they're capturing a fixed profile photo. That's the gold standard used for matching against a dataset.
a bunch of unhelpful commenters will add that they anecdotally did not experience inconvenience.
this was the same play book with milliliter wave scanners, which are now proven to not be completely safe but who cares. at first you could opt out. then opt out was the same as mandatory patdown. then opt out meant an extra 30min wait by the xray scanner... etc. now its fully not an option.
meanwhile i bet the 911 hijackers would have zero problems getting pre check or whatever other private scamer is selling the no-scan boarding these days.
lastly, yeah, this is totally so they do not need a warrant to unlock your phone if you have face unlock. in the most plain and obvious Kafkaesque "he did provide the facescan willingly your honor. not once he opted out, which was always an option".
You can absolutely still opt out of body scans. Talk about being unhelpful.
with the barefoot wait that now is over 30min on lax or other major places. that is the same as losing your flight on the majority of cases.
and sorry if you cannot understand why countering reports of the exception with the rule is not helpful. thats how you get things like whitelivesmatter.
Nonetheless, the option exists. Get there early and you have the option.
(thumbs up emoji)
I did not wait anywhere near 30 minutes at LAX when I opted out there a couple weeks ago!
If you can cite some evidence that your impression is the rule, that might be helpful. My own experience, having opted out and gotten the pat-down every time I've flown since the new scanners were introduced, is that the process has not really changed at all over the years, and opting out has never come close to causing a missed flight.
Look no further for evidence of the hilarious security theater of the TSA than paying them a yearly fee and checking a box on a piece of paper a random employee in the back of the sad empty local Staples store that says "I'm not a terrorist I swear". And suddenly you dont have to take off your shoes or be body scanned and literally none of it matters...
That and the fact that they fail their internal testing regularly.
The TSA is as effective at keeping weapons out of secure airport areas as the tech industry is effective at keeping the CEO from clicking a phishing link.
I still opt out but its gotten very nasty. Last time, I got my testicle grabbed by the agent. So much for the upside down cup.
> which are now proven to not be completely safe but who cares
I'm not trying to prove you wrong, but if you have any links, that'd be cool to include.
As an aside, TSA Pre lines just have normal metal detectors. It's worth paying for it just for that IMO.
(It also frankly showcases that this is all dumbass security theater, but whatever)
They require fingerprints for TSA Pre. The same people who don't want to be xrayed won't want the FBI keeping their fingerprints on file.
There's a massive difference between fingerprints and a model of your face.
They're not going to trace my fingerprints to what activity I was up to before flying an airport.
You know normal American stuff.. buying porn, accepting political literature, spending too much time in a public bathroom, and then going to the gun store.
There is a veil of secrecy to the devices (identified here: https://meridian.allenpress.com/radiation-research/article-a...) which makes them difficult to study, however millimeter waves themselves are studied: https://ieeexplore.ieee.org/abstract/document/10590163
While looking around I also found this handbook: https://books.google.se/books?hl=en&lr=&id=OVRFDwAAQBAJ&oi=f... which is quite informative.
Wouldn't that be Orwellian? Which Kafka story did I miss?
That's verifiably untrue, unless they've changed this in the last week or two, and you'll need to provide some documentation if that's the case. I've always opted out, and I've never had anyone try to tell me that I couldn't.
Wouldn't that be Orwellian? Which Kafka story did I miss?
I fly at least twice a year, and often more than that. My flights are many times along the east coast of the US but also occasionally elsewhere in the country.
I have never gone through a body scanning machine. Not once.
Opting out still works just fine.
I've had no such trouble in Boston. In Denver, I got an annoyed agent, but no argument. They flipped through their TSA state ID binder and did the customary comparison, but no argument.
I actually have taken up the habit of wearing a surgical mask through security simply for this purpose, right up until I've opted out and they have my ID in hand. When they ask me to lower it I do, but not until I've opted out.
The surgical mask is an excellent low friction strategy. Even if the camera ("accidentally") gets a few snaps of your face, they will be (mostly) useless. And post COVID-19, you still see some people wearing masks on flights, so you don't entirely look like a crazy person.
BTW you should probably still be wearing a mask on a flight if you don't want COVID-19. You also avoid many other diseases as a bonus. This is the new normal - public health is dead and it's all pushed onto the individual now.
Masks don’t keep you from getting COVID. They only help prevent you from spreading it.
???
Most masks don't have a one-way valve that only filters your exhalation, leaving inhaled air unfiltered. Any given mask is going to be roughly as good at filtering incoming air as it is at filtering outgoing air.
It is true that most masks were build initially to prevent airborne transmissions from wearer to others, typically patients in a surgical setting. However studies have later shown that protection works both way.
Both. To some extent.
Depends on the mask. N95 protects you pretty well.
I wouldn't say it renders the camera "(mostly) useless." I have brief experience developing software to work with a facial-recognition camera that was specifically marketed as being able to recognize people wearing masks (this was in the middle of Covid). Indeed, it had no problem recognizing me with a high confidence level. If anything, wearing the mask is (mostly) useless in protecting your identity.
I'm not particularly interested in concealing my identity from the TSA. My intention is more to prevent the collection of a high-resolution 3D scan which didn't previously exist -- which I would wager the mask effectively does.
I understand it's possible to construct a 3D representation of my face using only still photographs, so it may be in vain, but I'll wear the mask and admit it may be pure ignorant superstition.
My thinking exactly. Surgical masks are commonplace on flights now, and I assume by default that those cameras are already on when I step up.
Wait, what is this? I've never seen anything like that, normally they just check the name on the ID matches the boarding pass.
You're saying they literally had a book of all state IDs?
You're saying they literally had a book of all state IDs?
I had a similar experience with an annoyed agent, who also made sure to point out how I was holding everyone else up instead of just letting my picture be taken. The agent likely didn’t realize that showing that pettiness really reaffirmed my choice as to why the data collection is dangerous to begin with.
I feel like as a non-white person I would not try to fight these kinds of things. I want to be at my destination, not in a jail. I'll leave it upto the white people to audit their rights, it's less risky for them. I also have a cardiac implant, if they try to tase me I might even end up dead.
As an Indian American, I opt out of this photo scanning and the mm wave scanners (and get a pat down) every single time.
The system needs active backpressure.
Out of curiosity why do you dislike the mm wave scanners?
(I always ask to be opted into them because they seem to understand my cardiac device and give me a green light, whereas the metal detectors always trigger, followed by a yelling contest where they are yelling at me to take shit out of my pockets and I'm yelling that I don't have anything in my pockets and have a cardiac device)
the MM wave scanners were banned by the EU due to radiation or more generally "in order not to risk jeopardizing citizens' health and safety.", they're literally unnecessary X-rays.
In the US they were enabled by a former TSA agent, gone contractor, and selling it back to the TSA
X-rays? MM wave is not ionizing and is extremely safe. I'm not aware of any X-ray emission from those devices.
you got your answers about why people dislike them
I refuse to use the pornoscanners because
0) For years and years and years, European prisons and airports refused to use them because they were deemed to be largely ineffective.
1) They're very, very, very expensive.
2) As mentioned above, they're ineffective. Explosives in a body cavity or a dense hairdo, or spread thinly across one's skin cannot be detected by these devices. Early on there were also demonstrations of fairly-reliable methods of storing weapons that would have been detected by a metal detector on one's person so that they could not be detected by the scanner.
3) When checkpoints get backed up and the lines get too long, TSA often bypass the scanners AND patdowns by running huge numbers of people only through metal detectors.
4) When they were first introduced in the US, they were obviously sufficiently-high resolution to get a clear nude picture of you.
5) No thought had been put into ensuring that these nude photos were not stored... and the only way this was discovered was by some researchers getting a hold of one and finding all of the nude photos of travellers on the thing's storage.
6) It was very, very obvious that TSA screeners were using the pornoscanners to perv on attractive travelers. I used to fly a fair bit and I often heard smoking-hot babes and dudes talk about having to go through the scanners multiple times because of a "glitch" or a "bad scan".
The claim is that points four through six were addressed by making the on-scanner screens show a paper doll with a "region of interest". I have zero faith that the scanners stopped storing full-resolution scans on the machine's local storage, and zero faith that checkpoint personnel are unable to access that storage. I also note that even years after the paper-doll update, checkpoints had a habit of refusing to run children under 13 through the scanner, and usually ran families with kids so young just through a metal detector. This absolutely is not evidence of data storage, but given how insane the US is about data handling regarding kids under 13, it sure is suggestive of it.
Probably because of radiation
The peer responses pretty much cover most reasons.
Aren't tasers certified not to interfere with pacemakers and similar things?
Yes|No.
They don't interfere with pacemakers.
They can cause arrythmias, and even cause respiratory arrest.
They're probably more likely to cause such things in people that need pacemakers.
Tasers were tested on four healthy pigs with pacemakers .. All OK.
https://www.ahajournals.org/doi/10.1161/circ.118.suppl_18.S_...
isn't as cut and dried as some might claim.
Penn Jillette made this argument, about this specific scenario, 20 years ago. Privileged people have an obligation to stand up and defend the oppressed, because they can afford to, but the oppressed cannot.
https://www.reddit.com/r/reddit.com/comments/36lg/penn_jille...
Aren't tasers certified not to interfere with pacemakers and similar things?
What I really like is that the signs say they don't retain the image for more than a certain amount of time. Yes, most definitely the TSA does not retain it. But the Five eyes surveillance scheme? You can bet they do.
The sign continues…
…unless you’re not a US citizen, in which cases we retain the image forever. You can’t opt out.
... well the US gov already has my face from my Visa application anyway.
That's true for some, but there are many countries with visa-free travel to the US.
I believe there's also an exemption for Canadian citizens. [1] and [2] (Cmd-f "Canadian")
[1] https://www.cbp.gov/about/congressional-resources/testimony/... [2] https://www.cbp.gov/sites/default/files/assets/documents/202...
I guess "it's not retaining if they end up not "using" it"? With "using" creatively defined elsewhere. None of these words means anything anymore.
right, optional as in you can walk away, but you can't get past TSA to your flight
Is there a photo booth available outside? I would definitely not take of my mask in an airport. I would rather miss my flight.
To be fair every photo you have ever uploaded to the internet of your face is also going through this TSA line 1000 times a day. Which is also horrifying.
In my opinion faces are really not very good ID. I think it could also be distracting from the wayyy scarier types of identifying you like the storing of DNA for simply being arrested... not even convicted of a crime... forever...
File a complaint.
https://www.tsa.gov/contact-center/form/complaints
The process is optional and you were coerced.
https://www.tsa.gov/biometrics-technology/evaluating-facial-...
As a somewhat frequent flyer I now am seeing signs (in CA airports) that inform people they are allowed to opt out.
I was flying through JFK in the past year, JetBlue, and there they had these types of cameras at the boarding area, in addition to TSA. So instead of handing your ticket to the agent, scanning, go on plane, you self scan, there's a picture, and big gates open to let you on. How do you opt out of that?!? Also it was a disaster logistically because the machines were finicky, it moved super slow.
see: https://ir.jetblue.com/news/news-details/2018/Your-Face-is-Y...
(your face isn't your boarding pass, your face AND your boarding pass is your boarding pass)