The National Academies Press

Currently Skimming:

Pages 214-231

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 214... ... 214 Legal, Policy, and Privacy Review The Supreme Court has recognized the common law root of the right to privacy.113 There are four well-established common law privacy torts: (1) unreasonable intrusion upon someone's seclusion, (2) Read the entire page →
From page 215... ... Legal, Policy, and Privacy Review 215 decided that the government's acquisition of information from a third party on the defendant's cell-site location was a search under the Fourth Amendment for which a warrant supported by probable cause was required.123 Private Parties As noted in Chapter 3, where a private party acts as an agent of the government, that conduct may implicate Fourth Amendment principles pertaining to searches. Examples where the courts have found that a search by a private party was conducted as an instrument of the government include where an airline employee, who had been an informant in the past and financially rewarded for his assistance, performed a luggage search,124 and where an airline employee conducted a search of luggage pursuant to airline and FAA procedures.125 The fact that the federal government has not compelled a private party to take a particular action does not by itself establish that such action is a private one.126 For example, encouragement or endorsement of a certain action by authorizing it and removing all legal barriers to it "suffice[s] Read the entire page →
From page 216... ... 216 Airport Biometrics: A Primer Next, Justice Kennedy balanced the government's legitimate interests against the degree to which the search intrudes upon an individual's privacy, finding that the former's interest in verifying the identity of a person in detention; determining the risks such person presents to facility staff, the existing detainee population, and new detainees; ensuring the accused person's availability for trial; deciding whether the individual can safely be released on bail; and preventing the detention of innocent people outweigh privacy intrusions from DNA identification.137 Specifically, Justice Kennedy noted that the intrusion of a cheek swab to obtain a DNA sample is a minimal one because its context, police custody, diminishes privacy expectations; it is brief, painless, and does not break the skin; and the sample only reveals an individual's identity, not any genetic traits.138 Thus, he concluded that the search in this case, unsupported by any individualized suspicion beyond that which supported the arrest, was reasonable.139 In his dissent, Justice Scalia responded the Court's assertion that "DNA is being taken, not to solve crimes, but to identify those in the state's custody, "taxes the credulity of the credulous."140 He maintained that the majority uses "identify" to mean finding out what unsolved crimes the arrestee has committed, since, in this case, what the DNA match identified was a previously taken sample from an earlier crime.141 In fact, King's identity was already known when he was charged -- before the DNA database returned a match.142 Consequently, because suspicionless searches have only been permitted when the primary purpose of the search was not to detect evidence of ordinary criminal wrongdoing, DNA identification searches must, Justice Scalia contended, require some level of individualized suspicion.143 It is well established that suspicionless searches of all persons -- such as fingerprinting -- for ordinary law-enforcement purposes would violate the Fourth Amendment.144 Extrapolating from both King opinions, arguably the use of facial-recognition technology to identify air passengers is even more safely within the ambit of Fourth Amendment reasonableness than DNA identification. Unlike DNA identification, identification via facial recognition would be for non–law enforcement investigatory purposes, including verifying that the passenger may lawfully enter or exit the country and ensuring the safety and security of other passengers, the airplane crew, and society at large. Read the entire page →
From page 217... ... Legal, Policy, and Privacy Review 217 use, and sharing of personal data; and (3) unfair or deceptive acts or practices, such as failure to comply with a company's stated privacy policies."146 The overarching federal law governing federal agencies' collection, use, and disclosure of PII such as biometric data is the Privacy Act of 1974.147 Privacy Act of 1974 The Privacy Act of 1974 governs what information is collected, maintained, and used by federal agencies.148 Where a federal agency creates records retrievable by personally identifying information to satisfy requirements required by law,149 legal requirements governing the collection, use, retention, dissemination, disclosure, and maintenance of individuals' personal information are set out in the Privacy Act of 1974. Read the entire page →
From page 218... ... 218 Airport Biometrics: A Primer of the passenger, and TVS compares it to the photos in the gallery to verify the passenger's identity. In essence, TVS uses an algorithm to "perform both 1:N and 1:1 facial-recognition matching."166 Once confirmed, after a matter of seconds, the passenger is free to board, and CBP creates an exit record for the passenger.167 Photographs of U.S. Read the entire page →
From page 219... ... Legal, Policy, and Privacy Review 219 • Prevent and address unfair or deceptive acts or practices; • Seek monetary damages and other relief for conduct injurious to consumers; • Prescribe rules defining with specificity acts or practices that are unfair or deceptive, including the ability to establish requirements designed to prevent such acts or practices; • Conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce; and • Make reports and recommendations to Congress and the public.178 Within the scope of the FTCA is the authority to combat unfair and deceptive practices regarding the collection and use of biometric data.179 The FTC's authority, however, is limited. For example, it may not require retailers to have privacy policies, only that if they do, they may not engage in unfair or deceptive practices (Zimmerman 2018; Voss and Houser 2019) Read the entire page →
From page 220... ... 220 Airport Biometrics: A Primer CDC by screening passengers in the interest of aviation safety, maintaining a do-not-board list (identifying persons identified by CDC as public health threats) ,187 and canceling flights (if the CDC has determined that a person aboard the aircraft has been exposed or infected with a pandemic disease) Read the entire page →
From page 221... ... Legal, Policy, and Privacy Review 221 Figure K-1. How a bill becomes law. Read the entire page →
From page 222... ... 222 Airport Biometrics: A Primer Survey of State Laws This section contains a survey and description of state laws that specifically govern the collection and use of biometric data, including facial-recognition technology (see Figure K-2) Read the entire page →
From page 223... ... Legal, Policy, and Privacy Review 223 tech nology to "tag" persons in users' pictures.201 The Ninth Circuit Court of Appeals determined that Facebook's collection, use, and storage of biometric identifiers without a written release violated the procedural protections provided under BIPA, emphasizing that this was the type of harm targeted by the act, and thus found the plaintiffs had articulated "a concrete and particularized harm, sufficient to confer . Read the entire page →
From page 224... ... 224 Airport Biometrics: A Primer Texas The Texas biometric privacy law, like that of Illinois, requires persons or entities that collect biometric data to inform individuals before capturing the biometric data and to obtain the individual's consent.211 Unlike the Illinois law, the Texas statute does not require a written release. The Texas law, however, like the Illinois law, does prohibit the sale of biometric information, and it similarly sets restrictions on the storage of such information.212 Lastly, although modeled after BIPA, it lacks any private cause of action, relying on the state's attorney general to enforce and, as appropriate, impose sanctions.213 Washington Washington state's biometric privacy statute entered into effect in 2017 and regulates commercial uses of biometric data to require notice, consent, and a limited ability to sell the data.214 Washington's law also does not include photographs, video or audio recordings, or facial geometry as biometric identifiers.215 Unlike the Texas law, it does not require that consent to collection of biometric data be in writing. Read the entire page →
From page 225... ... Legal, Policy, and Privacy Review 225 In sum, with respect to privacy laws enacted in Texas, Washington, and California, there are variances with respect to: • The definition of biometric data (e.g., application to the image/data collected, but not to the analysis of the data) ,226 and • The scope of coverage (commercial purpose but not extending to data collected for security purposes, arguably excluding timekeeping uses) Read the entire page →
From page 226... ... 226 Airport Biometrics: A Primer International Organization Activities There are a number of international organizations working, coordinating, and collaborating with others to support initiatives to achieve a more seamless travel experience in the air environment. Significantly, most advocate for global standards in an obvious effort to incorporate uniformity in international aviation.234 Beginning in the late 1960s, ICAO begin work on developing a machine-readable travel document (MRTD) Read the entire page →
From page 227... ... Legal, Policy, and Privacy Review 227 experience through security touchpoints by "sharing a single set of passenger identity information among authorized stakeholders in accordance with data privacy rules" (ICAO 2019) Read the entire page →
From page 228... ... 228 Airport Biometrics: A Primer 116. Griswold v. Read the entire page →
From page 229... ... Legal, Policy, and Privacy Review 229 147. Read the entire page →
From page 230... ... 230 Airport Biometrics: A Primer Report 2019-XX of the DHS Data Privacy and Integrity Advisory Committee (DPIAC) : Privacy Recommendations in Connection with the Use of Facial Recognition Technology As approved in Public Session, https://www.dhs.gov/sites/default/files/publications/DPIAC%20DRAFT%20Biometrics%20Recommendation %20Report%20v4_02.06.2018.pdf. Read the entire page →
From page 231... ... Legal, Policy, and Privacy Review 231 failure to comply with statutory requirements associated with an account to biometrically access a vending machine) Read the entire page →

From page 214...

... 214 Legal, Policy, and Privacy Review The Supreme Court has recognized the common law root of the right to privacy.113 There are four well-established common law privacy torts: (1) unreasonable intrusion upon someone's seclusion, (2)