Hacker News new | past | comments | ask | show | jobs | submit login
JetBlue has started using facial recognition instead of boarding passes (iflscience.com)
175 points by blahedo 85 days ago | hide | past | web | favorite | 166 comments

I have to admit my naivety on this, but: What exactly is the problem here?

Both the airlines and the involved law enforcement have a right or even a duty to know who you are when you are boarding the plane. They also have facial recognition data, either from a passport photo or putting a camera in front of the check-in, and arguably they have a right to that.

People walk around with their faces all the time. They post it on social media. Would it be a problem if a security guard lets you through a gate because he recognizes you? Is it more troublesome that all security guards of the airline now can recognize you at the gate?

I think we need to be more precise about what exactly is spooking us and why. Using facial recognition for boarding security is not as big as a problem as facial recognition being used for law enforcement or whatever they do in China now. But that's a topic for legislation and regulation. If companies are prohibited from storing personal data without consent, that should be enough to stop almost any legal infringement.

If such legislation is impossible, because your government is completely unaccountable, or because companies are unaccountable to such laws, then that is a much bigger problem than the potential for violations of privacy...

With regards to privacy I keep coming back to the conclusion that it is more important and effective to improve and enforce regulations than to beat up on particular technologies.

> I think we need to be more precise about what exactly is spooking us and why.

What's spooking me is the normalization of facial recognition technology for identification without adequate public agreement over what the limits of its applications should be.

A machine recognizing me is a lot different than a human recognizing me. If a machine can recognize me, there can be cameras posted at every street corner, and some organization can reconstruct my movements based on where and when my face is pinged by the system.

It's sort of possible for humans with access to surveillance footage to do that, but the amount of human effort required to accomplish it makes it impossible to do at scale. An automated system could do this for everyone, always.

Add to that that the convenience argument is pretty much bullshit. At least when you apply it to travels in the Schengen countries.

On such flights you essentially (can) check in remotely, receive the QR code via mail and essentially badge yourself into the plane all the way without ever showing ID.

I can't fathom that scanning my face is any faster than that.

This isn't quite accurate for some parts of the Schengen area. Everyone on my flight was required to go through ID controlled when flying out of "Switzerland" [1] to an EU Schengen area country, though I'm very aware that CH is usually an oddball in these matters.

[1] The Basel airport is technically in France, though the Swiss part of the airport which I entered is treated like it's in Switzerland and not in the EU, as far as I understand.

I took dozens of flghts out of and into ZRH and was checked exactly twice. Both times upon arrival at the gate:

Once upon arrival in Prague and once in Zurich upon arrival from Athens.

In all other cases the whole process, at least in ZRH, was completely automated.

It does depend on country and airport, though.

Customs is a whole different kettle of fish. But as for id, I'm very rarely asked.

Hmm, this may be unique to the Basel airport, and perhaps the airline I was flying on. The gate was actually past a physical barrier with booths for checking IDs, similar to the Schengen borders in airports.

So it's still not the problem that a machine can recognize you, but rather that somebody is tracking and storing such recognitions.

Which is an entirely different thing. The former is a technological reality. It's impossible to legislate away devices who can do that.

Tracking and storing personal data on the other hand, is very much within the reach of regulation. The GDPR for example restricts this. Even if somebody has devices who can recognize you is not allowed to store and track data about such recognition incidences without your approval. In this particular case, they don't need your approval because the camera is used in lieu of a boarding pass, and the airline has every right and duty to know you are boarding right now.

In case you are worried that the airline connects your travel patterns with other companies interested in other patterns, well, that works with a boarding pass or even a simple check mark on a pen-on-paper boarding list just fine.

The machine recognizing you was the harder problem. That's the "Minority Report" stuff that people thought was in the _far far_ future that we don't have to worry about constantly.

Storing and using that model across various devices is trivial. So if we've done the hard part, the easy part is _definitely_ going to be done. There's no doubt about that.

States, companies that can convince the state that they somehow need the data (cough insurance companies) will, I repeat, WILL utilize it. And now, suddenly your premiums for this month have gone up cause in that ski trip you took last weekend, a camera noticed the lack of headgear for about 5 mins. That's the kind of risk the insurance company cannot take. Pay up.

"Minority Report" was about something that Humans couldn't really do, meaning to look into the future, and they even needed psychics to do it...

Good luck trying to advance science by avoiding to invent anything that can recognize image!

Taken metaphorically we’re not far away. Imagine if we come to trust ML to make decisions for us in everyday life, and we build a system which can predict with high confidence that someone will commit a mass shooting. Is it so hard to believe that might be acted on?

To avoid these issues it is imperative to hold natural and legal persons responsible for the software they use, just as it has always been, regardless if it is using anything artificial intelligence-ish. Under that rule there will always be a way to handle problems arising from AI. Without following that rule, pretty much nothing else matters.

In the case of the mass-shooting prediction: Good luck proving that it is accurate enough to legitimize punitive consequences for the suspected perpetrator, and without violating a half-decent democratic constitution.

Some of the predictors are in themselves crimes, and picking those up would justify correctional measures, no problem. Schools and police also need to get a lot better at picking up and handling mental health problems, be it through algorithms or smarter laws and procedures. Make it easier for the mentally ill to get medical help than to buy an assault rifle, for starters.

> It's impossible to legislate away devices who can do that.

It is actually be pretty trivial to legislate restriction of these devices. We do that all the time.

edit: Especially on planes where shampoo-technology is pretty much outlawed...

It's trivial for the tech not to follow the law. Show me the machine specs and I'll believe you. Otherwise, track record on compliance is abysmal.

Why do you insist that facial recognition technology could not be regulated? It's possible for anyone to go to a garden supply store and find the ingredients to make home made explosives. In principal we can't stop people from doing so, but that doesn't mean we can't make it illegal and impose penalties on anyone who does it. It's a technological reality that I can watch videos on my phone while driving, but we can still make it illegal to do so.

Making bombs in your backyards is much less popular and much more consequential than recognizing images.

And image recognition happens completely in silicon. There is no way to know from the outside if a device is recognizing patterns in image data, much less differentiate between recognizing faces or dog breeds.

I'm not following your argument. There's also no way of knowing from the outside if a device is storing identifying information to be shared with advertisers or foreign governments. What's special about classifiers which makes them unregulatable?

I think you are arguing, to try an analogy, that prohibiting any kind of face recognition would be as worthwhile as prohibiting bomb building, while being about equally difficult. I'm rejecting that premise.

And of course, storage and utilization of personal data is a lot easier to regulate in a way that can be enforced. That's the main premise of the GDPR legislation, by the way. Of course, criminal and negligent businesses can totally abuse your personal data, often without consequences. But they can't do so legitimately and they don't have access to the legal and open economy.

Even Facebook and Google are feeling the pain already. They do violate some laws some of the time and they have a hard time hiding that, because hiding it requires criminal intent itself, and it's really hard for hundreds of people to keep such secrets, regardless how profitable.

1. No, you have asserted multiple times in this discussion that it's impossible to regulate facial recognition technology. e.g:

> The former is a technological reality. It's impossible to legislate away devices who can do that[facial recognition].

Please explain that statement, as it seems like total nonsense to me. My point about explosives is that just because something is "a technological reality", or that there's no way to physically prevent people from implementing something, that in no way makes it immune from legislation. We can legislate whatever we want.

Here's a law which would make it impossible for JetBlue to implement this system:

"No organization shall be permitted to use an automated system to identify individuals using an image of their face."

2. I think you're missing the point with your larger argument. It seems as if you are saying: we should not be concerned about JetBlue's use of this technology because this use-case in particular does not constitute the dystopian Orwellian potential of facial recognition technology. The point is not that this is the use-case which crosses that line, the point is that it is a big step in that direction, and has happened without a public discussion of where exactly the line should be.

3. You say w.r.t. GDPR:

> Of course, criminal and negligent businesses can totally abuse your personal data, often without consequences. But they can't do so legitimately and they don't have access to the legal and open economy.

That's an argument in favor of regulating facial recognition technology itself isn't it? We can allow the technology to be normalized, and just hope everyone is following regulations about not abusing access to our personal data. But given what has been revealed about PRISM and other government spying programs, it's hard to imagine that such data would not be abused if it existed. On the other hand, we could agree not to make facial recognition a part of our daily lives, or to put very careful boundaries around its use, and make it that much harder for it to be abused.

Quantity has a quality all its own, as they say.

If you live in a town and there’s a couple security guards or even cops that can recognize you, that’s pretty normal.

If there were thousands of private security guards as well as cops hired by the government stationed all around you, in every part of your life, gazing at you from every corner, and they had all been trained to recognize you, and every time you walked by one they whipped out a notepad and took detailed notes on what you were doing, you’d freak the fuck out, justifiably.

And you'd justifiably tell them to not do it...

And if you are not able to stop them from doing that, may I suggest you have a bigger problem with your government or the security guards than being tracked by them?

Again: Tracking personal data is regulateable, facial recognition technology is not.

And the mere act of checking the identity of a person for legitimate access control purposes is no unreasonable infringement on privacy.

Wouldn’t agencies like the NSA use it regardless of what regulations say? Wouldn’t policy be shaped by what large corporations saw as valuable? I think that big problem already exists to a degree, and it’s only a matter of time before this sort of thing gets uncomfortably out of hand.

What if the system makes a mistake? There is another article currently on the front page that is just the sort of mistake that some people fear could end up much, much worse[0].

[0] https://news.ycombinator.com/item?id=19726528

In the case of the boarding situation, there are too worst-case scenarios: One being the system doesn't recognize a valid passenger, then he does have to show his boarding pass or another passport.

Worse would be accepting someone who isn't allowed to board, but such things are easily mitigated.

The potential to be mistaken for a wanted criminal has always been real. Facial recognition may even be more accurate overall in that regard. But it's nothing new. Drug sniffing dogs have false alarms all the time, some even cheat intentionally. And police officers better not shoot someone on sight when they recognize them from a mugshot.

The secondary issue with the story I linked was that there was an incorrect match that was made using details of the plaintiff obtained from a stolen ID and the plaintiff’s face. The primary issue was that the plaintiff had no idea that Apple’s Face ID was being used to help law enforcement with thefts at Apple Stores. The plaintiff had no idea that this was the case (it’s even news to me). It’s this sort of surreptitious sharing of images in facial recognition programs that’s worrying: a user might not know a priori because the details are buried in the terms of service that isn’t in plain language.

What if this information is used to blacklist people who take advantage of hidden city flights using sites like skiplagged? You start off blacklisted by one airline, but they might have a database-sharing deal amongst them that’s presented to the user in TOS saying that it is a “cost-saving, fraud prevention program”.

What if different carriers of different kinds of transportation start sharing the same database and synchronize in minutes? You might show up at the airport, get denied boarding for your flight for a reason you know how to fix, but then your Uber app denies you a ride because your face now matches their updated passenger blacklist database?

Yes, these last two examples are contrived, but the technology is clearly there to hook it all up. Do we now need a to visit the local police station or some kind of PII credit bureau just to ensure that our record is clean and our identity has not been stolen?

The EU government is already combining the biometric databases of its member states as seen here [0], so this sharing is starting to take place more openly.

[0] https://news.ycombinator.com/item?id=19717808

Again: You need to be able to hold companies and governments accountable. If you can't do that, then tracking technology is the least of your worries.

If Apple is violating the law, you can sue them. If the Chinese government tracks your movements, well, that's probably the least of your problems with the Chinese government...

Why does the airline need to associate an identity with the seat they have sold you? Though it is a distant memory now, there was a time when you showed a ticket and got on the plane and the ticket could be transferred to anyone.

But, yes - terrorism and the children.

What if it goes wrong?

We know facial recognition is not that fair.

Makeups and hairstyle sometimes affect the result..

It is particular bad for dark skin color: Part of it is poor training data set. Another part of the problem is lower contrast in photo (need better lighting / extra infra-red channel).

Hold people accountable for how well their shit works.

Her follow up questiom to Jetblue was "where did you get a reference photo of me?" thats the creepy part.

For example if I were to walk into Starbucks and they say "hi $adult how is $child", and then i ask how do you know that. The reply is we got that info from the DHS. Yes, very creepy.

> I think we need to be more precise about what exactly is spooking us and why.

When technology and law enforcement cross paths, I'd argue we'll be better served by placing the burden of proof on proponents of the new tech instead of on those spooked by it.

> Both the airlines and the involved law enforcement have a right or even a duty to know who you are when you are boarding the plane.

Is facial recognition actually able to do this? Does matching images by a machine prove it is me?

How much longer will we allow our freedoms to be eroded?

People were flying without any photo ID until just a few years ago (except internationally). We’ve given up so much freedom & so much of what made air travel fun in exchange for so little.

We need to stop letting people scare us into giving away our freedoms.

> We’ve given up so much freedom

Arguably it's merely been taken from us. There are plenty of who object, and the TSA is wildly unpopular. That makes little difference to the fact that the pace continues ever further. I don't mean to be defeatist, but I don't think a sternly worded letter has ever made much of a difference, and probably won't in the future.

The only caveat is that when REAL ID takes effect and entire states full of people (e.g. Arizona) simply cannot fly, maybe enough complaints will be generated to come to some compromise. I'm not holding my breath, though.

> The only caveat is that when REAL ID takes effect and entire states full of people (e.g. Arizona) simply cannot fly


https://www.dhs.gov/real-id shows Arizona in green.

Next October, a standard AZDL will not be eligible. AZDOT has been sending out notices on how to get an ID valid for air travel, but I’ve been ignoring them because I already have a passport.

Why isn't this a political issue? I think it's because politicians are increasingly distracted by re-election, and end up delegating the actual work of governing to enormous bureaucracies, public and private. This delegation comes gladly, for two reasons: first, the risk of mistakes is very high, so the fewer decisions you actually make, the better, and second, the delegated organizations are very good at keeping the real perceived complexity of problems high. (Incidental complexity can be weaponized, like anything else.)

That said, the experiment hasn't really been done. Can a politician campaign on restoring the dignity of the American public? Can a politician convince people that security theater is real and really harmful? I would guess not, but I would be glad to support whoever that is.

Our press' is complete shit. It focuses on trivialities instead of real political issues. Not their fault though, it is an economic reality forced upon them.

Most states will offer a form, it seems, or people will just use their passport.

I do the latter and will just continue to do so. shrug

Even getting a passport in the states is a pain though. Getting an European passport felt like a well-organized formality, while even as a native born citizen getting my US passport felt almost adversarial.

IME, it depends on the location. At one post office, the desk clerk was very antagonistic. At another, or at the State Department, it was about the same as getting a DL (except for the wait)

>We need to stop letting people scare us into giving away our freedoms.

It doesn't seem all that scary if everyone's doing it. Just look at the use of facial recognition in the movie Coco. They could have made up any magic to stop Hector from leaving, but Disney decided to teach kids that having your faced scanned when going through security is totally normal.


And magic did stop Hector from leaving. He couldn't actually step on the flower petal bridge. So what was the point of the checkpoint?

I'd guess it is the other way around. It takes magic to be able to use the bridge. At the checkpoint they check to see that someone has put your photo out. If someone has then the checkpoint puts the enchantment on you that lets you use the bridge. Hector had no photo, so didn't get the enchantment at the checkpoint.

Jesus it was a cute antic,not some conspiracy by Disney.

It’s security theatre at best; this technology will be used to monetize your biometric data, and you won’t get a single penny. Combine this with a social credit score system, and you will have a surveillance apparatus that is effectively unchecked.

You could fly with guns and smoke cigs in planes in the 50s-60s, that was true freedom, right ?

Planes were hijacked all the time, and back then they weren't nearly as many planes as now. [0]

> so much of what made air travel fun

It's not supposed to be "fun", flying isn't a right, it's a privilege that enabled mass tourism which is an ecological and cultural plague. People take easyjet/ryanair like they take their cars to go grocery shopping, Berlin, Paris, Rome, &c. are now hell on earth.

[1] https://en.wikipedia.org/wiki/List_of_aircraft_hijackings

In what sense are they "hell" and how come you think free movement is a privilege - that sounds a bit elitist.

Free movement is a right in the EU BTW

> In what sense are they "hell"

Deezer/Jump/OFO/Mobike/DonkeyRepublic bikes everywhere, now they even started using electric scooters, parking them in front of monuments, in the middle of the already small sidewalks, on the road (??!)

You can't go to museum/parks/monuments/local biergarten.

Public transports can't keep up. Even worst, roads can't keep up (uber + car2go + taxis everywhere)

Half of the flats in touristic areas are aribnbs, artificially increasing local prices + kicking local people out.

Artificially increases restaurants / bars prices.

I don't even get how tourists are having fun, it's literally like queuing in Disneyland to see/do the most basic things and take the same pictures as everyone else. I saw hundreds of people queueing for 2+ hours for a famous burger / kebab place, if that's what you consider "fun" and "freedom" ...

> how come you think free movement is a privilege

Never said that. Now that people can buy a Paris<>Berlin tickets for the price of a restaurant they go enjoy their mindless 3 days of paradise, wreak havoc on the locals, and move to their next destination. It's just like freedom of speech, when abused it starts to get nasty.

> When culture becomes nothing more than a commodity, it must also become the star commodity of the spectacular society. - Guy Debord

> Ideology, information and > culture < tend more and more to lose their content and become pure quantity. - Raoul Vaneigem

This sounds like a rant presumably you would like to have active and passive citizens ?

It sure is a rant, but it's my daily life.

> you would like to have active and passive citizens ?

No, just informed and non destructive tourism. The number of tourists coming to berlin, for example, doubled in 10 years, the infrastructure almost didn't change in the same time. 3.5 million inhabitants, 14[0] millions annual tourists. Every single month of the year: 40%+ of the population is made of tourists.

[0] edit: 13.5 million guests, 32.9 million overnight stays. https://about.visitberlin.de/en/materialien/toolkit/tourism-...


Assuming every one of those overnight stays means two days spent in Berlin, and if they are spread out over the year, that's 175 thousand tourists at any given time, about 5% of the population. Of course they'll congregate in certain locations and certain times of year, but you're overstating the case.

Instead of shaking your fist at airplanes flying overhead, maybe try increasing the hotel tax and cracking down on AirBnBs.

Of course, you'll probably encounter opposition to this because some locals are making a great deal of profit.

Free movement is a right yes, but flying is not...

Isn't limiting flying to the rich anti democratic.

People in the west need to get over their phobia of violence. Until there is mass destruction of property (security cameras), or riots, or violence against politicians, nothing is going to change. Maybe I just have less faith in the system than other people, but I believe that any system will be successfully gamed after a certain number of years and that's what we have on our hands. I have very little faith in the ability of our system to solve the problems it created itself.

yes, and people who think there is no violence or aggression in the west don't realize that the government just has a monopoly on it. Militias used to be common and very American.

Because violent upheaval has such a fantastic history of consistently returning liberal governments that are not at all interested in security measures?

Going to go out on a limb and say that preferring to be biometrically screened at an airport than incarcerated or dead isn't an irrational phobia of the latter either...

> We’ve given up so much freedom & so much of what made air travel fun

I don't disagree that our freedoms are being eroded but what exactly was more fun about air travel 5 years ago that isn't still today?

> People were flying without any photo ID until just a few years ago (except internationally).

You can still do this:


Sometimes yes, but they may or may not let you through if you can't answer their questions.

I had to do it once and just barely got through. They had to phone in and then ask me several questions that were rather ambiguous. Sort of like credit check questions but with some other strange stuff mixed in. The only specific question I remember was they asked me to name any churches or schools nearby my home address.

Then I had to get a very invasive patdown and they had to take every item out of my bag and check them all individually.

I’ve just flown London to Aberdeen (UK) and back with no need for ID. You certainly can still do this internally. An exception may be if your terminal is mixed in with international flights, then you’ll be lumped in with them at security.

Well yes, because UK is a weird country in that you guys have no official ID system. People either use their driving licence or a passport, and neither is mandatory to have. Most other EU countries just issue everyone with an ID card so 100% of population is covered.

Why is that weird - its weird that post ww2 that there wasn't more of a backlash against id cards in Europe.

Inside of Schengen you don't need ID to fly unless your airline requires it (many LCCs do to prevent ticket reselling). I've flown SAS without ever showing ID - just scanning my eTicket barcode at security and the gate.

(You are required to carry ID when visiting another Schengen country, but it is not checked by airports like for extra-Schengen flights)

And often not even then in my experience - T5 Heathrow is where (maybe) all BA's internal flights leave from and a huge amount of their international. Same security, same lounges, same terminal - only time ID is needed is before getting on the plane internationally (or at the Visa-Check desk if that applies to your destination). Mind you a I read something about them taking a photo of you at security for internal flights, and 'assuring' you it's deleted once the flight has left.

I didn’t know this was still possible. I used to fly Nottingham <-> Glasgow and it was just like getting on a train or coach. I had wondered why it needed to any different now but I see that it’s because the terminal in EMA is now both for internal and international.

And to Ireland, as well. I once flew to Dublin and only realised on the plane I'd forgotten my passport. Got through with my paper driving license, but I don't think I even needed that, strictly, although currently you need _some_ form of ID if flying into Ireland from the UK.

> We need to stop letting people scare us into giving away our freedoms.

Scaring the public is worth billions of dollars to businesses selling this crap to the government. It won't end as long as it basically prints money.

For many years, I remember needed a piece of photo id with my ticket to get through TSA security checkpoints. What were you able to do instead? Just give a ticket?

You didn't even need that, you just walked through some metal detectors and you could hang out near the gate and greet your loved ones coming off the plane. You didn't need a ticket. You didn't need ID. You didn't even need an intent to fly.

Most Australian domestic flights/airports are still like this.

Sidenote: entering/exiting both Aus and NZ recently, immigration checkpoints in both countries did appear to make extensive use of facial recognition.

Yes, this is also the case in Europe (EU passports go through automated gates very similar to the Australia/NZ ones). Your passport contains biometric information about your facial structure, and the facial recognition is used to verify it.

Given the somewhat-recent studies[1] which show that the vast majority of border guards (unless they happen to be "super-matchers") have a 1/7-or-worse failure rate when trying to check a person's passport photo, I think it's quite understandable to do the facial recognition electronically.

But such a system should only be used for immigration purposes (where identity verification is very important to get right), not for getting onto a plane or just coming into the waiting areas of domestic airports.

[1]: https://www.abc.net.au/catalyst/stories/4185916.htm

It is worth noting that while it's totally possible to fly domestically in Australia without having your ID checked, you're still required to have one.

I'm actually quite happy with the facial recognition cameras at the Australian border - they make things a lot faster than they used to be from my experience.

But don't you remember the constant steady stream of daily terrorist attacks? [eyeroll]

Haha, oddly enough there was a period where there were almost daily hijackings of aircraft! The most common period for plane hijackings was 1961-1972. It was just a thing that happened sometimes and people totally just rolled with it. Sometimes your plane was hijacked and you landed in Cuba. Whatev, if happens: https://www.vox.com/2016/3/29/11326472/hijacking-airplanes-e...

That's why we added the metal detectors. Reinforcing the cockpit doors may have been an okay response to the events of 9/11 and potentially would have been sufficient to prevent most major terrorist attacks that seek to use the plane itself as a weapon rather than merely destroying it. (Also people will generally gang up to attack hijackers now rather than just remaining calm and letting them fly the plane elsewhere. Which sufficiently changes the dynamic.)

The TSA has only been around since November 2001. Before that, there were no TSA security checkpoints to get through. There was a security line, but no one cared who you were when you went through it.

Never let a good crisis go to waste.

Sometimes you could get on the plane and buy the ticket aboard.

I remember the first time I encountered a metal detector at an airport (my parents were concerned that it would terrorize us kids but I just thought it was interesting). Before then we just walked onto the plane, like boarding a train.

In Europe I routinely fly without being ID'd. I just present my mobile boarding pass to the scanner, and go through security. Anyone with my phone would be able to get on board.

It's not 100% ID-free though: AFAIK they are permitted to check ID, and they do it randomly.

I am assuming you're flying within the schengen zone.

Can I ask what countries you fly in? I fly frequently within the European Union and I am a EU citizen. However, even for flights between the Netherlands and Germany I have to enter my ID details during check-in and it's checked multiple times throughout the trip.

It's not just random checks, but it seems mandatory. When you drop off the luggage they ask for your ticket + ID. When you board the plane, they again ask for your boarding pass + ID. The exception is large, modern airports such as Munich where you simply scan your boarding pass when boarding the plane.

How do you do this? Do you just refuse?

Maybe this is not general: I am mostly speaking about commuter flights within Germany. Typically I am flying without checked bags and I go straight to security.

I have definitely also flown from Germany to Italy and back without ever showing ID. I can also recall flying from Germany to Shiphol without ID, but I can't recall whether I was controlled on the return flight.

Airlines may additionally request ID on their own, many do to prevent ticket reselling.

> People were flying without any photo ID until just a few years ago

And how well did that end up?

Remember "back in the good old days" when 30+ highjackings a year was normal?

> > People were flying without any photo ID until just a few years ago

> And how well did that end up?

With no more serious problems than have been seen under the new regime over a much longer period than the new regime has been in place.

> Remember "back in the good old days" when 30+ highjackings a year was normal?

Well, no, not literally, because I'm under 50. But I do remember the much lighter than the current regime security checks that were put into place which ended that, and reduced the base rate of security incidents so low that it's nearly impossible to detect whether the much more intrusive current measures have any added effect.

Would showing a photo ID have prevented those hijackings? I suspect not but I am ready to learn otherwise.

I am guessing that the bigger concern here is that this is an 'enabler' tactic to expand facial recognition in other areas of our lives. And if this is the case, then there definitely needs to be some kind of ratification.

Maybe this is unrelated, but it's starting to feel like every bad accident in this world is affecting us in this very strange way. For example, I was very surprised to find that Sri Lanka cut everyone off from social media "just like that". To think there are people with this kind of power seems a little frightening to say the least.

But, what's even scarier is that these bombings and 'tragic' events tend to steer us in a very controlling direction. All of a sudden the government has an incentive to enforce more control over its citizens and society as a whole.

This is not a new thing in American history, and probably predates America's existence: https://prospect.org/article/when-fear-threatens-freedom

> The pattern of responding to threats by curtailing rights began early in American history. In 1798, when the future of the country was in doubt, Congress passed the Alien and Sedition Act, which made it a crime to falsely criticize the government or government officials—men were sent to prison for speaking ill of certain individuals and decisions.

> All of a sudden the government has an incentive to enforce more control over its citizens and society as a whole.

It's not sudden at all. The Reichstag fire [0] and the Reichstag Fire Decree [1], which is probably reasonably described as a pivotal part of the rise of Nazi Germany, demonstrate exactly the incentive you describe.

At least as far back as 304 AD [2] - and probably further - people in power have noticed that they can exploit this incentive structure with a "false flag" attack.

* 0 https://en.wikipedia.org/wiki/Reichstag_fire

* 1 https://en.wikipedia.org/wiki/Reichstag_Fire_Decree

* 2 https://books.google.co.za/books?id=RDqyIcSLJ0AC&pg=PA164&lp...

In the particular case of Sri Lanka there is the problem of periodical violence between religious groups. Buddhists against Muslims and Christians, mostly.

I think a temporary ban on social media is appropriate to mitigate such violence in the immediate aftermath of such a terrible attack.

Immediately after the right-wing terrorist attack in Norway people thought it was committed by Muslims. Some people began utilizing the attack to blame Muslim immigrants. Some incidents of violence and verbal attacks have been reported.

So, in the particular case of the Easter Sunday attacks in Sri Lanka, I'm not yet ready to judge the government action/inaction.

“Of course the people don’t want war. But after all, it’s the leaders of the country who determine the policy, and it’s always a simple matter to drag the people along whether it’s a democracy, a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism, and exposing the country to greater danger.”

The ongoing "global war on terrorism" is no exception.

This sounds pretty insane indeed. How much should we be concerned about that? The gvt already has our image data, and knows our moves anyway right? Even without facial recognition, IDs and passports are asked when you travel, so the documentation of your travels already exists I assume?

We should be very concerned, because this is obviously testing the waters before rolling out ubiquitous facial recognition. I honestly and earnestly believe that use of facial recognition technology should be banned in all its forms. The applications are limited and the downsides are massive.

In this particular case, the application of facial recognition improves airport security (against forged passports, sloppy security personnel, ...) while not probably requiring any additional information than what would already be provided by passports with biometric data.

In my opinion, this is one of the few applications where it actually makes sense.

You need to first ask if you're protecting against a threat that actually exists and is material. Is that the case? Do we see rampant use of forged ID to get onto planes? Do we see sloppy security personnel letting people through who shouldn't be allowed? I just don't see the evidence that this isn't a solution searching for a problem.

Do we know the instance count of forged passports vs the chances of spotting a fake when done by humans vs the computer?

Sloppy security personnel is not something you address with tech, you address that with training and incentives.

Could you please elaborate on the downsides? Gov't has your data since you were born, complete with your photos, IDs, you name it. What makes you think it's any different now?

The difference is that ubiquitous facial recognition allows for near seamless tracking of individuals and explicitly without a warrant or their consent. It's an important milestone because it moves us from a "reasonable book keeping" level of tracking to full blown seamless tracking and again importantly, without our consent.

To imagine it a bit more viscerally, imagine instead that the system had no cameras and instead required you to submit your daily movement report at the end of each day. An agent walks from door to door and you hand him your written report of exactly what you did today and that gets entered into the Government Saftey and Oversight Commission Database. What are they going to use all that data for? There are only a handful of good reasons, but a disproportionate list of bad reasons that explicitly limit freedom.

Second to that. Would you be as comfortable going to a strip club or a fringe political gathering or a conference for a controversial topic if you knew you had to put it in your report? It has a chilling effect on freedom of movement and pushes fringe activities that are perfectly safe and legal into the darkness.

you people are pretty stupid. ATMs have tracking, point of point of sale has tracking, your phone, internet it's all tracked and linked back to you.

I think you’re right. Maybe we should skip the facial recognition and install RFID tags behind our eyes, after all, they basically know all of that info already anyways.

No one said they didn't track anything already. But they don't have the full picture yet. Many people pay cash for things. Currently no tracking if you just visit somewhere and don't pay for anything. Not everyone has GPS enabled on their phone.

Ubiquitous facial recognition fills in all of this missing data well enough, and without you doing anything but walking out your front door.

Your government has your data, but this scheme would require that it gets mine, too.

As long as the biometric data is held only by a government agency, and not shared with the airline, I don't have any issue with this. If this is implemented correctly, the airline should only get a response saying who the passenger is, or an error if they aren't recognised or aren't on the manifest for this flight.

Passports already store biometric data, which I assume is also stored in some government database when you have it issued, so I don't see what's wrong with using that for something useful.

Just as a note you still remember Trump is head of a large govt agency ? So is Putin and Kim Jong Un...

If you feel safe with those folks driving the direction govts are headed ... well..

For anyone without a private jet maybe. Does anyone seriously think the FAANG corporate boards will ever in their lives have to undergo this? If the feds wish to be paparazzi, then we should all give them something to really behold.

> Does anyone seriously think the FAANG corporate boards will ever in their lives have to undergo this?

Yes, me. All of them will already be used to being hounded by paparazzi, and it would be very human for them to mistake that for normal. Two of them (Facebook and Apple) already use face recognition in their products.

That is incredibly naive. Wealth is the only thing that guarantees anonymity.

Anonymity? They get their own Wikipedia pages and personalised conspiracy theories. Even “mere” multimillionaires like my first boss after graduating got that plus endless personal fan letters.

Anonymity is not the same as privacy. Mark Zuckerberg is known worldwide and has no ability to be anonymous. However aspects of his private life (his Facebook messages, for example) are far more private than the average person.

Zuckerberg’s password in June 2016 was “dadada”. That’s about as successful an attempt at privacy as the average person :)

Can we not link to "IFLS"? They're a horrible Facebook fad follower site with no real reverence for science. (-_-)

A related story that hasn't received much traction on HN:

>US wants to use facial recognition on air travelers leaving the country


wow a 97% success rate ... that means that 3% will be arrested for overstaying their visa on return ....

The US is kind of unique in that it doesn't have immigration officers who stamp your passport when you leave ... so you have no proof that you have left ... it also means that there are no transit lounges in the US, you can't land in SFO from say Australia and get on a plane to London without passing through US customs and spending time and money getting a US visa (even an ESTA takes time and money)

At the moment the US depends on airlines to get it right, it used to be that when you arrived they stapled a green bit of cardboard into your passport, sometimes the airlines would forget to collect it as you left, or lose it and people would end up getting arrested when they come back (a night or two in the cells and thrown on a plane back home). For a while there were kiosks in the departure lounge. Now days it's done electronically, and they still get it wrong occasionally, the error rate however is probably way below 3% at the moment.

The horror stories from people caught this way mean that people from Oz/NZ often prefer to travel to Europe the other way around rather than risking US travel

Such technologies always have an error rate, and these error rates are taken into account, by and large.

There is a huge potential to harass people using such technologies, particular such people whose complaints are most easily ignored. But that is more of a problem of holding the government accountable for such behavior in general, rather than trying to stop them doing their arguably necessary job in this particular instance.

I'm generally against regulation or restriction of migration, by the way. But I'm also in favor of the authorities having a general idea who's coming and leaving.

> mean that people from Oz/NZ often prefer to travel to Europe the other way around rather than risking US travel

I mean, going via the US is 6 hours longer compared to going via Asia.

Sydney > Dubai > London is ~23 hours. Sydney > LA > New York is ~23 hours, and then another 6 to get to London.

If you're going to London you would normally fly direct over the pole from LAX/SFO, not stop in NY as well

They already use it at customs when you are coming back to the US.

I think this is being blown a bit out of proportion. The government definitely has your passport photo in a database. And since this facial recognition is happening only at boarding gates of international flights, it’s totally plausible that CBP has an isolated system, where Jetblue operates the device but doesn’t get any of the data.

But this is a great way to test and refine facial recognition to make it ubiquitous, which has serious implications for the government's ability to track everyone cheaply and with little recourse.

I don’t think it provides a great way of testing and refining. The pictures are taken at a very controlled environment in this case; it doesn’t really generalize to CCTV. I don’t disagree with the argument regarding “normalizing” facial recognition in everyday life, though.

I agree with you on this. Also, from the article:

> "Once you take that high-quality photograph, why not run it against the FBI database? Why not run it against state databases of people with outstanding warrants?"

I actually have no issue here. I would love it if law enforcement is aided in doing their job. I really don't want someone evading arrest for a recent violent crime or a person on the FBI's wanted list trying to board an aircraft with other passengers and succeeding.

My issue is transparency on the data governance, security, and data residency of the entire system viz. where it's stored, who has access, and how is it accessed.

OK equates to only the government having the database, secure access done remotely via API by the airline at check-in and boarding, a human present to verify any anomalies with the facial recognition & records access, and the boarding pass/ID/PP being used as a second factor if necessary.

NOT OK equates to a private company running a central database, local copies of any database being stored by any airline, having facial recognition as the only option available, and having the data shared with any entity other than law enforcement.

In the us, we've successfully avoided a gun registry (with the exception of a few states) probably because gun ownership has such a direct connection with the idea of a potential tyrannical government. But these types of systems are going to be the true backbone of a tyrannical government. The gun community has successfully built a lobby organization to maintain these freedoms (I'd argue mostly through peer pressure.) Perhaps there's a model here that privacy advocates can replicate.

If a private company says they'll take a picture of me at checkin and then verify that at boarding vs the same picture - then destroy the picture, I'm fine with that. It's a temporary storage of biometric data. I'm especially fine with it if I can opt to go for a paper passport instead.


If a private company uses some database, especially a centralized/government database, to do the same task - then it's absolutely dystopian.

Yes I think there's a ton of potential benefit for facial recognition in terms of streamlining processes which require a lot of ID checks, like air travel, but I would only be OK with it if they implemented it within some parameters which should be enforced with regulation:

- The identification step should be completely anonymized. I.e. the facial recognition step is completely black-box. When I buy my ticket, I submit a photo, and a token is produced which is shared with the airline, and they can compare this token with one which is produced when I show my face at checkin. Like with password storage, even if the facial recognition dataset were somehow compromised, it should not give attackers a way to link my face with my identity. And it should not be possible to type in my name and get to pictures of my face.

- The dataset used to identify me should have a finite lifetime (i.e. from when I check in until the plane takes off) and should be verifiably destroyed afterwards.

- It should be possible to possible to opt-out and identify myself by other means.

I don't think the big issue is the identity change between ticket purchase and checkin, but between checkin and boarding. I.e. no photo is needed when buying ticket. At the checkin step you show your face. When boarding you verify it. Otherwise, I agree with what you said.

This type of biometric check of "the person dropping the bag is the person boarding" has been in use for more than a decade e.g. on Scandinavian, and I think it's basically fine if they use temporary and secure data storage.

The biometric verification didn't take place at all if you didn't check in a bag. https://en.wikipedia.org/wiki/Scandinavian_Airlines#Fingerpr...

Somehow I would trust Scandinavians to handle this better than, say, the US or the UK. Those societies seem to have a better ethic around the public good than others.

What do you think are the chances that any of this data is actually destroyed?

I think zero because as far as I understand this data is actually the second type - i.e. they aren't aquiring this data themselves, they are given access to the authorities' database.

Is the issue with the private company, or with the centralized/government instead? Suppose I start my own little company - at least on paper - can I submit a request to access this face-recognization database as well?

The issue is a bit of both. Customer assumed private company had unauthorized personal data after the company performed the boarding pass checkin.

I meant paper boarding pass of course.

Last time I came into SFO through Global Entry there was no passport scan needed, just a quick look in the camera and it printed my receipt to enter the country.

I've often thought that border control has the best time lapse of me aging

Interesting, how do you activate that flow? I landed at SFO last night and it prompted for me to insert my passport before it'd scan my face / take finger prints

Global Entry is a TSA program you can apply for. The TSA charges a fee of 100 USD and runs an in person interview.

Edit: those under investigation, warrants, or charged with crimes are not elligible. Neither are those with passports from outside major US allies (India Colombia UK Germany Panama Singapore Korea Switzerland Taiwan Mexico Canada)

Global Entry is not a TSA program and it normally requires a physical travel document to use the GE kiosks. Curious that there is now a facial recognition-only kiosk.

Edit: looks like this in MIA? https://www.cbp.gov/newsroom/national-media-release/global-e...

That biometric data is stored by a government is a whole other discussion in my eyes. If they provide a secure API that just let's you query through facial data and return which passenger from the company provided list it is I'm fine as long as the biometric data gets destroyed afterwards (the one provided to the API). But of course how can I know this as a passenger. I like the idea to make a process less painful but yeah it seems to have a lot of pitfalls

Just scrap identification and 100% of security legislation from the last 20 years and you could have a perfect and smooth flying experience.


Planes can make you and your whole family burn in a crash. So I guess that makes you cry really hard every time you board a plane, because that is really horrible.

It could also be attacked by terrorists, but that probability is even lower by a few magnitudes. But since you already cried a lot, you just had enough and had to implement a huge dragnet? This makes so much sense!

edit: I wish I could underline words on HN to underline the magnitude of magnitude.

I tried this. It’s junk. So much slower than a boarding pass scan.

I’ve seen good setups for this like at the UK border. This is not the same.

Almost everyone got rejected and got looked at by staff, especially black people who the machine seemed incapable of recognizing. Children? No chance.

I get it, there are privacy concerns which should rank higher, but you don’t even need to pull them out here. This is just useless bad tech.

>I’ve seen good setups for this like at the UK border. This is not the same.

I was just going to say I've done this in the UK. You put your passport on a scanner and look into the camera, took a full 5 seconds though, but since there are many more of these than border guards it's still faster.

Those don't use facial recognition, it's a bunch of border guards behind a wall manually evaluating if you match the data on the passport.

So how does this work for international travelers? Presumably the US government does not have the entire world's passport photos? Or do they...? Pretty worrying if so ... time for some GDPR requests maybe ...

I think at Gatwick in the UK they have a similar system where they take a photo of you as you enter security and it is then checked again at the gate. It does not work well if you are wearing glasses.

I wonder if some certain styles of eye wear would make facial recognition significantly ineffective? Highly unsymmetrical with lenses opaque to IR etc.

There have been movements in fashion already that are trying to combat facial recognition with clothing, makeup and accessories. I always imagined that was why cyberpunk characters tended to dress their faces so bizarrely. Kind of like kids hiding beneath their hoodies.

They have the passport photos from all US passports, plus all non-US people who have entered the country through a legal port of entry. That should cover everyone who's flying out of the country, right?

Sure. Except for those who entered illegally.

But I'm not sure how far they'd get even now. I'm guessing that checks on do-not-fly etc lists might already flag hem.

I'd be as worried about false positives and false negatives as I would be about losing privacy - and I would certainly be worried about that.

Of course, the security of actual boarding passes seems extremely flimsy compared to the rest of airport security. The airlines could just take a picture and do no more verification at all, and wind-up with current security.

False positives is not a big deal, if two people check in under the same name it's easy to manually figure it out

I imagine the OP meant a nefarious third party using someone else's boarding pass?

Is this not currently a problem too?

Why do airlines even need to know your name (much less your gender — remember the press ballyhoo a few months ago when some airlines expanded their list from male and female)?

I can see that they might want to know that each passenger has paid for the seat but that’s about it.

So, many fears about surveillance infrastructure to be deployed for use cases like this one are already too late to the party. That's already done, the framework over all the apps are being deployed, like looking for faces to tell who's who

Presumably the government already has a list of people flying - do they really need your photo to do a scan against a list of warrants for your arrest? And do we not want them scanning that list against folks with a warrant for their arrest?

How does Jet Blue know when you have opted out? By scanning your face, seeing you have opted out, and prompt for the actual boarding pass?

This is how it works. Airline takes multiple photos of you. Sends those photos along with flight context data. Over secure lines. To Homeland. They match photo to passport and passport info to flight manifest. All outside of the airlines infrastructure. Or at least should be.

If not passport could be drivers license. Or state id. Which would make sense because they don't allow certain state IDs to fly anymore. Everybody had to update.

These are the CBP "Biometric Exit" kisoks, which are only for international flights. Which means everybody on those flights will have a passport.

can someone please explain calmly why the fear-mongering, the hysteria and use of the words terrify are justified about this?

Read this twitter conversation between a passenger and Jetblue: https://twitter.com/mackenzief/status/1118509708673998848

Ha. Seen your average US airport lately? Most look like a scene from the third world. Underfunded, dilapidated facilities coupled with cheapskate US carriers. Good luck with that.

Neither SFO nor JFK airport were as remotely dilapidated as Nairobi airport when I saw them.

JFK does seem quite dated when comparing to most European capitals, or large Asian hubs.

There are some high-standard modern terminals in the US too though.

By "most European capitals", I presume you're excluding Paris :-)

I haven’t flown into Paris recently but there are plenty of exceptions: Berlin’s not beautiful either (though it’s one of my favorite airports).

But still the standard in Europe seems higher in general than North America.

I like Berlin Tegel, but Berlin Schönefeld always seemed to me to be its low-budget brother.

Yeah I was speaking about Tegel. If you fly out of the main rotunda, it's great because every gate has its own security and bag drop so there's no long waits, even if it's busy. Schonefeld is like any other budget airport.

Somehow I manage even month-long trips with just carry-on. With the sole exception of the time I cycled from Hoek van Holland to Zürich and needed to get back to the UK in a hurry, I think I’ve not had a check-in bag drop since I was a kid.

Budget airlines in Europe often fly to airports in the middle of nowhere. So yeah, they might be more recently built.

This doesn't seem like it has anything to do with the technology discussed... and what is your comparison country? Which US airports have you been too?

That is great,

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact