PCLOB Staff Report Recommends TSA’s Facial Recognition Program Remain Voluntary, Improve Transparency and Oversight

The Privacy and Civil Liberties Oversight Board (“PCLOB”) released a staff report on the TSA’s use of facial recognition at airport security lines. The report found, among other things, a failure by the DHS Chief Privacy Officer to conduct a privacy compliance review of TSA’s use of facial recognition as required by DHS Directive 026-11. According to the report,”TSA has not disclosed a schedule for such reviews, nor committed to disclosing the results of such audits and any acts of non-compliance to oversight entities.” The status of Directive 026-11 is unclear leading the report to recommend that DHS state whether the directive is controlling policy or implement a similar policy in a timely manner.

The staff report also recommended independent audits be conducted regularly and be made available to oversight bodies and the public, the issuance of a comprehensive privacy impact assessment, and for TSA to require the facial recognition vendors to release information on the algorithms and training data. Importantly, the report also recommended that TSA’s facial recognition program remain voluntary.

EPIC recently endorsed the Traveler Privacy Protection Act which would require the TSA to keep its facial recognition program voluntary. Additionally, the Act would ensure that travelers who forego facial recognition are not treated less favorably and prohibit the expanding the program beyond identity verification at TSA security checkpoints.