It's not only at groceries stores, it's everywhere. For example at TSA security line and (sometimes) when boarding flights at the gate. You can (and should) exercise your right to opt-out every single time, before that right is taken away.
Omg I sound like Richard Stallman... anyway, he was right all along.
I used to always opt out at TSA checkpoints. Then I decided that of all places, the airport makes the most sense to use biometrics. I mean, a human comparing my face to my ID is functionally equivalent.
What scares me about TSA using it is that it normalizes its use. Next it's at stadiums. Then Wegmans. If it would stop at airports, then I would be okay with it.
Regardless of the fact that they can simply lie to you, it doesn't say that. The question is "Does TSA protect all data (e.g., photos)...?" What does protect mean? The stated common case is that a photo is ephemeral and is removed (from where?) after it is used. Now, they're using it for facial recognition. They didn't get a facial recognition system by deleting photos, so we know based on the premise that some representation of the data in the photo (your likeness) exists in persistent form.
But that's just generous reading, anyway. There are so many ambiguities that it's not really worth the trouble to attempt any rigorous analysis of it.
"In rare instances TSA will collect and temporarily retain photos and data..." How rare? Doesn't matter: then what happens?
"...data collection mode events are limited in time and place..." Damn unrelenting spacetime.
"TSA’s facial comparison technologies adhere to DHS and TSA cybersecurity requirements." Restatement of the problem.
To get actual answers (at least during sane political administrations), the System of Records Notice (“SORN”) is what you want. Whereas the info sites for these programs are typically useless, SORNs are the authoritative document that the federal government issues to identify and characterize systems that store records about data subjects, and include information about retention polices, exceptions, etc.
The last I read the SORN for TSA’s facial recognition, they did commit to deleting identifiable data within 24 hours.
CBP operates their facial recognition under a different SORN, and there are many more caveats, although they also commit to deleting identifiable data within 24 hours for US citizens (only).
> Now, they're using it for facial recognition. They didn't get a facial recognition system by deleting photos, so we know based on the premise that some representation of the data in the photo (your likeness) exists in persistent form.
If we want to be truly generous in interpreting it, the new sample would be deleted and the comparison is done against the photos they have on file from your ID/passport (although, since a foreigner can do it on their first visit to the US, it might just be based on scanning the document you provide). Of course, single-sample-per-person facial recognition is pretty limited, but it's security theater anyways.
That's too generous because even that document says that there that data is used for other purposes without detailing any of that. There are no timelines. Even when they say "temporary," when is that? Until 2300? Temporarily stored on the device until it's been stored remotely? Temporary until the NN is trained?
The cat's out of the bag, anyway. They already have a perfect dataset and surveillance mechanism. But it'd be nice to stop continuing to perfect it.
I think the mistake is assuming they're purely doing a 2d pixel array photo comparison and not a 3d scan. This would also satisfy their statement that they delete the photos, while still being able to store data that could be used to reproduce the photos.
I just flew from the US to Europe; at each point where I had to get my picture taken, the machine had a label on it that clearly said they would delete my data after 24 hours. (Or after use, I don't remember the precise time frame.)
Were they lying? Possibly. But this is not a matter of them trying to use weasel wording to trick you into thinking they're claiming something they're not.
You think they could be lying, but your argument is that they're being candid? Then we simply see it differently. I just read the primary source, so I know without a doubt that it's weasely.
Moreover, it was put forward as proof that they don't keep the data, but the source is actually called "Does TSA protect all data (e.g., photos) collected." What are they protecting if they don't have it? What would be the point of even doing this if they don't collect it?
But leave that aside and let's talk about your experience. Did it say the data would be deleted after 24 hours or did it say it would be deleted after use? What is use? Use could be we're operating a giant biometric database and we intend to keep doing it until the asteroid, and why wouldn't it be that?
No, that's not my argument. My argument is that if they are lying, they are doing so flat-out, not by using weasel words—because the wording they used at the point of disservice was very clear that they would be deleting them, not just "we will protect your data."
I'm not attempting to defend the TSA; I think they're reprehensible. I wish merely to provide new facts into the discussion.
Yes. And we've all worked on projects where you need some test data from production. Kudos to them for disclosing that practice, not doing it often, and only retaining the data temporarily.
Agreed. Provides no obvious benefit to either me or society at large. Normalizes collection of biometrics. Implementation details not easy to verify - they could be lying or could silently change things later.
The entire scheme has a very high abuse potential. Equipment and personnel set up at major ports and their presence normalized. Turnkey authoritarianism at its finest.
Make sure to opt-out before handing your ID over to the agent. They will claim you can no longer opt-out at that point, even before scanning. I had one plead to my wife to go through, because they are being watched by management and it wouldn't look good.
What really annoys me is when I politely decline the facial scan of TSA, and the agent makes some snide comment about my picture on my identification or something. And the next time it happens that I get a smart ass comment like that, I'm going to politely ask him if that's his opinion or was he told to say that.
I'm pretty sure they're told some things to say. I overheard one telling someone the line about how it doesn't matter because there's cameras everywhere so you shouldn't opt out. Bizarrely, the agents seemed to be checking IDs manually that day!
>And the next time it happens that I get a smart ass comment like that, I'm going to politely ask him if that's his opinion or was he told to say that.
I get the temptation to do this, I really do, but I really don't recommend this. The TSA is in a position to make your day much worse. It's better just to opt-out and say nothing. Opting out is well within your rights (it's posted on the sign at the start of the line).
Follow instructions. Keep your mouth shut. Eyes forward. On your way.
OTOH, if that person can afford it by not belonging to a vulnerable group, they should be the one to be a bit of a pain in the ass in the face of intrusive practices.
But, moving to a new house doesn't necessarily mean you have to sell the old house. In fact, since you got such a good deal on the first house, you can probably rent it our for a profit, and said profit can help you pay whatever you need to pay to be able to move to a new house that's more expensive, yet similar in quality.
maybe this doesn't qualify as "south east asian", but Korean is very easy to learn how to read too. It's not latin alphabet, but you only need to learn 20 symbols, and then everything is phonetic! you can have a lot of fun "reading" all the signs after you study a bit on the plane. Not as many loan words though
I agree the current models are all too big. I'm still using a Pixel 4 mainly because I don't want a bigger phone (oh, and free Google Photos storage of course).
This is awesome. There's more to do, but it's a step in the right direction. This law should really apply to all merchants in all industries, as the original 2023 proposal stated (allegedly). Still, I'll take it.
I read your comment and your blog post and I still don't understand what happens when I put a link to a sheet in the text box and click Go.. what happens? You say your inputs and outputs are all in the sheet.. ok.. what does the button do?
Are you just calling some API and giving it the sheet as the input, and then writing the output of the call back to the sheet? So then these Single Button Apps are just API endpoints that you're calling with sheets instead of json or, say Postman (if you want a nicer UI)?
Same here. If the idea was to make it so non-technical people can use the google sheets + API app, just put a script in the sheet that calls the API? It will appear in a menu inside google sheets itself
I used to put buttons in the menu ( or even side panels ), but nowdays I draw a big button and attach a apps script function to it. Looks more bad ass.
We did this at Google too while I was there (only the started 5-mins past part). It works really well.
No need to change the Calendar events though. It's just implicit that we'll start 5-mins past. (Or, well, explicit in MIT's case).
reply