“Your ID is immaterial. We only use our face recognition software” is just the latest trend in surveillance and control in the United States. This blog post is not about ICE’s Mobile Fortify, however, but connecting the dots between those ICE encounters and the compliant, unquestioning behavior of travelers at the airport. Staring into a camera adds specific, tagged training data to improve biometric algorithms (besides making you easy to identify later). A culture of blind compliance reinforces behaviors for both police state and its subjects for how these interactions should go.

Now, before the tinfoil starts to crinkle, I don’t expect folks reading this to have an overarching philosophical viewpoint. Today’s post is just about saying “no” sometimes. Do something unconventional or verboten, for no reason at all. Practice when the stakes are low, and you will find the poise when you need it. With that, let’s get into it – my guide to adding sand to the Airport Panopticon from simplest to hardest. These are the techniques that have worked for me for the past 15 or so years traveling domestically and internationally from the US.

Use Private DNS on Airport Wifi

Confrontation risk: Low
Difficulty: Low
Benefits: Some

Airport wifi is a much-needed convenience when traveling, especially internationally. Just do one simple thing – encrypt your DNS traffic. You can easily do this with a VPN setup (if you have one), or just with Private DNS. This is generally good advice anywhere, and I’ve written more about it here. Airport wifi tends to have a couple of differences worth mentioning:

1. I have often found VPN ports blocked by airport wifi (although that has slowly been changing over the years)
2. Some Airport wifi networks have heavy content filtering about which sites you can access and these are almost exclusively dns-based
3. Airport wifi has a login page, requiring you to click ok and sometimes watch an advertisement.

What does that mean for our solutions? Well, most importantly, if you try to connect to wifi that has a captive portal (login required), this often won’t work. Those portals work by hijacking your dns queries to point to their thing, until you’ve finished logging in. So you may need to join the network without private dns, and then enable it as soon you’ve clicked through the login screen. For your phone that means toggling Private DNS on and off as needed, and for your desktop it means switching the dns servers (which my script above helps with). This works because the wifi systems keep track of the mac address of whomever has accepted the terms, so even if you leave and rejoin it will connect without needing to drop your DNS shields.

Why do this? What do you get? Well, besides more DNS problems 😉 you can access whichever website you want. This trick isn’t specific just to airports, and you’ve just increased your digital literacy anywhere.

Decline facial biometrics at TSA security checks

Confrontation risk: Low
Difficulty: None – same experience as before just without biometrics
Benefits: Learning to say “No”, stop training facial recognition

In US airports, after getting your boarding pass, you go through security. The person asks for your ID and boarding pass. Up through a year ago, they would have held it up and compared it with your face. Now, they ask you stand in front of a camera and it verifies the data and who knows what else.

All you have to do is this:

1. Walk up to the counter
2. Stand off to the side, near the officer and not directly in front of the camera
3. Wait for the officer to ask you to stand in front of the camera (important)
4. Simply say “No, thank you”

I have repeatedly found this exact sequence to work the smoothest. If you interrupt the agent before they motion to your camera, they’ll occasionally be flustered or upset by the process. It doesn’t take more than a second for the person to wave you to the camera, and that’s the best moment to say “No thank you”. Saying “No, thank you” has consistently gotten the meaning across without the confusion that “opt out” has, without the long spiel of “I don’t want to use the camera for recognition, please”

What happens after is the agent will do exactly what they did before & hold up your ID to your face and compare.

Congrats, you stood up to state surveillance! Seriously, I mean it. I’m sure these opt-out numbers are tracked somewhere and it doesn’t take too many folks to ensure that the non-biometric system is preserved. You don’t have to do the bonus extra-hard mode and try to fly without any ID at all 🙂

Decline facial biometrics when boarding an international flight

Confrontation risk: Low
Difficulty: None – even faster than the alternative
Benefits: Learning to say “No”, stop training facial recognition, no data to the Feds

Okay, so you’ve passed through security and you’re at the gate. There’s some _more_ screens, and a glowing spot on the floor for you to stand on.

1. Wait for the person ahead of you to finish
2. Walk straight past the glowing dot and go to the airline staff with your head down.
3. When they gesture to the camera, just say “No, thank you” and hold out your passport and boarding pass
4. More likely than not they’ll be confused for a second, and then just let you through. Occasionally they’ll match your boarding pass to your ID

This is actually an identical case to the TSA matching requirement above, but this time the posters around explicitly say this data gets sent to CBP for whatever purposes they have.

I have _never_ encountered any issues with declining this biometric screen. It’s helpful that the people running this check are airline staff and they are primarily motivated with getting the plane boarded on time.

Of any of the pieces of advice in this post, I think this is the most meaningful one. It truly is easy to accomplish, the government is rolling out more aggressive biometric screening, and this behavior directly translates to your behavior in other scenarios. If you’re used to always looking at a camera, then how are you going to react in other scenarios? If you can’t refuse a mild-mannered airline agent, what’s going to happen when a police officer is screaming at you?

It might feel scary the first time, but that’s the point – you need to help train your sense to know what’s actually dangerous or not. Also, it’s good practice to explore in your own thoughts “why am I doing this?” There’s literally no purpose to the screen as you’re already in a secure area and have verified your passport and ID. This is just a direct line of surveillance from the airport to the government. Even if you don’t believe the tinfoil, just don’t do it for no sake at all. It’s a really freeing mindset.

Decline biometrics at passport control

Confrontation risk: Low
Difficulty: Low-ish (extra 5 minute delay)
Benefits: Learning to say “No”, stop training facial recognition, no data to the Feds

This advice is going to be very dependent on your circumstances. If you are a foreigner visiting any country they can simply deny you admission if you don’t go through their procedures. Many countries still just look at your passport, but some take photos, and others do fingerprint scans (this is becoming less common now). With that said, in the context of US passport control, US citizens may opt out of biometric scanning. Here’s how to do it:

1. Go to the queue for US citizens, like normal. Bonus: Don’t forget to turn off your phone to disable fingerprint unlock 🙂
2. At some airports this queue goes to an ipad-like thing where your face is supposed to be scanned.
3. Go to the person directing traffic (before the tablet if possible otherwise at the tablet) and say “I would like to opt-out of biometrics”
4. They will just waive you through to an additional queue called “Additional screening”
5. If the tablet thing doesn’t exist (not yet at all airports), the “US Citizens line” is the exact same thing as “Additional screening”
6. Your queue time should be pretty quick, especially compared to non-citizens (big sigh)
7. Go up to the passport control booth, hand over your passport (boarding pass not needed). They’ll point to the camera. Either say “No, thank you” or “Opt out please”. I’ve generally had better luck saying “No, Thank you” but about 10% of the time the officer wants to hear the formal “I would like to opt out”
8. The process will continue exactly as it was otherwise. They’ll ask you where you went, why and pull up the stuff from the database

Again, this advice doesn’t apply if you’re not a citizen. Especially with the current climate, “permitted” vs advisable are two very different things (regarding green card holders). If you’re on a visa, you’ll have to accept the scans (and the flipping through your socials, and and and) or be denied entry

Decline the Leidos scanner

Confrontation risk: Medium
Difficulty: high (results in extra delays, a pat-down)
Benefits: Sand in the gears, sand in the gears. Privacy for the tinfoil crowd

With full disclosure – this is the one that will definitely annoy anyone you’re traveling with. I don’t know how much of that sweet sweet defense money Leidos (and others) get for these machines but I’m sure it’s a pretty penny. Then there’s the privacy factor of it – You can take a look for yourself at the screenshots that get generated and decide how much you care. Given the inconvenience involved, I suspect you’ll need a different reason though. How about “because these machines are stupid?” If you travel enough beyond the US you’ll notice that nobody else does this really. You get a metal detector (and sometimes a detailed wand e.g. if traveling through India). Only really fucked up surveillance states like the USA and the UK have these machines. So, consider this a small bit of resistance that is meaningless as an individual act, but perhaps more powerful as a collective way to divert resources and slow efficiency.

Anyways, here’s what the flow looks like:

1. Go to the baggage scanning area. Put all of your stuff in there, including any jackets/hoodies (even if they’re not that bulky), as well as your shoes (even though the person there will tell you to leave it on)
2. Go to the millimeter-wave scanning line.
3. Tell the person there you’d like to “opt out”. They’ll direct you to stand off to the side. If your presentation is ambiguous or otherwise, you could instead use the phrase “male assist” or “female assist” to get a TSA employee of that gender to do the pat down.
   • If you’re traveling through the UK, use the phrase “decline the scanner”. They’ll ask you a reason. Just say “privacy reasons”. They’ll make some spiel about how this is going to require a lot of time and more people – Just say I understand and would like to request a pat down instead. Next, in 2-3 minutes a manager is going to come over – just say the exact same thing
4. Wait off to the side. It’s a good time to get some leg stretches in and otherwise appear nonplussed about things. If the delay starts to take more than 5 minutes, your job is to get the person running the scanner on your side. That person has the radio, and can keep calling over it for assistance until someone comes. Be visible, maintain direct eye contact. If you get delayed more by 10 minutes, start asking for them to ask for assistance on the radio. “I have a plane to catch” etc etc. Don’t antagonize, just try to get that person on your side.
5. The person will come to the side, and wave you through the side door. Point out where your belongings are, and they’ll collect all of them.
6. They’ll have you face your stuff, and then you’ll get a standard spiel they go through. Just politely nod as they go through how the grope session is going to occur. Shake your head no when asked if you have any medical devices or sore spots. Say “Here’s fine” if they ask you if you want a private screening, etc.
7. They’ll do a pat down which varies from either the quickest formality ever, to an extremely “personal” experience. Most of the time it falls somewhere in the middle. The TSA folks are more afraid of touching your junk than you are, especially if you make it clear you know what the procedure is and just want to get it over with
8. Afterwards they’ll swab your hands, put it in the scanner. Just stay put, until it beeps. Then they’ll tell you you’re good to go, and you can collect your belongings

Tinfoil territory

So why do any of this at all? Do it for yourself. When you start from a place of curiosity about why things are that way, you’ll nourish and practice that curiosity everywhere. For example – do you feel unsafe traveling by train in the US, without these scanners? What about in France? Why? What is the purpose of these tools if you can decline them and use the same procedures that have already been in place for decades now?

Take this thought and expand it into other interactions with people. When teenagers play their music on a boombox in the subway, are you offended? Why? Is the music even good? Here’s a chance to connect to others and share a moment instead of judging and policing others for social norms. Does graffiti offend you? What about street murals? Why? Does there even need to be a reason to do these things besides just to do them?

When you see a new system asked of you, do you just comply or do you see if you can get out of it? When one of these spy cameras showed up for a Champions League game in Seattle, I just went right around it and towards the usual metal detectors. It’s something new, so I can either decide to accede or maintain the status quo.

Also, remaining calm under pressure is a trained behavior. It is not enough to have rights, they must be known, and they must be lived, touched, breathed in to have any meaning. If you have $10 but never spend it, did you ever have $10? Know how to be true to yourself, how to de-escalate. Be formless, shapeless, like water.

That being said, there are real reasons to do this. Governments take initial biometrics from the 2×2 passport photo you give them. Every time you agree to a scan, you give them tagged data. Here are two images, and they are supposed to be the same. That is a gold mine for training purposes. Using private DNS doesn’t stop deep packet introspection (e.g. with SNI) but that takes a lot more work than just collecting and monitoring DNS queries. Making a surveillance operation 0.01% slower is still meaningful one percent as a time. Maybe you’ll convince others to do the same. I hope this blog post will help convince just one person to do one thing differently.