The U.S. Department of Homeland Security (DHS) is rushing to implement one of its new systems to promote security in airports. In March 2017, President Donald Trump issued an executive order to “expedite the completion and implementation of a biometric entry-exit tracking system for in-scope travelers to the United States,” which was recommended by the National Commission on Terrorist Attacks Upon the United States, also known as the “9/11 Commission.”

U.S. Customs and Border Protection (CBP) will be activating its biometric entry-exit system with the goal of using facial recognition technology to identify travelers aboard 16,300 flights per week, which amounts to approximately 100 million passengers traveling on international flights out of the U.S. President Trump’s mandate states that facial recognition identification for “100 percent of all international passengers,” including American citizens, will be used in the top 20 U.S. airports by 2021.

Airports included in CBP’s biometric facial recognition program are: Atlanta, Chicago, Seattle, San Francisco, Las Vegas, Los Angeles, Boston, Fort Lauderdale, Houston Hobby, Dallas/Fort Worth, JFK, Miami, San Jose, Orlando, Detroit, and Washington (Dulles and Reagan).

As Buzzfeed writes, while DHS and CBP rush to get those systems up and running, they are doing so in the absence of proper vetting, regulatory safeguards, and what privacy advocates may call an area outside the law.

A 2018, report from the Office of the Inspector General (OIG) stated that before the program is fully implemented, CBP must address the fact that they have “encountered technical and operational challenges that prohibited biometric confirmation for all passengers,” just 85 percent, in fact. Though, one agency spokesperson says that confirmation rates for CBP’s biometric exit system have since risen to 98.6 percent.

Regardless, the agency must address a myriad of other questions before it can successfully advance the entire program, the OIG report details.

Currently, there are vague guidelines about information sharing in the program. There were no limits on how partnering airlines can use this facial recognition data.

CBP claims they limit participating companies from using facial recognition data, but it is unclear to what extent it has enforced this new rule. The agency does, however, “retain[s] photos…for up to 14 days” of non-U.S. citizens departing the country for “evaluation of the technology” and the “assurance of the accuracy of the algorithms.”

CBP’s stated goal for the biometric entry-exit system is to “identify any non-U.S. citizens subject to the exit requirements who may fraudulently present” travel documents. The agency said it had “no plans to biometrically record the departure of U.S. citizens,” but the agency also said it “does not believe there is enough time to separate U.S. citizens from non-U.S. citizen visitors prior to boarding…therefore, facial images will be collected for U.S. citizens as part of this test so that CBP can verify the identity of a U.S. citizen boarding the air carrier.”

Though, the agency says that when a passenger is identified and confirmed as a U.S. citizen, their images are deleted. Americans can also decline to be scanned, but just a small percentage do so.

As of now, no laws exist governing the use of facial recognition technology and the information they gather. There has been no court ruling, on any level, about whether it constitutes a search under the Fourth Amendment of the U.S. Constitution. Neither checks, nor balances exist to keep the program in line, or even guide it through the U.S. legal system. However, government agencies are working as fast as they can to implement it in every major airport in the country.