A plan by the Trump administration to require U.S. citizens to have their faces scanned when they enter or leave the United States is drawing criticism from privacy advocates and at least one lawmaker, who said he intends to introduce legislation to prohibit the practice.

The use of facial recognition technology at U.S. airports is growing more widespread as a means of identification, but citizens are allowed to opt out. Now officials with the Department of Homeland Security want to make the scans mandatory for all travelers, including citizens.

In a filing, the agency said that to “facilitate the implementation of a seamless biometric entry-exit system that uses facial recognition and to help prevent persons attempting to fraudulently use U.S. travel documents and identify criminals and known or suspected terrorists, DHS is proposing to amend the regulations to provide that all travelers, including U.S. citizens, may be required to be photographed upon entry and/or departure.”

The proposed rule isn’t scheduled to bepublished until July, and would then go through a public comment period, but it already is drawing fierce criticism from privacy advocates.

Jay Stanley, a senior policy analyst with the American Civil Liberties Union, said in a statement that the proposed change runs counter to assurances that Americans would not be required to submit to facial scans as a condition of travel.

“The government’s insistence on hurtling forward with a large-scale deployment of this powerful surveillance technology raises profound privacy concerns,” Stanley said. “These concerns are compounded by a lack of congressional authorization and sufficient safeguards, the government’s past security failures, and unanswered questions about the technology’s effectiveness, bias, and broader societal implications.”

Sen. Edward J. Markey (D-Mass.), a longtime critic of the department’s use of facial recognition, blasted the proposed expansion.

“The Department of Homeland Security should immediately withdraw plans to force Americans to undergo facial recognition and hand over their biometric information,” Markey said. “This proposal would amount to disturbing government coercion, and as the recent data breach at Customs and Border Protection shows, Homeland Security cannot be trusted to keep our information safe and secure.”

An agency spokesman said: “CBP is currently in the rulemaking process and will ensure that the public has the opportunity to comment prior to the implementation of any regulation.

“CBP is committed to its privacy obligations and has taken steps to safeguard the privacy of all travelers. Those safeguards are discussed at length in Privacy Impact Assessments [dhs.gov] that CBP has made available to the public online.”

Markey was referring to an incident in June, in which photos of people’s faces and license plates gathered when they crossed a single land border entry point were stolen from a CBP contractor as part of a “malicious cyberattack.” CBP officials declined to specify which border crossing and said fewer than 100,000 people were affected. But the breach raised concerns about the security of the information and whether it could leave members of the public vulnerable to identity theft.

Complicating the issue: It’s not clear whether DHS is authorized to collect such data from citizens.

Congress has pushed for more than a decade for the development of programs that use biometrics to track those who enter and exit the country. In 2016, it authorized up to $1 billion collected from certain visa fees to fund the implementation. The effort received another boost when President Trump signed an executive order in March 2017 directing the Department of Homeland Security to expedite the deployment of such technology.

But a 2017 study by researchers at Georgetown University Law School’s Center on Privacy and Technology noted that while Congress passed legislation authorizing the collection of biometric data from noncitizens, it has never explicitly authorized the collection of that information for citizens.

Jennifer Lynch, surveillance litigation director for the Electronic Frontier Foundation, said she was surprised by the move, adding she also doesn’t think the agency has the authority to collect information from citizens.

Lynch said she also is concerned how officials would use the data once they have it.

“My biggest concern is just mission creep,” she said. In the past the government has collected data for what it said was a limited purpose, only to put it to use for broader purposes, she said, citing Social Security numbers as an example.

Markey, along with Sen. Mike Lee (R-Utah) are among lawmakers who have urged DHS officials to slow implementation of the technology until concerns about privacy and security can be addressed. Markey said he will propose legislation to block DHS from expanding the program to include citizens.

Biometric screening for travelers entering the country is available at 11 U.S. airports, including Atlanta’s Hartsfield-Jackson International, Washington Dulles and Los Angeles International airports. More than 20 U.S. airports have the technology in place to scan travelers leaving the country.

The system works by comparing photos taken when a person enters or exits the country with images that CBP says it stores in secure systems in the cloud. Those images might include passport photos or photos submitted with visa applications.

At airports where the technology is in place, nonresidents leaving the United States have their faces scanned as they board. Those images are again compared with images of all travelers on the flight pulled from various records. If there is a match, the person is allowed to board. If the images do not match, the person may be pulled aside for additional screening. Children younger than 14 are not required to have their faces scanned.

Airports and airlines are using different types of technology to do the scans.

At Dulles Airport, which began piloting facial recognition for departing passengers on select international flights last year, officials use iPads to snap photos of travelers before they board select international flights.

Markey’s comments came on the same day that CBP officials met with privacy groups as part of ongoing discussions regarding the agency’s use of biometrics to screen travelers.

In a news release, CBP officials cited changes they have made as a result of those meetings, noting that the agency has reduced the amount of time it retains new photos of U.S. citizens from 14 days to 12 hours. The agency said it also has established rules prohibiting airlines and other partners, such as airports authorities, from keeping photos of travelers for business purposes.

CBP officials say facial scans offer travelers a more seamless experience, eliminating the need for boarding passes and IDs.