What You Need to Know About Biometric Privacy
Technology is quickly changing travel. Already, some passengers are looking into a facial-ID camera instead of presenting a document to board a plane. Major airlines and government agencies are among those embracing new facial-recognition technology and fingerprint scans to verify the identity of passengers.
Known as biometrics, the system is designed to make the boarding process easier and swifter. American, Delta, Jet Blue, British Airways and Lufthansa have all implemented the procedure into some of their international operations. The US Department of Homeland Security and the private firm CLEAR are embracing this technology as well.
Both the airlines and the government say the images collected are not stored and that these images immediately disappear, but this new technological revolution is still raising concerns about the security of personal information and the possibility that it could be hacked.
Potential for Abuse
Passenger-rights advocates acknowledge biometric screening adds convenience to the often hectic and hassle-filled travel experience.
“I personally use these services, which use eye scans and fingerprints for ID'ing,” said Paul Hudson, president of FlyersRights.org. He acknowledges, “There is utility in giving up some privacy to speed and removing some of the personal hassles of air travel, as with PreCheck, Global Entry and CLEAR services.”
Although Hudson appreciates the ease of such services, he is among many questioning the accuracy of facial-recognition systems and the potential for abuse.
“There is a difference by orders of magnitude between giving up some of your biometric data to a trusted and regulated party and allowing private or government entities to capture or steal it or misuse it without your informed consent or knowledge,” said Hudson.
“Constitutional rights prohibiting unreasonable search and seizure as well as privacy laws will, in my view, need to be strengthened to prevent this. Otherwise personal privacy may largely vanish,” Hudson said.
The airlines and government agencies employing this technology insist the data collected is not being stored. The Transportation Security Administration (TSA) emphasizes it does not use the technology to surveil passengers.
A spokesperson for Customs and Border Protection (CBP) said the agency has issued privacy-impact assessments and has limited the amount of personal information used in its operations.
“CBP uses strong encryption to transfer the data between the camera, the cloud-based matching service, and CBP systems, as well as for PII [personally identifiable information] at rest,” said the spokesperson.
“Only authorized CBP personnel and authorized representatives of approved CBP partners will have access to the collection device, and only CBP staff and cloud-service provider personnel may have access to the cloud database.”
Despite reassurances, one aviation security expert has his reservations.
"I’ve been doing quite a bit of research on cybersecurity and basically anything that is online at some point is hackable,” said Jeff Price, owner of Leading Edge Strategies and a former US intelligence officer.
Although there is no evidence to indicate any breach like this has occurred, Price recommends that flyers should always monitor their credit reports, and he recommends avoiding biometric screenings. (Many airlines allow passengers to opt out.)
The TSA stresses that “participation in the test of biometrics technology is voluntary. Passengers may notify a TSA officer if they do not wish to participate and will go through the standard ID verification process." Price endorses that option, though this screening system may soon be standard and mandatory.
According to the CPB spokesperson, the agency is “working towards full implementation of biometric exit in the air environment within the next four years to account for over 97 percent of departing commercial air travelers from the United States."
Another concern is misidentification.
So far, more than 20.3 million travelers have been processed by CBP using facial recognition at air-entry, air-exit and pre-clearance locations, as of June 4, 2019. CBP maintains a match rate of more than 97%, according to a spokesperson.
The agency also says its officers “successfully intercepted six impostors who were denied admission to the United States at airports and identified 135 impostors on arrival in the land pedestrian environment.” (Land pedestrian environment is government speak for a border/port of entry that's not an airport.)
The use of this technology is expanding. In addition to facial recognition and fingerprint technology, the TSA is planning to test iris scans.
Meanwhile, the government, airlines and private providers like CLEAR say their credibility depends on cybersecurity and maintaining privacy. “It’s really important that people know we will not sell or share their data,” said Caryn Seidman-Becker, CEO of CLEAR, in a Jan. 22, 2019, Talking Points podcast with The Points Guy.
"And so with everything that’s happened in the past 24, 36 months, magnified over the last 8 to 10 months with what’s going on in Facebook and other places, we just keep saying it louder and louder that we are about protecting your data, we do not sell or share data," said Seidman-Becker. “Trust is everything.”
For more, check out our video of TPG speaking with the CEO of CLEAR.
For the latest travel news, deals and points and miles tips please subscribe to The Points Guy daily email newsletter.