Between Law Enforcement, Airlines, and Tech Companies, Facial Recognition in Air Travel is Quickly Soaring

Posted on March 6, 2024

A new article from DNYUZ makes a compelling case that facial recognition identification at US airports is on track to explode in the coming years.

To begin with, many Americans may not realize how pervasive biometric identification, of which facial recognition is just one type, already is in air travel. The extent of the deployment of biometric identification technology may be hard to appreciate partly because its presence is divided between numerous government agencies, airlines, and private vendors.

The most obvious government purveyor of facial recognition at airports is the Transportation Security Administration (TSA). Currently, the agency uses this surveillance technology at more than 30 airports around the country. This isn’t the TSA’s first foray into incentivizing travelers to use biometric data. The TSA PreCheck program is essentially a trial run for integrating biometrics into the travel process, as enrollees trade fingerprint data for the promise of faster airport security lines.

Customs and Border Protection (CBP) has gone even further in implementing the technology. The agency already utilizes biometrics, primarily facial recognition, at 49 airports, and aims to cover all US airports’ international departures by 2026.

Just as eager as federal law enforcement to increase the “availability” of facial recognition are airlines themselves. For these companies, it’s a matter of offering a “convenient” way to verify passengers for boarding. As it stands, Delta Airlines, American Airlines, United, and Alaska Airlines either already offer facial recognition to expedite boarding at some airports, or have invested billions of dollars to do so in the near future.

Finally, airports themselves are outfitting their facilities with biometric identification capabilities as a way to show off a supposedly forward-thinking approach to passenger security and convenience. According to the article, more than one-third of US airports already utilize biometric identification in some way. Such initiatives generally take the form of contracts with facial recognition technology vendors.

Whether law enforcement representatives or civil liberties defenders, the consensus appears to be that facial recognition as a component of air travel will only expand from here. On its own, the TSA has stated that it aims to make facial recognition security screening available, with the option to opt-out, at over 400 airports within the next few years.

A report by airport technology vendor SITA which surveyed hundreds of airlines and airports showed that 90% of airports worldwide are investing in biometric identification technologies. Given the technological capacity of the US and the enthusiasm of federal law enforcement, there is little reason to think that US airports would deviate too far from this figure.

What does this portend for the privacy of US air travelers? For one thing, it’s worth considering that the fact that the TSA regards face scans as equivalent to presenting ID illustrates how invasive the technology is. The difference is that you can choose to present your ID or not, whereas there’s no hiding your face at major transit hubs. For the moment, these cameras are posted at security lines, not ubiquitous throughout the airport. But this could easily change, as it’s just a matter of equipping existing camera infrastructure (such as CCTV networks) with the right software add-on.

It is a virtual certainty that “convenience” will continue to serve as proponents’ leading rationale for facial recognition expansion. Convenience has always been how citizens are inveigled to forfeit their privacy—or rather, the inconvenience associated with retaining privacy. It’s inconvenient to limit social media usage, connect to a VPN for web browsing, or convince your friends to install secure messaging apps.

Depending on how aggressively the TSA wants to push facial recognition, this could take the form of more extensive, invasive, and longer screening for those opting out of facial recognition security identification. To imagine how that might play out, look no further than the onerous process of opting out of the TSA’s body scanner, resulting in a public pat-down. If enough Americans submit to facial recognition screening, citizens could be flagged for not participating. This is how encryption was viewed before the Snowden disclosures drove its adoption: if you were using encryption, you and your activities were suspect, as you stood out from the masses who didn’t. Eventually the TSA could outright mandate it. An executive director at TSA stated that she had higher confidence in machines to recognize faces than in her own agency’s officers—this line of argument could support mandatory facial recognition from a purely utilitarian standpoint.

Given how airport facial recognition is currently constituted, what recourse do travelers have? First, it’s worth examining these agencies’ stated policies. Figures within CBP have made assurances that photos for facial recognition are deleted within 12 hours of use. But how can this be verified? Flimsy promises like this underscore Edward Snowden’s important distinction between privacy by policy and privacy by design. There are no technical controls precluding abuse, just a policy which agency analysts may or may not follow. More importantly, the US intelligence community playing word games and abusing loopholes. An example is James Clapper’s statement before Congress that the National Security Agency (NSA) did “not wittingly” “collect” Americans’ data because the agency defined “collect” as analyzing data which their many surveillance devices already intercepted. Just because photos are deleted from CBP in 12 hours doesn’t mean they aren’t copied to another agency’s system within that timeframe. This is exactly how the FBI has the faces of millions of American adults.

Contracts with private companies are another hurdle. Unlike the government, to whom citizens may submit Freedom of Information Act (FOIA) requests, there’s no practical way to audit corporations. In fact, many times the government will parry FOIA requests with the excuse that they would reveal these very vendors’ trade secrets. There is, by now, a long publicly available history of the government farming out surveillance to private companies that aren’t bound by nuisances like the Bill of Rights.

Civil libertarians are not taking the prospect of rampant facial recognition lying down. The ACLU expressed concerns over the potential to track the locations of every traveler who uses the technology. Indeed, if enough US airports use the tech, and the government ingests facial recognition data into a centralized repository, then it could easily track citizens’ whereabouts. All reference photos taken for biometric authentication have times and locations associated with them, so if these are put together over time, travelers can be tracked even if they don’t carry a phone.And all of these photos and associated data go straight to the federal government without a search warrant anywhere in the process. This technique takes advantage of the legal classification of airports and other “border areas” as privacy-free zones.

Some lawmakers are also taking action. The Traveler Privacy Protection Act, which the ACLU is pushing for, would shut down the TSA’s current airport facial recognition program and require express Congressional approval before the agency could start a new one.

Given the appeal to traveler convenience and the rapid investment in airport facial recognition, civil liberties advocates face an uphill battle. However, now is precisely the time when action will have the most impact, before facial recognition becomes commonplace and Americans resigned to it.

You can read the full article from DNYUZ here.