The U.S. Transportation Safety Administration (TSA) has adopted facial recognition scanning systems at 16 major airports around the U.S. and is planning to bring these scanning systems to airports around the country in 2023. The technology raises questions and concerns about individual privacy and how the use of the technology will expand over time.
The Washington Post first reported the TSA has been quietly testing facial recognition scanners that scan a traveler’s ID and compares it against a live scan of that traveler’s face in an airport security line. The facial recognition systems won’t easily be fooled by changes in hair style or facial hair, but the TSA will still post human agents to double check the machine scans.
The TSA also said the facial recognition plan it’s currently working with entails immediately discarding the photo scan after the individual passenger has been verified.
“The scanning and match is made and immediately overwritten at the Travel Document Checker podium,” said Jason Lim, who helps run the TSA’s facial recognition program. “We keep neither the live photo nor the photo of the ID.”
Despite saying the facial recognition scans are immediately discarded, the Washington Post reported the TSA has acknowledge retaining scan data for up to 24 months to evaluate the effectiveness of the scanning systems.
Furthermore, the TSA’s interests in facial recognition technology are not limited to just this particular system that scans and compares a traveler’s ID and live photo. The agency is testing out another system where travelers don’t even have to present their ID because the system can simply scan a live image of their face and compare it to an existing government database of passport photos.
In his interview with the Washington Post, Lim said none of the facial recognition systems the TSA is rolling out are mandated.
“Those who do not feel comfortable will still have to present their ID — but they can tell the officer that they do not want their photo taken, and the officer will turn off the live camera,” Lim said.
The TSA should also have signs posted informing travelers of their right to refuse having their face scanned.
Albert Fox Cahn, who founded the Surveillance Technology Oversight Project (STOP), was more skeptical of Lim’s claims that travelers could maintain their privacy rights.
“What we often see with these biometric programs is they are only optional in the introductory phases — and over time we see them becoming standardized and nationalized and eventually compulsory,” Cahn told the Washington Post. “There is no place more coercive to ask people for their consent than an airport.”
Even if the TSA doesn’t gradually turn these programs from optional to mandatory, a system that stores facial recognition data could be hacked. Those who trust the TSA with their biometric data may be less comfortable with that same data falling in the hands of hackers.
The TSA says all of its databases are encrypted to protect against hacks, but government databases have been hacked in the past. The Department of Homeland Security (DHS) — which oversees the TSA — has already seen a database with travelers’ photos and license plates hacked.