At some airports, your face is your ID. Is your privacy at risk? |

At some airports, your face is your ID. Is your privacy at risk?

At airports across the U.S., travelers are beginning to encounter biometric screening technology, including facial recognition.

Every day in airports across America, travelers confront facial recognition technology.

It probably saves time. Federal officials say it’s making us safer. And for the millions whose mobile phones already recognize faces, this would seem nothing new.

But how does old-fashioned privacy square with all these head shots and database comparisons? Where does the data go? What happens if you say no?

These and other questions arise as government and industry leaders embrace biometric measures — especially facial recognition — and many privacy advocates resist.

Some travelers’ questions are easy to answer. Others, not so much.

Q. Who’s in charge?

A. The Department of Homeland Security’s U.S. Customs and Border Protection unit is leading the charge, promoting the technology as “the ideal technology path to a more seamless travel experience.” And President Trump added urgency with a 2017 order that called for security officials to make biometrics a priority.

Meanwhile, the Transportation Security Administration, another Homeland Security agency, has been collaborating with CBP on biometrics and has set a series of goals.

One is face-scanning travelers in TSA Precheck lines (and integrating that data with fingerprints). Another is face-scanning more domestic travelers (on a voluntary basis) and perhaps integrating that data with driver’s license data by way of Homeland Security’s REAL ID program.

How fast is this moving? In an April report, Homeland Security officials said that within four years, they intend to scan the faces of 97% of passengers, including U.S. citizens and foreign nationals, on outbound international flights.

A CBP spokesperson said Aug. 14 that the agency already has scanned the faces of more than 25 million passengers, apprehended 180 impostors and confirmed that more than 20,000 travelers had overstayed their visas.

Meanwhile, Britain, China, Singapore, Malaysia and the United Arab Emirates are exploring biometrics, and many airlines see this as a chance to speed operations. Among the U.S. carriers working with CBP: American, Delta, JetBlue and United.

One recent report predicted the facial recognition market worldwide would grow from $3.2 billion in sales in 2019 to $7 billion in 2024.

Q. How does facial recognition work?

A. Passengers submit to a photo at a gate or security checkpoint instead of showing a passport or boarding pass.

Authorities access encrypted cloud data, then compare the fresh image against existing images in government databases. If no match materializes, airlines or CBP officials ask for ID or run checks with more government sources.

CBP officials say the process takes just under two seconds per person, with an accuracy rate of more than 97%.

Airlines and airports often buy the cameras that take the photos, then link the resulting images to CBP’s biometric matching service (which relies on a “matching engine” from NEC Corp.). Airlines, airports and the TSA can access that matching service at check-in, bag drop, security checkpoints or boarding, the CBP spokesperson said.

Q. What happens to these new photos?

A. CBP says that “all photos of U.S. citizens are deleted within 12 hours of identity verification.” Images of noncitizens may be retained longer, even up to 75 years, depending on circumstances.

The CBP noted in a report last year that “an approved partner may collect photos of travelers using its own equipment under its own separate business process for commercial purposes.”

Q. What if I say no?

A. The CBP and TSA say that U.S. citizens have that right and that airport authorities should be ready to process travelers the old-fashioned way. (Some noncitizens can say no, but for many it’s required. For details, check CBP’s FAQs.)

CBP said it has not tracked the number of travelers opting out. The Electronic Frontier Foundation, a foe of facial recognition, warns that many travelers may not realize that they can say no.

Q. How many U.S. airports are doing it?

In an Aug. 14 email, a CBP spokesperson reported ongoing biometric exit operations (including facial recognition) at 22 U.S. airports.

The agency also is doing biometric entry processing at 11 U.S. airports and at airports in Abu Dhabi, Aruba and Dublin and Shannon, Ireland, that send travelers to the U.S. CBP is also scanning at three seaports in Florida and one in New Jersey. CBP location lists can be seen at

Q. What do critics say?

A. Many warn that Customs and Border Protection technology is dangerously fallible, that facial recognition software elsewhere has delivered inaccurate results and that this new approach could undercut civil liberties. In San Francisco and Somerville, Mass., city councils have banned their police from using facial recognition software.

In Washington, U.S. Sens. Edward J. Markey, D-Mass., and Mike Lee, R-Utah, wrote a letter July 26 calling for greater transparency, warning of data leaks and asking why Homeland Security has failed to release a biometrics report that was due July 2.

“American travelers deserve to fully understand exactly who has access to their biometric data, how long their data will be held, how their information will be safeguarded, and how they can opt out of this data collection altogether,” Markey and Lee wrote.

The CBP spokesperson said Aug. 14 that Homeland Security’s biometric program report “is in the internal review process.”

Fight for the Future, a privacy advocacy group, has launched a campaign calling for travelers to avoid airlines that use the technology.

Categories: Lifestyles | Travel
TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.