The Biggest Myths About TSA's Biometric ID Technology

Despite living in a thoroughly technology-filled world, lots of tech seems magical or mystical because folks don't know how it works. This is especially true for new tech, which always yields new suspicions and fears, particularly when tech seems invasive, compulsory, or like it compromises privacy. Such is the case for the Transportation Security Administration's (TSA) biometric verification rollout, which has inspired the full gamut of worries and freakouts amongst the general public.  

In general, biometric verification includes any number of unique biological identification markers like voice patterns, iris composition, fingerprints and hand patterns, and even DNA. The TSA's biometric verification, however, focuses on only one biometric: facial verification, where software compares your face to the face in the photo on your ID. This method of biometric verification hit a limited number of U.S. airports in 2019 and swiftly rose to 238 total airports as of the time of writing. As for the purpose behind this new tech, the TSA says they're trying to do what everyone has always wanted airports to do: be faster and less annoying. The TSA has also implemented automated screening lanes in many airports to this end. And, the TSA wants to do so while safeguarding privacy and civil rights.

In the end, every single widespread myth regarding biometric verification is false. No, your biometrics data can't be stolen. No, the use of biometric identification at airports isn't mandatory. No, biometric identification isn't an insidious example of Big Brother overreach. and is, in fact, regulated in most states. No, biometric identification isn't used to profile or deport people. And no, biometric identification doesn't have a high rate of false positives — although it isn't 100% foolproof either because, well, nothing is.  

No one wants to be told what to do — this is as close to a universal human truism as we can get. Being given options and making it clear that you have a choice? That's fine. But because mistrust tends to run high in the face of new, seemingly invasive procedures, policies, and tech, it's easy to jump the gun and come to conclusions that aren't true. And so we come a prominent myth regarding the TSA's biometric verification tech: It's mandatory. 

The TSA has been open about this particular myth, likely anticipating how the public might respond. As the TSA states in a biometric mythbusters fact sheet, "Participation in the testing of biometrics technology is voluntary. Passengers may notify a TSA officer if they do not wish to participate and will go through the standard ID verification process." The TSA mentions "testing" because the current rollout is part of an initial biometrics evaluation phase. In fact, facial verification is called "verification" because users — airport guests, in this case — must verify the process and consent to it in a voluntary way.  

Those who opt of facial recognition measures will undergo the same, time-honored identification verification process of having a person stare at your passport or driver's license and then compare it to your face. And of course, a TSA agent can always ask additional questions or cross-reference data with other documents, as we're all used to.

Part of the confusion and discontent surrounding the TSA's biometric verification likely stems from the word, "biometric." As stated, the TSA's use of biometrics is limited to facial verification, which involves a camera taking a photo and comparing it to the photo on your ID. Provided you haven't swapped faces with your buddy since getting your photo taken, you should be good to go. That being said, facial identification — checking your face via live video feed rather than via photo — is currently in the works for people enrolled in TSA PreCheck Application and CBP Global Entry Programs. And as some people already know, PreCheck can already make things much faster, provided that you use your Known Traveler Number (KTN). 

All this is to say: Your TSA-scanned biometric data can't be stolen because your face can't be stolen. Unlike "Mission Impossible" movies, there are no rubber mask creation kits to make printed and wearable copies of your scanned face — especially because the TSA doesn't store any scanned images. Your keys, however? Or your phone, passport, wallet, bag, or all of those passwords on your computer or phone that you've been warned to change or update a hundred times? Those can be stolen. This means, contrary to whispers circulated amongst the wary, that facial recognition is inherently safe and secure, arguably more so than other forms of identification.

We've got bad news for folks worried about the TSA using biometrics to breach your privacy: Your face is already everywhere. Countless individuals post their faces and info about their lives online, every day, all the time. There's little that the TSA or any other organization couldn't know at this point that the public hasn't already supplied, or which long-standing surveillance tools like the PATRIOT Act don't cover. Nonetheless, some folks are worried that the TSA's biometric tools represents a breach of privacy, rights, and so forth. 

Although there is currently no federal law that governs the use or collection of biometric data, there are other federal laws that can reach to protect a citizen's privacy and cybersecurity, such as The Stored Communications Act (SCA), The Health Insurance Portability and Accountability Act (HIPAA), and so forth. Biometric verification is subject to regulation like any other piece of technology, although it's currently hotly debated and not all states have the same exact laws. Illinois, for instance, passed its Biometric Information Privacy Act (BIPA) way back in 2008 requiring consent on the part of a user before biometrics are collected, sold, shared, and so on. This is by no means perfect, but there is some legal precedents that can protect your rights.

But facial verification also differs from facial recognition in that the latter is the kind of CCTV, security-focused measure that actively scans and records people and their faces — unlike TSA biometric verification. Also, biometric measurement systems like facial recognition rarely connect to a central databases. Finally, and as mentioned, the TSA doesn't store biometrics used for facial verification purposes. So, if anything is going to kick off an oppressive police state full of 24-7 monitoring, it won't be TSA biometric tools.

Now we come to a sticky subject for our contemporary sociopolitical landscape that we nonetheless have to address out of good conscience and in good faith. Fears and myths about TSA biometric identification extend to fears about profiling people according to some demographic and/or potentially deporting them, as evidenced by the TSA's own FAQ addressing this issue where it writes, "TSA does not tolerate racial profiling." Not to say that it never happens, but biometrics exist solely to confirm passenger identity and to "develop requirements to automate the identify verification process for all passengers." Note that this goal refers to what we mentioned earlier, that the TSA's biometric rollout is part of an initial testing phase. Also, there's no interconnection between errors present in facial verification processes, in general, and a biometric like skin color, specifically.

In fact, there's no reason to fear being flagged by the TSA unless there's an open warrant for your arrest. In that case, the TSA can't perform any arrests, but they can pull you aside and detain you until the appropriate authorities arrive. This is why you might notice that there's sometimes a separate security person within striking distance if you're passing through airport security, immigration, customs, etc. Sometimes immigrations and customs officials can perform temporary arrests if a passport looks sketchy, but that's another issue, entirely. Also, if you try to sneak drugs or guns past the TSA, like inside crutches or a baby stroller, airport security is going to be all over you regardless of whether they're using biometric technology or not. So don't do that.

Our final fear that folks have about facial recognition is that it's prone to errors. In this scenario, a person's face gets scanned, some red lights start flashing somewhere, and there's a 50/50 chance that the person gets unjustly hauled off to some backroom before getting chucked in the slammer for some unsolved crime that someone else committed back in 1996. Thankfully, the TSA in their mythbusters fact sheet states that their facial recognition measures produce a false positive percentage (making an incorrect determination of guilt) of only 0.03%. In fact, the risk of false positives incurred during facial verification has decreased in half every year since 1993.

And even though we joked before about swapping faces with your buddy, it's at least true that the risk of false positives increases if a passenger looks dramatically different from a photo. A radically new hairstyle might throw a biometrics measurement device off, as might growing a big, bushy, Santa Claus beard. A poor quality original photo or bad lighting might muck things up, too. Then again, faces contain 80 data points that facial recognition tools analyze. This is the same type of technology employed if you unlock your phone or laptop by looking at it. And while such technology isn't perfect, it's quite good and is only going to get better. It's also not going away any time soon.