Earlier this summer, over a dozen bipartisan senators signed an amendment to the FAA reauthorization bill, calling for a pause on additional rollout of the TSA’s facial recognition technology until the program has been reviewed and approved by Congress. Though the Senate opted to pass the bill without this amendment, debate over the use of biometrics in air travel is bound to continue. TSA’s facial biometrics technology has so far been rolled out at more than 80 airports with plans to target over 400 in the coming years. It’s an exciting transition leveraging innovative technology to improve aviation security, but it also speaks to the larger issue of consumer identity security, who makes those rules, and what we must remember as biometric technology officially rolls out.
Consumers are faced with a constant trade-off when operating in today’s high-tech society. They are forced to choose between convenience or privacy and ease of use or data security. This was standard operating procedure for tech development and adoption over the past two decades, but now there is a new social contract between tech companies and consumers. Consumers aren’t willing to accept blanket risk to their privacy and data security anymore when engaging with technology, and the tech community needs to take notice. As technology advances and biometrics is intertwined with automation, artificial intelligence, data storage, and other twenty-first-century innovations, consumers are increasingly skeptical about the risk/reward trade-off.
Their misgivings around the potential misuse of biometrics technology are valid. We’ve seen companies make headlines across the globe for scrapping user images off social media sites to create a database of “identities” without individuals’ consent. Recently, the Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) was sued for failing to produce documents outlining how they share biometric and other noncitizen data with some Latin American governments. Actions like these have only worsened consumer concerns about their privacy and security.
At the same time, cybersecurity attacks and identity theft are rampant. Pausing the TSA biometric rollout could slow down the process of identity authentication for passengers, not only affecting travel convenience but also putting passengers at risk of identity fraud or theft, or more serious security threats.
Biometrics have made waves in the travel industry already, with companies folding the technology into their systems – like TSA deploying biometrics across over 80 airports in the US to create a seamless, contactless travel experience. There is no stopping this momentum and at this point, a pause would have been ineffectual and simply delayed the inevitable. Biometrics technology is here to stay, but there is still time to put guardrails and principles in place to enable informed, transparent, and secure biometric solutions for travel and aviation.
Organizations like the TSA that use and provide biometrics hold a responsibility to respect an individual’s identity and treat it with the utmost care and caution. No one’s identity should be for sale. Nor should it be collected without their explicit, informed consent. Individuals should have the power to decide how their biometrics data is used to make their lives easier and more secure.
Developers and users of biometric technology are at the forefront of the establishment of a new social contract between tech companies and consumers. The steps the industry takes today will have lasting implications both for the technology’s safety and the perception of its use by the public. The pillars in which biometrics technology should be rooted are self-evident:
- Data security and privacy are foundational
- Consent must be informed – and not buried in terms and conditions
- Transparency in how the data is stored, used and deleted is non-negotiable
If consumers are to benefit from the efficiency and security that travel biometrics provide, they must feel confident that the solutions they are entrusting their most personal features to are rooted in these principles. Fully understanding how biometrics works, the value it provides, and any potential risk it poses, is paramount to their ability to offer informed consent. Informed consent opens the door to greater transparency of how biometrics technologies are used in travel and is central to holding TSA and global airport security accountable. Only then can we begin to build back the trust eroded by companies that see identities as a commodity to buy and sell.
Trade-offs over the use of technology require a nuanced, balanced assessment based on facts as well as principles. If handled carefully and ethically, biometrics in travel can do a lot of good. Consider how it’s been leveraged in other industries for that purpose. In 2018, police in India used facial recognition technology to reunite 3,000 missing children with their families in a matter of days.
Similarly, Australia’s Crown Casino is using voluntary biometrics to help individuals with gambling problems stay out of the casino. The system monitors people entering casinos and checks their faces against a voluntary photo database of problem gamblers who have requested to be barred from specific venues. Staff is alerted to check the person’s ID when the system finds a match.
Most recently, Mastercard announced that it is doubling down on promoting its Community Pass to reach 100 million users across Africa. The Pass is a digital platform that holds a digital ID and wallet in a smart card and enables people in developing nations to access government and humanitarian services.
These types of positive use cases should be celebrated and provide a blueprint for the transparent, ethical, and knowledge-based approach to biometric authentication in travel, one that will build a strong foundation for consumer trust.