Hey privacy community! A few weeks back I’ve seen an article posted here or in some other tech community about TSA rolling out biometric ID process in some US airports, that involved taking a face scan.

I had an international flight planned and I wouldn’t want to go through biometric ID, but I was anxious of potential delay and having to explain myself to TSA agents. I also convinced my wife to opt out, which could potentially double the delay.

So for the folks who may have the same concerns, I’d like to share my experience.

I went on my flight a few days back from Newark International Airport (EWR). We went through security check in new Terminal A. At the beginning of the security line there were a few clearly visible posters about biometric ID with opt out information. To opt out you just need to tell TSA agent that you don’t want your photo to be taken. The poster also says that you will not lose your place in line if you opt out. Same posters are on each agent desk.

The scanning machine is on every agent’s desk, next to the opt out posters. It has a screen, about 8", with something that looks like a set of stereo lenses on top of it. The screen shows the live feed of the person in front of it during scanning process, with a template of a face that helps to properly position it. The scanning process seems to be very quick.

Now, for the opt out - it is indeed as easy and seamless as they claim. I asked the agent to not take my picture, he just said OK and asked me for my passport. The scanning machine didn’t turn on. He scanned my passport and gave it back, and I was done, no questions asked.

Actually, I noticed that people who had their faces scanned also had to hand passports over. So they had to spend more time with the agent than I. I assume because it was their first time through this biometric collection and next time they just scan their face again and that’s it.

And while I was pleased how easy it was for me and my family to opt out of this, in my opinion, completely unnecessary privacy invasion, I have not observed any other person (out of maybe 100 who passed before me) who did the same. Unfortunately, we know here how easily and thoughtless people give away yet another piece of their personal data. In this case, the data that can be used next time to ID people via video surveillance without any consent.

  • TheButtonJustSpins@infosec.pub
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 months ago

    The machines haven’t worked for me, so I just started opting out immediately as well, since that ends up being much faster. I don’t understand the point of this.

    • GreenKnight23@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      2 months ago

      it’s a data collection point.

      can’t scan AI recognition on your passport, so they get your consent this way and with an updated photo.

      it’s the only thing that makes sense if they’re taking photos and checking passports.

      • delirious_owl@discuss.online
        link
        fedilink
        arrow-up
        2
        ·
        2 months ago

        I think they do collect facial recognition data on passports, yes. And State IDs.

        Not from the identity document directly, but from the digitized photo that you submitted when you asked to create the document

        • GreenKnight23@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          2 months ago

          the government does, and what they do with it is harshly regulated.

          the TSA is part of DHS but operates outside of DHS and can do whatever it wants with your information if you give it freely. it’s one of the reasons how that facial recognition apparatus works. it was developed by a contractor to USDOD and delivered to DHS for the TSA to use on the public.

          DHS cannot investigate the general public without probable cause, TSA can. so what information they gleam from the general public is then shared with DHS, DOD, and sold back to the contractor as a part of the delivered contract. what they do with it afterwards is entirely up to them.

          both accepting and rejecting the scan is harmful to your privacy. by accepting you are now indexed in a database and that information can be used in multiple government sanctioned investigations. by rejecting it, you are flagged as a concern and your profile is then processed through and algorithm to identify your threat level.

          the TSA are doing more than just looking at your passport when you reject. they’re waiting on that threat level response to identify if you should be taken for further questioning.