The “PreCheck” program is billed as a convenient service to allow U.S. travelers to “speed through security” at airports. However, the latest proposal released by the Transportation Security Administration (TSA) reveals the Department of Homeland Security’s greater underlying plan to collect face images and iris scans on a nationwide scale. DHS’s programs will become a massive violation of privacy that could serve as a gateway to the collection of biometric data to identify and track every traveler at every airport and border crossing in the country.

Currently TSA collects fingerprints as part of its application process for people who want to apply for PreCheck. So far, TSA hasn’t used those prints for anything besides the mandatory background check that’s part of the process. But this summer, TSA ran a pilot program at Atlanta’s Hartsfield-Jackson Airport and at Denver International Airport that used those prints and a contactless fingerprint reader to verify the identity of PreCheck-approved travelers at security checkpoints at both airports. Now TSA wants to roll out this program to airports across the country and expand it to encompass face recognition, iris scans, and other biometrics as well.

From Pilot Program to National Policy

While this latest plan is limited to the more than 5-million Americans who have chosen to apply for PreCheck, it appears to be part of a broader push within the Department of Homeland Security (DHS) to expand its collection and use of biometrics throughout its sub-agencies. For example, in pilot programs in Georgia and Arizona last year, Customs and Border Protection (CBP) used face recognition to capture pictures of travelers boarding a flight out of the country and walking across a U.S. land border and compared those pictures to previous recorded photos from passports, visas, and “other DHS encounters.” In the Privacy Impact Assessments (PIAs) for those pilot programs, CBP said that, although it would collect face recognition images of all travelers, it would delete any data associated with U.S. citizens. But what began as DHS’s biometric travel screening of foreign citizens morphed, without congressional authorization, into screening of U.S. citizens, too. Now the agency plans to roll out the program to other border crossings, and it says it will retain photos of U.S. citizens and lawful permanent residents for two weeks and information about their travel for 15 years. It retains data on “non-immigrant aliens” for 75 years.

CBP has stated in PIAs that these biometric programs would be limited to international flights. However, over the summer, we learned CBP wants to vastly expand its program to cover domestic flights as well. It wants to create a “biometric” pathway that would use face recognition to track all travelers—including U.S. citizens—through airports from check-in, through security, into airport lounges, and onto flights. And it wants to partner with commercial airlines and airports to do just that.

Congress seems poised to provide both TSA and CBP with the statutory authority to support these plans. As we noted in earlier blog posts, the “Building America’s Trust” Act would require the Department of Homeland Security (DHS) to collect biometric information from all people who exit the U.S., including U.S. and foreign citizens. And the TSA Modernization Act, introduced earlier this fall, includes a provision that would allow the agencies to deploy “biometric technology at checkpoints, screening lanes, bag drop and boarding areas, and other areas where such deployment would enhance security and facilitate passenger movement.” The Senate Commerce Committee approved the TSA bill in October.

DHS Data in the Hands of Third Parties

These agencies aren’t just collecting biometrics for their own use; they are also sharing them with other agencies like the FBI and with “private partners” to be used in ways that should concern travelers. For example, TSA’s PreCheck program has already expanded outside the airport context. The vendor for PreCheck, a company called Idemia (formerly MorphoTrust), now offers expedited entry for PreCheck-approved travelers at concerts and stadiums across the country. Idemia says it will equip stadiums with biometric-based technology, not just for security, but also “to assist in fan experience.” Adding face recognition would allow Idemia to track fans as they move throughout the stadium, just as another company, NEC, is already doing at a professional soccer stadium in Medellin, Columbia and at an LPGA championship event in California earlier this year.

CBP is also exchanging our data with private companies. As part of CBP’s “Traveler Verification Service,” it will partner with commercial airlines and airport authorities to get access to the facial images of travelers that those non-government partners collect “as part of their business processes.” These partners can then access CBP’s system to verify travelers as part of the airplane boarding process, potentially doing away with boarding passes altogether. As we saw earlier this year, several airlines are already planning to implement their own face recognition services to check bags, and some, like Jet Blue, are already partnering with CBP to implement face recognition for airplane boarding.

The Threat to Privacy and Our Freedom to Travel

We cannot overstate how big a change this will be in how the federal government regulates and tracks our movements or the huge impact this will have on privacy and on our constitutional “right to travel” and right to anonymous association with others. Even as late as May 2017, CBP recognized that its power to verify the identification of travelers was limited to those entering or leaving the country. But the TSA Modernization Act would allow CBP and TSA to collect any biometrics they want from all travelers—international and domestic—wherever they are in the airport. That’s a big change and one we shouldn’t take lightly. Private implementation of face recognition at airports only makes this more ominous.

All Americans should be concerned about these proposals because the data collected—your fingerprint, the image of your face, and the scan of your iris—will be stored in FBI and DHS databases and will be searched again and again for immigration, law enforcement, and intelligence checks, including checks against latent prints associated with unsolved crimes.

That creates a risk that individuals will be implicated for crimes and immigration violations they didn’t commit. These systems are notoriously inaccurate and contain out-of-date information, which poses a risk to all Americans. However, due to the fact that immigrants and people of color are disproportionately represented in criminal and immigration databases, and that face recognition systems are less capable of identifying people of color, women, and young people, the weight of these inaccuracies will fall disproportionately on them.

This vast data collection will also create a huge security risk. As we saw with the 2015 Office of Personnel Management data breach and the 2017 Equifax breach, no government agency or private company is capable of fully protecting your private and sensitive information. But losing your social security or credit card numbers to fraud is nothing compared to losing your biometrics. While you can change those numbers, you can’t easily change your face.

Join EFF in speaking out against these proposals by emailing your senator and filing a comment opposing TSA’s plan today.

Take Action

No Airport Biometric Surveillance