Your boarding pass and driver’s license could be replaced by your biometric data in the not-too-distant future.
Instead of handing your boarding pass and ID to a TSA agent, you could be placing two fingerprints on a scanner to be recognized.
Travelers would be photographed and their images searched against a C&BP database of passport and other photos.
Last year, Delta bought a 5% ownership stake in the biometric security company CLEAR – a New York firm that sells expedited security screening for $179 a year to travelers who have their fingerprints and retinas scanned.
In the past, CLEAR has encouraged the move to outsource government citizen data. It was also the company that had a widely-publicized incident in which an employee misplaced a laptop computer with biometric data of over 30,000 members stored on it at San Francisco International Airport.
Your face is changing how you move through the airport
We have expressed concern in the past about the gathering of personal data at airports, but in this post-Snowden surveillance era, insufficient attention has been given to air passengers and the onslaught to their digital privacy.
The theory is that flyers already use mobile boarding passes on their phone – but these new programs would render those obsolete too – as the airlines seek to reduce employees, and government agencies increase security.
Considering this flood of data presents enormous opportunities for abuse, we spoke with cybersecurity and wireless technology expert Scott Schober – who is also author of Hacked Again and the president/CEO of Berkeley Varitronics Systems, Inc.
What would you say are some unfavorable aspects to passengers giving their biometric data to the airlines or a vendor they contract out to?
I am not a fan of Biometrics as the only form of authentication. Biometrics, when properly used, stored and encrypted are extremely secure. Right now they are an additional level of security kind of like two-factor authentication and when used as a secondary authenticator they are very effective.
What kind of abuse of personal data could occur? Could personal data be bought and sold? Could the credit report agencies get access?
The agencies that directly collect and analyze this data would be unlikely to abuse it themselves, but what happens if/when they are compromised? When one recalls the OPM (Office of Personnel Management) had 5.6 million government employee fingerprints compromised. It’s not far-fetched to worry about more large biometric breaches. No one is certain where this data could end up but hackers tend to sell such stolen information anonymously on the Dark Web.
Could something that starts out as voluntary, become involuntary when enough opt-in?
Most people will always trade convenience for security. I travel often and it is a pain to disrobe, remove shoes, phone, wallet etc. for TSA to scan and look for a possible threat. So it instantly becomes attractive to get through security quicker by a quick scan of one’s fingerprint or iris.
Although many (myself included) would be hesitant when they realize that data may be handled without end-to-end encryption or require remote access to many individuals. When I consider some worst case scenarios, it’s easier for me to choose security over convenience and stand in a long line at a security check point.
For another take on the subject, we consulted a Mr. Benjamin Franklin of Philadelphia, who said: “Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety”.