You Can't Have it Both Ways

It should be pretty obvious to readers from my previous posts that I’m a technologist who is often an early adopter. I also believe in encryption, secure architecture and I believe people have some rights to privacy, within limits. What I don’t subscribe to though is the idea that you can somehow opt out of required authentication mechanisms if you are going to consume a service from an entity (regardless of whether it is a private or government entity). If the provider of the service is creating a safe environment for your privacy (not using it for purposes other than intended, not sharing it in an unauthorized manner etc.) through the introduction of NextGen technologies, you should follow the methodology that they provide and require if you want to consume their service.

In an article on the use of facial recognition by the Transportation Security Administration (TSA), NextGov.com describes how the technology is implemented to support user screening by matching photo IDs with facial biometrics at airport checkpoints to securely speed along the travel process. Once the process is complete the imagery is overwritten. The rollout is the TSA’s proactive methodology for implementing technology into the delivery of government services and is in alignment with the White House’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.

The TSA gives travelers the opportunity to opt out of facial recognition during the security check-in process, a step I find to be extremely generous. This won’t always be the case though. According to the Verge, at a South By Southwest (SXSW) Fireside Chat in 2023, TSA Administrator David Pekoske outlined the TSA’s plan to eventually require biometrics to fly. (Audio). My point of view (and thus the title of this article) is that if a user is consuming a service (in this case boarding an airplane) then they don’t get to opt out of more secure, efficient and effective means of delivering that service. You can’t have it both ways. So, I’m happy to see the trend of requiring it eventually.

Congress doesn’t seem to agree though and some Congressional members even went so far as to introduce legislation in November 2023…

that would require the agency to end its use of facial recognition “within three months” of the bill’s passage and would require it to receive congressional approval before deploying the technology in the future.

…because Congress is so much better equipped to decide. Uh huh. As it turns out, the Senator from Oregon is one of those on the legislation who refused to have his picture taken, and even though the Washington Post attempts to sensationalize the experience with their article titled, “You can say no to a TSA face scan. But even a senator had trouble.” they then go on to say in their own article:

When Merkley said no to the face scan at Washington’s Reagan National Airport, he was told it would cause a significant delay, a spokeswoman for the senator said.

There was no delay. The spokeswoman said the senator showed his photo ID to the TSA agent and cleared security.

In a separate discussion on the use of facial biometrics, NextGov.com also talks about the Government Services Administration (GSA) value-added use of face verification as part of its Login.gov website which acts as a portal to scores of other government agencies. In their article there is pushback described once again on its use:

Still, the government’s use of biometrics for online identity verification has been contested at times due to concerns about bias, privacy ramifications and more.

Even though facial biometrics are being employed to identify and match someone to a presented ID for the sole purpose of consuming a service. We’re not talking about scanning someone walking down the street then notifying the police because they are a certain race or look suspicious, or passing the biometrics around between agencies and using them for purposes other than intended. In those cases I absolutely can see where detractors might have an issue (Though I still don’t necessarily wholeheartedly agree with them, I have more empathy for their objections in those cases).

What’s interesting is that as of Fall 2023 Clear had 17 million registered users, and as of late 2022 Customs and Border Patrol (CBP) says there were at least 10 million, Trusted Travelers, all who have previously provided personal data and biometrics to either a public company or the government in order to bypass the regular airport lines. Not to mention the likely hundreds of thousands (if not millions) of travelers who use programs like Delta’s Digital ID to quickly transit airports.

I could go on, reminding readers about the article on my use of Amazon One, which uses biometrics at Whole Foods to buy groceries, but I think it’s become very clear by this point that I am a proponent for this type of technological evolution when implemented properly. There will always be some issues and some detractors, but in this case, I think the TSA has done it right. I’m open to a friendly discussion though and would love to hear your viewpoints.

If you do respond as soon as this drops my counter response shouldn’t take too long as I’m about to go through airport security, using Clear, so I should only be a couple minutes even though it’s rush hour.

Footnote: Just cleared TSA security at BWI and yes they have TSA facial scanning there, and no I didn’t feel violated by allowing the agent to briefly have a digital version of the picture on my Driver License that she already held.