Sign up for the Today newsletter
Get everything you need to know to start your day, delivered right to your inbox every morning.
You can now pass through TSA PreCheck at Logan using only your face. Should that make us nervous?
To some electronic privacy and civil liberties advocates, TSA’s facial recognition expansion comes as more of a dystopian omen than a cutting-edge marvel.
Smile! You’re on camera — and TSA is watching.
The Transportation Security Administration launched a new biometric system at Boston Logan Airport earlier this year, allowing TSA PreCheck flyers to verify their identity and pass through security showing only their face.
Now available in Logan Airport Terminals A, B, and E, the voluntary “Touchless ID” program swaps physical IDs or boarding passes for facial comparison technology, something proponents say could reduce wait times and offer a more seamless airport experience.
Logan Airport:
“Passengers simply look into a camera at a dedicated lane, where their live photo is securely matched against their stored passport,” according to a Jan. 20 TSA press release. The opt-in program requires an active profile with a participating airline, plus valid passport information on file.
Advertisement:
TSA has said it will bring Touchless ID to 65 airports this spring, including Connecticut’s Bradley International Airport and Rhode Island T.F. Green International Airport by late March.
Bob Allison, TSA’s federal security director for Massachusetts, hailed the “cutting-edge option” in a January statement, adding, “Bringing TSA PreCheck Touchless ID to Boston Logan marks another step forward in modernizing airport security and improving the passenger journey.”
But to some electronic privacy and civil liberties advocates, the expansion of Touchless ID and TSA facial recognition technology comes as more of a dystopian omen than a cutting-edge marvel.
Advertisement:
According to Kade Crockford, director of technology and justice programs at the ACLU of Massachusetts, widespread adoption of facial recognition in consumer spaces is particularly concerning “because it contributes to the normalization of constant mass surveillance.”
They added: “I think it’s super important for people to take a step back and reflect that all of this is for a system that, in the best case scenario, might save someone 30 seconds at the boarding gate.”
How does it work?
For TSA, the use of facial recognition technology is more than a decade in the making. Flyers may already be familiar with so-called “one-to-one” facial recognition, which takes a live photo at the security checkpoint and compares it to the photo on a traveler’s passport or REAL ID.
TSA maintains that these photos are not used for surveillance or law enforcement and says it does not store or save images following a positive match. Travelers can also opt-out of having their photo taken and go through an alternate process that does not use facial recognition — something Crockford strongly encourages.
“The more people who say no, the better,” they explained. “Because if everybody sort of just goes along and hands over their biometric data to TSA, to [the Department of Homeland Security], every time they fly, the government is going to get the sense that people don’t care about their privacy and they can do whatever they want with our personal information.”
Advertisement:
Touchless ID — a “one-to-many” facial recognition program — compares a flyer’s security checkpoint photo “against a gallery of templates of pre-staged photos that the passenger previously provided to the government (e.g., U.S. Passport or Visa),” according to TSA. The agency has also said it deletes travelers’ Touchless ID information within 24 hours of their scheduled departure time.
What are the concerns?
But according to Crockford, TSA’s data protection assurances may be worth little in the long run.
“Currently, there are no statutory protections governing the TSA collection or use of our sensitive personal information, like biometrics,” they pointed out. “So the lack of legal protections would obviously be alarming in the best of times, but it’s especially alarming right now, and that is because this [presidential] administration cannot be trusted, period.”
They pointed to recent reports that the Trump administration revoked a Minnesota woman’s Global Entry and TSA PreCheck privileges after a U.S. Immigration and Customs Enforcement agent she was observing purportedly identified her using facial recognition technology.
“When this federal government tells the public, ‘Oh, don’t worry, the information that we’re collecting for this program won’t be used for law enforcement or surveillance purposes,’ consumers have zero reason to trust them,” Crockford argued.
Advertisement:
And without clear regulations to set facial recognition safeguards in stone, Crockford said they’re also concerned the TSA could shift its goalposts.
“Oftentimes, people will eagerly participate in a program like this, say, during the Obama administration — maybe you trusted the government,” Crockford explained. “The problem is that without laws, enforceable laws to ensure that information cannot be misused or abused, … it’s so easy for administrations to change the way that they handle these types of programs and the way that they use these types of data.”
Digital rights activists and advocates with the ACLU, Electronic Privacy Information Center, Fight for the Future, and Project on Government Oversight have thrown their weight behind the Traveler Privacy Protection Act, a pending bill that would impose limitations on what TSA can do with the data it collects through facial recognition.
In a 2025 report, the U.S. Privacy and Civil Liberties Oversight Board acknowledged lingering concerns about facial recognition technology, including its potential use for surveillance in public spaces. However, the board ultimately found that those risks were “significantly mitigated” in TSA’s existing facial recognition program.
Still, staffers also recommended TSA and U.S. Customs and Border Protection “continue to make efforts to implement policy, operational, and technical protections against data loss or misuse.”
After all, biometric data theft isn’t a hypothetical; in 2019, a cyberattack on a Customs and Border Protection subcontractor resulted in about 184,000 traveler images appearing on the dark web. And in 2015, hackers stole the fingerprints of 5.6 million federal employees.
Advertisement:
As Crockford noted, the stakes are incredibly high when biometrics — including travelers’ faces — are on the line.
“Most of us don’t have facial surgeries — I can’t say that’s true about all of us; I watch reality TV — but most of us don’t do that and are not going to do that,” they said. “While we can change our login credentials to a website if that website’s database is hacked, we can’t so easily change our faces, and most of us are not going to do that.”
To comment, please create a screen name in your profile
To comment, please verify your email address
Conversation
This discussion has ended. Please join elsewhere on Boston.com