In Dublin Airport, the choice at passport control in the Terminal Two arrivals hall was obvious at a glance.
Passengers could select to go with the new facial scanning gates on the left, with fewer than a dozen people per automated barrier. Or, they could file into a serpentine queue of travellers on the right, shuffling slowly towards the traditional booths, staffed by a person.
The trade-off for my fellow flyers was handing over their face in return for faster access to the luggage carousels. After a wearying transatlantic flight, offering up biometric data for a shorter wait easily appeals.
When I encountered Dublin’s new facial recognition gates in July, it was my third run-in with biometric identification technology in as many weeks. I was nearly an old hand at being surveilled, having gazed at the scanning cameras in Frankfurt and Munich’s airports on earlier work trips.
These new biometric databases are shared among a range of government agencies internationally, with mission creep
It’s travel but with added creepiness. The moment when you lock gaze with the camera and it plots your displayed face is disconcerting. So is the flash of light signalling the opening of the gates once you have been identified and deemed harmless.
When it works there’s no question that there’s an efficiency gain. In the German airports, there was barely a wait to get through passport control, despite the summer season heading into full swing.
What’s the trade-off? On the face of it – pun intended – the deal seems attractive. A quick scan and you’re through the gates.
But the technology is beginning to raise some public alarm, because biometric data is among the most sensitive that can be compiled about you. Like a fingerprint or iris scan, your facial contours are a permanent identifier.
Mission creep
These new biometric databases are shared among a range of government agencies internationally, with mission creep. For example, the EU now has the Common Identity Repository, a database that brings together a variety of biometric data held in systems used by law enforcement, border control and immigration agencies.
UK privacy advocates Statewatch noted last year how this system morphed from basic interconnection to broader interoperability, then approval this year for a vast database.
However, travellers are not just encountering facial recognition as a border security technology. Airports and airlines have moved to the front line in commercial adoption of the technology, used in lieu of having an agent check your boarding card.
Airlines say planes board about 10 minutes faster, and that scans are more accurate than agents at matching a face to an identity document. They also say that, right now, data is not retained (as opposed to government scans, which in the US go into a database for 75 years).
Airlines and airports note that the scanning process is optional. Passengers can ask to have a human check their ID
If you have travelled to the US recently, you are in such a database now). But there’s little preventing businesses doing other things with that data in future. And again: there’s the question of security.
If hacked, such biometric data constitutes the grandest of all identity thefts. You can have a stolen credit card number reissued, but you can’t reissue your face. Experts say biometric data is collected using a variety of technologies, and likewise, stored and managed in disparate ways, with little security regulation.
This week, a significant breach was found in a biometric database used internationally by banks, defence firms and law enforcement. Researchers discovered data was "unprotected and mostly unencrypted".
Scanning ‘optional’
Airlines and airports note that the scanning process is optional. Passengers can ask to have a human check their ID. But “consent” is de facto assumed, and passengers have to opt out. Many don’t know there’s an option, and don’t understand the potential implications of having their face go into a government, much less a corporate, database.
Many will simply see long queues and a “choice” that becomes harder to ignore, as airport congestion increases.
As Massachusetts congressman Stephen F Lynch told a US Transportation Security Administration official at a congressional hearing into facial recognition in June, that "choice" is hardly "voluntary" for tired travellers.
“You can either surrender your right to anonymity and wait in the long line, or you can give up your Fourth Amendment [privacy] rights and go in the quick line.”
And that’s how such sensitive databases – full of all of us, rather than just actual known criminals, a major shift in global policy – are so easily compiled. Governments and private industry present the “choice” as trivial and beneficial. The end result is the kind of detailed, permanent profiling of citizens that once was the dystopian vision of the worst surveillance societies – rebranded as a travel perk.