Travelers navigating through a busy airport have become accustomed to a hectic juggle of IDs and boarding passes while lugging bags through security checkpoints and boarding.
Recently, companies including Atlanta-based Delta Air Lines have been gradually adding technology to streamline the process and replace IDs and boarding passes with fingerprints and facial scans.
Delta’s latest move along the biometrics path is allowing members of its Sky Club airport lounges to enter using their fingerprints instead of a membership card or boarding pass.
As more people become accustomed to using their fingerprints or faces to use their smartphones, travelers have also become inured to the spread of biometrics in the airport.
But some privacy advocates warn that convenience could mask the risks of a world where security depends on fingerprints and facial scans.
Some passengers have been using biometrics to identify themselves at the airport. Instead of showing an ID at an airport security checkpoint, Clear members approach a kiosk and press two fingers down. Clear is a trusted traveler membership program with a tagline “No ID, no lines, no limits.”
Delta in 2016 struck a partnership with Clear and bought a 5 percent stake in the company as a critical step in a much bigger plan to build the backbone for a biometrics system and database of passengers that could transform how travelers move through the airport.
As part of the partnership, Delta is incentivizing its customers with a discount to sign up for Clear, which normally costs $179 annually but is $99 for Delta frequent fliers and free for Delta’s diamond-level elite frequent fliers. Delta and other airlines including JetBlue have also rolled out a hodgepodge of pilot programs using biometrics.
In Minneapolis, a machine with facial recognition can match Delta customers with their passport photos while they are checking their bags through self-service machines.
In Boston, JetBlue passengers have boarded international flights at a self-boarding gate with facial recognition as part of a test with U.S. Customs and Border Protection. JetBlue partnered with SITA, an air transport technology firm with U.S. headquarters in Atlanta, for the trial.
In Atlanta and New York’s John F. Kennedy International Airport, Delta passengers boarding certain international flights have also had their identity verified through facial recognition, in a partnership with Customs.
At Washington’s Reagan National Airport, Clear members have boarded Delta flights using their fingerprints instead of a boarding pass. The idea is that international travelers would board using facial scans matched to passports, while domestic travelers would board using fingerprints matched to Clear’s database.
“We’re rapidly moving toward a day when your fingerprint, iris or face will become the only ID you’ll need for any number of transactions throughout a given day,” said Delta Chief Operating Officer Gil West in a written statement.
SITA director of strategy and innovation Sean Farrell said people are familiar with using cameras to take selfies, and “we’re using apps on our cellphones to do banking and signing onto those apps using our thumbprint. People are starting to become more familiar with biometrics through that.”
In JetBlue’s test with SITA, about 90 percent of passengers opted into the facial scan for boarding, Farrell said.
Passengers “seem to really prefer self-service over manned processes. They much prefer to have their destiny under their own control and go to a kiosk rather than stand in line,” he said. The need to check travelers’ passports has prevented a shift toward more self-service, and facial scans can change that, he said.
While rolling out more self-service kiosks benefits passengers, Farrell said “it’s also undoubtedly got a cost element in it as well,” reducing the need for staffing. He said biometrics can also more reliably confirm identity than a person looking at a photo and comparing it to a person.
Farrell predicted facial recognition, more so than fingerprints, will become the dominant form of biometrics for travel. Capturing images is “very cheap. In addition to that everyone is carrying around passports these days which carry their face. It seems that face is going to be the way that things go.”
At the Electronic Frontier Foundation, a nonprofit focused on digital rights, senior staff attorney Jennifer Lynch is wary of facial recognition and sees a threat to privacy, “our constitutional ‘right to travel’ and right to anonymous association.”
But if people are concerned their movements could be tracked through an eye in the sky with facial recognition, Farrell said: “I think the truth is it is already happening, actually.” In the United Kingdom, for example, “they have literally thousands and thousands of closed-circuit TV cameras all across the country that are available to law enforcement to track somebody,” he said.
Overseas, some airports have moved further toward use of facial recognition in airports. Singapore’s Changi airport opened a new terminal last fall with automated passenger ID checks using facial recognition.
In the United States, not all airlines are moving toward the technology like Delta and JetBlue are. Some carriers may be waiting to see if it will be mandated, and “if the U.S. government is going to offer any assistance to help pay for this technology,” Farrell said.
Another challenge is that for domestic travel, there is no common U.S. identification, with different states still using different technology standards for driver’s licenses.
“We’re a long way from having a system that you could use for all domestic travelers,” Farrell said.
Still, he predicted rapid advancement of biometrics in airports. “What you’re going to see over the next two years is these trials that are starting now, by the end of this year, you’re going to see the first large-scale implementation rolling out in the U.S. Within two years, you’re going to see most major airports starting a major rollout.”
As the use of biometrics expands, Lynch thinks one of the greatest concerns is the risk of a data breach.
“There will always be adversaries that can figure out how to spoof these things — using a fake fingerprint or a photograph of a fingerprint,” Lynch said. “The big difference between a breach in the biometrics context and a breach of just general data is that your biometric information you can’t change. You can’t go out and get a new fingerprint easily like you can get a new driver’s license number of credit card number.”
She said better privacy protection laws are needed and private companies “have the responsibility to not collect too much information.”