As air travel security expands, so do privacy concerns

As the United States prepares to host a series of major global events, including the 2026 FIFA World Cup and the 2028 Olympic and Paralympic Games, a new report by the Commission on Seamless and Secure Travel (CSST) says there are significant reforms that are needed to modernize the nation’s travel infrastructure, including increased reliance on biometrics, artificial intelligence, and advanced data analytics in travel screening.

While the focus of the CSST report is on enhancing security, expediting visa processing, and improving the efficiency of air travel, largely overlooked are the privacy issues which raise significant concerns about the protection of personal information and civil liberties.

“Biometric innovations and automated screening create an environment where safety and security are assured without sacrificing efficiency, comfort or privacy,” the report says, adding, “in this vision, the journey to and within the United States becomes a highlight rather than a hurdle, setting a new global standard for traveler satisfaction and operational excellence.”

One of the key recommendations in the report is the expansion of facial recognition technology at airport security checkpoints and border control ports of entry. The Transportation Security Administration (TSA) and U.S. Customs and Border Protection (CBP) are increasingly integrating biometric identification systems to streamline passenger verification and reduce wait times. These technologies offer promising improvements in efficiency, but they also introduce profound privacy risks. The collection and storage of biometric data, including facial scans, raise concerns about surveillance, data security, and potential misuse by both government agencies and private contractors.

The report says that by “streamlining the application process” it “would also enhance personal privacy protection by minimizing the number of times individuals must submit sensitive personally identifiable information (PII).” The report suggests that “TSA should partner with state DMVs to allow REAL ID applicants to apply for PreCheck in the REAL ID application.”

Meanwhile, the Privacy and Civil Liberties Oversight Board (PCLOB) has initiated a review of the use of facial recognition technology in airports to evaluate the impact on privacy and civil liberties with the aim to determine whether current regulations adequately protect travelers’ biometric data or if additional safeguards are necessary.

“The board has been working for years on this important topic, to consider both the operational benefits as well as privacy and civil liberty concerns with the use of facial recognition in airports,” PCLOB member Beth Williams said. “These new technologies have now become almost ubiquitous. I know this is a key area of interest for many in Congress, as well as the flying public. We’re moving forward expeditiously with this report.”

But there are problems at the board. Political problems. Critics point out that the absence of a full quorum at the PCLOB has weakened the board’s ability to provide robust oversight. In late January, Trump dismissed the three Democratic members of the board: Chair Sharon Bradford Franklin and members Edward Felten and Travis LeBlanc. Their removal has raised significant concerns among privacy advocates and legal experts who warn that the move undermines the board’s independence and hampers its ability to provide effective oversight of intelligence and counterterrorism activities.

The lack of a quorum means the PCLOB cannot initiate new investigations, issue reports, or make policy recommendations, thereby stalling its critical oversight functions. And without a fully functional privacy oversight mechanism, critics say the expansion of biometric programs could proceed unchecked, further eroding individual privacy rights.

The timing of the dismissals is particularly contentious, as Congress is slated to debate the reauthorization of certain surveillance authorities in the coming year. PCLOB has historically played a vital role in reviewing such authorities to ensure they do not infringe upon civil liberties, but the board’s incapacitation could lead to less scrutiny of surveillance practices and diminished transparency in government operations, which has become a trend within the Trump administration and the Republican-controlled Congress, as Biometric Update has reported.

In addition to biometrics, the CSST report emphasizes the need for a National Vetting Service to centralize visa processing and traveler screening. This initiative seeks to enhance security by consolidating data from multiple agencies to create a more efficient vetting process. While the goal is to expedite visa approvals and strengthen security protocols, consolidating such vast amounts of personal data also increases the risk of data breaches and unauthorized access. The implementation of such a system must be accompanied by stringent data protection measures to ensure that sensitive personal information is not exposed or exploited.

Another significant privacy concern highlighted in the report is the expansion of biometric exit tracking. The CSST report recommends that CBP complete the biometric exit system within two years to strengthen protections against visa overstays. The system would use facial recognition technology to verify the identity of departing travelers, eliminating the need for physical interaction with border officers. This may seem like a seamless solution; however, the collection of biometric exit data raises questions about how long such information will be retained, who will have access to it, and how it may be used beyond its intended purpose.

Civil liberties organizations such as the American Civil Liberties Union and the Brennan Center for Justice have expressed concerns that expanding biometric tracking at airports could establish a dangerous precedent for broader government surveillance, suggesting that the use of AI to monitor and analyze travel patterns could lead to discriminatory profiling that disproportionately impacts certain demographic groups.

The lack of transparency regarding how these systems are trained and whether they are susceptible to biases exacerbates these concerns. The Department of Homeland Security’s Inspector General recently found that the department’s compliance with AI privacy and civil liberties requirements is lacking.

The PCLOB’s investigation of the use of AI in counterterrorism efforts also raises important questions about how AI-driven surveillance tools might be used in the travel sector. Reports suggest that AI is being deployed to analyze social media activity and other online behavior to assess potential security threats. But without clear accountability measures, such practices could lead to excessive government scrutiny of individuals based on their online interactions. This raises significant privacy and free speech implications, particularly when AI systems make determinations about a traveler’s security risk based on opaque algorithms.

The CSST’s report also underscores the need for increased staffing at airport customs checkpoints to reduce waiting times for travelers returning from international destinations. One of the proposed solutions is to leverage biometric verification to eliminate the need for travelers to meet with CBP officers unless they have items to declare.

While this approach could improve efficiency, it also represents a shift towards automation in security screening in which human judgment increasingly is being replaced by algorithmic decision-making. Ensuring that these biometric systems operate within strict privacy guidelines is critical to preventing potential abuses.

The rapid expansion of biometric and AI-driven screening technologies has prompted bipartisan concerns in Congress where lawmakers such as Senators Jeff Merkley and Ted Cruz have called for greater scrutiny of TSA’s use of facial recognition and biometric systems. Their concerns reflect a growing awareness of the need to balance national security interests with fundamental privacy rights. Despite these calls for oversight, though, the PCLOB’s report does not include explicit recommendations for stronger privacy protections or independent audits of biometric programs.

The debate over privacy in travel security extends beyond the U.S. The U.S.-EU data privacy framework established by Executive Order 14086, Enhancing Safeguards for United States Signals Intelligence Activities, seeks to facilitate transatlantic data transfers while ensuring compliance with European privacy standards. However, the effectiveness of these safeguards remains a topic of debate, particularly considering past revelations about U.S. intelligence agencies’ data collection practices. The overlap between travel security measures and international data-sharing agreements underscores the complexity of safeguarding personal information in an era of increasing digital surveillance.

“America is staring at a historic opportunity – the question is whether we will seize the moment or fall maddeningly short,” said Geoff Freeman, president and CEO of the U.S. Travel Association. “The next several years will bring unprecedented travel demand that our systems are not prepared to handle. Washington has a small window to fix major travel pain points and unlock a $100 billion economic opportunity — but it will require a level of urgency that has been missing in recent years.”

Kevin McAleenan, former Acting Secretary of Homeland Security and chair of the Commission, said, “The Commission’s recommendations were informed by experts across government and the private sector and build on the agencies’ hard work and investment in national security. With the recommendations to increase security and enhance facilitation with smart technology investments, process improvements, and government and private sector collaboration, we have an incredible opportunity to enhance our travel system and welcome additional visitors.”

As the US moves forward with its ambitious travel reform agenda, critics say it is imperative that policymakers prioritize privacy alongside security. Implementing biometric and AI-driven screening solutions without robust safeguards could lead to routine collection, analysis, and sharing of personal data without adequate oversight and protection. The government, they say, must establish clear guidelines on data retention, ensure transparency in algorithmic decision-making, and provide travelers with the ability to opt-out of biometric screening without facing undue travel restrictions.

While the modernization of air travel presents opportunities to enhance security and efficiency, it must not come at the expense of privacy and civil liberties. The PCLOB’s recommendations should be accompanied by comprehensive privacy protections to prevent the unchecked expansion of surveillance technologies. Moreover, without meaningful oversight, the pursuit of a seamless travel experience could pave the way for a surveillance infrastructure that fundamentally alters the way personal information is collected and used in the name of security.

Article Topics

airports  |  biometrics  |  contactless biometrics  |  digital identity  |  digital travel  |  digital travel credentials  |  facial recognition  |  Privacy and Civil Liberties Oversight Board (PCLOB)  |  travel and tourism  |  TSA  |  United States