The Transportation Security Administration (TSA) has few diehard fans (if any at all among readers of this column). Our federal airport security monopoly is slow, inefficient, and often handsy. You might think you would jump at any chance to cut down on your interfacing with TSA "service." But is it worth forking over an iris scan?
Customers of a private security service called "Clear" can just breeze through their red-roped entrance—calling it a "line" would be a misnomer, because there usually isn't any—to an independent identification kiosk. After the normal TSA-managed x-ray of their person and effects, they are through security in a fraction of the time.
This convenience seems very appealing. Who wouldn't want to minimize the indignity of shuffling through an absurd scene as a bit player in our dumb security theater?
I certainly did, when presented the opportunity to avoid the godawful mass funneling into what passed as the ID queue at the Orlando International Airport in the summer of 2016. We had just gotten married, and my husband and I were eager to start our luna de miel in Chile. But waiting an hour to be felt up by a TSA agent was not exactly the kind of romance we had in mind.
As we strategized over the awfulness before us, the friendly Clear representative nearby sensed our frustration and beckoned us to her empty kiosks. She explained that if we signed up for their service we could skip the line, along with the security lines at any participating domestic airport (and later, a few stadiums, too).
Clear acts as a designated verifier; just give them your basic identification information, and they will prove that you are "you" without the need to present your driver's license to a harried and distracted TSA agent. There was an annual fee (it's around $179 right now) but also a free trial period, after which we could just cancel the "membership" and move on with our lives. It all sounded great to us.
It wasn't until we were about ten pages into the signup process that the kiosk asked me for my iris scan. Excuse me?
"Just look into the camera for the scan, it will only take a second."
The Clear agent smiled at me as if asking for an eye scan was as natural as asking for my email address (which I am also loath to give out). It wasn't, but I didn't want to be rude. My inclination toward social agreeableness temporarily overcame my paranoia over digital security, so I gritted my teeth and looked straight ahead at the flashing light.
Yes, the Clear service saved us from waiting among a crowded and sweaty security line. If we used it again, it would be an even shorter process, since we would already be signed up. The kiosk would just scan our fingers and eyes to verify our identity and we'd be walking barefoot through a TSA x-ray machine in no time. But we immediately regretted having given our biometrics so loosely, agreeing as we walked to the Avianca Airlines gate that we would not have done it if we had not felt suddenly socially obligated.
Clear is a privately-run service operating under the watch of the TSA. It is similar to, but distinct from, the TSA's PreCheck program, and travelers can enroll in both if they'd like. PreCheck allows "known travelers" to wait in a shorter dedicated identification line, and frees them from taking off their shoes and such during screening. It's cheaper, and far less James Bond-esque than Clear's robo-scanning facilities. While PreCheck does require fingerprinting as part of the necessary background check, you won't be scanning your prints each time you queue up.
Let's forget the creepy factor for a minute. Why might someone opt for biometric security?
For one, biometrics are not easily spoofed. There is only one "you," and therefore only one person with the bonafide biological goods to prove it. Scanning a fingerprint or even measuring the tonality of a voice could be a surefire way to tie our abstract identity to our physical person.
Compare this to the current standard in identification validation: Government-issued IDs. Paper, photos, and identification numbers can be trivially ripped off. And they are, constantly.
This problem has become all the more pressing with the centralization of identities in large institutions. Big corporations like Home Depot, credit agencies like Equifax, healthcare servicers like Anthem, and government bodies like the Office of Management and Budget are tantalizing targets precisely because they hold such large bags of federally-relevant loot.
Not only can this information be used for now-commonplace crimes like identity theft, it can be weaponized for blackmail and espionage when combined with other sensitive datasets like the Ashley Madison user base.
Then, as I hinted at earlier, there's the simple convenience factor in favor of biometrics. Swipe a finger, enter a stadium.
As my husband and I learned, the promise of abandoning frisking lines can prove tantalizing to even the most paranoid security enthusiast. The Clear company knows this: "You see the line, or you're thinking about how stressed you were, and you enroll immediately right there," Cofounder and CEO Caryn Seidman-Becker told Fast Company. (I feel called out.) "Nobody wakes up and says, 'Gee, I gotta get some biometric security today.'?" Too right. But will this bet on our anxieties prove imprudent?
A biometric security company like Clear will only be as good as its ability to protect our precious bodily data. Maybe the firm has adequate security … for now. The cofounders are confident in their public statements—but then again, so were many of the firms that have since been hacked.
(Incidentally, the precursor to Clear—originally called Verified Identity Pass—folded in 2009 following a data breach. The revamped Clear is under new ownership and management, and presumably better security protocols.)
It's a bit of a Faustian bargain: the more popular a biometric service like Clear becomes, the more tempting a hacking target. The deck is stacked against them.
Which brings us to the fundamental flaw with biometric security: we cannot change our bodies, at least not yet. Once your biometrics are leaked, that's it—no password change, no new ID number, no chargeback can remediate the breach. A few states have passed legislation regulating biometric use, but unless you live in Illinois, you may not have any legal recourse to pursue damages in court.
So the security stakes for a centralized biometric repository are arguably higher, since there is no way to get new credentials. It's a lesson that many federal employees and contractors in the OMB database have learned the hard way.
It's one that I hope Clear customers never experience. If the company does prove to be as good as security as the venture demands, it could prove more secure than the alternative. Maybe a clumsy Clear customer would have otherwise constantly lost his wallet, and along with it (and against all advice and basic common sense) his driver's license and Social Security card. Maybe the fact that he doesn't have to carry around those IDs any more is a better security trade-off for that person.
But the risks are always there, and the fallout would be substantial.
For some people, the convenience and transfer of security risk of Clear's biometric security may be worth it. For me, it turned out to be a no-go, and I recently followed up with the company to verify that they completely deleted our biometric markers.
The TSA is a pain, but at least they let you hold onto your fingerprints. For now.