The views expressed by contributors are their own and not the view of The Hill

Biometrics are the new face of airport security

The company CLEAR claims to provide a biometric solution for airport security. Available at over 50 airports, CLEAR lanes provide identity verification for the Transportation Security Administration (TSA). The service does not replace physical security screening; the primary benefit of enrolling in CLEAR is that you get to leapfrog to the front of the airport security screening line. Physical screening, in either the PreCheck or standard screening lanes, must still be conducted. The privilege of such line jumping costs as much as $189 annually.

CLEAR verifies that a person is who they claim to be using that person’s fingerprints or iris scans. To obtain such a level of identity authentication requires that the identity of the person be verified with certainty during their registration process. There is no room for error — if the biometrics are attached to a person who is not who they claim to be, airport security can be compromised.

This occurred in July 2022 at Reagan Washington National Airport with a person in the CLEAR identification system. This person then attempted to bring live ammunition onto a flight. Further investigation revealed the mismatch and identity breach. The TSA is now rechecking the identification materials of CLEAR enrollees, effectively devaluing the benefit CLEAR offers. The company is defending the identity breach as a human error that has now been resolved.  

This situation begs the question: Are biometrics appropriate for identity authentication?  

The answer is yes. In fact, it is ideal. Whether one uses facial recognition, fingerprint matching, or iris matching, biometrics provides excellent tools to confirm that a person is who they claim to be.


The stumbling block is confirming with absolute certainty that the person presenting themselves when biometric information is initially collected is the person they claim to be. This is what the Credential Authentication Technology (CAT) being used by the TSA can do.  

Described as a “security game changer,” CAT checks that the form of identification presented is authentic, and that the person presenting it has a reservation for travel and is eligible to fly that day, all done in near real-time. The next generation of CAT is even more effective, using facial recognition to confirm a person’s identity. Moving forward, the solution is using components of CAT with CLEAR biometrics so that the resulting identity authentication process is tighter and more robust.

The concerns raised by the TSA about the CLEAR identity breach, however, are bigger than the handful of people that the breach may have involved, and have to do with the potential security hole that it represents. 

A bad actor with malicious intent will look for any weak spot in the airport security layers used by the TSA. Every entry point into the secure (sterile) side of airports is tested to assess such spots and how they can be used to breach security. The more that the TSA knows about travelers, the lower the risk in the air system.  If identities are hidden or misrepresented, this elevates air system risks that must be addressed with more physical screening, which takes both additional time and money.

This is why the TSA is investing in facial recognition and must continue to do so.

Back in February, five senators wrote TSA Administrator David Pekoske asking the TSA to stop advancing facial recognition in their arsenal of security screening tools, citing privacy concerns and discrimination issues. Yet without facial recognition and other biometric tools for identity authentication, airport security must continue to be centered on preventing prohibited items from entering the sterile side of airports.

The TSA has a long history of investing in new technologies, at significant costs to taxpayers, as they have most recently with computed tomography screening devices for carry-on bags. Yet without biometrics, the basic tenets of airport security will remain the same — namely, detecting prohibited items.

The TSA can do better, and they know it.  The biometrics used by CLEAR represent one component of the solution. Yet the entire solution is bigger than what CLEAR currently offers. The solution is indeed biometrics, so that every person who presents themselves at an airport can be verified to be the person they claim to be, and that they present no risk to the air system, independent of what they bring with them on their flight.  

Such a lofty level of credential authentication is the future that the TSA envisions. Anything less would be unacceptable. Offering travelers the most secure and least intrusive airport security experience should be the goal, and biometrics is a critical component needed to meet that objective.  

Sheldon H. Jacobson, Ph.D., is a professor of Computer Science at the University of Illinois at Urbana-Champaign. He applies his expertise in data-driven risk-based decision-making to evaluate and inform public policy.  He has studied aviation security for over 25 years, providing the technical foundations for risk-based security that informed the design of TSA PreCheck.