Your Face May Soon Be Your Ticket. Not Everyone Is Smiling.
By Julie Weed
Oct. 13, 2023, The New York Times
You may not have to fumble with your cellphone in the boarding area very much longer. As the travel industry embraces facial recognition technology, phones are beginning to go the way of paper tickets at airports, cruise terminals and theme parks, making checking in more convenient, but raising privacy and security concerns, too.
“Before Covid it felt like a future thing,” said Hicham Jaddoud, a professor of hospitality and tourism at the University of Southern California, describing the way contactless transactions have become common since the pandemic. That includes facial recognition, which is “now making its way into daily operations” in the travel industry, Dr. Jaddoud said.
Facial recognition systems are already being expanded at some airports. At Miami International, for example, cameras at 12 gates serving international flights match passengers’ faces to the passport photographs they have on file with the airlines, letting passengers at those gates board without showing physical passports or boarding passes. The company installing the systems, SITA, has been contracted to do the same for a number of international gates in 10 other U.S. airports, including Boston Logan International Airport and Philadelphia International Airport. (Passengers can opt out and still present physical documents instead, SITA says.)
The technology is also speeding up the wait for some passengers at immigration. Members of U.S. Customs and Border Protection’s Global Entry program can now bypass lines at the kiosks at seven U.S. airports, including Seattle-Tacoma International Airport and Washington Dulles International Airport, by taking a selfie on arrival using its new phone app. The selfie is matched with the agency’s facial biometrics database.
Cruise ship operators are also betting that facial recognition will improve passengers’ experience. On Carnival Cruise ships, a camera photographs passengers each time they get on or off the ship to know who’s aboard in case of an emergency, and to make sure only authorized people are on the ship. Facial recognition also allows passengers to receive pictures of themselves taken by onboard photographers, rather than scanning hundreds of photos looking for the ones in which they appear. Holland America, which uses similar technology, says facial recognition has sped up its check-in process by as much as 40 percent. Both companies say they purge all biometric data after each voyage and that guests can opt out of the system.
Visitors to the theme parks on Yas Island, in Abu Dhabi, United Arab Emirates, can use a facial recognition system for entry and to buy food and souvenirs at attractions like Warner Bros. World Abu Dhabi, Ferrari World Abu Dhabi and Yas Waterworld. Guests who sign up for the program submit a selfie using an app, which connects their photos with their tickets. When they arrive at the park, the turnstiles open automatically once a camera identifies them. And park guests who submit credit card information can also pay for souvenirs and food by looking into a camera. In the United States, Disney World said it tested facial recognition to enter parks in 2021 but decided not to keep using it.
Hotel chains are taking more of a wait-and-see approach, Dr. Jaddoud said. Marriott tested facial recognition technology for check-in at two hotels in China a few years ago, but there’s no sign the broader industry has any immediate plans to roll out technology that might, for example, let guests open their hotel rooms with their faces instead of key cards.
As the use of facial recognition technology spreads, some experts worry about the risks to travelers’ privacy and security. Unlike a password, which can be reset, biometric data cannot easily be changed without significantly altering your appearance, said Phil Siegel, co-founder of the Center for Advanced Preparedness and Threat Response Simulation, a nonprofit group.
As with other sensitive data, like Social Security numbers, people’s images could be used by criminals, perhaps to impersonate people online or even create deepfake videos, said Nima Schei, chief executive of Hummingbirds AI, a start-up that works with facial recognition.
If biometric data is stolen or misused, travelers don’t have much recourse, said Alex Alben, who teaches privacy, data and cybersecurity at the University of California Los Angeles and University of Washington law schools. There are no federal laws regarding the use of biometric data, he said, although a few states are beginning to create a patchwork of legal protections, and in the European Union and Britain, companies must get permission from consumers to collect their data and must tell them what it will be used for.
Private companies’ management of facial recognition data worries Jeramie D. Scott, director of the Project on Surveillance Oversight at the Electronic Privacy Information Center. Companies, he said, could be hacked or could turn the data over to government entities, who might use it for surveillance. Some might even sell customers’ biometric information or find other ways to profit off it and bury those intentions in the fine print, Mr. Scott said — a scenario that could echo the “Black Mirror” episode “Joan Is Awful,” in which a fictional streaming service uses its terms-and-conditions agreement to hijack the main character’s life for a TV series.
One company has already used facial recognition technology to exclude people from its premises. Last year, MSG Entertainment, which owns Radio City Music Hall in New York, barred a lawyer from seeing the Rockettes with her daughter’s scout troop, because she worked for a firm the company viewed as adversarial.
Facial recognition software has also been shown to be less accurate for certain demographic groups, said Mr. Scott, and even with improvements, the algorithms are typically not shared or tested publicly “so we need to take the company’s word about their accuracy,” he said.
On a recent Virgin Voyages cruise through the Greek Islands, one passenger, Divya McDuffie, a media executive from New York, was asked to upload a selfie as part of the check-in process to help identify her when she got on and off the ship. Ms. McDuffie said she was fine with facial recognition as a security measure, but if hospitality companies started using it to, say, assess her mood, target her with offers or steer her toward some kind of action, “absolutely ‘no’ to that,” she said, and stressed the need for transparency. “If there isn’t a disclaimer where I can make an informed decision, that would be disturbing. Where would it end?”
Some companies are responding to privacy concerns as they offer new products. GetPica, an Italian facial recognition software company, helps resorts like Club Med deliver personalized photo streams to its guests from the hundreds taken each day by photographers roving a property. Guests can opt in by logging into the phone app and submitting a selfie. They will then be shown a copy of any photo they appear in, to see if they want to purchase it.
Guests can choose to be anonymized with A.I.-created faces if they appear in other people’s photos, and those who do not opt into the system have their faces automatically anonymized. “Privacy protection is one of the most important aspects of the system,” said Dhiren Fonseca, a strategic adviser for GetPica, “so we let the users select the level they want.”
Facial recognition technology will increasingly offer travelers shorter lines and fewer documents to juggle, but all that convenience may have a cost, warned Jay Stanley, a senior policy analyst at the American Civil Liberties Union. By accepting more surveillance technology, he said, “we open ourselves to tracking where we are and who we are with all the time.”