← Government App
F

TSA PreCheck & Global Entry

Fail
Transportation Security Administration · 🇺🇸 United States
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
App: Mobile Passport Control
Manufacturer: Transportation Security Administration

⚠️ The bottom line

100,000 travelers' faces and licence plates leaked when a CBP subcontractor was hacked. The data ended up on the dark web. CBP had shared the biometric data with the subcontractor in violation of its own rules. Your face, collected at the border, stored by a company you never heard of, sold on the dark web. That is the trusted traveler program. TSA says airport facial recognition is optional. Try opting out. Senator Merkley tested it and got confusion and delays. The ACLU found no evidence the opt-out works consistently. When the person deciding whether to scan your face also decides whether you make your flight, "optional" is a fiction.

Legal jurisdiction
🇺🇸 United States (headquarters)
CLOUD Act read more →
US govt can demand your data from this company even if stored overseas
FISA §702 / PRISM read more →
NSA collects stored emails, photos, messages without individual warrants
Geofence warrants read more →
Police can demand location data for everyone near a crime scene
Spying
3/4 HIGH
Is someone spying on me?
Data Sharing
1/4 LOW
Who gets my data?
Security
3/4 HIGH
Is it actually secure?
Honesty
1/4 LOW
Can I trust what they say?
CONFIGURE High-risk areas that can be partially mitigated with settings changes.
3Contradictions
1Critical
2High
0Medium
3Sources
Findings by concern
Spying 3/4 HIGH 3 findings
⚠️ criticalprivacy policy vs third party research
100,000 travelers' faces and licence plates leaked when a CBP subcontractor was hacked. The data ended up on the dark web. CBP had shared the biometric data with the subcontractor in violation of its own rules. Your face, collected at the border, stored by a company you never heard of, sold on the dark web. That is the trusted traveler program.

What they claim: CBP and TSA describe biometric data as securely stored with strict access controls

What we found: In 2019, CBP disclosed that a subcontractor (Perceptics) suffered a data breach exposing facial photographs and licence plate images of travelers. The breach affected approximately 100,000 people. CBP had shared the biometric data with the subcontractor in violation of its own policies. Perceptics data was later found on the dark web.

⚡ highmarketing vs regulatory
TSA says airport facial recognition is optional. Try opting out. Senator Merkley tested it and got confusion and delays. The ACLU found no evidence the opt-out works consistently. When the person deciding whether to scan your face also decides whether you make your flight, "optional" is a fiction.

What they claim: TSA describes facial recognition at airports as optional, with travelers able to opt out

What we found: TSA has deployed facial recognition at 80+ airports, with plans for nationwide expansion. While technically opt-out, signage is minimal and TSA agents have been documented pressuring travelers to comply. Senator Jeff Merkley reported that in testing, opt-out requests were met with confusion and delays. The ACLU found no evidence the opt-out process is consistently honored.

⚡ highmarketing vs regulatory
You gave your fingerprints and face to skip the airport line. That data can be retained for 75 years and shared with 22 federal agencies — including ICE and FBI. You enrolled for convenience. You gave them a lifetime biometric file that outlives most of the agents who collected it.

What they claim: Trusted traveler biometric data collected for border security and aviation safety purposes

What we found: CBP has explored sharing biometric data collected through trusted traveler programs with ICE and FBI for immigration enforcement and criminal investigations. DHS privacy impact assessments revealed that facial recognition data collected at airports could be retained for up to 75 years and shared across 22 federal agencies.

Sources