By admin 
RALEIGH, N.C. (WNCN) — You can change a password, you can cancel a credit card, but you can’t change your face or fingerprints.
Read more Raeford dog trainer recovering after Hoke County head-on crash; community rallies around family
From phones to airports, companies are collecting biometric data to verify you. Even banks capturing your voice to ensure it’s you calling: biometrics are now part of everyday life.
At the Raleigh-Durham International Airport and others across the country, that type of thinking is helping fuel a surge in biometric screening.
As summer travel ramps up, many passengers skip the long security lines by using CLEAR, handing over facial scans or fingerprints for faster access. Other passengers may opt for TSA PreCheck, also giving up parts of their identity for a faster trip.
We asked passengers: Did you read the fine print? “I looked at it in the beginning,” one man told us.
“Probably not,” said another passenger.
CBS 17 Investigates looked at what passengers actually agree to. According to TSA’s website, enrollment in TSA PreCheck is handled by private contractors like IDEMIA, Telos or CLEAR.
CLEAR is a separate, private program that uses biometrics for expedited screening. It says it collects and stores biometric data, like facial and eye scans, to verify your identity.
The company says it does not sell that data, and users can request it be deleted.
“CLEAR does not and will never sell biometric data. CLEAR takes privacy and data protection very seriously, and we are transparent about our practices. Our user experiences are designed so that individuals know when CLEAR is asking for their information, what information we are asking for, and how it will be used,” said Jon Schlegal, CLEAR’s Chief Security Officer.
However, some cybersecurity experts say that once information is collected by companies, consumers often lose meaningful control over where it goes next.
“A lot of companies just are not securing data well, and there’s risk of that data being stolen from hackers and using used for nefarious purposes,” said Craig Petronella, with Petronella Technology Group.
Petronella believes the risks outweigh the positives. “I would think that most companies have good interests in mind. But I think that if they’re not following proper security safeguards, an example could be encryption, and they’re not, they’re breached in the future. They’re not intending to be breached. They don’t want to be breached, but they’re breached. Then they don’t have, they lose control of those safeguards, right? Like so, I think that most companies may have good intentions to keep that data safe, but I think the risks outweigh the positives.”
Read more Aston Villa and Prince William celebrate Europa League triumph ending team’s 30-year trophy drought
Unlike a password or credit card, you can’t change your biometrics if they’re compromised.
There’s no single federal or North Carolina law governing biometric data, but the Federal Trade Commission can step in if companies misuse it.
The FTC has taken action against companies over biometric data, including Rite Aid after its facial recognition software wrongfully flagged customers, and a photo app for misleading users about how their faces were used to build AI.
CLEAR has not been investigated by the FTC over its biometric data policy.
According to Attorney David Oberly with the firm Baker Donelson, biometrics have been beneficial to the travel industry, saying, “not only does biometrics significantly boost overall customer satisfaction, but it also provides a boost to airlines’ and airports’ bottom lines.”
He also says TSA’s use of biometrics is managed by the Department of Homeland Security’s privacy practices, and the Privacy Act of 1974. So, there are multiple layers of regulation. CLEAR may be subject to the same requirements as it’s contracted with TSA.
“CLEAR is not subject to the Privacy Act directly itself because it is not a federal agency; however, TSA/DHS likely are required to impose many of the Privacy Act’s requirements on all of its vendors, including CLEAR, so the Privacy Act obligations flow down to CLEAR contractually, as opposed to CLEAR falling directly under the purview of the Privacy Act,” said Oberly.
“I think with the current landscape and so many different companies getting hacked pretty much daily now I just have more negatives than positives on it,” Petronella told CBS 17 Investigates.
Experts say consumers still have a choice; read the fine print, know how to opt out and decide whether faster lines are worth the risk.
“Understand what types of personal data are being collected, how that data will be used, and whether that data will be shared before you agree to provide your data to any third party. Consumers can typically find this information in businesses’ privacy policies made accessible on their websites or other internet properties,” said Oberly. “In particular, consumers should exercise caution before providing biometric data (or any other type of personal data) to companies that either sell or widely share consumers’ data with third parties. When using biometrics for authentication purposes (i.e., to access online accounts, etc.), ensure that multifactor authentication is enabled wherever it is available. This adds an extra layer of security above and beyond just using your face or your fingerprint for identity authentication.”
“TSA’s use of biometrics is also governed by DHS’s privacy policies. For example, it is DHS policy to follow the Fair Information Practice Principles (FIPPs) – an internationally recognized voluntary framework that was first proposed for protecting privacy and security of personal information in the U.S. in 1973 – and which aids in balancing the need for privacy with other public policy interests, such as national security and law enforcement.
CLEAR is subject to compliance with both TSA mandates, as well as biometrics and consumer privacy laws applicable to private entities.”
CBS 17’s Mary Smith is an Investigative Reporter focused on Digging Deeper and Getting Answers. If you have a story that needs investigating, send an email to [email protected].
Read more As CFP barrels toward 24 teams, the questions remain: Who’s paying for this, and how much?