A number of technologies are used to collect personal information during airport security screening. First, identification documents are used, including citizenship cards and passports. These documents record a variety of personal information, such as name, address, age, gender, and citizenship. These documents might also contain electronic devices that store personal information, such as magnetic stripes and Radio-Frequency Identification (RFID) chips.
Identification documents are usually used in combination with one or more databases. These databases might be owned and operated by the airline, the security agency doing the passenger screening, or other government agencies. Information from the documents is matched with database records to retrieve further information about the passenger. This might include frequent flier account numbers, travel records, or assessments of security risks.
The boarding cards given to the passengers also record some personal information, such as the name and travel itinerary. Special codes can also be printed on the boarding cards to relay information about security risk assessments to the security screening staff so that a passenger can be given more attention. Electronic boarding cards, sometimes stored on smart phones as two-dimensional bar codes, are starting to appear.
Biometric information is sometimes collected during airport security screening. Frequent traveler programs, for example, can allow people to use shorter security screening lines. In order to qualify for such a program the traveler often has to provide biometric information (such as fingerprints and face images) and detailed personal information that is used during a background check.
The x-ray scanners used to examine carry-on luggage can also collect personal information related to the contents of the bags being scanned. People carrying items of a personal nature may be embarrassed if the contents of their bags are disclosed.
There are many of other surveillance technologies that can be used during airport security screenings, and these may or may not collect personal information. Explosives residue detection tests that involve swabbing a passenger’s belongings, usually laptop computers, are commonly used. More advanced “puffer” machines, where nozzles direct air bursts at the passenger and sniffers then sample the air for explosives-related particles, have been tried by they have proven to be unreliable and they are being abandoned. Advanced x-ray technology is also being introduced. Millimeter wave scanners (also called backscatter x-ray machines) are able to scan a passenger’s entire body and view within clothing to the skin, allowing hidden objects (and body parts) to be seen. Such technology has obvious privacy implications.
Video surveillance cameras and face recognition systems can also be used for passenger surveillance. Modern technology is able to scan the faces of people without their knowledge as they move through the security lines. The faces can be matched to a watch list and, although historically the performance rates have not been ideal, the matching technology is improving all the time.
Behavioural monitoring and profiling technologies are also being developed. Traditionally, trained human experts do behavioural monitoring but automatic technologies are starting to appear. These technologies use surveillance cameras and algorithms to automatically detect suspicious behaviours and typical profiles of interest. The profile information might include age, gender, and ethnicity. The behavioural monitoring might scan for signs of nervousness, profuse sweating, attempts to have covert conversations, etc. Such behavioural technology is in its infancy and it is not clear how successful it will be.
Personal information can be shared between security systems. As mentioned above, information from risk assessment databases is already transferred to boarding cards so that some passengers can be subjected to more detailed screenings. Information could also be shared between x-ray systems and explosive residue tests, such that suspicions raised by one test would lead to a more detailed screening in the other test. Similarly, profile information and face recognition technology could be used to feed information to behavioural monitoring systems.
The sharing of personal information can also go beyond local security systems. Travel records and the results of security scans can be entered into databases, for example, and this information could determine the level of screening to be done on future trips. The databases could be local in scope or they could be national databases. International databases are also in place, so that people of interest can be identified regardless of where they travel. Canada and the United States, for example, seem to at least partially share a no-fly list.
Personal information can be accessible to unauthorized users in a number of ways. This might occur if security personnel act outside of their assigned roles and positions, proceeding to access personal information that they don’t require for their job, either out of curiosity or for malicious purposes. Security staff could also borrow (or steal) other users’ passwords or tokens in order to gain access to systems or places. Outsiders might also be able to access personal information if the workplace and electronic systems are not kept secure. If people are able to physically enter the security zones of an airport they could gain access to personal information by reading documents or operating machines. Outsiders might also gain electronic access by breaking into data networks and systems.