Where Biometrics Track You: A Complete Guide to Everyday Surveillance

Unlike a password, you can't reset your biometrics if they're compromised. Your fingerprint, face, iris, and voice are permanent identifiers. The biometric market was worth $17.5 billion in 2024 and is growing 17% annually. The DHS database holds over 300 million biometric profiles.

From airports to stadiums to your workplace, biometric collection has become routine. TSA scans your face. CLEAR stores your iris. Your employer clocks your fingerprint. Stadiums scan crowds. Here's where it's happening, and what you can do about it.

Types of Biometric Data

Before diving into where biometrics are collected, understand what's being captured:

Fingerprints

Ridge patterns unique to you. Stored as algorithms, not images. [3]

Facial Geometry

Distance between eyes, nose shape, jaw contour. Works at distance. [4]

Iris Patterns

Unique patterns in the colored part of your eye. Extremely accurate. [4]

Voice Prints

Vocal patterns, pitch, pronunciation. Vulnerable to AI spoofing. [4]

Behavioral Biometrics

Beyond physical characteristics, systems now track how you move and behave: [4]

  • Gait analysis: Your walking pattern identifies you from a distance
  • Typing rhythm: The way you type on a keyboard
  • Mouse movement: How you move and click
  • Heartbeat patterns: Your cardiac signature via wearables

The DHS HART database is designed to store all of these: fingerprints, facial images, iris scans, voiceprints, and behavioral biometrics. [5]

Where Biometrics Are Collected

Airports: The Biometric Gauntlet

Air travel has become the most intensive biometric collection environment in daily life.

TSA PreCheck

  • What's collected: Fingerprints and ID verification at enrollment [6]
  • Who gets it: TSA and FBI share fingerprint data [6]
  • Cost: $78 for five years
  • Who can apply: U.S. citizens, nationals, and lawful permanent residents

TSA PreCheck Touchless ID: At participating airports, facial recognition compares your live photo to passport or visa photos on file, no ID needed. [7]

CLEAR

  • What's collected: Fingerprints AND iris scans [8]
  • Who gets it: CLEAR (private company)
  • Cost: ~$200/year
  • Average wait time: 2 minutes vs 12 minutes for TSA PreCheck alone [9]

CLEAR's biometric eGates are deployed at Atlanta Hartsfield-Jackson, JFK, LaGuardia, Reagan National, and Seattle-Tacoma. [8]

Expansion: In October 2025, CLEAR opened enrollment to passengers from 40+ additional countries, no longer limited to U.S. citizens and allied nations. [10]

Global Entry

  • What's collected: Fingerprints during in-person interview [6]
  • Who gets it: CBP and FBI [6]
  • Cost: $120 for five years (includes TSA PreCheck benefits)
  • Requirement: In-person interview, often scheduled weeks or months ahead

Data Retention

TSA says biometric images are deleted after successful matching. However, they convert data to anonymized format, encrypt it, and transfer it to DHS Science & Technology for analysis. DHS claims to delete within 180 days. [6]

But here's the catch: fingerprints from all these programs are shared with the FBI's database, where retention is much longer. [6]

Workplaces: Clocking In With Your Body

Biometric time clocks have become standard in many industries, from warehouses to healthcare to retail.

How It Works

Employees touch a fingerprint reader to clock in and out. The system converts your fingerprint into a binary algorithm, supposedly not storing the actual image. [3]

Employers justify this as preventing "buddy punching" (having coworkers clock in for you) and reducing payroll fraud. [3]

The Legal Problem

Unlike passwords, you can't change your fingerprint if it's stolen. Several states have enacted laws requiring consent: [11]

  • Illinois BIPA: Requires written consent, notification of purpose, and data protection
  • Texas: Biometric privacy law (though weaker than Illinois)
  • Washington: Biometric data protections

In 2019, a class-action lawsuit alleged Kronos violated BIPA by fingerprinting employees at Chicago-area facilities without consent. [11]

What Employers Collect

  • Fingerprints (most common)
  • Facial scans (increasingly popular)
  • Hand geometry
  • Badge + biometric for "multi-factor" access

Your Rights

In Illinois, employers must:

  • Inform you in writing before collecting biometric data
  • Explain purpose and retention period
  • Get your written consent
  • Protect the data from breaches

If you're in Illinois and your employer hasn't done this, they may be liable under BIPA.

Stadiums & Concerts: Your Face Is Your Ticket

Almost half of venues (47%) consider biometrics a top initiative for 2025. [12]

Current Deployments

  • MLB: "Go-Ahead Entry" facial authentication at 8 stadiums (2025 season) [12]
  • New York Mets: Facial recognition at Citi Field, enter without traditional tickets [13]
  • NFL: Facial recognition controls access to restricted areas [13]
  • Concessions: Some venues let you "buy a beer with your face" by linking payment to your biometric profile [12]

The Controversies

Taylor Swift concerts: Facial recognition was used to scan attendees for known stalkers, without informing fans their images were being captured and analyzed. [14]

Madison Square Garden: MSG used facial recognition to ban attorneys involved in lawsuits against its parent company. If you're suing MSG Entertainment, you can't attend events at venues they own. [14]

Class action (2024): A lawsuit alleged a sports venue collected facial scans of over 100,000 visitors since 2021 and "illegally shared and profited from that biometric data." [15]

Artist Resistance

In 2023, more than 100 artists and venues pledged not to use facial recognition at their events, citing civil liberties concerns. [14]

Legal Landscape

The legal situation is fragmented. Illinois BIPA allows individuals to sue for violations. Texas achieved a $1.375 billion settlement over biometric collection without consent. [15]

But in most states, there's no legal recourse if a venue scans your face without consent.

Retail Stores: Silent Collection

Many retail stores use facial recognition without disclosure.

Common Uses

  • Loss prevention: Identifying known shoplifters
  • VIP identification: Alerting staff when high-value customers enter
  • Demographic analysis: Estimating age, gender, mood for marketing
  • Dwell time tracking: How long you look at specific products

Notable Deployments

  • Rite Aid: Deployed facial recognition in hundreds of stores, disproportionately in low-income and minority neighborhoods. FTC banned the practice in 2023.
  • Walmart: Tested facial recognition for loss prevention
  • 7-Eleven (Australia): Captured facial images for "customer experience improvement"

You Have No Idea

Unlike airport programs where you actively enroll, retail facial recognition is often covert. Signs (if they exist) are small and easy to miss. By the time you read "This store uses facial recognition technology," your face has already been captured.

Your Phone: The Biometric Hub

Your smartphone is the most intimate biometric collection device you own.

What's Captured

  • Face ID / Facial Recognition: 3D map of your face
  • Touch ID / Fingerprint: Fingerprint patterns
  • Voice Recognition: "Hey Siri" / "OK Google" voice models
  • Behavioral patterns: How you type, swipe, hold the phone

The Convenience Trade-Off

Apple and Google claim biometric data stays on-device and isn't uploaded to servers. This is largely true for device unlock. However:

  • Third-party apps may request biometric authentication and have their own policies
  • Banking apps often use biometrics and may have different data handling
  • Voice assistants continuously analyze your voice

Law Enforcement Access

In the US, courts have generally ruled that police can compel you to unlock your phone with your face or fingerprint, but not with a passcode (Fifth Amendment protection against self-incrimination). [16]

This means biometric unlock is legally weaker than a PIN.

Banks & Financial Services

Banking is moving aggressively toward biometric authentication.

Current Uses

  • Mobile banking apps: Face/fingerprint to log in and authorize transactions
  • ATMs: Fingerprint and facial recognition ATMs deployed in multiple countries
  • Call centers: Voice recognition to verify identity
  • Branch access: Some banks use facial recognition for vault access

The Problem

Unlike a compromised credit card number (which can be reissued), compromised biometric data cannot be replaced. If a bank's biometric database is breached, that data is permanently exposed.

The DHS HART Database

All of this flows somewhere. For the US government, that somewhere is HART, the Homeland Advanced Recognition Technology System. [5]

The Scale

  • 300+ million biometric profiles (faces, fingerprints, irises) [2]
  • 350,000+ biometric transactions processed per day [17]
  • 260+ million unique identities in the legacy IDENT system [17]

What It Contains

HART is designed to store: [5]

  • Fingerprints
  • Facial images
  • Iris scans
  • Voiceprints
  • Behavioral biometrics (gait, typing patterns)
  • DNA profiles

The Problems

A GAO report found: [17]

  • Privacy impact assessment was missing key information
  • No assurances that data-sharing partners properly retain and dispose of data
  • Program has been delayed multiple times and is over budget by $354 million
  • Higher than expected software defects and performance issues

The program is now overseen by the Stephen Miller-led White House Homeland Security Council. [2]

How to Minimize Your Biometric Footprint

At Airports

  • You can opt out of facial recognition at TSA checkpoints, request manual ID verification
  • TSA PreCheck collects fingerprints; CLEAR adds iris scans, choose based on your comfort level
  • Know that opting out may mean longer lines

At Work

  • If you're in Illinois, Texas, or Washington, employers must get consent, know your rights
  • Ask how data is stored, who has access, and retention period
  • Some employers offer PIN alternatives to biometric clocking

At Stadiums & Concerts

  • Check venue privacy policies before attending
  • Support artists who have pledged not to use facial recognition
  • In Illinois, you may have legal recourse if scanned without consent

On Your Phone

  • Consider using a strong PIN instead of biometrics (better legal protection)
  • Disable "Hey Siri" / "OK Google" always-on voice detection
  • Review which apps have biometric authentication access

In General

  • Sunglasses block some facial recognition (especially iris-scanning systems)
  • IR-blocking glasses can defeat some camera systems
  • Be aware of what you're agreeing to, "convenience" programs often involve biometric collection

The Bottom Line

Permanent Data, Growing Collection

Biometric data is uniquely dangerous because it's permanent. You can change a password. You can't change your fingerprint.

Every "convenient" biometric enrollment, TSA PreCheck, CLEAR, your workplace time clock, stadium entry, adds to a growing profile that follows you forever.

The infrastructure is being built right now. Once you're enrolled, opting out becomes nearly impossible.

Think carefully before trading your biological identity for convenience.

References

  1. ESI Technologies - Emerging Trends in Contactless Biometric Technology
  2. FedScoop - Homeland Security centralizes control over the government's largest biometrics database
  3. Journyx - How Do Fingerprint Biometric Time Clocks Work?
  4. HyperVerge - The Future of Biometrics: Upcoming Trends and Use Cases
  5. Surveillance Resistance Lab - HART Attack: How DHS's massive biometrics database will supercharge surveillance
  6. Snopes - What we know about TSA PreCheck and Global Entry data access
  7. TSA - TSA PreCheck Touchless ID
  8. Biometric Update - Enhanced Passenger Processing enters the fray at US airports
  9. Mighty Travels - How Clear, Global Entry, and TSA PreCheck Stack Up (2025)
  10. Biometric Update - CLEAR+ enrollment opens US biometric lanes to passengers from 40 more countries
  11. The Lyon Firm - Employee Data Tracking & Workplace Privacy
  12. Biometric Update - Biometrics a high priority for stadiums and live venues in 2025
  13. Stadium Tech Report - Stadiums expanding use of biometric technology
  14. New York State Bar Association - Privacy vs. Security: Facial Recognition at Entertainment Venues
  15. Orrick - Facial Recognition Technology Use in Stadiums: Key Takeaways
  16. EFF Street-Level Surveillance - Biometric Surveillance
  17. GAO - Biometric Identity System: DHS Needs to Address Significant Shortcomings