BreachExpress

Cybersecurity, explained for the rest of us.

Emerging

Face recognition: where it's deployed and what data it shares

Margot 'Magic' Thorne@magicthorneJune 13, 202611 min read
Abstract representation of facial feature points being mapped and transmitted across connected systems

Face recognition is the biometric technology you encounter most often without realizing it. It runs at airport gates, inside retail stores, on your phone's lock screen, and increasingly in public spaces where cameras feed into databases that match your face against watchlists. The underlying mechanism extracts geometric features from your face, converts them into a mathematical template, and compares that template against stored records to confirm identity or flag a match.

The technology isn't new, but deployment has accelerated. What was experimental in 2015 became routine by 2020. By 2026, face recognition operates in contexts where you have no choice about participation and minimal visibility into what happens to the data afterward. Understanding where the systems run, what they capture, and who gets access matters because the technology creates permanent records of your presence in specific places at specific times.

This is an explainer. The goal is to map the mechanism, trace the data flows, and clarify what's actually happening when a camera scans your face.

The underlying mechanism: from pixels to templates

Face recognition starts with image capture. A camera records your face, either from a still photo or video frame. The system then runs detection algorithms to locate faces within the image, isolating your face from background elements and other people. This is the preprocessing stage. The output is a cropped image containing just your face, normalized for lighting and orientation.

Next comes feature extraction. The algorithm identifies facial landmarks: the distance between your eyes, the width of your nose, the shape of your jawline, the position of your cheekbones. These measurements get converted into a mathematical representation called a template or faceprint. The template is not a photo. It's a string of numbers derived from geometric relationships between facial features. Most templates range from 128 to 512 dimensions, depending on the algorithm.

The template is what the system stores and compares. When you walk past a camera, the system generates a new template from the live image and compares it against templates in a database. If the similarity score exceeds a threshold, the system flags a match. The threshold determines the tradeoff between false positives (matching the wrong person) and false negatives (missing a real match). Higher thresholds reduce false positives but increase false negatives. Lower thresholds do the opposite.

The comparison happens in milliseconds. The speed depends on database size. Matching one face against a database of 10,000 templates takes longer than matching against 100, but modern systems handle millions of comparisons per second using optimized search algorithms and parallel processing. This is why face recognition scales in ways that manual identification never could.

Some systems store the original photo alongside the template. Others discard the photo after template generation. The choice depends on the use case. Law enforcement systems typically retain photos for audit trails and courtroom evidence. Commercial systems in retail or access control often discard photos to reduce storage costs and privacy exposure. The template alone is sufficient for matching.

Where face recognition runs: airports, borders, and travel

Airports deploy face recognition at multiple checkpoints. When you check a bag, the kiosk camera captures your face and matches it against the photo in your passport or boarding pass. At the gate, another camera verifies your identity before you board. At customs, CBP uses face recognition to confirm you're the person in your passport photo. Each checkpoint generates a new template and compares it against stored records.

The data flow at airports involves multiple parties. The airline operates the check-in kiosk and gate cameras. The Transportation Security Administration runs checkpoints. Customs and Border Protection controls entry and exit screening. A third-party vendor often provides the face recognition software and infrastructure. Each entity has access to the templates and match results. Some share data with broader law enforcement databases.

CBP's Traveler Verification Service operates at around 80 U.S. airports as of 2026. When you exit or enter the country, the system matches your face against passport photos stored in government databases. CBP claims it deletes photos of U.S. citizens within 12 hours, but retains photos of non-citizens for up to 75 years. The templates persist in the system regardless of citizenship status.

International travel creates additional data exposure. Some countries require face scans at immigration. Others embed face recognition in visa application processes. The data collected abroad stays abroad, governed by foreign privacy laws that may offer less protection than U.S. regulations. You have no practical way to verify deletion or limit access.

Opting out at U.S. airports is theoretically possible. You can request manual document verification instead of face recognition. In practice, gate agents and TSA officers often don't know the opt-out process, and asserting your right to skip the scan creates friction and delay. The system is designed for universal participation, and opting out requires persistence.

Retail surveillance: loss prevention and customer tracking

Retailers deploy face recognition for two purposes: loss prevention and customer analytics. Loss prevention systems match faces against databases of known shoplifters. When someone on the watchlist enters the store, the system alerts security. Customer analytics systems track how long you spend in each aisle, which products you examine, and how often you return. The data feeds into marketing models that optimize store layout and product placement.

The deployment is rarely disclosed. Most stores don't post signs explaining that cameras perform face recognition. Some jurisdictions require notice, but enforcement is inconsistent. You walk into a store, cameras capture your face, and the system generates a template without your knowledge or consent.

Retailers share watchlists. A shoplifting ban at one chain can propagate to other chains that subscribe to the same face recognition service. The vendor maintains a centralized database of flagged individuals, and subscriber stores query that database in real time. You might be banned from stores you've never entered because someone else flagged your face at a different location.

The accuracy of retail systems varies. High-end deployments use enterprise-grade algorithms with low error rates. Budget implementations use cheaper software with higher false positive rates. When a system incorrectly flags you as a shoplifter, you have limited recourse. Retailers are not required to disclose the basis for a ban, and challenging a face recognition match requires proving the system made an error, which is difficult without access to the underlying data.

Some retailers have paused or abandoned face recognition after public backlash. Others continue deploying it quietly. The technology is legal in most U.S. states, and the cost has dropped enough that even small chains can afford it. The trend is toward more deployment, not less.

Law enforcement: databases, watchlists, and real-time identification

Law enforcement agencies use face recognition to identify suspects, locate missing persons, and monitor public spaces. The systems query databases that include mugshots, driver's license photos, passport photos, and images scraped from social media. When police have a photo of an unknown person, they run it through the system to generate leads. When cameras in public spaces capture faces, the system checks them against watchlists in real time.

The databases are large. The FBI's Next Generation Identification system contains over 50 million photos. State and local agencies maintain their own databases, often sharing access through regional networks. Some agencies subscribe to commercial face recognition services that aggregate photos from public and private sources. The result is a patchwork of overlapping databases with inconsistent accuracy, oversight, and access controls.

Real-time surveillance uses cameras mounted in public spaces, connected to face recognition systems that continuously scan passersby. When the system detects a match against a watchlist, it alerts officers. The deployment is most common in high-security areas like government buildings and transportation hubs, but some cities have experimented with broader surveillance networks.

The accuracy of law enforcement systems is contested. Independent audits have found higher error rates for women and people with darker skin, a result of training data that overrepresents white male faces. A false positive in a law enforcement context can lead to wrongful arrest. A false negative allows a suspect to evade detection. The stakes are higher than in commercial applications, but the technology is often the same.

Some jurisdictions have banned or restricted law enforcement use of face recognition. San Francisco, Boston, and Portland have prohibited city agencies from using the technology. Other cities allow it with oversight requirements. Federal agencies operate under fewer restrictions. The legal landscape is fragmented, and what's prohibited in one city may be routine in the next.

Your phone: local processing and cloud sync

Your phone uses face recognition to unlock the screen, authorize payments, and verify your identity in apps. The implementation differs from surveillance systems. Apple's Face ID, for example, processes everything locally on the device. The phone captures your face, generates a template, and stores it in the Secure Enclave, a hardware-isolated chip that prevents other software from accessing the data. The template never leaves the device. Apple doesn't have a copy.

Android's face unlock varies by manufacturer. Google Pixel phones use a similar local processing model. Other Android devices may store templates in less secure locations or sync them to cloud accounts. The security and privacy of Android face unlock depends on the specific phone model and manufacturer implementation.

The local processing model limits data exposure. If the template never leaves the device, third parties can't access it. But the model assumes the device itself is secure. If someone steals your phone and extracts the template from the Secure Enclave, they have a permanent biometric record. The risk is lower than with cloud-stored templates, but it's not zero.

Some apps use face recognition for identity verification. Banking apps, for example, may require a face scan to authorize large transactions. These scans typically generate templates that get sent to the app's servers for comparison against a stored template. The data leaves your device, and you're trusting the app developer to handle it securely. The terms of service often grant the developer broad rights to use and share biometric data.

What data gets stored and who sees it

The data stored by face recognition systems falls into three categories: the original photo, the template, and the metadata. The photo is the image captured by the camera. The template is the mathematical representation derived from the photo. The metadata includes the time, location, camera ID, and match result.

Most systems store the template permanently. The template is small, around 1 to 5 kilobytes, so storage costs are negligible even for databases with millions of records. The template alone is sufficient for future matching, and it's less sensitive than the photo because you can't reconstruct a recognizable face from the template.

Some systems retain the photo temporarily for audit purposes. Law enforcement systems typically keep photos to provide evidence in court. Airport systems may retain photos for a few hours or days to resolve disputes about identity verification. Retail systems vary. The retention policy depends on the operator's risk tolerance and regulatory requirements.

The metadata reveals your movements. If a system logs every time it scans your face, the metadata creates a timeline of where you were and when. Aggregated across multiple systems, the timeline becomes detailed. You entered the airport at 6:15 AM, boarded a flight at 7:30 AM, landed at 10:45 AM, and walked into a store at 11:30 AM. Each scan adds a data point.

Who sees the data depends on the system. In a closed-loop system like Face ID, only you have access. In a commercial system like airport face recognition, the airline, TSA, CBP, and the vendor all have access. In a law enforcement system, multiple agencies may share access through regional or national networks. The access controls are often weak, and data breaches or insider misuse are realistic risks.

The cultural reference: Ocean's Eleven and the casino surveillance room

In Ocean's Eleven, Danny Ocean's crew has to bypass the Bellagio's surveillance system to pull off the heist. The casino's security room is filled with monitors showing every angle of the floor, every card table, every slot machine. The guards watch for cheaters, card counters, and anyone on the casino's blacklist. The system is manual, human eyes scanning screens, but the principle is the same as modern face recognition: continuous monitoring, pattern matching, and immediate response when someone flagged enters the premises.

Face recognition automates what the Bellagio's guards did manually. The cameras still watch, but the system now matches faces against databases in real time, flagging matches without human intervention. The guards only get involved after the system alerts them. The efficiency gain is enormous, but so is the scope. Where the Bellagio's guards could only watch so many screens, face recognition scales to thousands of cameras, millions of faces, and continuous operation without fatigue.

The analogy breaks down in one important way: the Bellagio's surveillance stayed inside the casino. Modern face recognition links cameras across airports, stores, streets, and borders, creating a network where your face becomes a persistent identifier that follows you through public and private spaces. The surveillance room isn't confined to one building anymore. It's distributed across systems that share data and build profiles over time.

Accuracy, bias, and what goes wrong

Face recognition accuracy depends on image quality, algorithm sophistication, and database size. Under ideal conditions, good lighting, frontal view, high-resolution camera, modern algorithms achieve accuracy rates above 99 percent for one-to-one matching (verifying you're the person in your passport photo). Accuracy drops for one-to-many matching (identifying you from a crowd) and degrades further with poor lighting, angles, or low-resolution images.

Bias is a documented problem. Studies by NIST and independent researchers have found that face recognition algorithms perform worse on women and people with darker skin compared to white men. The disparity stems from training data that overrepresents certain demographics. Algorithms trained primarily on white male faces learn to distinguish features common in that group but miss features more common in other groups.

The impact of bias varies by use case. In a retail loss prevention system, a false positive means an innocent person gets flagged as a shoplifter. In a law enforcement system, a false positive can lead to wrongful arrest. In an airport system, a false negative means someone on a watchlist boards a flight. The consequences are asymmetric, and the people most likely to experience errors are often those with the least power to challenge the system.

Some vendors have improved accuracy on diverse faces by training on more representative datasets. Others have not. Transparency is limited. Most vendors don't disclose training data sources, accuracy rates by demographic, or error rates in real-world deployments. You have no way to verify whether the system scanning your face performs equally well across all groups.

When the system makes an error, recourse is limited. If you're wrongly flagged at a store, you might be banned without explanation. If you're wrongly flagged by law enforcement, you might be questioned or arrested. Challenging a face recognition match requires access to the underlying data, which operators rarely provide. The system's decision is treated as authoritative, even when it's wrong.

Regulation, consent, and what you can control

Face recognition operates in a regulatory gray zone. Federal law in the U.S. doesn't specifically govern biometric data collection or use. Some states have passed biometric privacy laws. Illinois's Biometric Information Privacy Act requires consent before collecting biometric data and restricts data sharing. Texas and Washington have similar laws. Most states have no biometric-specific regulations.

The laws that exist are inconsistently enforced. Companies violate biometric privacy laws, get sued, settle, and continue operating with minor changes. The penalties are rarely large enough to deter deployment. The result is a landscape where face recognition spreads faster than regulation can adapt.

Consent is rarely meaningful. When face recognition runs at an airport, you can't opt out without skipping your flight. When it runs in a store, you can't shop there without being scanned. The choice is binary: participate or leave. This isn't informed consent. It's coerced participation.

Some systems allow you to request deletion of your data. CBP claims to delete photos of U.S. citizens within 12 hours of a face scan at the border. Retailers rarely offer deletion mechanisms. Law enforcement databases don't delete records unless you successfully challenge the basis for inclusion. The default is retention.

What you can control is limited. You can avoid stores known to use face recognition. You can request manual verification at airports. You can use privacy-focused phones that process face data locally. But you can't stop cameras in public spaces from capturing your face, and you can't prevent systems from generating templates and storing them in databases you'll never see.

What happens next

Face recognition deployment is accelerating. The technology is cheaper, more accurate, and more widely accepted than it was five years ago. New use cases emerge as vendors find applications beyond security and access control. Some cities are experimenting with face recognition for public transit fare enforcement. Some employers use it for time tracking. Some apartment buildings use it for entry access.

The data accumulates. Every scan adds a record. Every record becomes part of a profile that links your face to locations, times, and behaviors. The profiles persist across systems, shared through vendor networks and law enforcement partnerships. The result is a surveillance infrastructure that tracks movement and presence at a scale that was impossible before face recognition.

Resistance exists. Activists push for bans and restrictions. Some jurisdictions have passed laws limiting deployment. Some companies have paused or abandoned face recognition projects after public backlash. But the trend is toward more deployment, not less. The technology works well enough, costs little enough, and offers enough operational benefits that organizations adopt it despite controversy.

The mechanism is straightforward: cameras capture faces, algorithms generate templates, systems compare templates against databases, and operators act on match results. The data flows are complex: templates move between vendors, agencies, and jurisdictions, often without your knowledge or consent. The control you have is minimal: you can avoid some systems, challenge some decisions, and request deletion in some cases, but you can't stop the cameras from scanning or the databases from growing.

Face recognition is where surveillance meets automation. It's deployed in places you go every day, operated by entities you've never heard of, and governed by laws that haven't caught up. Understanding the mechanism, knowing where the systems run, and recognizing what data gets stored won't stop the technology from spreading, but it clarifies what you're dealing with when a camera scans your face.

Network diagram showing face recognition data flows between cameras, databases, and verification systems
→ Filed under
face recognitionbiometric datasurveillance technologyprivacydata sharingairportslaw enforcement
ShareXLinkedInFacebook

Frequently asked questions

Airports use it for boarding and customs, some retailers deploy it for loss prevention, law enforcement uses it to identify suspects, and your phone uses it to unlock. The deployment varies dramatically by location and purpose.
Most systems store a mathematical template derived from your facial features, not the photo itself. The template is a string of numbers representing distances between facial landmarks. Some systems retain photos temporarily for audit trails.
It depends on the system. Advanced algorithms trained on partially obscured faces can still identify you from visible features like eye spacing and forehead geometry. Cheap implementations fail when key facial landmarks are blocked.
The airline, TSA, Customs and Border Protection, and the vendor operating the system all have access. Some implementations share data with law enforcement databases. The exact access depends on the specific deployment and contracts.
Both have high accuracy under ideal conditions, but face recognition degrades faster with poor lighting, angles, or aging. Fingerprints remain more reliable for forensic identification, while face recognition excels at passive surveillance where subjects don't interact with a sensor.

You might also like

Waveform visualization showing AI analyzing speech patterns to generate synthetic voice audio
Phishing & Scams

AI voice cloning: how it works and how to defend against it

AI voice cloning analyzes speech patterns to generate synthetic audio. Here's the mechanism, how attackers use it, and what you can do to protect yourself.

11 min · Margot 'Magic' Thorne · May 6

A YubiKey USB security key inserted into a laptop port with a subtle glow indicating authentication in progress
Passwords & Auth

Hardware Security Keys Explained: Do You Actually Need a YubiKey?

Hardware security keys like YubiKey provide phishing-resistant authentication through physical possession. Here's how they work, who needs them, and what changes.

11 min · Margot 'Magic' Thorne · May 25

Smartphone screen displaying incoming call with 'Scam Likely' warning label and decline button highlighted
Phishing & Scams

Robocalls in 2026: Step-by-Step Guide to Actually Stop Them

Robocalls exploit outdated phone systems and lax enforcement. Here's the step-by-step method to reduce them using carrier tools, device settings, and FTC reports.

12 min · Margot 'Magic' Thorne · May 12