Your Face Is Your ID. Can It Verify Anyone?

This week, your face became your boarding pass, your train ticket, and your immigration file — but almost nobody is talking about what that means for real-world investigations. Three separate deployments landed in the news cycle within days of each other: TSA doubling down on facial ID trials at American airports, Japan's JR East launching walk-through facial recognition gates on the Joetsu Shinkansen, and a WIRED investigation revealing that the face-recognition app ICE and CBP agents are using in the field cannot actually verify who people are. Read those together and a pattern emerges that's impossible to ignore.

Government adoption of a technology doesn't mean the technology works reliably. It means governments decided to use it anyway. Those are very different things — and the distinction is going to matter enormously when this evidence starts showing up in courtrooms with any regularity.

The Week That Normalized It

Start with TSA. The agency has been running its Credential Authentication Technology (CAT-2) scanners — which capture a real-time image and compare it against a government-issued ID — at airports across the country for years now. What's changed is the scale and the tone. TSA frames the scans as optional. The signage at checkpoints uses vague language about "participation." And according to McKenly Redmon of Southern Methodist University's Dedman School of Law, writing in The Regulatory Review, the opt-out is largely theoretical.

"Travelers are likely unaware that they can opt out, and signage at airports frequently uses vague terms." — McKenly Redmon, SMU Dedman School of Law, via The Regulatory Review

Think about what "opt out" actually looks like in practice: you're in a queue, uniformed officers are watching, people behind you are sighing, and you're supposed to proactively ask to skip the biometric scan. Behavioral compliance research has a name for why most people don't do that. TSA doesn't. The agency calls it consent. Redmon calls it coercion dressed in administrative language. She's right. This article is part of a series — start with Facial Recognition Checkpoint Convergence Investig.

Meanwhile, in Japan, Panasonic Connect and JR East kicked off a proof-of-concept trial at Nagaoka Station on the Joetsu Shinkansen on November 6th. The pitch from Panasonic Connect is genuinely interesting: futuristic ticket gates with visual and audio effects, no card tap, just walk through and your face does the work. JR East is framing this as part of their broader "Suica Renaissance" initiative — evolving the IC card platform into something more advanced. The framing is all about smooth, frictionless experience. And it is smooth — which is exactly the problem. When you walk through a gate and a camera matches your face in half a second, when did you consent? When you bought the ticket online? When you walked within range of the lens? Nobody's answered that yet, and that silence is doing a lot of heavy lifting.

Then there's the immigration story, which is where this week's news gets genuinely alarming.

The App That Can't Do What It Says It Does

WIRED's reporting on Mobile Fortify — the face-recognition app DHS launched in spring 2025 for use by ICE and CBP agents in the field — should have been front-page news. The Department of Homeland Security rolled this out explicitly to "determine or verify" the identities of individuals stopped or detained during federal immigration operations, linking the deployment directly to an executive order signed on Trump's first day in office. The mandate was a "total and efficient" crackdown, and Mobile Fortify was the tech answer.

Here's the kicker: the app doesn't actually verify identity. WIRED reviewed records showing that despite DHS framing Mobile Fortify as an identification tool, it cannot perform the function its name implies.

"Every manufacturer of this technology, every police department with a policy makes very clear that face recognition technology is not capable of providing a positive [identification]." — Records reviewed by WIRED

That quote is from documentation associated with the technology itself. The makers of the tool are saying it can't do the thing the government deployed it to do. And it was rolled out, per WIRED's reporting, without the scrutiny that has historically governed privacy-impacting technology deployments. In a context where a wrong match can mean wrongful detention or deportation, "historically governed scrutiny" isn't bureaucratic box-checking. It's the difference between someone going home and someone losing everything. Previously in this series: Facial Tech Expansion Without Guardrails Weekly Ro.

Mass Deployment ≠ Professional-Grade Analysis

Here's where the authority bias gets complicated. When TSA and federal immigration agencies are using facial recognition, it normalizes the technology in the public mind — and arguably in judicial minds too. The counterargument to everything above is that institutional adoption makes courts more receptive to facial evidence across the board. If the government trusts it, juries will trust it. That's not an unreasonable read.

But it's also wrong, and here's why: courts don't admit categories of technology. They admit specific outputs produced by specific methodologies in specific cases. DNA is a useful parallel. Nobody disputes that DNA analysis works. Courts still scrutinize whether this lab followed this protocol on this sample. The existence of a technology doesn't make any particular application of it admissible. The Daubert standard — which requires demonstrated scientific validity and known error rates — was built precisely for this situation, and most mass-checkpoint systems cannot satisfy it for individual case evidence because they're optimized for throughput, not documentation.

Checkpoint cameras are designed to process millions of comparisons at population-level accuracy. They are emphatically not designed to produce the kind of documented, case-specific, methodologically defensible analysis that holds up when a defense attorney starts asking pointed questions about image resolution, comparison methodology, and known error rates for this specific system on this specific image type. That's a completely different discipline. Understanding that difference — and being able to explain it clearly on a stand — is where professional facial comparison work, the kind built around controlled two-image analysis with documented methodology, actually lives. For investigators thinking about how their own face comparison work will be evaluated by courts, that distinction is the entire ballgame.

The investigator who can show their work — here's the source image, here's the comparison image, here's the process, here's what the literature says about error rates for this comparison type — is going to have a credibility advantage over a checkpoint output that was generated by a system processing ten thousand faces an hour with no case-specific documentation. Government scale and professional rigor are not the same thing. They are frequently opposite things.

Look, nobody's saying government agencies shouldn't use facial recognition. The TSA argument — that automated identity checks reduce bottlenecks and improve security — has real merit when the technology works accurately and consent is genuine. The JR East trial is genuinely interesting engineering. Even Mobile Fortify might serve legitimate investigative purposes if it were deployed with appropriate oversight and its limitations were honestly communicated to the agents using it.

But "might work under good conditions" and "was deployed responsibly" are two different sentences, and right now we're mostly getting the first without the second. The gap between those sentences is where due process challenges live, where civil rights litigation is built, and where courts are going to spend a lot of time in the next few years.

As facial matching becomes a standard government checkpoint tool — with documented accuracy gaps and contested consent — here's the question worth sitting with: in three to five years, will courts treat facial evidence submitted by a trained investigator with documented methodology as more credible than a checkpoint output, or less? And if Mobile Fortify can't reliably verify who a person is — per its own technical documentation — what exactly happens to the deportation cases built partly on its outputs?

That second question doesn't have a comfortable answer yet. Which tells you something important about where we actually are with all of this.