Government-Grade Facial Recognition Isn't Safe

TSA is actively expanding facial comparison technology across dozens of major U.S. airports. At the exact same moment, researchers discovered nearly 2,500 identity-verification files sitting wide open on a U.S. government-authorized public endpoint — no exploit required, no special access needed, just a browser and a functioning pair of eyes. These two things happened in the same news cycle. Let that sink in for a second.

There's a cognitive shortcut most of us use without realizing it: if the government uses a system, it must be secure. If it's enterprise-scale, it must be hardened. This is authority bias doing what authority bias does — flattening complexity into a comfortable assumption. And right now, that assumption is visibly, documentably wrong.

The Expansion Nobody's Slowing Down

Start with the TSA side of this story. According to TSA's own fact sheet, the agency's facial comparison technology is positioned as a "significant security enhancement" that "improves passenger convenience" — travelers present their physical ID or passport, a live image is captured, and the system checks whether your face matches the credential photo. Voluntary, TSA says. An opt-out is available.

Voluntary is doing a lot of work in that sentence. Anyone who has stood in a TSA line knows the social pressure of holding up hundreds of travelers by asking an agent to explain the opt-out process. The friction is real, even if the legal right to decline is also real. But set that debate aside — because the more pressing issue isn't whether travelers are enthusiastically consenting. It's what happens to the data once it enters a system of this scale.

TSA's own Privacy Impact Assessment from the Las Vegas McCarran International Airport trial — documented by FEDagent — confirms the agency collects real-time facial images, document photos, issuance and expiration dates, date of travel, document type, issuing organization, and year of birth. That's a rich data profile attached to a biometric. And it scales. Tens of millions of travelers. Dozens of airports. A surface area that grows every time another checkpoint goes live. This article is part of a series — start with Facial Recognition Checkpoint Convergence Investig.

The Leak That Required Zero Effort

Now the other half of this story — and honestly, the part that should be making more noise than it is.

In February 2026, researchers flagged a serious problem with Persona Identities, an identity verification platform partially backed by Peter Thiel's Founders Fund. As Fortune reported, Persona's front-end code was accessible on the open internet — sitting on a Google Cloud endpoint that carried U.S. government authorization. Nearly 2,500 files, discoverable by anyone who knew to look.

What was in those files? Not nothing. Researchers found that Persona conducted facial recognition checks against watchlists, screened identities against lists of politically exposed persons, and ran 269 distinct verification checks — including screening for "adverse media" across 14 categories that included terrorism and espionage. The system assigned risk scores and similarity scores to user data. And the architecture describing all of that was just... sitting there.

"We didn't even have to write or perform a single exploit, the entire system's verification logic and configuration details were exposed just by visiting the endpoint." — Researchers, quoted in Fortune

The sentence trails off in the source, but the implication doesn't. No exploit. No breach in the traditional sense. Just open infrastructure on a government-authorized endpoint, fully visible to anyone patient enough to poke around. Discord, which had used Persona for age verification, distanced itself from the platform after the exposure came to light. Persona continues to provide verification services for OpenAI, Lime, and Roblox, per the same Fortune report.

Here's the thing about "government-authorized endpoint." That phrase sounds airtight. It isn't. Authorization means the vendor met a procurement threshold — it does not mean every configuration decision made after deployment was correct, audited, or even reviewed. The Government Accountability Office has documented recurring IT security deficiencies across federal agencies for over a decade. Misconfigured cloud storage, inadequate access controls, inconsistent patching — these aren't edge cases. They're patterns.

Scale Is the Problem, Not the Solution

This is the part investigators and security-conscious professionals need to actually internalize: scale creates surface area. It's not a complicated idea, but authority bias keeps people from applying it to government systems the same way they'd apply it to a consumer app. Previously in this series: 269 Hidden Checks Id Verification Dragnet Profilin.

A system processing millions of identity records daily has an attack surface measured in terabytes. A misconfiguration at any layer — storage, access control, endpoint configuration, vendor integration — exposes not just one person's data, but potentially millions of records simultaneously. The Persona situation didn't require a sophisticated nation-state attack. It required a researcher with internet access and enough curiosity to look.

For investigators doing casework with facial comparison tools, this has direct operational implications. When you submit a subject's image to a large-scale identity platform, you have essentially zero visibility into where that image is retained, how it's logged, whether it's used to train downstream models, or what other systems it touches. The system's institutional legitimacy — its government contracts, its enterprise clients, its venture backing — tells you nothing about those specifics.

Look, nobody's saying government systems are reckless or that private alternatives are automatically superior. The honest counterargument is that highly regulated environments undergo more formal auditing than most private-sector tools. That's real. Compliance frameworks, FedRAMP authorizations, privacy impact assessments — these create accountability structures that plenty of commercial vendors skip entirely. The problem isn't that government-adjacent systems are unserious. The problem is that accountability after a breach doesn't protect your data before one. And the Persona exposure — on a government-authorized endpoint, requiring zero exploitation — is a clean, documented example of exactly that gap.

For anyone working with facial comparison tools in investigative or professional contexts, the practical answer isn't to find the biggest system with the most impressive client list. It's to understand what happens to your images after you submit them, what the actual data retention policy is, whether outputs are structured for evidentiary use, and how narrow the data footprint genuinely is. Tight workflows with clear outputs beat sprawling enterprise platforms every time — not because they're more powerful, but because you can actually see what they're doing.

The Authority Bias Problem, Stated Plainly

Authority bias is the tendency to attribute greater accuracy and trustworthiness to the opinion — or in this case, the infrastructure — of an authority figure. It's why "used by federal agencies" functions as a marketing claim rather than a warning label. TSA using facial comparison at airports signals mass institutional acceptance. Persona carrying a government-authorized endpoint signal sounds like an endorsement. Up next: Tsa Optional Face Scans Voluntary Consent.

Neither of these signals tells you how your specific data is handled, logged, or exposed. That's the gap. And it's a gap that researchers closed in the most embarrassing way possible — by just opening a browser.

The most dangerous assumption in any data workflow is that somebody upstream is handling your information carefully. Large systems process huge volumes of records. Individual data hygiene at the record level is genuinely not their priority — their priority is processing volume at acceptable error rates. An investigator whose case photos pass through a system touching millions of records daily is betting on that system's configuration decisions. All of them. Made by every engineer who ever pushed a deployment.

So here's the question worth sitting with — not as rhetoric, but as a genuine operational gut-check: when you learn that an identity verification system is used by federal agencies, does that make you trust it more? Or does it make you wonder just how many other systems, endpoints, and configurations are touching data that you assumed was handled carefully — because surely, someone that big would have figured it out by now?

Persona was that big. The files were still open. Nobody had to try.