YESTERDAY'S LESSON
ILLINOIS PUSHES BACK ON BIOMETRICS AS TSA EXPANDS
What Happened
Illinois produced the clearest privacy movement yesterday. House Bill 5521 would bar state and local law enforcement from obtaining, retaining, accessing, or using biometric identification systems, including facial recognition, iris scans, voiceprints, and fingerprint-matching tools. The proposal is notable because it also would block indirect access through contractors, other agencies, or federal partners, and would limit the Secretary of State’s facial-recognition database to identity verification for mobile IDs rather than police searches.
A separate Illinois-led move targeted the commercial data market. Attorney General Kwame Raoul joined 16 other state attorneys general in urging Congress to close the loophole that lets federal agencies buy bulk personal data from brokers without a warrant. The group pointed to location data, searches, shopping history, political leanings, and health information as the kinds of records that can still be purchased rather than obtained through court-supervised process.
Meanwhile, biometric identity checks kept expanding in travel. TSA’s PreCheck Touchless ID program drew fresh attention as it spread across roughly 60 U.S. airports, including new availability in Jacksonville and other Florida airports. The program lets opted-in PreCheck travelers use facial recognition instead of showing a physical ID and boarding pass, while TSA says participation remains optional.
Key points
- HB 5521 would go further than many facial-recognition proposals by cutting off police access to biometric data through third parties and interagency workarounds.
- The attorneys general are framing brokered bulk data as a government-access problem, not just a consumer-market privacy issue.
- TSA’s rollout shows biometric verification is still becoming routine in consumer travel even as law-enforcement uses face sharper resistance.
- Recent FTC pressure on undisclosed photo sharing in the OkCupid-Clarifai matter adds to the same pattern: downstream use of personal data is getting closer scrutiny than notice alone.
Implications
Yesterday’s developments reinforced a narrowing but important line in privacy policy. Uses tied to policing, intelligence, and bulk surveillance are drawing more direct pushback, while convenience-oriented identity verification is still moving ahead. For companies and agencies, that makes purpose limits, access controls, and partner permissions more important than broad privacy language on their own.
The practical compliance question is whether data can move farther than users or procurement teams think it can. If a biometric system, driver-license photo database, or brokered dataset can still be queried through a vendor, another agency, or a federal partner, lawmakers and regulators are increasingly treating that as the real issue. The same logic sits behind recent FTC enforcement on photo sharing and the latest calls to restrict government purchases of commercially available data.
Things to watch
Watch
Whether Illinois HB 5521 advances in committee or gets narrowed through investigative or public-safety exceptions.
Watch
Whether Congress takes up the attorneys general’s call to curb federal purchases of commercially available data and require deletion of improperly obtained records.
Watch
Whether TSA keeps Touchless ID clearly opt-in as it expands through more airlines and airports, or whether participation becomes harder to avoid in practice.