As of May 7, 2025, anyone over the age of 18 that plans to visit certain federal facilities or fly domestically will need to present a REAL ID or other acceptable form of identification. A REAL ID will have a a star and/or flag, or will feature the word “Enhanced.” 

As REAL IDs become the standard expectation, individuals may experience more biometric security checks. While this may heighten airport security, travelers could also be exposed to greater identity risks. Deepfake and AI fraud expert, Joshua McKenty, the former Chief Cloud Architect at NASA and Co-Founder & CEO of Polyguard, shares his insights on these risks. 

“With REAL ID and TSA Touchless ID, travelers are entering a new era of biometric identity checks at airports. This isn’t just about faster lines or tighter security — it’s a real-time experiment in how facial recognition can either empower individuals or expose them to new risks,” says McKenty. “The REAL ID rollout means that the 50 state-level databases that connect biographic information with biometric data, have now been linked into one national super-database. Ergo, a giant bullseye for every hacker in the world, and an as-yet unused surveillance superweapon.”

Travelers may be tempted to opt of checkpoints in order to protect their biometric data; however, McKenty doesn’t believe this will do much to secure their privacy. 

He states, “Most travelers don’t realize that opting out at the checkpoint does little to protect their privacy; their facial biometrics were already captured when they procured a passport, driver’s license, or REAL ID document, and new images flow into centralized databases like the DHS IDENT system, where deletion policies are inconsistent and increasingly opaque.”

With biometric data potentially at risk, individuals and organizations alike must be aware of the threats. 

“As deepfakes and synthetic identities proliferate, the integrity of biometric systems is crucial — not just for personal privacy, but to prevent fraud, impersonation, and identity theft,” McKenty explains. “Yet the debate remains stuck in a false binary between total surveillance and total anonymity, missing the opportunity to build systems that foster both trust and freedom.”

For organizations managing biometric data, McKenty offers the following advice: 

“The path forward is clear: organizations must demand and adopt identity verification systems designed with consent, transparency, meaningful opt-out, and true portability, so individuals and organizations alike can manage and benefit from their own data. This isn’t just about travel. It’s about setting a new standard for digital trust in the age of AI-powered deception. As federal standards evolve and privacy concerns intensify, the future of biometrics will be defined by how much power we return to the individual.”