In May 2025, claims (archived) circulated that signing up for TSA PreCheck or Global Entry grants the U.S. Department of Homeland Security and the FBI unrestricted, warrantless, indefinite access to the applicant's personal data including health records, social media communications and court history. TSA PreCheck and Global Entry are part of the voluntary, paid Trusted Travelers Programs, which allow travelers to reduce waiting time at participating airports by being prescreened.
The claims circulated on X, Facebook (archived) and Instagram (archived) accompanied by a clip from Victory News (time code 25:10), a religious news channel based in Arkansas, featuring KrisAnne Hall, the chief counsel of Liberty First Legal, a civil rights law firm started during the COVID-19 pandemic with an interest in protecting "religious and constitutional freedoms." Hall said:
So when individuals enroll in TSA PreCheck or Global Entry, they actually sign a release granting the Department of Homeland Security and the FBI unrestricted, warrantless access to all their personal data: health records, physical, mental, social media communications, court history — anything they want, they have access indefinitely. And this sweeping surrender of privacy is in the fine print few people ever really read, so the people end up giving up their permanent rights, or their rights permanently, for the convenience of maybe a little bit faster time in line.
Snopes readers also emailed and searched our site seeking more information about the claim.
However, we found no evidence that an application to TSA PreCheck or Global Entry would give the Department of Homeland Security "unrestricted, warrantless" access to any data about the applicant indefinitely. According to Privacy Impact Assessments of both programs, the DHS does collect biographic and biometric information about applicants. The Transportation Safety Administration (TSA) and U.S. Customs and Border Protection (CBP) share only fingerprints from applications to both programs with the FBI. We found no proof that a TSA PreCheck or Global Entry application allows the DHS or FBI access to health records, social media communications or court history if that material isn't already public.
A CBP spokesperson said the agency did not "collect, store, or share information which isn't relevant to an individual's eligibility and continued membership in Global Entry" and referred us to a full list of information gathered by the agency about Global Entry applicants.
We reached out to the TSA and Clear, Idemia and Telos (three companies authorized to enroll travelers in TSA PreCheck) to ask if the claim was true and await a reply.
In an email to Snopes, Hall argued that the issue over data security lay with "expansive" statutes, regulatory "vagueness," and "judicial deference" surrounding the DHS and TSA.
Hall wrote:
The current STA [Security Threat Assessment] framework grants DHS and TSA expansive, largely unchecked power to define and act upon "national security concerns" with little transparency, no clear standards, and minimal accountability. The initial consent given by applicants opens the door to continuous and intrusive investigation, often without the individual knowing the full extent of the review.
Hall wrote that fully understanding the regulatory framework that allowed for the alleged "unchecked" power involved "tracing a complex statutory and regulatory chain that even experienced attorneys must study."
Therefore, she argued, "because this legal framework is stitched together by statutory silence, judicial precedent, and internal practice, rather than a single bright-line rule, informed consent becomes the only real safeguard."
In so far as our investigation found, both TSA PreCheck and Global Entry do require a security threat assessment as part of the application to the program. For Global Entry, this means the applicant is tested against seven disqualifying factors, which mostly relate to an applicant's criminal record.
The CBP provided copies of four consent forms that applicants to Global Entry must acknowledge. None of these forms said they gave the CBP unrestricted or warrantless access to health records, social media accounts or court records.
A TSA spokesperson referred us to the Privacy Act Statement for TSA PreCheck when asked about what information the program gathered for its security threat assessment. More on this below.
What TSA PreCheck and Global Entry actually know about applicants
Under the Privacy Act of 1974, federal agencies must provide certain information publicly about how and why they collect data from the public. The U.S. Department of Labor explained the concept on its website:
The Privacy Act of 1974 requires that when we ask you for information we tell you our legal right to ask for the information, why we are asking you for it, and how it will be used. We must also tell you what could happen if we do not receive it and whether your response is voluntary, required to obtain a benefit, or mandatory.
When applicants to the TSA PreCheck program start their application through one of three nominated providers, they soon encounter a Privacy Act Statement that carries out the function described above. This statement is the same across Idemia, Clear and Telos, the three TSA enrollment partners.
On all three partner websites, the statement appeared early in the application process. On the Telos website, the statement appeared in a non-skippable pop-up window after clicking the "Apply" button.
Global Entry is part of CBP's Trusted Traveler Programs (TSA PreCheck is also part of this system but the application process is outsourced to partner companies). Applicants must first create a Trusted Traveler Program login through Login.gov, a portal used to access multiple government services. Login.gov has its own Privacy Act Statement.
None of the Privacy Act Statements we viewed outright authorized TSA or CBP to access health records, social media communications or court history if that material was not already public.
Federal agencies must carry out a Privacy Impact Assessment before "developing or procuring IT systems or projects that collect, maintain or disseminate information in identifiable form from or about members of the public," according to the DHS.
According to a Privacy Impact Assessment in 2013, before the initial launch of TSA PreCheck, the program would gather the following information about applicants:
- full legal name and any aliases;
- current residential address;
- mailing address if different than residential address;
- previous residential address;
- date of birth;
- Social Security number (voluntary, but recommended10);
- gender;
- physical description (height; weight; eye color; hair color);
- fingerprints;
- photograph;
- city, state, and country of birth; and
- immigration status and an alien registration number for both naturalized citizens and aliens (if applicable).
Notably, this list did not include "health records, social media communications and court history," as Hall claimed. The Privacy Impact Assessment specifically said the TSA did not use "publicly available data" to carry out threat assessments. That could include things like social media communications (public comments and posts) and court documents.
Additionally, there was no indication that the TSA would have access to the information applicants provided indefinitely. According to the Privacy Impact Assessment, unless an applicant was "a positive match to a watch list," any information held by the TSA would be deleted one year after the applicant "notified TSA that he or she no longer is participating, or seeking to participate, in the TSA PreCheck Application Program."
If an applicant was a positive match on a watchlist, the TSA would retain information about that person "for 99 years after completion of matching activity, or seven years after TSA learns that the individual is deceased, whichever is earlier."
Likewise, a Privacy Impact Assessment for Global Entry (and other Trusted Traveler Programs) in 2013 listed the information collected for that program which, in addition to the information collected for TSA PreCheck, also included:
- Telephone numbers
- Country of citizenship
- Language preferences
- Employment history (if available);
- PASS ID or Trusted Traveler membership number, GOES user ID,
- Password and answers to security questions (for lost passwords);
- Countries visited in the last five years;
- Criminal history;
- Parental or Legal Guardian permission (if 18 years or younger);
- Driver's license number; and
- Issuing state or province of the applicant's Driver's License.
Some non-U.S. citizens are eligible for Global Entry, which is why the information collected for this program also includes citizenship and language preferences. The CBP holds data provided during the application process for Global Entry for three years after an individual's membership lapses, according to the Privacy Impact Assessment.
The full list of information collected about applicants to the Global Entry program was publicly available on the federal register.
In terms of what information the TSA and CBP could share from TSA PreCheck or Global Entry, the Privacy Act Statement for TSA PreCheck said that the DHS could disclose information to a third party "during the course of a security threat assessment, employment investigation, or adjudication of a waiver or appeal request to the extent necessary to obtain information pertinent to the assessment, investigation, or adjudication of your application."
The TSA said in the Privacy Impact Assessment for TSA PreCheck that it would share information on "matches and potential matches to a watch list" with the Terrorist Screening Center (TSC) and that it did not impose limits on "re-dissemination" of that information by the TSC.
The Global Entry Privacy Impact Assessment said that fingerprints submitted during an application were checked but not stored by the FBI. Global Entry could also share whether an applicant passed or failed their application with "partnering international countries."
As such, we found no evidence that an application to TSA PreCheck or Global Entry outright required an applicant to allow the DHS or FBI "unrestricted, warrantless" access to their health records, social media communications and court history. Both TSA PreCheck and Global Entry use biographic and biometric data and share fingerprints submitted with the FBI. Both programs will delete biographic information about applicants after set periods of time if an applicant's membership lapses.
However, Hall argues that the legal authority for departments like the DHS to collect information about citizens in the name of national security is ever-expanding and can be difficult to navigate for the average traveller.
People in the U.S. have the right to see and correct information that the federal government keeps on file about them under the Privacy Act.