There's never a dull moment in facial recognition. On Thursday, the Washington Post reported that the Department of Homeland Security (DHS) withdrew a proposal it made earlier this week that would have expanded airport face scans of passengers arriving in or leaving the U.S. to include American citizens.

So why the quick turnaround? While laws like Illinois' Biometric Information Privacy Act (BIPA) or even the forthcoming California Consumer Privacy Act (CCPA) have taken pains to address the way that kind of personal information is handled, it seems likely that DHS is focused more on public reaction than any kind of legal challenge.

In other words, don't expect the the topic of facial recognition, airports and U.S. citizens to disappear any time soon.

"This is not even the tip of the tip of the iceberg. … This is a next two [or] three decade issue that is only going to become more pervasive as the technologies change," said Sean Wieber, a partner at Winston & Strawn.

If the DHS were to successfully revisit its proposal to scan American citizens arriving in or leaving the U.S., Wieber doesn't see much in the shape of legal challenges standing in the way. If such a practice were to contradict any state privacy regulations that came along, a federal mandate could ultimately carry more weight.

Even BIPA has its limits. Wieber thinks that while the DHS airport proposal may violate the Illinois law in spirit, that too was drafted with some explicit boundaries in mind.

"[BIPA] only applies to private entities and they specifically exempt state or local government agencies. … I don't think legislators ever really tried to regulate the federal government in this space," Wieber said.

However, Robert Cattanach, a partner at Dorsey & Whitney, wasn't as sure that individual state laws would prove moot in the face of the DHS proposal. He said it would depend on whatever federal preemptions were specifically built into the enabling legislation.

Still, DHS could be wary of provoking more states in the direction of taking biometric privacy into their own hands.

"They don't want to spawn a whole series of local regulations, and now they have this whole mess on their hands," Cattanach said.

Still, he's confident that the government will continue to revisit the use of facial recognition technology at security checkpoints. But whether or not something in the vain of the DHS proposal could ever be repackaged in a way that engenders a warmer public response remains to be seen.

For example, a pilot program at Hartsfield Jackson International Airport in Atlanta allows international passengers the option of submitting to facial scans to move through security more expediently. However, the opt-in component may defeat the underlying purpose of the DHS proposal since would-be bad actors are unlikely to submit to the process voluntarily.

"The concept of consent is really hard to get my head around when it comes to security issue," Wieber said. 

Cattanach broached the possibility that the facial recognition industry will begin to self-regulate, dumbing down their technology where applicable to recognize human faces without deriving an identity. For places like an airport security checkpoint—where identity is the name of the game—structures could be implemented that automatically deleted the data within a limited timeframe.

"I think that we're still figuring out where the boundaries are for appropriate usage," Cattanach said.