Inside the HART of the DHS Office of Biometric Identity Management
The Automated Biometric Identification System (IDENT) operated by the Department of Homeland Security’s Office of Biometric Identity Management (OBIM) was designed in 1994 and implemented in 1995. It was originally meant to perform a South-West border recidivist study, but has grown into the second largest biometric system in the world, next to Aadhaar, with 230 million unique identity records, plus access to millions more held by the FBI and Department of Defense, and 350,000 transactions on an average weekday.
As the number of programs using IDENT has grown, the system’s roll and size have increased. As the importance of IDENT has grown, so have the warnings and criticism of the program. It is still not widely understood how it works, however, Patrick Nemeth, Director of OBIM’s Identity Operations Division told Biometric Update in an exclusive interview.
“We don’t own the data, we’re the data stewards, and it was collected by somebody else who ultimately has the authority to change it or delete it,” Nemeth explains. While many government biometric databases around the world are not operated in this way, the arrangement is only the beginning of the complexity the system has evolved to accommodate.
OBIM performs three basic functions, Nemeth says, with pretty much everything else done in service of them. It operates the automated matching system, which is IDENT, but will soon be the Homeland Advanced Recognition Technology (HART), performs manual examination and verification, and coordinates sharing with the owners of the data, which means setting rules for sharing data with agencies. Most government biometric data is centralized with OBIM to minimize duplication under the department’s privacy rule, and also to apply the maximum security and protection to sensitive information.
As operators of the centralized biometric repository, OBIM takes on the responsibility of dealing with the security, privacy, and civil liberties implications of storing sensitive personally identifiable information (PII). It does so, in part, by applying Fair Information Practice principles to govern procedures for elements including transparency, accounting and auditing, and purpose specification.
Other than specific databases run by law enforcement and the DoD, which it also coordinates sharing for, OBIM holds all of the U.S. government’s biometric data. It primarily serves DHS agencies, including Customs and Border Protection (CBP), Border Patrol, the Federal Emergency Management Agency (FEMA), Immigration and Customs Enforcement (ICE), Transportation Security Administration (TSA), and Citizenship and Immigration Services, as well as agencies like the Coast Guard for border entries. It performs a range of functions, including both verification and identification, and during periods when the system is less busy, such as overnight, it performs deduplication and checks latent prints found on improvised explosive devices (IEDs) or in investigations of serious crimes by the FBI, according to Nemeth.
This enormous expansion of both the system’s scale and mandate is why OBIM is now moving forward with the development of the new HART system. IDENT is becoming obsolete.
“It’s been stretched and band-aided and added-to in every way that people can think of, but it just can’t go any further,” Nemeth says.
HART will add a range of capabilities, including to use a fusion of fingerprint, iris, and facial recognition modalities to improve its matching accuracy. It will also expand the scale of the system, which is desperately needed.
“At one point about five years ago they did a couple external studies and they told me that if we ever reached 300,000 transactions a day that we would see system slowness and if we ever reached 400,000 per day, we would see the blue screen of death,” Nemeth admits.
IDENT currently process more than 400,000 transactions in a day on occasion, after remedial action was taken by OBIM to increase its capacity. It typically serves about 350,000 requests per weekday, and a little less on the weekend, returning yes or no answers for about 99.5 percent. Nemeth says he uses more than one thousand servers and other pieces of hardware to keep the system running with brute force. That is not an efficient way to operate, however, and the demand keeps increasing with each new biometric border trial, and any other program involving a use of government biometrics.
Increasing capacity to meet the rapid growth in demand is the main motivation for the move to HART, which will be able to serve 720,000 daily fingerprint transactions when it goes live, and can be quickly scaled. It is being launched on AWS’ Government Cloud, but is designed to be cloud-agnostic. OBIM’s database is growing by about 20 million people per year, which is also accelerating, and as additional modalities become more valuable with the addition of fusion verification, its 3 million pairs of irises may also increase. The current database is twice as large as it was seven years ago, and Nemeth says the current projections are that it will double again in the next seven.
Some future uses of HART are likely yet to be determined, but an example of the scale that may be needed can be understood by considering the possibility that all 3 million travelers per day who pass through U.S. airports may one day need to be biometrically verified.
Tech systems from the nineties are also inherently not able to keep up with modern technology. The programming languages and architecture of IDENT are antiquated, and require an inefficient and frustrating process not just to add capabilities, but every time a statistic is requested for analytical purposes.
“We have to figure out what our question is, send it to our contractors, they write the script, they run it, they send it back to us, and sometimes when we look at it, that wasn’t really the question, and you have to repeat the process,” Nemeth says.
As the number of agencies and use cases for IDENT has grown, the number of questions from system users, like everything else, has increased. Switching to HART will increase the analytical capabilities and overall flexibility of the system, which is particularly important when considering some of the privacy and security issues related to operating the world’s second largest biometric matching system. IDENT currently uses a multi-layered filtering system to return only the specific information the requesting customer is entitled to.
“What’s unique about IDENT is because of the wide breadth of Homeland Security missions — law enforcement, information, credentialing, national security – it has kind of a complicated filtering process that we call Data Access and Security Controls,” Nemeth says. “You only get to see what your agency is permitted by law to see, and what the owner of the data has said that you can see. It’s a rather complex dance we do to make sure that we respect the privacy, the reason the information was collected, the legal protections for certain protected classes, all of those things. When we provide you the information, if you’re not allowed to see it, you don’t even know that information exists.”
Three layers of filters screen what accounts can see data for a subject, what information they are allowed to see and what should be redacted (such as criminal history, in some cases), and an activity filter, which is attached to information by the agency that submitted it. OBIM also addresses the rights of data subjects with an extensive process of consultations and privacy impact assessments for new operations.
“Every time somebody comes up with a new mission area, or a new application of biometrics, before we can implement that, our own privacy people need to go through it and write a privacy threat assessment,” Nemeth says. “Then, potentially, if its significant enough, they have to amend the privacy impact. Then it goes to our higher headquarters at the National Protection and Programs Directorate where they have to agree, and then finally it goes to the Department’s Privacy Office, where they have to agree that its within the scope of what we’re allowed to do.”
Some alternately goes through inter-agency Data Access Request Committee for approval, but every new capability desired by a client agency is put in place only after it has gone through many steps and assessments, providing answers about why it is needed and how it should be delivered.
“There are a lot of constraints on us, which is good, because lots of energetic people come up with lots of ideas and sometimes we just need to slow down a little bit and make sure that we’re properly using that information and protecting it.”
Not only are OBIM’s efforts to protect biometric data privacy and security robust, according to Nemeth, they are also open. HART will increase the privacy protection the department can provide, he says, for instance by increasing the number and functionality of filtering layers OBIM can apply to data. The combination of privacy protections which are concerted and improving along with willingness to talk about those protections makes Nemeth frustrated with allegations among some media and public advocacy groups that HART represents a surveillance overreach on the part of the government.
“We’re not going to tell you how to break into our system, but we’ll tell you quite a bit about it,” Nemeth says. “The privacy impact assessments and the privacy threshold analysis are available on the DHS privacy web page, along with our system of record.”
The Electronic Frontier Foundation (EFF) warns that HART will include data collected from innocent people and questionable sources, and argues that it will provide the means for suppression of American’s rights and freedoms. Nemeth says he sympathizes with concerns over the possible erosion of privacy in digital society, and the desire to protect it. He contends that the EFF is not considering the years and painstaking processes that OBIM puts into balancing the rights of individuals to not have their data shared unnecessarily with the mandates of client agencies. He points to the Data Privacy and Integrity Advisory Council as an example of the intensive oversight and review that checks the potential for misuse of biometric data.
“The arguments that the EFF is making they’ve made several times during the fifteen-year history of IDENT, whenever there’s a new issue of the authorizing SORN and PIA, so it’s not new,” Nemeth counters. “They’ve added the facial piece to it. Essentially, they are arguing that we will violate the law.”
The scrutiny will likely intensify, with public awareness of biometric entry/exit growing as the program rolls out. In the meantime, the number of transactions served by HART will be increasing, and OBIM will be evaluating new procedures using its new biometric capabilities. The privacy impact assessments and other checks will continue, and OBIM will continue the work of helping U.S. government agencies identify people. Nemeth stresses that that work is critically important, even as it requires the kind of extensive evaluation and scrutiny it invites.
“We don’t retain our highly talented staff because we pay them well,” he confesses. “We retain them because they love what they’re doing and they’re making a difference for the security of the country.”