Progress made, but CBP still confronts challenges implementing biometric entry-exit program
While Customs and Border Protection (CBP) “made considerable progress developing and implementing a biometric capability to track air passenger exits using facial recognition technology” in 2017 through its Biometric Entry-Exit Program pilots at nine airports, and demonstrated ability using the technology to match 98 percent of passengers’ identities at departure gates, it also “encountered various technical and operational challenges that limited biometric confirmation to only 85 percent of all passengers processed,” according to a new Department of Homeland Security (DHS) Inspector General (IG) audit report.
“These challenges [include] poor network availability, a lack of dedicated staff, and compressed boarding times due to flight delays,” the IG found. “Further, due to missing or poor quality digital images, CBP could not consistently match individuals of certain age groups or nationalities. Collectively, the biometric data obtained during the pilot improved DHS’ ability to verify 105,000 foreign visitor departures from US airports, as well as 1,300 overstays,” but “the low 85-percent biometric confirmation rate poses questions as to whether CBP will meet its milestone to confirm all foreign departures at the top 20 US airports by fiscal year 2021.”
In addition, the IG stated, “Given uncertain airline commitment, CBP still must address longstanding questions on how the program will be funded and staffed,” noting that “due to a lack of DHS guidance [and] the role other DHS components will play in implementing the entry-exit capability at airports also remains in question. Solidifying long-term partnerships with these stakeholders will be key to CBP successfully implementing the biometric capability nationwide as mandated.”
The IG determined “CBP’s progress was due to leveraging existing DHS and airport infrastructure and dedicated funding. CBP expects to build on this progress by supporting airline use of the biometric capability for a greater volume of flights by 2019.”
Biometric Update reported last spring that the IG had announced CBP’s efforts to develop and implement a biometric exit capability were being investigated to “assess whether biometric data collected at [CBP] pilot locations has improved DHS’s ability to verify departures” in order to secure and manage US borders, the IG announced.
The Government Accountability Office (GAO) had also noted in its February 27, 2017 audit report, DHS Has Made Progress in Planning for a Biometric Air Exit System and Reporting Overstays, but Challenges Remain, that, “As CBP is in the process of finalizing its approach, it is too early to assess the agency’s plans for developing and implementing a biometric exit capability and the extent to which those plans will address identified challenges.”
DHS stated it is using a biometric verification system to confirm the departure of selected travelers at one airport and released its 2016 overstays report in late February 2017, according to GAO, which reported on CBP’s progress in its 2017 audit report. But the IG’s office then got involved to investigating CBP’s problems with the program.
The IG’s audit was opened to investigate CBP’s progress, widespread implementation plan, the problem’s continuing problems, and when they will be resolved.
Since GAO’s initial 2013 report on DHS’s efforts to develop a biometric exit capability to collect biometric data, such as fingerprints, from individuals exiting the United States, “CBP has been conducting four pilot programs to inform the development and implementation of a biometric exit system,” GAO said in its 2017 audit report.
At that time, GAO said, “CBP has made progress in testing biometric exit capabilities, but various longstanding planning, infrastructure, and staffing challenges continue to affect CBP’s efforts to develop and implement a biometric exit system.”
CBP originally stated 2018 was its goal for initial implementation of a biometric exit capability in at least one airport, and was working with airlines and airports on strategies for using public/private partnerships to reduce costs and give industry more control over how a biometric exit capability is implemented at airport gates.
“However,” GAO pointed out at the time, CBP “cannot complete the planning process until these partnership agreements and implementation decisions are finalized.”
GAO previously reported that “infrastructure limitations are a challenge to implementing a biometric air exit capability. For example, CBP noted that US airports generally do not have outbound designated secure areas for exiting travelers where biometric information could be captured by US immigration officers,” and that, “CBP recognize[ed] these challenges and intends to use the information gained from the pilot programs to identify biometric exit technology and staffing processes that are effective in the airport environment.”
Given the limitations of biographic data, congressional mandates — some issued more than 20 years ago – it was recognized that an automated entry and exit control system to match the arrival and departure records of foreign visitors entering and leaving the United States, and to enable identification of visa overstays, needed to be developed. A major impetus for developing a biometric entry-exit system was the Consolidated Appropriations Act of 2016, in which Congress established a visa fee that is supposed to provide up to $1 billion in funding over a 10-year period. Another key driver is Executive Order 13780, which directed DHS to expedite implementation of a biometric entry-exit system.
In 2013, CBP assumed responsibility for implementing a biometric solution within DHS. CBP’s Office of Field Operations took the lead in this initiative, establishing an Entry-Exit Transformation Office in May 2013. In March 2017, CBP changed the name of the office to the Biometric Entry-Exit Program Office. As of September 2017, the office was fully staffed with more than 70 personnel. CBP’s Office of Information Technology helps the program office deploy and support the biometric exit capabilities developed.
An early goal of the Biometric Entry-Exit Program was to implement a biometric exit capability to support 30 international flight departures per day by the end of December 2018. Over time, it was planned to enhance and incrementally deploy biometric capabilities across all modes of travel — air, sea, and land — by fiscal year 2025. By implementing a biometric exit solution, CBP aims to increase national security by achieving higher levels of assurance of foreign visitor identities, with minimal impact on the traveling public. CBP also expected to improve the reliability of data used to identify overstays and travelers who entered the United States without inspection.
In 2004, DHS was required to develop a plan to accelerate full implementation of an automated biometric entry-exit system. In various reports, GAO identified a range of long-standing challenges DHS has faced in its efforts to develop and deploy this capability and to use entry and exit data to identify overstays. For example, in 2013, GAO recommended DHS establish timeframes and milestones for a biometric air exit evaluation framework, and to document the reliability of its overstay data. DHS concurred with the recommendations and addressed them.
According to the new IG audit report, “During the current visitor screening process, CBP collects biographic data such as traveler’s name or date of birth, as well as biometric information such as fingerprints and photos, to confirm identity and document nonimmigrant entry to the country. However, CBP is limited to using only biographic information to confirm that a foreign visitor has physically departed the country,” emphasizing that, “Biographic identity verification alone does not facilitate the ability of CBP officers to identify travelers using fraudulent documents, or detect imposters traveling with genuine documents.”
But this, too, is a problem. Biometric Update reported in March that GAO had determined that since 2010, ePassport digital signatures couldn’t be verified by CBP because it “still does not possess the technological capability to authenticate the machine-readable data in ePassports,” complained Democratic Sens. Claire McCaskill (MO) and Ron Wyden (OR) in a letter at the time to then Acting CBP Commissioner Kevin McAleenan. The lawmakers informed him CBP needs to “immediately act to utilize the anti-forgery and anti-tamper features in ePassports, which have gone unused by CBP since their implementation in 2007.”
“Without the software [to] verify the [cryptographic] digital signatures stored on the ePassport,” CBP can’t “determine if the data stored on the smart chips has been tampered with or forged,” McCaskill and Wyden said.
CBP officers can download and read the information on the RFID chips in US passports, but they can’t authenticate it. It’s a security gap which disallows CBP to know whether the data placed on the chip by the Department of State hasn’t been “altered or forged,” GAO stated in its January 2010 audit report, Better Usage of Electronic Passport Security Features Could Improve Fraud Detection.
When the State Department began issuing ePassports with embedded computer chips that store information identical to that printed in the passport, it also developed a comprehensive set of controls to govern the operation and management of a system to generate and write a security feature called a digital signature on the chip of each ePassport it issues. When verified, digital signatures provide reasonable assurance that the data placed on the chip by the State Department have not been altered or forged.
“However,” GAO pointed out, DHS does not have the capability to fully verify the digital signatures because it has not deployed ePassport readers to all of its ports of entry, and it has not implemented the system functionality necessary to perform the verification. Because the value of security features depends not only on their solid design, but also on an inspection process that uses them, the additional security against forgery and counterfeiting that could be provided by the inclusion of computer chips on ePassports issued by the United States and foreign countries, including those participating in the visa waiver program, is not fully realized.”
But while CBP officers have access to INTERPOL’s Stolen and Lost Travel Documents (SLTD) database, the question some authorities have asked, is can they detect stolen and lost ePassports contained in the more than 40 million entries on millions of SLTDs?
Presumably, INTERPOL says, “With one single swipe, a border control officer can verify if a document is reported stolen or lost nationally and internationally,” but without the capability to fully verify the digital signatures of all ePassports, “it’s a crap shoot how many have … or are still getting through,” a DHS intelligence official said on background.
Since receiving the entry-exit tracking mission from Congress in 2013, “CBP has conducted several pilots to gather information and test different biometric technologies. Specifically, from 2014 to 2016, the Biometric Entry-Exit Program collaborated with DHS’s Science and Technology Directorate to test facial recognition, iris scanning, and mobile fingerprint readers in simulated operational conditions at air and land ports of entry,” the IG explained in its new audit report. CBP then “used the results from each test to gauge the feasibility of real-time biometric identification that is traveler-friendly and easy to deploy for travel industry partners.”
“Throughout 2016, CBP refined its approach to using facial recognition to confirm travelers’ identities biometrically,” The new IG audit report says, noting, “As part of this effort, CBP established a biometric matching system, the Departure Information System, and used commercial biometric capture devices (e.g., digital cameras and display tablets) to take photos and verify the identities of passengers as they boarded a plane. Using facial recognition technology, the Departure Information System compared a passenger’s live photo against photos available from previous encounters (e.g., US passport and visa checks). CBP also established an end-to-end process to build photo galleries based on flight manifests to confirm passenger identities.”
The IG report pointed out in May 2017 it had reported that “insufficient technology hindered DHS’ tracking of visa overstays. Specifically, DHS lacked an exit system to capture biometric data on nonimmigrant visitor departures from the country. Instead, DHS relied on third-party biographic data, such as commercial carrier passenger manifests, to confirm US visitor departures. Further, DHS could not account for the total number of visa overstays in the country published in its annual Entry/Exit Overstay Report to the Congress.”
The IG issued five recommendations at the time, “all of which remained open as of April 2018,” the new audit report states.
CPB expanded its facial recognition pilot, called “Sprint 8,” beyond Atlanta Hartsfield-Jackson International Airport to three other international airport locations in June 2017, followed by five additional airport locations by October 2017. “Consequently,” the IG said, “CBP was able to test biometric processing on a total of 10 flights per day across 9 airports nationwide,” and was “still conducting this pilot when we concluded our audit fieldwork in January 2018.”
The IG said “CBP updated the capabilities of its biometric capability during Sprint 8 to deliver more timely facial recognition confirmation services at each airport location. Specifically, in May 2017, the program replaced the Departure Information System with more advanced automated matching, called the Traveler Verification Service (TVS). Using facial recognition, TVS enables biometric identity verification by transmitting automated queries to locate photos in DHS and Department of State databases for matching against the unique characteristics of a traveler’s facial features. As designed, this updated capability operates in a virtual, cloud-based infrastructure that can store images temporarily and operate using a wireless network, thereby eliminating the need for the tablets previously used in 2016.”
Sprint 8 also incorporated real-time data exchange from TVS to CBP officers’ digital cameras and mobile devices in order to provide them with immediate photo matching results. They receive notification of non-matches on mobile devices through the Biometric Mobile Application, or “BE-Mobile,” which also read passport barcodes, collect fingerprints, and check alerts to determine whether a passenger should be prohibited from flight boarding.
While CPB reported progress, the IG stated, “We sought to validate the pilot outcomes reported by conducting our own analysis of CBP’s pilot data and visiting four airport locations to observe the boarding processes for several flights. However, we found it difficult to conclude whether CBP had achieved all pilot goals. Specifically, CBP had not previously established definitive target metrics against which to measure outcomes, aside from testing the effectiveness of using facial recognition at airports. In addition, the pilot efforts were still ongoing as of January 2018.”
Still, the IG’s new audit report said, “Although program personnel did not establish a target rate for technical matches during Sprint 8, CBP’s technical match rate surpassed the 97 percent rate objective for full implementation of the biometric exit capability in 2021. We validated TVS’ 98 percent success rate by using CBP data to calculate an average technical match rate from August to December 2017.”
The IG’s 52-page audit report covers considerable ground, but in conclusion the IG reported, “CBP’s pilot efforts to date have not been sufficient to address longstanding questions regarding how the program will be funded or staffed, which CBP cited as its top two program risks. CBP’s inability to validate funding and staffing plans was primarily due to uncertainty regarding airport and airline assistance with funding and biometric operations at departure gates. CBP also was unable to confirm the role other DHS components will play in implementing the biometric capability at airports, due to a lack of DHS headquarters guidance and involvement. Until CBP finalizes its long-term partnerships with its stakeholders, it will be unable to fulfill its mandates to implement a biometric capability to verify foreign visitor departures nationwide.”
Additionally, the IG concluded, “The Sprint 8 pilot did not address the biometric program’s top two risks — CBP’s reliance on airlines to help fund and staff the program for the long-term. At the conclusion of our fieldwork, program personnel had not yet determined how it would resource the program beyond initial operating capability in 2019. Department-wide guidance regarding the biometric capability implementation also was lacking to ensure involvement and support from other DHS stakeholders.”
And, “CBP may not have all the funds it needs to cover the cost of implementing the biometric capability over the next 10 years.” Achieving full operating capability for the biometric program by 2021 may rest in the hands of airports and airlines “purchasing the digital cameras needed to take passenger photos at boarding gates,” the IG said.
Also, the IG noted, CBP will not have an “adequate number of personnel to achieve full operating capability at 20 airports nationwide by 2021 if the airlines [do] not agree to provide staff support,” and that it’s unclear what role the Transportation Security Administration will play in future biometric air exit efforts.