DHS biometrics expansion to be scrutinized by Privacy Office in new fiscal year
While Congress recently passed legislation imposing potentially expensive – but unfunded –reporting and compliance requirements on Customs and Border Protection (CBP) and the Transportation Security Administration’s (TSA) programs to expand their use of biometrics, the Department of Homeland Security’s (DHS) Privacy Office’s 2018 annual report to Congress said preventing terrorism through biometrics is among the numerous biometric priorities it will put under scrutiny in the new federal fiscal year, which began this month.
But, beyond that, DHS’s Privacy Office indicated it will be keeping a close eye on the use of biometrics across the entire DHS enterprise with regard to keeping biometric related privacy issues in check pursuant to federal laws.
The Privacy Office said it “is working closely with CBP to ensure that facial recognition technology used to verify a traveler’s identity is implemented in a privacy-protective manner, as required by federal mandates.”
The office said it has a “mission cross-cutting goal to mature and strengthen homeland security by integrating information sharing and preserving privacy, oversight, and transparency in the execution of all departmental activities.”
In its annual report, the Privacy Office noted that, last July, members of DHS’s Data Privacy and Integrity Advisory Committee (DPIAC) Policy Subcommittee, “along with officials from the DHS Privacy Office and CBP’s Offices of Privacy and Field Operations, toured biometric entry and exit operations at Orlando International Airport to observe general passenger processing operations, including pilot entry and exit programs.”
The report stated, “Attendees were briefed on data collection, uses, and sharing associated with the entry processing of arriving visitors, as well as a pilot program in which CBP has collaborated with British Airways to use biometric data (facial images) to verify a traveler’s identity and process them for exit. The pilot utilizes an e-gate in the boarding area of the departure terminal, and allows passengers to board their flight without presenting any travel documentation or a boarding pass. Back-end programming uses images captured at the gate to instantaneously match the individual to a gallery or previously captured images in order to verify their identity, and match it to flight information.”
The Privacy Office acknowledged that CBP “was able to verify that proper notification of the information collections, including signage, was in place, and that travelers were made aware that participation in pilot activities was optional.”
According to DHS, “DPIAC provides advice to the department at the request of the CPO on programmatic, policy, operational, administrative, and technological issues within DHS that relate to Personally Identifiable Information [PII], data integrity, and other privacy-related matters. DPIAC members have broad expertise in privacy, security, and emerging technology, and come from large and small companies, the academic community, and the non-profit sector. Members hold public meetings to receive updates from the Privacy Office on important privacy issues, and to deliberate taskings from the” Chief Privacy Officer (CPO) – who reports directly to the DHS Secretary.
The Privacy Office reported that “CBP is continuing to develop and expand its biometric entry-exit system for international flights at airports throughout the United States,” and that “in partnership with the TSA, CBP’s latest biometric technical demonstration will use the Traveler Verification Service (TVS) cloud-based matching service to compare international travelers’ photos captured by CBP against previously captured photos,” and that CBP had updated its Privacy Impact Assessment (PIA) to provide the public with notice regarding CBP’s plans to use PII collected by CBP devices located at TSA security checkpoints.
TSA also published a PIA “to address the privacy risks inherent in the use of facial recognition technology during its Travel Document Checker [TDC] Automation Using Facial Recognition proof of concept.
The Privacy Office said, “TSA conducted a three-week proof of concept at Los Angeles International Airport for automating the identity verification portion of the TDC process using facial recognition technology. TSA tested the use of a National Institute for Standards and Technology (NIST)-compliant facial matching algorithm to compare the facial images of aviation passengers who were e-Passport holders on outward-bound international flights who voluntarily entered the screening checkpoint through automated electronic security gates, or “e-Gate,” which is a device that captures an image of the passenger’s face and compares it to the biometric image in the passenger’s e-Passport.
As the Privacy Office explained, “The e-Gate attempts to replicate the function of the TDC and authenticate the passenger’s e-Passport and boarding pass. The operational goals of this proof of concept was to assess critical operational and technological components of the e-Gate, including the viability of using facial recognition technology for identity verification, and to capture specific metrics to inform future requirements for improving the security and speed of identity verification at airport checkpoints.”
This past year, the CPO, Deputy CPO, and CBP’s Deputy Executive Assistant Commissioner of Field Operations conducted that, “an information sharing session, and open dialogue about CBP’s implementation plans for a biometric exit system with external privacy stakeholders” at CBP’s headquarters in Washington, DC.
The Privacy Office report said, “With the recent support from Congress in the Consolidated Appropriations Act, 2016 (Pub. L. No. 114-113), and at the direction of the President in section 8 of Executive Order 13780, Protecting the Nation from Foreign Terrorist Entry into the United States, CBP is making significant progress toward implementation of a biometric exit system.”
In May, the CPO initiated a Privacy Compliance Review (PCR) of privacy incidents affecting individuals protected by Title 8, United States Code, Section 1367, Section 1367, focusing on components and offices most likely to access or be responsible for dissemination of these records, which includes Immigration and Customs Enforcement (ICE), CBP, US Citizenship and Immigration Services (USCIS), the National Protection and Programs Directorate’s (NPPD) Office of Biometric Identity Management (OBIM), and the Office of Intelligence & Analysis (I&A).
The 2018 Consolidated Appropriations Act provided the Privacy Office with additional funding to ensure information and data released by DHS does not reveal the identity or PII of non-US persons who may be survivors of domestic violence, sexual assault, stalking, human trafficking, or other crimes.
The Privacy Office said a “forthcoming PCR will identify and mitigate risks that may be incurred with the inadvertent disclosure of alien victims’ protected information.”
Last year, the Privacy Office hosted a public meeting of DPIAC where “members were briefed on biometrics, facial recognition, and immigration data, and tasked with submitting a report on best practices for protecting immigration statistics.”
The Privacy Office reported that PCRs are completed or underway for USCIS’s Customer Profile Management Service and National Appointment Scheduling System. USCIS oversees lawful immigration to the United States, and as part of this mission it receives and adjudicates requests for immigration and citizenship benefits, the latter of which requires the collection of biographic and biometric information from benefits requestors. USCIS uses multiple systems to administer immigration benefits, including the Customer Profile Management Service (CPMS) and National Appointment Scheduling System (NASS).
But, because of “heightened privacy risks associated with the collection of [this] biometric information, PIAs for CPMS and NASS … required the Privacy Office to conduct a PCR. During the course of this PCR, the Privacy Office found USCIS to be in compliance with federal privacy laws, DHS and component privacy regulations and policies,” and received “explicit assurances … by USCIS in existing privacy compliance documentation” that it’s operating within privacy laws.
However, the Privacy Office said it “identified six recommendations designed to improve USCIS privacy compliance, and to incorporate best practices for other USCIS and DHS programs and systems.”
As for CBP’s Southwest Border Pedestrian Exit Field Test “to determine whether the collection of biometric information, including facial and iris images, from visitors exiting the United States enhances CBP exit operations with acceptable impacts to the public’s travel experience and border processing times,” the Privacy Office said it considered all of the 10 best practice recommendations it had earlier made for any future biometric exit tests to further improve its ability to demonstrate compliance with privacy “to be fully implemented, and that no further reporting is required.”
“CBP managed this test with privacy-protective objectives and with sensitivity to privacy and data aggregation risks, making [the appropriate] requirements,” the annual Privacy Office report said.
The test evaluated whether the processes and technologies used to collect biometric information would enable CBP to more effectively identify individuals who have overstayed their period of admission, identify individuals who pose a law enforcement or national security threat, and improve CBP reporting and analysis of all travelers entering and exiting the US.
With regard to overall biometric information sharing, the Privacy Office said it “continued to partner with the Policy Screening and Coordination Office and other headquarters and component biometric stakeholders to:
• Update and align high-level biometrics-based information sharing agreements with the Department of Defense and Department of Justice; and
• To offer advice on requirements for sharing consistent with DHS System of Records Notice(s) (SORN) and DHS privacy policies.
The Privacy Office said it “also concurred on clearing specific information sharing projects with these agencies, providing expertise on the appropriate handling of biometric records being further ingested from the Department of Defense. These additional datasets provide access to Department of Defense regional command repositories, aiding DHS’s border screening and vetting mission objective.”
Concerning DHS’s External Biometric Records (EBR) System of Records, the Privacy Office said DHS may use and share external biometric and associated biographic records … as permitted and approved by its partners, if applicable, pursuant to an agreement or arrangements for external information, or with the express approval of the entity from which the department received biometric and associated biographic information, which includes: law enforcement; national security; immigration screening; border enforcement; intelligence; national defense; and background investigations relating to national security positions, credentialing, and certain positions of public trust, consistent with applicable DHS authorities.
This system of records allows DHS to receive, maintain, and disseminate biometric and associated biographic information from non-DHS entities, both foreign and domestic, pursuant to formal or informal information sharing agreements or arrangements for the purpose of processing and maintaining biometric and associated biographic information from non-DHS entities.
In addition, the Privacy Office said it “became a member of the Homeland Advanced Recognition Technology (HART) Integrated Project Team (IPT), the replacement enterprise biometric system for the Automated Biometric Identification System (IDENT), which provides DHS with a flexible, scalable, and efficient biometric data system with greater capacity, more functionality, multimodal storage, and enhanced capabilities.”
However, the Privacy Office stated, “Through the IPT [it] will review and address privacy and policy issues affecting HART planning, testing, implementation, and sustainment.”
Finally, the Privacy Office’s annual report to Congress noted the US entered into two separate Enhancing Cooperation in Preventing and Combating Serious Crime Agreements (PCSC) with Greece and Italy “which permits the US and its partner countries to cooperatively exchange biometric and biographic data in the course of preventing and combating serious crimes and terrorist activities.”
While existing PCSC agreements between DHS and its partners “allow for the exchange of criminal justice data, the agreements with Greece and Italy also enables DHS to share non-criminal justice data from USCIS” for the purpose of processing automated fingerprint queries to determine if a person of interest encountered by a partner country has also been flagged by DHS.