DHS-wide biometrics programs, issues, detailed in data mining report to Congress
The comprehensive, legally mandated new Department of Homeland Security (DHS) Privacy Office’s Data Mining Report to Congress provides detailed updates on modifications, additions, and other developments to numerous department-wide programs that involve extensive data mining of biometric information to support DHS’s mission to protect the homeland, and provides examples of its effectiveness.
The annual audit report ensured DHS components’ employment of biometric data mining is conducted in a manner that protects privacy. The report “discusses activities currently deployed or under development in the department that meet the Data Mining Reporting Act’s definition of data mining, and provides the information set out in the Act’s reporting requirements for data mining activities,” the report says.
The report also noted that, “DHS continues to improve its data collection of both biographic and biometric data on travelers departing the United States.”
These improvements are discussed in detail in the report.
The report follows Biometric Update having reported that, while Congress recently passed legislation imposing potentially expensive – but unfunded –reporting and compliance requirements on Customs and Border Protection (CBP) and the Transportation Security Administration’s (TSA) programs to expand their use of biometrics, DHS’s Privacy Office’s 2018 annual report to Congress said preventing terrorism through biometrics is among the numerous biometric priorities it will put under scrutiny in the new federal fiscal year, which began last month. Furthermore, DHS’s Privacy Office indicated it will be keeping a close eye on the use of biometrics across the entire DHS enterprise with regard to keeping biometric related privacy issues in check pursuant to federal laws.
For DHS’s purposes, biometrics includes fingerprints, hand geometry, facial patterns, and iris and retinal scans. Behavioral biometrics includes voice patterns, written signatures, and keyboard typing techniques. They’re incorporated into “automated methods of recognizing a person based on a physiological or behavioral characteristic that are unique to an individual.”
In other words, biometrics provides “unification of an individual’s biographic, biometric and credentialing information to provide ‘one identity’ across all DHS business processes.”
With the creation of DHS, Congress authorized the department to engage in biometric data mining and the use of other analytical tools in furtherance of departmental goals and objectives.
The following DHS programs engage in biometric and Personally Identifiable Information (PII) data mining:
• The Automated Targeting System (ATS), which is administered by CBP and includes modules for inbound (ATS-N) and outbound (ATS-AT) cargo, land border crossings (ATS-L), and passengers (ATS-P);
• The Analytical Framework for Intelligence (AFI), which is administered by CBP. AFI provides enhanced search and analytical capabilities to identify, apprehend, and prosecute individuals who pose a potential law enforcement or security risk, and aids in the enforcement of customs, immigration, and other laws enforced by DHS at the border;
• The FALCON Data Analysis and Research for Trade Transparency System (DARTTS), which is administered by Immigration and Customs Enforcement (ICE);
• The FALCON-Roadrunner system, which is administered by ICE;
• The DHS Data Framework, which is a DHS-wide initiative;
• The SOCRATES Pilot Program, which is administered by CBP; and
• The Fraud Detection and National Security – Data System (FDNS-DS)/ATLAS, which is administered by USCIS’ Fraud Detection and National Security Directorate (FDNS)
There’s also the Global Enrollment System (GES) that collects biographic and biometric data about applicants (US and non-US citizens) for pay-for-use trusted traveler programs, including the Canadian Border Dedicated Commuter Lane (NEXUS), and the Secure Electronic Network for Traveler’s Rapid Inspection (SENTRI), in which collected biographic and biometric information is used to run criminal background and terrorist lookout checks on applicants.”
In addition, there’s:
• a-ID (a-ID), an automatic identification tag that stores a unique serial number that can be linked to a traveler profile, including biometric and biographic data;
• a-ID Issuance, which assigns a unique, automatic identification (a-ID) to in-scope travelers at Secondary Inspection;
• The Automated Targeting System/Land (ATS/L) system which “automatically cross-references TECS crossing data and other information to provide a weighted rules-based score for a vehicle to the primary CBP POE officer. The score determines whether the vehicle needs to be referred to a secondary lane for further inspection. TECS is the Treasury Enforcement Communication System supporting key business processes across DHS, including investigations, enforcement and US-VISIT. TECS maintains databases on biographic terrorist lookout lists, vehicle lookout lists, alien addresses, secondary POE inspection results and alien crossing histories;
• The License Plate Reader (LPR) system which captures license plate numbers in the proximity of a POE where the system is deployed. The LPR records is sent to, recorded, and queried in TECS;
• The Machine Readable Travel Document (MRTD) which contains encoded, machine readable traveler information, such as biographic and biometric data; and
• The National Security Entry-Exit Registration System (NSEERS), also known as “special registration,” which was developed by the Department of Justice as a national registry for travelers coming from 25 designated countries and others who met a combination of intelligence-based criteria that may identify them as a potential security risk.
Among the programs extensively discussed in the report is the One DHS Overstay Vetting effort, which was deployed as Phase 3 in July 2014, “transitioning from a pilot project to operational status. The goal of the Overstay Vetting effort is to allow ICE to deploy its investigative resources efficiently to locate high-risk overstays and initiate criminal investigations or removal proceedings against those individuals.”
The Overstay Vetting program uses what it calls the “Overstay Hotlist,” which is “a list of overstay leads derived from data obtained through ATS to develop priorities based on associated risk patterns related to national security and public safety.”
According to DHS, “This prioritized list of overstay leads is then passed on to ICE’s LeadTrac system for further investigation and possible enforcement action.”
LeadTrac is an immigration status violator database ICE’s Homeland Security Investigations (HSI) Counterterrorism and Criminal Exploitation Unit utilizes to identify and track non-immigrant visitors to the US who overstay “their period of admission or otherwise violate the terms of admission. The identities of potential violators are then sent to ICE field offices for appropriate enforcement action.”
But ATS isn’t just used in prioritizing overstay leads; it’s also employed “to vet overstay candidates received from DHS/CBP’s Arrival and Departure Information System (ADIS) in order to identify potential additional information on visa overstay candidates based on supporting data available from other source systems through ATS, i.e., border crossing information (derived from DHS/CBP’s Border Crossing Information (BCI) system), Form I-94 Notice of Arrival/Departure records (derived from DHS/CBP’s Non-immigrant Information System (NIIS)), and data from the DHS/ICE Student Exchange Visitor Information System (SEVIS).”
Each of these systems contains PII and biometrics, especially fingerprints and facial photographs.
ADIS is the central repository for storing, reconciling, and reporting on immigrant and non-immigrant traveler arrivals and departures across air, sea, and land ports of entry (POEs). ADIS matches arrivals with departures to identify illegal overstays and provides a wide range of ad-hoc queries and reporting capabilities for arrival and departure information.
Phase 3 of the One DHS Overstay Vetting effort also utilizes foreign national overstay data that’s been “obtained through system processing in ATS and ADIS to identify certain individuals who have remained in the US beyond their authorized period of admission,” or overstays, who may “present a heightened security risk.”
In January 2014, ADIS was transitioned from the Office of Biometric Identity Management (OBIM) in DHS’s National Protection and Programs Directorate (NPPD) to CBP, which tracks biographical information on identified and possible overstays from ADIS against risk-based rules in ATS that’s “based on information derived from past investigations and intelligence.”
CBP then provides the results of these analyses from ADIS to ICE for further processing –activities covered by Privacy Impact Assessments (PIAs) for ATS, US-VISIT Technical Reconciliation Analysis Classification System, and Overstay Vetting.
Three years ago, the “overstay candidate’s process was eliminated, and the weekly Overstay Leads process was moved to a daily process, streamlining the overall processing of overstays,” and in May 2016, “the data feed from the ICE SEVIS system was upgraded to a daily feed to include additional data elements necessary for overstay processing,” the audit report explained.
This Fiscal Year, CBP continues to work with ICE’s Counterterrorism and Criminal Exploitation Unit “to enhance the current interface with LeadTrac to include [these] additional data elements,” the report disclosed.
According to DHS’s latest Entry/Exit Overstay Report released in October, “there were 52,656,022 in-scope non-immigrant admissions to the United States through air or sea POEs with expected departures occurring in FY 2017, which represents the majority of air and sea annual non-immigrant admissions. Of this number, DHS calculated a total overstay rate of 1.33 percent, or 701,900 overstay events. In other words, 98.67 percent of the in-scope non-immigrant entries departed the United States on time and in accordance with the terms of their admission.”
The report said that, “As of May 1, 2018, DHS has been able to confirm the departures or adjustment of status of more than 99.20 percent of non-immigrants scheduled to depart in FY 2017 via air and sea POEs.”
While the overall Suspected In-Country Overstay rate for this scope of travelers is 1.15 percent of the expected departures, DHS said this still represents a significant number of people; More than 600,000 at the end of FY 2017.
Last year, DHS expanded its overstay mission capabilities by “further developing a vetting unit responsible for assisting the review of Out-of-Country overstay leads.” CBP, for example, began a notification process for Visa Waiver Program [VWP] travelers who overstayed their period of admission in the United States, emailing them regarding their non-compliance and informing them of the ramifications of their violation. This year, “CBP also began notifying VWP travelers in advance of the end date of their period of authorized admission.”
According to the report, “CBP plans to further expand these notifications to additional populations. Additionally, DHS began requiring VWP countries with an overstay rate equal to or exceeding two percent to implement a public awareness campaign intended to educate their nationals on the importance of abiding by the terms of their admission to the United States.”
ICE also hasn’t made any new modifications or updates to FALCON-DARTTS, the report said. “The FALCON environment is designed to permit ICE personnel to search and analyze data ingested from other government applications and systems, with appropriate user access restrictions and robust user auditing controls.”
DARTTS generates leads for, and otherwise supports, ICE HSI investigations of trade-based money laundering, contraband smuggling, trade fraud, and other import-export crimes by analyzing trade and financial data to identify statistically anomalous transactions. These anomalies are then independently confirmed, and, if warranted, further investigated by HSI investigators.
DHS explained that, “HSI investigators and analysts must understand the relationships among importers, exporters, and the financing for a set of trade transactions, to determine which transactions are suspicious and warrant investigation. FALCON-DARTTS is designed specifically to make this investigative process more efficient by automating the analysis and identification of anomalies for the investigator.”
The system allows HSI analysts and investigators to perform research and analysis that’s “not possible in any other ICE system because of the breadth of data it accesses, and the number and type of variables through which it can sort.” While it does not predict future behavior or “profile” individuals or entities (i.e., identify individuals or entities that meet a certain pattern of behavior pre-determined to be suspect), it instead identifies trade and financial transactions that are statistically anomalous based on user-specified queries.
Only ICE HSI and CBP users are granted access to the system’s law enforcement data, while only ICE HSI users are granted access to the financial data maintained in FALCON’s general data storage environment, in which the data is aggregated with other FALCON data. DHS stressed that “user access is controlled through a combination of data tagging, access control lists, and other technologies, including biometrics.
The annual report also said “ICE made no modifications or updates to FALCON-Roadrunner,” which “enables ICE HSI investigators and analysts to conduct trend analysis and generate investigative leads that are used to identify illicit procurement networks, terrorists groups, and hostile nations attempting to illegally obtain US military products; sensitive dual-use technology; weapons of mass destruction; or chemical, biological, radiological, and nuclear materials. The system also provides HSI users the ability to perform research and generate leads for investigations of export violations within the jurisdiction of HSI. FALCON-Roadrunner is a module within ICE’s existing FALCON environment, which is designed to permit ICE law enforcement and homeland security personnel to search and analyze data ingested from other federal, state, local, and foreign government and private sector sources, with appropriate user access restrictions and robust user auditing controls.”
However, because FALCON-Roadrunner adds new immigration, law enforcement, and publicly available data to the FALCON general data storage environment, the report said, “ICE is [having to update] the FALCON-SA Privacy Impact Assessment Appendix to reflect the new data available via FALCON-SA as a result of the FALCON-Roadrunner system coming online.” FALCON-SA provides the capability to search, analyze, and visualize volumes of existing information in support of ICE’s mission to enforce and investigate violations of US criminal, civil, and administrative laws.
The ATLAS program was also reviewed. It’s used by USCIS to conduct screenings (i.e., background, identity, and security checks) on forms filed with the agency. USCIS/FDNS developed the Fraud Detection and National Security – Data System (FDNS-DS) to record, track, and manage the screening processes related to immigration applications, petitions, or requests with suspected or confirmed fraud, public safety, or national security concerns. FDNS also uses FDNS-DS to identify vulnerabilities that may compromise the integrity of the legal immigration system.
FDNS-DS typically performed case management and received information principally through manual referrals of cases from USCIS adjudications staff to FDNS Officers. But in 2014, FDNS enhanced FDNS-DS with the ATLAS screening system “to automate the screening and matching of biometric and biographic information against databases containing arrest records or documented national security or public safety concerns.” Information is screened through ATLAS using “a predefined set of rules to determine whether the information provided by the individual or obtained through the required background, identity, and security checks presents a potential fraud, public safety, or national security concern.”
ATLAS produces System Generated Notifications (SGN) that automates the process of referring cases for FDNS Officers’ manual review, and enhances the integrity of the immigration process while also strengthening USCIS’s obligations under the Immigration and Nationality Act, including reducing “application cycle time by creating SGNs to preemptively notify FDNS Officers of suspected fraudulent or nefarious information before adjudicators begin reviewing application,” and increasing the “consistency and timeliness for background and security check operations.”
ATLAS is an enhanced screening platform that augments existing checks performed on immigration filings made to USCIS. The types of checks performed on immigration forms vary by the benefit/request type. In general, USCIS conducts background checks to obtain relevant information in order to render the appropriate adjudicative decision with respect to the benefit or service sought, identity checks to confirm the individual’s identity and combat potential fraud, and security checks to identify potential threats to public safety or national security. Standard checks may include: biometric, fingerprint-based checks such as the FBI Fingerprint Check, DHS’s Automated Biometric Identification System (IDENT) Fingerprint Check, Department of Defense Automated Biometric Identification System (ABIS) Fingerprint Check; and biographic, name-based checks such as the FBI Name Check and TECS Name Check.
IDENT system is a biometric (two index-finger fingerprints and front facial photograph) identity management system utilized by US-VISIT and ENFORCE to support biometric identity authentication and biometric lookout list identification of eligible aliens. Each set of a person’s finger scans in IDENT are given a unique identification number.
According to DHS, “For certain benefit types in which the beneficiary has a higher likelihood of having previously been fingerprinted by the US military, USCIS ALSO conducts checks against ABIS.”
USCIS employs several systems to support requisite background, identity, and security checks, as USCIS adjudications staff must sometimes query multiple systems, in some cases manually. ATLAS reduces having to independently query each system, which streamlines the screening process and limiting privacy risks associated with using multiple systems. ATLAS interfaces with other systems to “automate system checks and promotes consistent storage, retrieval, and analysis of screening results to enable FDNS to more timely and effectively detect and investigate fraud, public safety, and national security concerns.”
Within FDNS-DS, ATLAS’s automated, event-based screening is triggered when:
• An individual presents him or herself to the agency (i.e., when USCIS receives an individual’s application, such as for adjustment of status; when there is an update to an application; or when an applicant’s 10-fingerprints are taken at an authorized biometric capture site as part of the form application process); or
• Derogatory information is associated with the individual in one or more DHS systems.
ATLAS also collects information from an individual’s form submission and from the biographic and biometric-based checks listed above. This information is then screened through a predefined set of rules to determine whether the information provided by the individual or obtained through the required checks presents a potential fraud, public safety, or national security concern.”
If a benefit request form or the 10-print capture of an individual’s fingerprints at a biometric capture center matches a rule, ATLAS produces an SGN, which is elevated in FDNS-DS for manual review. These “SGNs help FDNS Officers to detect potential threats earlier in the immigration benefit application process to demonstrate the fidelity of the individual’s biographic and biometric information, and to more efficiently identify discrepancies.”
DHS explained that, “ATLAS’s capabilities enable its users to more easily identify individuals who are filing for immigration and naturalization benefits who may potentially be engaging in fraudulent behavior or pose a risk to public safety or national security. During the screening process, ATLAS analyzes the results of biographic and biometric checks, and applies rules against data received from multiple systems. ATLAS assists in confirming individuals’ identities when individuals are potentially known by more than one identity by comparing the identity information provided by the individual with identity information in other systems checked against the background, identity, and security check process. As an example, ATLAS can determine if an individual has applied for benefits using multiple biographic identities or aliases, by matching fingerprints for the various identities. The results of this analysis may be produced and elevated in FDNS-DS in the form of an SGN.”
Below is a list of systems, both internal and external, that pass applicant biographic and biometric information through ATLAS to fulfil screening requirements. Any rule-based detection of potential derogatory information will result in an SGN within FDNS-DS.
• USCIS Systems: National Benefit Center Process Workflow Repository to facilitate screening on certain form types being processed through the National Benefit Center and Service Center Operations;
• Service Center Computer Linked Application Information Management System;
• Computer Linked Application Information Management System;
• USCIS Electronic Immigration System;
• National File Tracking System to retrieve the physical locations of A-files; and,
• Customer Profile Management System to retrieve data associated with biographic and biometric screening.
In addition, other DHS Component System Interfaces include IDENT, to retrieve data associated with biometric screening; CBP’s TECS, to perform screening, including checks against the FBI National Crime Information Center; ATS-P173 and UPAX; and DHS Email as a Service Simple Mail Transfer Protocol server for email.
FDNS officers may also manually query other internal and/or external databases or systems to obtain information that may be added to a case in FDNS-DS, including AFI, ADIS, SEVIS, the ENFORCE Alien Removal Module, Departments of Labor, State, DOD, the Social Security Administration Electronic Verification of Vital Events, Federal Aviation Administration websites, intelligence and law enforcement systems, state and local government agencies; local, county, and state police information networks, state motor vehicle administration databases and websites, driver license retrieval websites, state bar associations, state comptrollers, state probation/parole boards or offices, county appraisal districts, and state sexual predator websites.
As far as efficacy, DHS reported that, “In Fiscal Year 2017, ATLAS screened roughly 14 million combined immigration filing and biometric enrollments, resulting in 149,271 SGNs. As of May 2018, SGNs generated in FY 2017 are related to 6,247 new immigration benefit fraud investigations, and 3,161 new public safety investigations, of which 2,655 cases have findings of fraud.” Also in FY 2017, ATLAS spawned 465 SGNs associated with national security concerns; and of those, 165 were referred to ICE.