DHS Global Entry facial recognition program to expand nationwide
The Department of Homeland Security has issued a privacy impact assessment related to biometric facial recognition technology it first rolled out for the Global Entry program in June 2018. The technology is currently used in 15 domestic and overseas airports.
Global Entry is the federal government’s optional expedited security-processing program for travelers arriving in the United States deemed to be low security risks. Global Entry is operated by Customs and Border Protection, a subset of the homeland security department.
The PIA outlines how CBP will expand the facial recognition program to airports nationwide.
Prior to 2018, Global Entry participants were able to present machine-readable passports or residency cards at special airport kiosks, have their fingerprints scanned and complete their customs declaration, thus bypassing long lines before getting to baggage claim. The kiosks took simple photos of travelers, too.
Program kiosks now will use biometric facial recognition technology, eliminating the need to submit fingerprints, a passport/residency card or customs documents. Biometric data will be stored in the Department of Homeland Security’s automated biometric identification system, which holds all previous biometric information collected at the kiosks.
While the government’s privacy impact assessment acknowledges that the new information might be stolen or misused, DHS says that it mitigates this risk by owning all of the relevant equipment, not vendors, and that no outside parties have access to data on a kiosk.
It is not clear if outside parties have access to the facial biometrics data that presumably are transmitted on government networks and stored in backups elsewhere in the government’s information technology systems.
The assessment also states that privacy notices will be posted on new kiosk home screens explaining why data is being collected as well as how it will be used, shared and destroyed. The image data will be deleted three years after a participant abandons their membership or three years after their five-year Global Entry membership expires without being renewed.
Because the government does not consider facial recognition new data collection, previous data-sharing rules pertaining to photos and prints still apply. The assessment notes that metadata is not shared outside of Customs and Border Protection without discussing vendor access for work done within the agency.
Participants in Global Entry themselves can ask for information related to their records by filing a Freedom of Information Act request. Not all requests will be honored, however, as some people could learn through the disclosure that they are part of a criminal investigation. Also requests to correct erroneous information in a member’s account could be rejected in order to not disturb ongoing investigations and law-enforcement actions.