Facial recognition audit shows U.S. Customs has some privacy and notification work to do

A government performance audit looking into the use of biometric facial recognition by the U.S. Customs and Border Protection agency found that is not fully safeguarding the privacy of travelers.

Although the 16-month-long audit by the Government Accountability Office examined both U.S. Customs and the Travel Security Administration, it only issued recommendations for the customs agency.

That could be a reflection of the TSA’s efforts being more preliminary compared to its fellow Department of Homeland Security stablemate. The report otherwise describes the two agencies’ historical and current efforts regarding facial recognition.

Although the U.S. Customs evaluation is largely positive, investigators found that the agency has only audited one of its 20-plus airline partners to assess their compliance with the border guard’s privacy requirements. It also did not have a plan to make sure all of its business partners ever will comply with its privacy rules.

Indeed, three of the five recommendations by the GAO involve privacy and notifications about privacy risks. (The office is an independent and non-partisan agency that investigates at the request of Congress.)

Naturally, investigators want U.S. Customs to create, implement and enforce “audits of its commercial partners’, contractors’, and vendors’ use of personally identifiable information.”

But they also recommend that privacy notices in airports be complete and current, “including all of the locations where facial recognition is used and how travelers can request to opt out as appropriate.” Investigators found contradictory and outdated notices in airports, which hampers travelers’ ability to make informed decisions.

Along the same lines, U.S. Customs needs to adequately make travelers aware of places it is using facial recognition tools.

Investigators also found fault with the agency’s capability to meet its photo capture requirement. They write in the report that while U.S. Customs exceeded its minimum matching accuracy at the airports where it looked at people leaving the United States, it didn’t “capture all applicable traveler photos.”

Last, the agency needs to create a process by which officials are notified when the performance of facial recognition systems for passengers exiting the US drops below thresholds.

Article Topics

airports  |  biometric exit  |  biometric identification  |  biometrics  |  border management  |  CBP  |  facial recognition  |  GAO (Government Accountability Office)  |  privacy  |  TSA