Congress Raises Privacy and Civil Liberty Concerns with the DHS’ Use of Biometrics
The federal government's use of facial recognition and other technologies must be scrutinized, some lawmakers assert.
The current climate surrounding the identification of citizens and deportation of noncitizens is fiery at best. And while facial recognition and other biometric technologies offer the government advanced tools to protect the homeland, some critics, including lawmakers, are sounding the alarm on how agencies are using identification data and whether citizens' privacy rights are being protected.
The U.S. House of Representatives Committee on Homeland Security, led by the Democrats in the majority, took up the issue during a July 10 hearing entitled, About Face: Examining the Department of Homeland Security’s Use of Facial Recognition and Other Biometric Technologies.
Experts testifying before the committee included the following:
- John Wagner, deputy executive assistant commissioner, Office of Field Operations, U.S. Customs and Border Protection (CBP), U.S. Department of Homeland Security (DHS);
- Austin Gould, assistant administrator, Requirements and Capabilities Analysis, Transportation Security Administration (TSA), DHS;
- Joseph DiPietro, chief technology officer, United States Secret Service; and
- Charles Romine, director, Information Technology Laboratory, National Institute of Standards and Technology (NIST), U.S. Department of Commerce.
Based on concerns from constituents and other stakeholders, the chairman of the committee, Rep. Bennie G. Thompson (D-MS), raised concerns about whether or not the DHS was safeguarding citizen’s privacy rights appropriately. “I am not opposed to biometric technology and recognize it can be valuable to homeland security and facilitation,” the chairman said. “However, its proliferation across DHS raises serious questions about privacy, data security, transparency and accuracy.”
Chairman Thompson attested that U.S. citizens “deserve answers” about how the federal government uses their information “before the federal government rushes” to use biometrics even more. He also noted that facial recognition systems may not be as accurate for women and darker-skinned people. “Absent standards, Americans may not know when, where or why the Department is collecting their biometrics,” the chairman stated.
He also raised security-related concerns about the held data, opining that the federal government “does not have a great track record” in securing the personal data of its citizens. “Unfortunately, earlier this year, a CBP subcontractor experienced a significant data breach, including traveler images, raising important questions about data security,” the chairman pointed out.
Rep. Mike Rogers (R-AL), the ranking minority member of the committee, offered that biometric technologies can improve security and facilitate travel and better enforcement of U.S. immigration laws.
“TSA and CBP agents can review several hundred IDs in a single shift,” the congressman said. “As a result, fatigue and human error allow people with fake IDs to slip into our country every day. Automating this process with biometric technology will improve transportation security.”
Rep. Rogers also supported U.S. Immigration and Customs Enforcement's (ICE’s) recent Rapid DNA pilot program that the agency used to verify family ties on the U.S.–Mexico border. “This short pilot found a disturbing number of cases where men, who claimed to be the biological parent of a child, quickly changed their story when asked to submit DNA.” The congressman clarified that technology used in the pilot did not store the DNA in a central database, and each machine could be purged of data daily.
CBP’s Wagner made the case for the agency’s use of biometrics as part of its border security mission. He contended that CBP is facing an “increasingly complex threat posture” and growing amount of air travelers at 4.9 percent per year, which is expected to double by 2031. “CBP must innovate and transform the current travel processes in order to handle this new volume without significant personnel and infrastructure investments,” he noted.
In fact, Wagner continued, CBP is implementing a biometric entry-exit system, as mandated by Congress. Budget appropriations in 2016 and 2018 authorized the use of up to $1 billion in visa fee surcharges through 2027 to support the biometric entry-exit system. Currently, the agency is working towards biometrics use for more than 97 percent of commercial air passengers departing from the United States.
CBP’s system offers stakeholders—including other U.S. government security agencies such as TSA, as well as airlines, airport authorities and cruise lines—an “identity-as-a service” solution that uses digital facial comparison techniques to automate the manual identity verification process.
At land borders, the agency is using facial comparison technology, similar to what is used for air travelers. So far, the agency has deployed the system at entry operations at the Nogales and San Luis, Arizona U.S. Points of Entry. The agency plans to add more locations along the southern border in 2019. In addition, CBP has tested the use of facial biometric capture technology for vehicle traveler identification, Wagner said. The agency ran a technical demonstration to identify passengers in vehicles moving less than 20 miles per hour entering and departing Anzalduas, Texas.
“By using the facial comparison technology in the land environment, CBP has identified 138 imposters, including 45 with genuine U.S. travel documents,” Wagner noted.
As far as CBP’s subcontractor data breach, the agency remains “very concerned that the unauthorized access of CBP data will undermine congressional and public confidence at a time in which we are pursuing transformative and innovative initiatives to enhance lawful trade and travel,” Wagner said. CBP is “aggressively” investigating the cyber attack and potential exposure of the associated images. He also mentioned that the incident was limited to data gathered in a specific land border pilot program.
Like Wagner at the CBP, the TSA’s Gould testified that the United States faces a barrage of travelers, including 965 million domestic and international air passengers annually or roughly 2.2 million passengers a day. “Despite the significant progress the U.S. government has made to improve transportation security, aviation hubs remain high-value targets for terrorists,” he warned.
Compared to CBP, the TSA is still in an early phase of testing and evaluating biometrics for operational use through additional pilot programs. The TSA’s biometrics plan has the agency partnering with CBP on biometrics for international travelers; operationalizing biometrics for TSA Precheck passengers; expanding the use of biometrics for some additional domestic travelers; and developing its support infrastructure for biometric solutions, Gould specified.
Later this year, the agency will run a pilot program in the TSA Precheck lanes at McCarran International Airport in Las Vegas to test the facial matching capabilities of specific TSA Credential Authentication Technology (CAT) machines that have added facial recognition camera systems.
Part of the agency’s biometrics strategy includes the TSA adopting a “privacy by design” mindset that incorporates privacy and civil liberty considerations into each phase of biometric solution development, Gould noted. “It also delineates that privacy protections will include restrictions to prevent the use of biometrics for purposes other than transportation security unless individuals have opted into other uses,” he said. “Importantly, passengers will always have an option to not be processed through biometrics solutions at our checkpoint.”
Meanwhile, Romine reminded the committee that NIST has been working on biometrics in conjunction with the public and private sectors since the 1960s. Given the importance of biometric-based capabilities, in 2017, NIST expanded its work in facial recognition in order “to understand the upper limits of human capabilities to recognize faces and how these capabilities fit into facial recognition applications,” Romine clarified.
Through evaluation, NIST has confirmed the advancement of facial recognition capabilities. In 2018, the agency tested the accuracy and speed of 127 facial recognition algorithms from 39 commercial entities and one university and concluded that the efficacy of the algorithms has greatly improved since 2013. Romine attributed part of the improvements to “the complete replacement of older facial recognition techniques with those based on deep convolutional neural networks.”
The testimony of the Secret Service’s DiPietro will be covered in an upcoming SIGNAL Magazine article about the agency’s recent threat assessment report.