Staring into a camera with eyes wide open for an iris snapshot may become an alternative to waiting in line at the airport.
The Homeland Security Department is considering branching out from fingerprint matching to iris and facial recognition for identity verification, say current and former DHS officials.
DHS agencies already have begun testing the iris technology on suspected illegal immigrants at Border Patrol stations.
“The department is exploring additional biometric modalities such as face and iris to determine what may be possible to implement in our operational environments, whether it be for enforcement or Trusted Traveler programs,” Kimberly Weissman, spokeswoman for the office of US-VISIT, which is responsible for Homeland Security’s ID database, told Nextgov. Homeland Security's Trusted Traveler initiatives allow certain low-risk American and foreign international passengers to sail through U.S. airport security by consenting to background checks and fingerprinting.
In the "near future," she added, US-VISIT and Customs and Border Protection officials will try out technologies that match irises, and potentially faces, of people officials suspect have entered the country illegally in Texas. The program is a follow-up to an earlier iris trial.
“The pilot is planned for the Border Patrol station in McAllen, Texas, and will test the feasibility and accuracy of iris capture and matching in an operational environment,” CBP spokeswoman Stephanie Malin said. “This also includes storing a facial recognition-quality photograph.”
Homeland Security's experimentation with analyzing physical characteristics other than fingerprints to confirm identity and to detect fraud coincides with other recent ventures into multimedia biometrics governmentwide. This week, the Obama administration announced preliminary procedures for embedding iris images into federal employee identification cards and the FBI is propping up a repository of iris files to augment its fingerprinting database, partly by collecting images from municipal jails that use iris recognition for tracking prisoners. The bureau’s criminal ID database, which added a small facial recognition program in early 2012, is undergoing a multiyear $1 billion upgrade to accommodate many physical characteristics, such as vocal recordings or photographs of tattoos.
During the Texas border project, Homeland Security will collect snapshots of irises and faces, as well as biographical information from immigrants arrested in the Southwest, Malin said. The practice run follows a similar iris-matching program in 2010 when, according to former US-VISIT officials, Border Patrol officers photographed suspects’ irises during booking and again upon release to see if the database could accurately match live images with previously recorded images. The test demonstrated that enrolling the accused’s irises largely did not disrupt normal operations, Malin said.
The DHS database upgrade, dubbed US-VISIT 1.0, involves reengineering and consolidating several department systems to keep pace with technological advances during the next decade, department officials said. The current hardware and software will be modified to improve “functionality, availability, flexibility, scalability and affordability,” Weissman said. “While US-VISIT is testing new tools, technologies and approaches to integrate US-VISIT’s biometric and biographic applications into a comprehensive set of automated services, the goal remains the same: to ensure that U.S. government decision-makers have access to the information they need to determine someone's identity, when they need it.”
Contracting documents the Electronic Privacy Information Center obtained state that DHS plans to try iris and facial matching at five airports on passengers who participate in Global Entry, a Trusted Traveler program for U.S. citizens and legal permanent residents. Former US-VISIT Director Jim Williams said the timeline for the work on Global Entry and other parts of US-VISIT 1.0 depends on fiscal 2013 appropriations. “CBP is exploring options for a future pilot, but nothing is in queue right now,” Malin said.
Homeland Security envisions many other convenient applications of biometrics for U.S. citizens and foreign nationals, said Williams, now an executive at Daon, an ID verification software provider hired to help simplify US-VISIT’s architecture. For instance, at a pedestrian crossing such as the border checkpoint in San Ysidro, Calif., “before you even get to an officer, you could do an iris scan so that by the time you walk up to the officer’s desk, they know who you are and anything derogatory about you," he said.
But iris matching for law enforcement purposes suffers from a chicken-and-egg problem, according to criminal justice experts. Iris images are useful for one-to-one ID verification, or ensuring that an immigrant about to be deported is the same person who initially was apprehended. Searching for an unknown suspect’s name and criminal history using only an eye scan, however, requires a national database of iris images. “Until we build something and load it up with data, iris recognition will still be limited to confirming identity rather than discovering it,” said Paul Wormeli, executive director emeritus at the Integrated Justice Information Systems Institute.
Williams said, “I think that DHS needs a champion of identity management to really bring it together to better meet their mission and to understand its application in all its missions, such as cybersecurity, trusted travelers, borders and immigration, and even first responders.”
The federal government as a whole may be headed in this direction. On Wednesday, the National Institute of Standards and Technology released draft guidelines for using embedded iris images instead of passwords to activate required employee smartcards -- a post-Sept. 11 safeguard for accessing buildings and networks. Under the plan, such ID cards also would be an option for personnel for “whom fingerprinting is problematic,” including those missing limbs.
Some opponents of creating a national database of iris images worry the sensitive information would be ripe for abuse. Counterterrorism laws require that FBI and DHS biometric databases be linked. Immigrant rights groups expect the feds will go on a witch hunt with these interconnected databases and deport harmless foreigners. Currently, a controversial fingerprinting program called Secure Communities compares the FBI’s prints of booked offenders to fingerprints in the US-VISIT system to determine if suspects are in the country illegally. Homeland Security officials maintain they focus the department’s limited resources on convicted criminals, repeat immigration violators, fugitives and recent entrants. Immigrant advocates argue Secure Communities devastates families. They argue the program in combination with the collection of other biometric data will devastate basic democratic rights.
Critics also warn that stockpiling people’s biological traits might provide new avenues for identity theft and discrimination. “How are they going to be removed from the database if there is no probable cause to put them there?” questioned Amie Stepanovich, EPIC associate litigation counsel. She added if the DHS data warehouse were ever breached, Homeland Security couldn’t simply issue a replacement eye to enrolled individuals.
US-VISIT officials said privacy is one of the agency's missions.
“Along with US-VISIT’s core guiding principles -- enhancing the security of our citizens and visitors, facilitating legitimate travel and trade, and ensuring the integrity of our immigration system -- protecting the privacy of our visitors is embedded throughout and is one of our four goals,” Weissman said. “As we collect and store more personal identity data and share information with more and more partners, we’re vigilant in maintaining the security of that data.”
She said the agency offers a transparent view of the information it collects, why it is collected, how it is used and how it is protected.
“And we have data sharing agreements between our domestic agencies that take into account the privacy laws and data protection strategies vital to appropriate information sharing,” Weissman said.