An Inside Look at All the Data CBP Collects About Everyone Crossing U.S. Borders

Arthur Greenberg/Shutterstock

The agency is putting more data in the cloud and integrating more of its collection efforts.

Customs and Border Protection collects a wealth of information through the technologies deployed at the ports of entry, all of which is stored in a master crossing record the agency keeps on every individual that enters the country.

That record contains information gathered at every crossing: the time, date and port of the crossing, the information taken from their travel documents, photos and data collected on their belongings and vehicles, and determinations made by customs officers throughout the process. For non-U.S. citizens, this also means biometric data, such as photos and fingerprints.

That record also includes data culled from a variety of federal databases and sources. But CBP doesn’t automatically share its records with other parts of the government--even other Homeland Security components. However, there are procedures and agreements in place that enable some information sharing, spreading the data beyond just CBP’s control.  

Over the last few months, Nextgov has been reporting on where and how CBP collects information on people crossing the border, where and how that data is stored and shared, and the agency’s plans to collect and further integrate more data in the near future.

How Data Is Collected

Nextgov visited the Port of San Luis, Arizona in June, a land crossing on the southern border and one of two locations testing a facial recognition program for pedestrian travelers. CBP has been testing the program at land, air and sea ports for a year, using the controversial technology to meet a Congressional mandate to use biometrics to authenticate travelers’ identities. The agency wants to integrate facial recognition technology into all ports of entry by 2025.

Minus the facial recognition program, the Port of San Luis is a standard example of what travelers would see at any land crossing: identity confirmation and baggage check-in the pedestrian lanes and some more advanced scanning in the vehicle lanes.

“There can be significant differences in especially the geography of ports, different sizes, different volumes of travelers, etc.,” said a CBP IT official, one of four officials provided to Nextgov on background. “Having said that, they all try and receive the same level of technology in the sense that we’re not going to have travelers get different experiences at different ports—especially for individuals who are looking to not follow all the rules.”

The information collected by those technologies at any point in the process is immediately updated on the individual’s crossing record. For instance, if a traveler in the vehicle lane is referred for secondary inspection, the officer in secondary might be using a different application to review the crossing record but can already view the information collected during the primary inspection.

For pedestrians crossing the border at San Luis, the first technology they encounter is the facial recognition program. An in-motion camera captures an image of a traveler’s face as they walk up to a counter. When the person provides their name and documents, that image is compared against information in CBP’s Traveler Verification Service database. 

Information on the crossing—such as name, date and country of birth, and other biographical information; the dates and locations of previous border crossings; citizenship or immigration status; and a host of other related information—is stored in the TECS database, which contains a master crossing record for every person that enters the U.S.

The data is gathered through the technology used at each port of entry and fed additional information through updates sent from databases managed by federal partners, such as the State Department and U.S. Citizenship and Immigration Services. More on that database later.

The facial recognition pilot began in San Luis in September 2018.

“Of course, at first with anything, it was a little rough at the beginning,” San Luis Watch Commander Jolene Reynaga told Nextgov. “But now I think we’re starting to get everything flowing through. The travelers are more equipped to know, ‘OK, I have to take off my hat. I’ve got to take off my glasses. I’ve got to walk forward.’ It’s that education of the traveling public, as well.”

But speed isn’t the true goal.

“It reduces the threat of imposters—people using other people’s documents,” said Justin Winburn, chief CBP officer at San Luis Port of Entry. “On top of that, it just helps us do our jobs much quicker. When you have the tools and technology and these upgrades that are given to us, it speeds things up.”

For example, Winburn pointed to a gas tank scope—a mirror lens on the end of a snake-like cord that can be used to look inside a vehicle’s fuel tank. Prior to getting the scope, if officers suspected something in the tank, they would have to put the car on a lift, drop and drain the tank to have a look. Now, they can simply look in the tank and see whether anything is hidden inside.

“The same thing applies to facial recognition,” Winburn said. “As these people come in, they’re presenting their documents, that officer is confident in this technology. They know that when it takes that picture of them, the technology is saying that this person is who they say they are, so now [the officer] can focus on different parts of the inspection if they need to—is this person nervous, is their story not matching up? Yes, they are who they say they are, and I don’t have to send them to secondary for that. But are they hiding contraband or are they just trying to get from point A to point B?”

As of July, the program had captured 139 alleged imposters in 2019.

“It’s a great tool for the officers. It helps them out. It easily compares the document that they’re trying to use to come into the United States,” said Linda Thornbloom, program manager for primary applications at San Luis and head of development for the port’s facial recognition program.

After the facial recognition test and a conversation with the CBP officer, pedestrian travelers put their bags through a standard x-ray machine for scanning before being welcomed to the U.S.

While the vehicle lane does not currently use facial recognition as part of the screening process, the agency collects far more data points on drivers.

As vehicles approach the crossing station, they wait in line to drive between two pillars that make up the radiation portal monitor, or RPM, scanner, designed to detect the slightest traces of radiation. 

The data from the RPM scanner is uploaded directly to the cloud, allowing officers at the crossing to analyze the data or request an expert opinion from scientists at CBP’s Laboratories and Scientific Services office. Lab techs at the LSS bureau—which is staffed 24/7/365—can review the details of the scans and let officers know whether the radiation poses a threat or is simply a residual amount leftover from a recent dental x-ray or medical procedure.

After the RPM, drivers pull forward toward the booth with the customs officer. On the way, a camera takes a picture of their license plate.

The license plate reader also takes a picture of the driver, according to Reynaga. At most ports of entry, that photo is not run through the facial recognition algorithm at this time. However, CBP has been running a pilot program at the Anzalduas crossing in Texas using facial recognition algorithms to match those images.

“The spirit is, we take this existing system, what you saw with the pedestrian system, we’re using the facial gathering to match to an image that we have on file,” a CBP IT official told Nextgov. “That image we have on file is tied to various appropriate bits of biographic data and we’re able to say, ‘Ah, here’s this person and we’ve matched them to this identity that has presented themselves for entry in the past.’ Vehicle would be very similar.”

What’s still to be worked out is exactly how the image is captured, whether through a windshield when a picture is taken of the license plate—like in Anzalduas—or by a camera mounted in the booth with the officer.

From there, travelers in the vehicle lane get their first interaction with a human—a customs officer in a booth with a computer. The officer sees results from the first two scans—radiation and license plate—and follows up with the traveler’s documents and questions about what they are bringing across the border.

Currently, the officer compares the documents with records in CBP’s database—just as it’s done in the pedestrian lanes. The vehicle lanes also have another technology component not seen on the pedestrian side: CBP has implemented a program called the Secure Electronic Network for Travelers Rapid Inspection, or SENTRI, which allows frequent travelers to obtain a RFID tag that beams the driver’s information—including all the details of their crossing record—to the booth while the vehicle is still in motion.

Ultimately, this only saves three to five seconds per vehicle, Winburn said. But averaging 8,500 cars passing through the port each day—for about 3.1 million a year—that quickly adds up.

From an IT and data perspective, the impact is much bigger.

“If a vehicle is coming through one of our ready lanes—where … the lane has been suited for travelers that have documents that have RFID capabilities—they will, as part of that crossing, be asked to present that document and oftentimes the officer will read that document via a RFID reader,” an IT official said. “If face has nothing to do with this—and it doesn’t at the moment—that crossing record will then go into systems that say, ‘OK, this person crossed on this day, at this port, at this location. They presented a travel document; we did a RFID read of that document and this is the information that was collected from that RFID read.’”

In the future, Reynaga said she would like to see all documents become smart documents, similar to the RFID tags used in the SENTRI program.

Embedding every travel document with RFID technology would save officers from having to manually type information from birth certificates or passports, saving time and preventing long lines and delays. “Everybody should have them,” she said.

And that’s where CBP headquarters is going, according to the IT officials who spoke to Nextgov.

Where the Data Goes Next

Along with the information gathered through the crossing process, the master record contains data gathered from other federal departments, such as the State Department and other components of the Homeland Security Department, such as USCIS and Immigration and Customs Enforcement. Data from all those departments with a mission concerning travel and immigration flows into CBP databases and coalesce in the master crossing records.

Currently, the facial recognition system being tested at select ports is cordoned off from the rest of the data gathering. For U.S. citizens, the image taken at customs is deleted after 12 hours and is never shared or copied, according to IT officials.

CBP maintains the database used to match travelers with their photos, so the data collected through the facial recognition program never leaves CBP systems. As the State Department updates its information, that data is automatically shared and updated in the CBP database. The result is a self-contained system that can match facial recognition photos against State Department records without interacting directly with those systems.

“During the facial recognition process, we don’t call out to the State Department, so we don’t leave any record or footprint in their database during that process,” a CBP IT official explained.

For the time being, images of U.S. citizen are not added to the crossing record, as CBP’s current authority only allows the agency to use the images to verify identity.

“In the fullness of time, especially if and as we consider the possibility of a nationwide deployment, you may see those retention periods change,” another official said. “I think that’s going to be a discussion for a while.”

When it comes to non-U.S. citizens, the retention rules change drastically.

For the facial recognition program, CBP keeps a copy on file for up to two weeks for testing before it is deleted from that system. However, as with other biometric processes in the past—such as fingerprinting—the information is also forwarded on to the Automated Biometric Identification System, or IDENT, the Homeland Security Department’s central biometric database, which currently contains data on more than 250 million people. Under current authorities, Homeland Security can hold on to that biometric data for up to 75 years.

Homeland Security is in the process of migrating IDENT to the cloud under the new Homeland Advanced Recognition Technology, or HART, system.

“If you think of the fingerprint process, a picture is taken at the same time as those fingerprints. Those photographs were not used for facial matching when collected … but they were retained,” an IT official said.

“They send the picture to IDENT saying this person was verified through simplified arrival, as opposed to verifying them by fingerprint,” said Thornbloom, the facial recognition lead at San Luis.

Information stored in the IDENT database is also cross-referenced back to the master crossing records maintained by CBP, meaning images of non-citizens captured through the facial recognition program make their way back to the crossing record.

Individuals’ master crossing records, whether citizens or non-citizens, can be shared, though only if proper procedure is followed.

“Data stays with CBP unless there’s some law enforcement reason another agency asks for it. There’s rules around how we share that data,” an IT official said.

The crossing record is available to all components of CBP, including customs officers at ports of entry and border patrol agents in between. But other agencies within the Homeland Security Department have to go through a formal process to access the information. That includes other agencies that work on immigration and border missions, such as USCIS and ICE.

“If this information is shared, it’s only when there’s clear authority for them to as part of their mission have crossing information,” another official said, reiterating that any non-CBP agency would still need to go through the formal request process.

“If ICE, in the conduction of their mission are needing to know who is compliant with the terms of their admission,” i.e., whether someone has overstayed their visa, “that would be information that CBP would have a hand in providing,” the official said. “They don’t collect crossing information themselves, so, naturally, we coordinate with them for those elements where they are executing components of their mission.”

“It doesn’t mean that no one in ICE can access the data,” a third official confirmed, but “generally” they would not have standing authority to access master crossing records without submitting a request.

The other two major components of CBP—Border Patrol and Air and Marine Operations—also collect a significant amount of data. As the collection methods used by all three divisions continue to be digitized, and as the agency as a whole moves to the cloud, that data is being ever-more integrated and used to create an instant mosaic of any individual that crosses the boundaries of the nation.

Editor's Note: This story was updated to clarify the names of a database and program.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.