CBP defends facial recognition programs to Congress

An official argued that such programs largely automate the manual identity verification practices the government has done for decades, but a recent breach looms large.

facial recognition (Shutterstock.com)

A Customs and Border Protection official defended the use of facial recognition and biometric technologies in a July 9 House hearing, characterizing a breach that resulted in the publication of thousands of traveler photos at the border as an isolated incident unconnected to the way such technologies are managed and protected by the agency.

John Wagner, deputy executive assistant commissioner for CBP's Office of Field Operations, downplayed the scope and breadth of the agency's biometrics and facial recognition tracking, telling the committee that the U.S. transportation scanning system is not set up to easily segregate foreign visitors from U.S. citizens and residents, and that the programs merely automate many of the identity validation functions that have been done manually for decades at airports, the border and other entry points.

Multiple entities -- including CBP, the Transportation Security Administration and commercial airlines -- use facial recognition or other biometric technologies to capture the images of international travelers at the border, airports and other ports of entry. Subsequent reporting has indicated that Immigrations and Customs Enforcement also works with state governments to access state databases containing driver's license photos to search and match photos of undocumented immigrants.

Wagner argued that what some lawmakers and outside activists see as an expansion of the government's biometrics portfolio is actually the agency following best practices laid out by the 9/11 Commission that security screenings should not be ad hoc and uncoordinated, lest officials miss out on vital dot-connecting that could stop terrorists or other criminals from gaining entrance into the country.

He said CBP's programs capture the image of a traveler at check-in or other screening points and compares it to "a small gallery of photos" compiled from passports, visas and photos taken during previous international travels to ensure the people coming through are who they say they are. 

The agency does not, he claimed, compare photos taken at an airport or seaport against any other databases or sources of information besides these gallery photos. American citizens are "clearly not part" of CBP's entry-exit program, and if a traveler matches a U.S. passport, that new photo is deleted.

"What we're doing is absolutely not a surveillance program," Wagner said.

However, a database operated by government subcontractor Perceptics containing tens of thousands of photos of travelers in their cars as well as license plates and other data was hacked and leaked onto the internet this year. The agency wound up suspending the company from federal contracting and is conducting an investigation that could lead to harsher penalties, including criminal charges. Wagner said Perceptics' system was not integrated with CBP's primary biometric system (dubbed "IDENT") and that the company was not following rules specified in its contract when employees captured and stored the photos on the Perceptics network.

"As far as I understand it, the contractor physically removed the photographs from the camera itself and put it onto their own network ... in violation of contract," he said.

The incident has given members of Congress pause, with some questioning whether the underlying legal authorities for the programs created and expanded by DHS in recent years are in line with congressional intent. However, despite those concerns, support for biometric tracking remains solid among key congressional stakeholders on the committee.

In his opening statement, Chair Rep. Bennie Thompson (D-Miss.) stated he was not opposed to the government using biometric tracking technology, saying it could be used to further the security mission of the Department of Homeland Security. However, the widespread adoption and acceleration of such programs by multiple DHS components "raises serious questions about privacy, data security, transparency and accuracy," he said.

"The American people deserve answers to those questions before the federal government rushes to deploy biometrics further," he added. 

Rep. Michael McCaul (R-Texas) urged his colleagues to weigh the possible negative consequences of denying DHS the authority to leverage such technologies along with the downsides that come with its use.

"This technology, in my judgment, has really protected the nation from drug smugglers, gang members and potential terrorists," said McCaul, later adding "I wouldn't want to throw the baby out with the bathwater."

A group of 37 privacy and civil liberties organizations and political non-profits wrote the committee this week, urging Congress to suspend DHS' use of facial recognition technology until members can work out better legislative safeguards and address lingering accuracy issues.

"DHS has moved forward with face recognition with a focus on justifying its implementation and not a focus on whether, given the risks, the technology should be implemented," the groups wrote.

While Rep. Mark Meadows (R-N.C.) and other members have called for CBP to halt its pilot programs, no one on the House Homeland Security Committee, which has jurisdiction over DHS, made that argument at the hearing, with most preferring to focus on improving issues around accuracy and privacy instead.

DHS is preparing to replace IDENT with a newly procured cloud-based platform, the Homeland Advanced Recognition Technology system. A privacy threshold assessment conducted in 2018 concluded that HART will require a formal privacy impact assessment before going live in 2020. That assessment was originally supposed to be completed by January 2019, but a spokesperson from the Office of Biometric Identity Management confirmed to FCW July 10 that assessment is still being finalized and declined to provide a specific timeframe for completion.