CBP’s facial recognition program at airports expands but concerns remain
Customs and Border Protection continues to expand its facial recognition program at airports, seaports and land ports of entry, but concerns about surveillance and the potential for so-called ‘mission creep’ remain , witnesses and lawmakers said during a July 27 hearing on House Homeland Security. .
As of July, 32 airports use facial recognition to confirm identities when travelers leave the country, according to testimony from the Government Accountability Office. All US international airports use the technology for arriving visitors.
As of March 2020, the entry program covered 18 airports and the exit program had 27, according to an earlier GAO report.
Although the agency has prioritized airports, CBO has also deployed the system to 26 seaports and 159 landports.
The program dates back to laws in the late 1990s that mandated the development of an entry and exit data system for foreign nationals entering the United States.
Going through the facial recognition process is mandatory for some international visitors, but US citizens can opt out. Images of Americans who go through the process are removed within 12 hours, according to the agency.
Many witnesses highlighted the need for more audits, one of many recommendations made by the GAO in 2020 that remains open. In 2019, the program suffered a breach of 184,000 images.
CBP conducted five airline partner audits and had three more in progress last month, according to testimony from Rebecca Gambler, director of homeland security and justice at GAO. But it must also audit sea and land partners, suppliers and contractors who can access the information, she said.
“Facial recognition technology raises questions about data privacy and how passenger information is used and stored. It also raises questions about the adequacy of the oversight mechanisms in place,” said Border Security, Facilitation and Operations Subcommittee Chair Nanette Barragán (D-California), who also highlighted the absence of a “robust system for conducting audits.
She also addressed the concern that the system or its data could be used beyond this single program.
“Currently permitted uses are defined by policy and guidelines, which are more open to change than laws, rules and regulations,” Barragán said. “Understanding CBP’s use of facial recognition technology and the issues and concerns associated with its use is crucial to our oversight responsibility.”
His counterpart, Ranking Member Clay Higgens (R-La.), said that while “the deployment of this technology is something we should carefully consider and control,” Congress should also “embrace it” and ” acknowledge that it has come a long way since its introduction.”
Jeramie Scott, senior counsel at the Electronic Privacy Clearinghouse, also spoke about the potential for “mission drift.”
He recommended that Congress use additions for this particular program, as well as the requirement for annual third-party audits.
“Unless regulations are put in place to end or at least limit biometric entry and exit use of facial recognition technology, the program will continue to expand well beyond its intended purpose” , Scott said, calling the system expansion a “surveillance tool.”
Daniel Tanciar, former CBP deputy executive director of the unit that runs this entry-exit program and current chief innovation officer at Pangiam, pointed to existing safeguards like opt-out provisions, limited retention of data for Americans and privacy notices.
“Civil liberty and privacy have been brought to the forefront of the curriculum,” he said. “It’s not surveillance.”
CBP itself touted in a June announcement about the system that the process saves time, catches fraudulent documents and fulfills a congressional warrant. A recent surveillance report also revealed that the agency had tightened its internal facial recognition procedures over the past two years.