U.S. Customs and Border Protection (CBP) uses facial recognition technology (FRT) for identity checks at some border locations. As of July 2022, CBP had deployed this technology to 32 airports for travelers leaving the U.S. and all airports for travelers entering the country.
The Government Accountability Office (GAO) recently testified that CBP’s privacy signs—which inform the public about its use of this technology—weren’t always current or available where this technology was being used.
CBP’s biometric privacy policies came under the spotlight in January 2020, when the National Institute of Standards and Technology issued a report that found racial and gender bias in facial recognition software. In September 2020, GAO reported that CBP had taken steps to incorporate privacy principles in its program, such as prohibiting airlines from storing or using travelers’ photos for their own purposes. However, GAO found CBP had not consistently provided travelers with information about FRT locations and that the privacy signage provided limited information on how travelers could request to opt out of FRT screening and were not always posted.
Since that time, GAO acknowledges that CBP has ensured that privacy notices contain complete information and is taking steps to ensure signage is more consistently available, but adds that the component still needs to complete its efforts to distribute updated signs to locations where FRT is used.
In February, Deputy Executive Assistant Commissioner Diane Sabatino at CBP‘s Office of Field Operations stressed the importance of educating the public about FRT to gain and maintain public confidence in the process. “There are certainly legitimate questions being raised about privacy data and security,” she said, adding that these questions “need to be addressed to maintain confidence.”
CBP requires its commercial partners, such as airlines, to follow CBP’s privacy requirements and GAO says the agency could audit partners to assess compliance. GAO found that as of May 2020, CBP had audited only one airline partner and did not have a plan to ensure all partners were audited.
In July 2022, CBP reported that it has conducted five assessments of its air partners and has three additional assessments underway. GAO notes that these are positive steps to help ensure that air traveler information is safeguarded but that CBP should also audit other partners who have access to personally identifiable information, including those in other travel environments, vendors, contractors, and partners at land and sea ports of entry.
GAO testified that CBP assessed the accuracy and performance of air exit FRT capabilities through operational testing. Testing found that air exit exceeded its accuracy goals but did not meet a performance goal to capture 97 percent of traveler photos because airlines did not consistently photograph all travelers. As of July 2022, CBP officials report that they are planning to remove this requirement because airline participation in the program is voluntary and CBP does not have staff to monitor the photo capture process at every gate.
The testimony follows an Office of Inspector General (OIG) report into CBP’s compliance with its policies and procedures for resolving facial biometric discrepancies. OIG analyzed 100 percent of the encounter data for 51.1 million travelers and found CBP complied with its policies and procedures for resolving facial biometric discrepancies.