Skip to Main

Law360: House Panel Looks At Privacy Risks In CBP’s Facial Data Use

By Allison Grande 

July 27, 2022

U.S. Customs and Border Protection needs to do a better job of clearly informing travelers at airports and other points of entry of its use of facial recognition technology and of ensuring that third parties aren’t misusing this data, watchdogs told a House subcommittee on Wednesday.  

The House Homeland Security Subcommittee on Border Security, Facilitation and Operations called on four witnesses to give input on the proper way to conduct oversight of the CBP’s deployment of biometric technology to streamline the identification of international travelers. 

While the use of facial recognition technology to help verify travelers’ identities provides a powerful tool for border patrol agencies and can make international travel faster and more convenient, the technology raises privacy, data security, accuracy and civil liberties concerns tied to the misidentification of travelers and the misuse of their data, subcommittee members and panelists agreed. 

“I have been myself through airports, and I have gone and used the program where they take the photo of you, and it does speed up the process,” subcommittee Chair Nanette Barragán, D-Calif., said during the hearing. “But I think I would have hesitations if I was one of those people that was misidentified or held or arrested. I can understand the concerns that are being raised, which is why we want to make sure we address those issues.”

Rebecca Gambler, director of Homeland Security and Justice at the U.S. Government Accountability Office, provided the subcommittee with an update on the steps CBP has taken in response to recommendations the federal watchdog made in a September 2020 report on the facial recognition entry/exit program.

The report found that while the agency had incorporated “some privacy principle” by prohibiting partners like air carriers from storing travelers photos and by providing public notices on privacy protections, it didn’t always provide notices that were current, complete or accurate, and it provided limited information about how travelers could request to opt out of facial recognition, according to Gambler. 

During the past two years, CBP has started to address these issues, including by creating a new website that outlines locations where facial recognition is currently being deployed, she said. But more work still needs to be done to ensure clear signage is being displayed at the time of travel, and that commercial partners, contractors and vendors are being regularly audited to ensure they’re following data collection and privacy requirements and aren’t using data in unauthorized ways, according to Gambler. 

“CPB has made progress in deploying facial recognition for traveler identification verification and is addressing some privacy considerations,” she said. “But additional action is needed to fully implement our remaining recommendations, and we’ll continue to monitor CBP’s efforts to address those recommendations.”

Jeramie D. Scott, senior counsel at the Electronic Privacy Information Center, warned that if CBP’s facial recognition program is allowed to continue to grow without proper safeguards in place, “it will not just expand in the number of ports the program is implemented at, but in the number of situations CBP’s facial recognition system is used for.”

“The unfettered use of facial recognition to verify identity puts us on the path to a ubiquitous universal ID controlled by the government,” Scott said. “Unless regulations are put in place to end, or at least limit, the biometric entry/exit, use of facial recognition technology program will continue to expand well beyond its intended purpose.”

Noting that facial recognition technology can become “a powerful and dangerous tool of surveillance” when not responsibly deployed, Scott called on Congress to, at a minimum, put certain protections in place, including barring border agents from using systems that require images to be stored in a database or from using third-party services like Clearview AI, prohibiting law enforcement from accessing data and mandating annual audits of the agency’s facial recognition systems. 

Nicol Turner Lee, director of the Center for Technology Innovation at The Brookings Institution cautioned lawmakers about the “range of privacy and bias concerns” facial recognition technology creates and urged the subcommittee to consider measures such as ensuring foreign travelers have the same ability to control the use of their information as U.S. residents and requiring more training to help border agents better understand the “limitations and biases” of facial recognition technology. 

“For the agency to avoid front page headlines, it must encourage a constant interrogation of facial recognition, independent auditing and think about those cases where human rights and civil rights can be violated,” Lee said. “Convenience should not be a trade-off for those important and critical aspects.”

Daniel Tanciar, chief innovation officer at Pangiam and a former CBP officer who, from 2016 through March 2020, was the deputy executive director for the office that implemented the use of facial recognition for biometric exit and entry, told the subcommittee that the program has significantly improved passengers’ arrival experience and the border agents’ jobs.

“Civil liberties and privacy protections were built into the program at the forefront,” Tanciar said, pointing to the institution of limited data retention periods, the posting of notices and signage alerting users of the practice, and pictures being taken with “travelers knowledge” by cameras that are “in full view” of them. 

“This is not surveillance,” Tanciar said, adding that border officers ultimately make the “final determination on identity.”

Subcommittee ranking member Clay Higgins, R-La., expressed optimism that Congress would be able to strike the right balance between preserving the benefits of facial recognition verification and guarding against privacy and bias risks. 

“This is a topic that Republicans and Democrats are not that far apart on,” Higgins said. 

He noted that the functioning and accuracy of facial recognition have “advanced significantly” since the technology was first deployed. He added that continued congressional oversight would help lawmakers determine “exactly in what manner should Congress embrace this technology.”

“It’s pretty much an accepted conclusion that it’s an effective asset that we should embrace and use but with proper restraints and controls,” Higgins said.