U.S. Customs and Border Protection uses facial recognition technology for identity checks at borders. As of May 2020, CBP had deployed this technology to 27 U.S. airports.
We found that CBP's privacy notices—which inform the public about its use of this technology—were not always current or available where this technology is being used or on CBP's website. Also, CBP has only audited one of its 27 airline partners to ensure compliance with its facial recognition privacy policies.
We recommended that CBP ensure its privacy notices are complete and available at locations using this technology, and that CBP develop a plan to audit its partners.
Example of cameras and display screens used for facial recognition at the Port Canaveral Seaport
What GAO Found
U.S. Customs and Border Protection (CBP) has made progress testing and deploying facial recognition technology (FRT) at ports of entry to create entry-exit records for foreign nationals as part of its Biometric Entry-Exit Program. As of May 2020, CBP, in partnership with airlines, had deployed FRT to 27 airports to biometrically confirm travelers' identities as they depart the United States (air exit) and was in the early stages of assessing FRT at sea and land ports of entry.
Facial Recognition Technology in Use at an Airport
CBP has taken steps to incorporate some privacy principles in its program, such as publishing the legislative authorities used to implement its program, but has not consistently provided complete information in privacy notices or ensured notices were posted and visible to travelers. Ensuring that privacy notices contain complete information and are consistently available would help give travelers the opportunity to decline to participate, if appropriate. Further, CBP requires its commercial partners, such as airlines, to follow CBP's privacy requirements and can audit partners to assess compliance. However, as of May 2020, CBP had audited only one of its more than 20 airline partners and did not have a plan to ensure all partners are audited. Until CBP develops and implements an audit plan, it cannot ensure that traveler information is appropriately safeguarded.
CBP has assessed the accuracy and performance of air exit FRT capabilities through operational testing. Testing found that air exit exceeded its accuracy goals—for example, identifying over 90 percent of travelers correctly—but did not meet a performance goal to capture 97 percent of traveler photos because airlines did not consistently photograph all travelers. A plan to improve the photo capture rate would help CBP better fulfill the program's mission of creating biometrically confirmed traveler departure records. Further, while CBP monitors air exit's performance, officials are not alerted when performance falls short of minimum requirements.
The Transportation Security Administration (TSA) has conducted pilot tests to assess the feasibility of using FRT but, given the limited nature of these tests, it is too early to fully assess TSA's compliance with privacy protection principles.
Why GAO Did This Study
Within the Department of Homeland Security (DHS), CBP is charged with the dual mission of facilitating legitimate travel and securing U.S. borders, and TSA is responsible for protecting the nation's transportation system. For both CBP and TSA, part of their inspection and screening responsibilities includes reviewing travel identification documents and verifying traveler identities. Beginning in 1996, a series of federal laws were enacted to develop and implement an entry-exit data system, which is to integrate biographic and, since 2004, biometric records for foreign nationals. This report addresses (1) the status of CBP's deployment of FRT, (2) the extent to which CBP has incorporated privacy protection principles, (3) the extent to which CBP has assessed the accuracy and performance of its FRT, and (4) the status of TSA's testing and deployment of FRT and how TSA has incorporated privacy protection principles. GAO conducted site visits to observe CBP's and TSA's use of FRT, which were selected to include all three travel environments—air, land, and sea; reviewed program documents; and interviewed DHS officials.
GAO is making five recommendations to CBP to (1) ensure privacy notices are complete, (2) ensure notices are available at locations using FRT, (3) develop and implement a plan to audit its program partners for privacy compliance, (4) develop and implement a plan to capture required traveler photos at air exit, and (5) ensure it is alerted when air exit performance falls below established thresholds. DHS concurred with the recommendations.
Recommendations for Executive Action
|United States Customs and Border Protection||The Commissioner of CBP should ensure that the Biometric Entry-Exit Program's privacy notices contain complete and current information, including all of the locations where facial recognition is used and how travelers can request to opt out as appropriate. (Recommendation 1)|
|United States Customs and Border Protection||The Commissioner of CBP should ensure that the Biometric Entry-Exit Program's privacy signage is consistently available at all locations where CBP is using facial recognition. (Recommendation 2)|
|United States Customs and Border Protection||The Commissioner of CBP should direct the Biometric Entry-Exit Program to develop and implement a plan to conduct privacy audits of its commercial partners', contractors', and vendors' use of personally identifiable information. (Recommendation 3)|
|United States Customs and Border Protection||The Commissioner of CBP should develop and implement a plan to ensure that the biometric air exit capability meets its established photo capture requirement. (Recommendation 4)|
|United States Customs and Border Protection||The Commissioner of CBP should develop a process by which Biometric Entry-Exit program officials are alerted when the performance of air exit facial recognition falls below established thresholds. (Recommendation 5)|