Facial Recognition Technology: CBP Traveler Identity Verification and Efforts to Address Privacy Issues
U.S. Customs and Border Protection uses facial recognition technology for identity checks at some border locations. As of July 2022, CBP had deployed this technology to 32 airports for travelers leaving the U.S. and all airports for travelers entering the country.
We testified that CBP's privacy signs—which inform the public about its use of this technology—weren't always current or available where this technology was being used.
Our previous recommendations included that CBP ensure its privacy notices are complete and available at locations using this technology.
Example of cameras and display screens used for facial recognition at the Port Canaveral Seaport
What GAO Found
U.S. Customs and Border Protection (CBP) has made progress testing and deploying facial recognition technology (FRT) at air, sea, and land ports of entry to create entry-exit records for foreign nationals as part of its Biometric Entry-Exit Program. As of July 2022, CBP has deployed FRT at 32 airports to biometrically confirm travelers' identities as they depart the United States (air exit) and at all airports for arriving international travelers.
Facial Recognition Technology in Use at an Airport
In September 2020, GAO reported that CBP had taken steps to incorporated privacy principles in its program, such as prohibiting airlines from storing or using travelers' photos for their own purposes. However, CBP had not consistently provided travelers with information about FRT locations. Also,, and CBP's privacy signage provided limited information on how travelers could request to opt out of FRT screening and were not always posted. Since that time, CBP has ensured that privacy notices contain complete information and is taking steps to ensure signage is more consistently available, but needs to complete its efforts to distribute updated signs to locations where FRT is used. Further, CBP requires its commercial partners, such as airlines, to follow CBP's privacy requirements and could audit partners to assess compliance. As of May 2020, CBP had audited only one airline partner and did not have a plan to ensure all partners were audited. In July 2022, CBP reported that it has conducted five5 assessments of its air partners and has three additional assessments underway. These are positive steps to help ensure that air traveler information is safeguarded. However, CBP should also audit other partners who have access to personally identifiable information, including those in other travel environments, vendors, and contractorscontractors and partners at land and sea ports of entry.
CBP assessed the accuracy and performance of air exit FRT capabilities through operational testing. Testing found that air exit exceeded its accuracy goals but did not meet a performance goal to capture 97 percent of traveler photos because airlines did not consistently photograph all travelers. As of July 2022, CBP officials report that they are planning to remove this requirementremoving the photo capture goal because airline participation in the program is voluntary and CBP does not have staff to monitor the photo capture process at every gate.
Why GAO Did This Study
Within the Department of Homeland Security (DHS), CBP is charged with the dual mission of facilitating legitimate travel and securing U.S. borders. In response to fFederal laws requireing DHS to implement a biographic and biometric data system for foreign nationals entering and exiting the U.S. In response, CBP has been pursuing FRT to verify a traveler's identity in place of a visual inspection of travel identification documents.
This statement addresses the extent to which CBP has (1) incorporated privacy principles in and (2) assessed the accuracy and performance of its use of FRT. This statement is based on a September 2020 report (GAO-20-568), along with updates as of July 2022 on actions CBP has taken to address prior GAO recommendations. For that report, GAO conducted site visits to observe CBP's use of FRT; reviewed program documents; and interviewed DHS officials.
In September 2020, GAO made five recommendations to CBP regarding privacy and system performance of its FRT. DHS concurred with the recommendations and has implemented two of them. CBP is taking steps to address the remaining three recommendations, but has not fully implemented recommendations related to (1) current and complete privacy signage, (2) implementing an audit plan for its program partners, and (3) capturing required traveler photos.