Customs and Border Protection (CBP) has begun to conduct its “1:1 Facial Recognition Air Entry Pilot” program to allow CBP officers (CBPOs) stationed at air ports of entry to use facial recognition technology as a tool to assist them in determining whether an individual presenting themselves with a valid US electronic passport is the same individual photographed in that passport, according to the Department of Homeland Security’s (DHS) Privacy Impact Statement (PIA) on the program.
DHS’s Privacy Office is required by law to provide ongoing guidance on all privacy issues raised by significant or novel technologies in which personally identifiable information is required or obtained for purposes of training and testing, such as the Facial Recognition Air Entry Pilot program.
Consequently, the PIA was required to examine the privacy impact of the 1:1 Facial Recognition Air Entry Pilot and the collection of facial image data using the DHS Privacy Office’s Fair Information Practice Principles pursuant to Section 208 of the E-Government Act and Section 222 of the Homeland Security Act of 2002.
Since 2007, US passports have had a chip embedded in them that securely stores the same information that’s on the photo page of the passport, which includes a biometric identifier in the form of a digital image of the passport photograph. This facilitates the use of facial recognition technology at ports of entry into the US.
Homeland Security Today reported last June that nearly 13,500 passports were issued by the Department of State to individuals who used the Social Security Number (SSN), but not the name, of a deceased person. Another 24,278 passports were issued to applicants who used a likely invalid SSN, according to the results of a Government Accountability Office (GAO) review of a 140-case generalizable sample and a 15-case nongeneralizable sample for these two populations respectively.
GAO said it “determined the cases were likely data errors” and that the State Department “has taken steps to capture correct SSN information more consistently.”
“Fraudulent passports pose a significant risk because they can be used to conceal the true identity of the user and potentially facilitate other crimes, such as international terrorism and drug trafficking,” GAO said, noting that the State Department issued more than 13.5 million passports during fiscal year 2013.
In April 2014, DHS officials told a congressional committee that “the alarming number of countries that report very little — and in some cases no — lost and stolen passport data to INTERPOL for inclusion in [INTERPOL’s] Stolen and Lost Travel Documents (SLTD) database” is “disturbing.”
The operational goals of the Facial Recognition Air Entry Pilot program “are to determine the viability of facial recognition as a technology to assist CBP Officers in identifying possible imposters using US e-passports to enter the United States and determine if facial recognition technology can be incorporated into current CBP entry processing with acceptable impacts to processing time and the traveling public while effectively providing CBPOs with a tool to counter imposters using valid US travel documents.”
The agency is conducting the pilot at a limited number of air ports of entry “after having successfully completed testing in a laboratory environment.
According to CBP, the results determined the system successfully performed matches when tested against actual passports and live captured images. The system also successfully detected imposters when presented with an imposter’s passport against a live captured image.
CBP issued its PIA “to evaluate the privacy risks of using facial recognition software at an air port of entry.”
While spending time at the Nogales, Arizona land port of entry, the port director showed Homeland Security Today a woman who was trying to pass herself off as the person on an identification document that wasn’t her, although the similarities between the photo of the woman in the document and the woman illegally presenting the document as her’s was glaring.
According to CBP, it has identified instances when imposters have attempted to enter the United States using what appear to be valid US passports. The 1:1 Facial Recognition Air Entry Pilot initiative is designed to enable CBPOs to use facial recognition technology as a tool to assist in verifying that the person presenting a valid US e-passport is indeed the person identified in that passport.”
During the pilot program, CBP takes a photo of a US passport holder, applies facial recognition software algorithms to compare the photo taken against the preexisting photograph in the e-passport, and uses the results to assist in determining whether the person presenting the e-passport is the same person who was issued the e-passport.
According to the PIA, two errors can occur during the entry process. The first error is known as a False Non-Match Rate (FNMR) which occurs if a CBPOs agent fails to correctly match the e-Passport photo to the person presenting the document. A FNMR leads to increased CBPOs involvement in order to verify the individual isn’t an imposter.
The second error is a False Acceptance Rate (FAR), which occurs when a CBPOs agent “incorrectly matches an e-passport photo with an imposter physically in front of him or her.”
And a FAR error could allow an imposter into the country. Thus, “The facial recognition software provides the CBPOs agent with a match confidence score after the e-passport chip is scanned and the photo is taken. The score is generated by algorithms designed to detect possible imposters. The operational goal of the 1:1 Facial Recognition Air Entry Pilot is to maximize the number of imposters caught or True Non-Match Rate (TNMR) while minimizing traveler inconvenience and CBPOs impacts.
“Therefore, a match confidence threshold numerical score will be established to set the maximum allowable FNMR at the close of the evaluation phase of this pilot,” the PIA said.
The operational goals of this pilot program are to determine the viability of facial recognition as a technology to assist CBPOs agents in identifying possible imposters using US e-passports to enter the United States and determine if facial recognition technology can be incorporated into current CBP entry processing with acceptable impacts to processing time and the traveling public while effectively providing CBPOs agents with a tool to counter imposters using valid US travel documents.
The pilot is estimated to take about 19 months to complete, including the testing and analysis phase of the program.
“However,” the PIA stated, CBPOs agents “will only use the technology to capture photographs from US e-passport holders for 60 days.” During the pilot, CBPOs agents will take photographs of randomly selected US e-passport holders and use facial recognition algorithms to compare the new image with the official image stored on the individual’s e-passport chip.
CBPOs “will use the facial recognition technology as another tool for determining admissibility to the United States,” and they will neither use the facial recognition technology output as the sole basis for whether to admit an individual into the United States nor send an individual to secondary inspection.”
CBP also will not assign a unique identification number to travelers based on their facial recognition algorithm,” the PIA said, adding, “All images are only searchable by time and date stamp,” and, “At the end of the pilot, CBP will write a report with findings of the study.”
This report may or may not be sent to DHS’s Science & Technology (S&T) and Office of Biometric Identity Management (OBIM) for awareness. “DHS S&T and OBIM will not have access to the facial recognition photographs stored on the CBP server. The point of sharing the report is to provide DHS S&T and OBIM awareness of the overall findings of the pilot,” the PIA said.
“During the inspection process,” the PIA states, “CBPOs take a photograph of the person presenting a US e-passport and compare it to the image contained in the US e-passport chip using the facial recognition system. A match confidence score is generated indicating the likelihood of a match between the two photographs. For example, if an individual has a match score of ninety he or she is likely the same person in the US e-passport photo. Through this pilot, CBP will determine the threshold for successful match scores and will appropriately train CBPOs that use the technology.”
US citizens with US e-passports arriving at air ports of entry where CBP is testing the 1:1 Facial Recognition Air Entry Pilot technology may be selected to participate in the pilot at port discretion, and “do not have the option to opt out of this process,” the PIA said.
The facial recognition system is a tool to assist CBPOs in the inspection process and does not replace a customs officer’s discretion at any point within the inspection process.
The PIA was required because, “As part of this pilot, CBP collects the following information: photographs of travelers passing through primary inspection; facial recognition match results; issuance date of passport; CBPO determination of traveler age; and, passport country of issuance if the traveler is directed to secondary inspection.”