For almost 20 years, Congress has directed the Department of Homeland Security (DHS) and the U.S. Customs and Border Protection (CBP) to biometrically track the entry and departure of certain categories of non-U.S. citizens to determine when people overstay their visa, and to guard against those who travel with fraudulent papers. CBP has run pilot programs at air, land, and sea ports to determine how to create a responsive system. Recently, CBP settled on the use of facial image capture and face matching at airports to verify the identity of travelers to fulfill part of this instruction. On November 19, CBP issued a notice of proposed rulemaking that would force all non-U.S. citizens, including children and lawful permanent residents, to submit face scans and be subject to facial recognition screening whenever they enter or depart the country.
The Center for Democracy & Technology filed a comment opposing this rule change. Although U.S. citizens have a right to opt out of facial recognition screening at ports of entry, in practice this right has been difficult to exercise. And for all those who must submit to such screening, questions about the technology’s ability to work as intended and to provide an equitable travel experience for all, including people of color, women, and young people, remain outstanding. The consequences for travelers in the case of error are significant: if they are not accurately identified they may be delayed, miss their flight, or face a custodial interrogation. Additionally, Customs and Border Protection elected to center this screening around a particularly sensitive form of biometric identifier, facial images, when they could have selected a less sensitive and more effective alternative. CBP also failed to adopt any privacy protections to prevent the broad distribution and repurposing of facial images captured by CBP, so this proposed collection risks significantly enhancing the surveillance capabilities of many U.S. government entities. We also argued that CBP’s expansion from pilot phase was premature as the agency has yet to address outstanding privacy and security recommendations from the U.S. Government Accountability Office (GAO), which recently concluded a review of CBP’s program.