January 26, 2022

News

News Network

Facial Recognition: CBP and TSA are Taking Steps to Implement Programs, but CBP Should Address Privacy and System Performance Issues

12 min read
<div>U.S. Customs and Border Protection (CBP) has made progress testing and deploying facial recognition technology (FRT) at ports of entry to create entry-exit records for foreign nationals as part of its Biometric Entry-Exit Program. As of May 2020, CBP, in partnership with airlines, had deployed FRT to 27 airports to biometrically confirm travelers' identities as they depart the United States (air exit) and was in the early stages of assessing FRT at sea and land ports of entry. Facial Recognition Technology in Use at an Airport CBP has taken steps to incorporate some privacy principles in its program, such as publishing the legislative authorities used to implement its program, but has not consistently provided complete information in privacy notices or ensured notices were posted and visible to travelers. Ensuring that privacy notices contain complete information and are consistently available would help give travelers the opportunity to decline to participate, if appropriate. Further, CBP requires its commercial partners, such as airlines, to follow CBP's privacy requirements and can audit partners to assess compliance. However, as of May 2020, CBP had audited only one of its more than 20 airline partners and did not have a plan to ensure all partners are audited. Until CBP develops and implements an audit plan, it cannot ensure that traveler information is appropriately safeguarded. CBP has assessed the accuracy and performance of air exit FRT capabilities through operational testing. Testing found that air exit exceeded its accuracy goals—for example, identifying over 90 percent of travelers correctly—but did not meet a performance goal to capture 97 percent of traveler photos because airlines did not consistently photograph all travelers. A plan to improve the photo capture rate would help CBP better fulfill the program's mission of creating biometrically confirmed traveler departure records. Further, while CBP monitors air exit's performance, officials are not alerted when performance falls short of minimum requirements. The Transportation Security Administration (TSA) has conducted pilot tests to assess the feasibility of using FRT but, given the limited nature of these tests, it is too early to fully assess TSA's compliance with privacy protection principles. Within the Department of Homeland Security (DHS), CBP is charged with the dual mission of facilitating legitimate travel and securing U.S. borders, and TSA is responsible for protecting the nation's transportation system. For both CBP and TSA, part of their inspection and screening responsibilities includes reviewing travel identification documents and verifying traveler identities. Beginning in 1996, a series of federal laws were enacted to develop and implement an entry-exit data system, which is to integrate biographic and, since 2004, biometric records for foreign nationals. This report addresses (1) the status of CBP's deployment of FRT, (2) the extent to which CBP has incorporated privacy protection principles, (3) the extent to which CBP has assessed the accuracy and performance of its FRT, and (4) the status of TSA's testing and deployment of FRT and how TSA has incorporated privacy protection principles. GAO conducted site visits to observe CBP's and TSA's use of FRT, which were selected to include all three travel environments—air, land, and sea; reviewed program documents; and interviewed DHS officials. GAO is making five recommendations to CBP to (1) ensure privacy notices are complete, (2) ensure notices are available at locations using FRT, (3) develop and implement a plan to audit its program partners for privacy compliance, (4) develop and implement a plan to capture required traveler photos at air exit, and (5) ensure it is alerted when air exit performance falls below established thresholds. DHS concurred with the recommendations. For more information, contact Rebecca Gambler at (202) 512-8777 or gamblerr@gao.gov.</div>

What GAO Found

U.S. Customs and Border Protection (CBP) has made progress testing and deploying facial recognition technology (FRT) at ports of entry to create entry-exit records for foreign nationals as part of its Biometric Entry-Exit Program. As of May 2020, CBP, in partnership with airlines, had deployed FRT to 27 airports to biometrically confirm travelers’ identities as they depart the United States (air exit) and was in the early stages of assessing FRT at sea and land ports of entry.

Facial Recognition Technology in Use at an Airport

CBP has taken steps to incorporate some privacy principles in its program, such as publishing the legislative authorities used to implement its program, but has not consistently provided complete information in privacy notices or ensured notices were posted and visible to travelers. Ensuring that privacy notices contain complete information and are consistently available would help give travelers the opportunity to decline to participate, if appropriate. Further, CBP requires its commercial partners, such as airlines, to follow CBP’s privacy requirements and can audit partners to assess compliance. However, as of May 2020, CBP had audited only one of its more than 20 airline partners and did not have a plan to ensure all partners are audited. Until CBP develops and implements an audit plan, it cannot ensure that traveler information is appropriately safeguarded.

CBP has assessed the accuracy and performance of air exit FRT capabilities through operational testing. Testing found that air exit exceeded its accuracy goals—for example, identifying over 90 percent of travelers correctly—but did not meet a performance goal to capture 97 percent of traveler photos because airlines did not consistently photograph all travelers. A plan to improve the photo capture rate would help CBP better fulfill the program’s mission of creating biometrically confirmed traveler departure records. Further, while CBP monitors air exit’s performance, officials are not alerted when performance falls short of minimum requirements.

The Transportation Security Administration (TSA) has conducted pilot tests to assess the feasibility of using FRT but, given the limited nature of these tests, it is too early to fully assess TSA’s compliance with privacy protection principles.

Why GAO Did This Study

Within the Department of Homeland Security (DHS), CBP is charged with the dual mission of facilitating legitimate travel and securing U.S. borders, and TSA is responsible for protecting the nation’s transportation system. For both CBP and TSA, part of their inspection and screening responsibilities includes reviewing travel identification documents and verifying traveler identities. Beginning in 1996, a series of federal laws were enacted to develop and implement an entry-exit data system, which is to integrate biographic and, since 2004, biometric records for foreign nationals. This report addresses (1) the status of CBP’s deployment of FRT, (2) the extent to which CBP has incorporated privacy protection principles, (3) the extent to which CBP has assessed the accuracy and performance of its FRT, and (4) the status of TSA’s testing and deployment of FRT and how TSA has incorporated privacy protection principles. GAO conducted site visits to observe CBP’s and TSA’s use of FRT, which were selected to include all three travel environments—air, land, and sea; reviewed program documents; and interviewed DHS officials.

What GAO Recommends

GAO is making five recommendations to CBP to (1) ensure privacy notices are complete, (2) ensure notices are available at locations using FRT, (3) develop and implement a plan to audit its program partners for privacy compliance, (4) develop and implement a plan to capture required traveler photos at air exit, and (5) ensure it is alerted when air exit performance falls below established thresholds. DHS concurred with the recommendations.

For more information, contact Rebecca Gambler at (202) 512-8777 or gamblerr@gao.gov.

News Network

  • Man Sentenced for Covid-19 Relief Fraud Scheme
    In Crime News
    A Washington State man was sentenced today to two years in prison for perpetrating a scheme to fraudulently obtain COVID-19 disaster relief loans guaranteed by the Small Business Administration (SBA) through the Economic Injury Disaster Loan (EIDL) and the Paycheck Protection Program (PPP) under the Coronavirus Aid, Relief and Economic Security (CARES) Act.
    [Read More…]
  • California University To Pay $225,000 For Allegedly Violating Ban On Incentive Compensation
    In Crime News
    San Diego Christian College (SDCC), based in Santee, California, will pay $225,000 to resolve allegations under the False Claims Act for submitting false claims to the U.S. Department of Education in violation of the federal ban on incentive-based compensation, the Justice Department announced today.
    [Read More…]
  • North Carolina Man Charged with Fraudulently Seeking Over $6 Million in COVID Relief Funds
    In Crime News
    A North Carolina man was charged with fraudulently seeking over $6 million in Paycheck Protection Program (PPP) loans, announced Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division and U.S. Attorney Robert J. Higdon Jr. of the Eastern District of North Carolina.
    [Read More…]
  • Secretary Antony J. Blinken Opening Remarks at Ministerial on Afghanistan
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Barge Company Will Preserve 649 Acres of Habitat and Pay Over $2 Million for Injuries to Natural Resources Resulting from its Oil Spill in the Mississippi River near New Orleans
    In Crime News
    Jeffersonville, Indiana-based American Commercial Barge Line LLC (American Commercial) has agreed to acquire and preserve 649 acres of woodland wildlife habitat near New Orleans, Louisiana and pay over $2 million in damages, in addition to $1.32 million previously paid for damage assessment and restoration planning costs, under the Oil Pollution Act (OPA) and the Louisiana Oil Spill Prevention and Response Act (OSPRA), to resolve federal and State claims for injuries to natural resources resulting from an oil spill from one of its barges.
    [Read More…]
  • Finland National Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • TSA Acquisitions: TSA Needs to Establish Metrics and Evaluate Third Party Testing Outcomes for Screening Technologies
    In U.S GAO News
    In 2013, the Transportation Security Administration (TSA) introduced the concept of third party testing—having an independent testing entity verify that a security screening system meets certain requirements. The concept is that screening system vendors would take this additional step either prior to submitting their technologies to TSA or if their system failed TSA's test and evaluation process. The goal is for third party testing to reduce the time and resources that TSA spends on its own testing. However, since introduced, TSA has directed only three vendors that failed TSA tests to use third party testing, with varying outcomes. In two other cases, TSA supplemented its test capabilities by using third party testers to determine that systems installed at airports were working properly. TSA officials and industry representatives pointed to several reasons for third party testing's limited use since 2013, such as the cost to industry to use third party testers and TSA's reluctance to date to accept third party test data as an alternative to its own. Despite this, TSA officials told GAO they hope to use third party testing more in the future. For example, in recent announcements to evaluate and qualify new screening systems, TSA stated that it will require a system that fails TSA testing to go to a third party tester to address the identified issues (see figure). Example of Use of Third Party Testing When a System Experiences a Failure in TSA's Testing TSA set a goal in 2013 to increase screening technology testing efficiency. In addition, TSA reported to Congress in January 2020 that third party testing is a part of its efforts to increase supplier diversity and innovation. However, TSA has not established metrics to determine third party testing's contribution toward the goal of increasing efficiency. Further, GAO found no link between third party testing and supplier diversity and innovation. Some TSA officials and industry representatives also questioned third party testing's relevance to these efforts. Without metrics to measure and assess the extent to which third party testing increases testing efficiency, TSA will be unable to determine the value of this concept. Similarly, without assessing whether third party testing contributes to supplier diversity and innovation, TSA cannot know if third party testing activities are contributing to these goals as planned. TSA relies on technologies like imaging systems and explosives detection systems to screen passengers and baggage to prevent prohibited items from getting on board commercial aircraft. As part of its process of acquiring these systems and deploying them to airports, TSA tests the systems to ensure they meet requirements. The 2018 TSA Modernization Act contained a provision for GAO to review the third party testing program. GAO assessed the extent to which TSA (1) used third party testing, and (2) articulated its goals and developed metrics to measure the effects of third party testing. GAO reviewed TSA's strategic plans, acquisition guidance, program documentation, and testing policies. GAO interviewed officials from TSA's Test and Evaluation Division and acquisition programs, as well as representatives of vendors producing security screening systems and companies providing third party testing services. GAO is recommending that TSA develop metrics to measure the effects of third party testing on efficiency, assess its effects on efficiency, and assess whether third party testing contributes to supplier diversity and innovation. DHS concurred with GAO's three recommendations and has actions planned to address them. For more information, contact Marie A. Mak at (202) 512-4841 or MakM@gao.gov.
    [Read More…]
  • Seven Members of Los Angeles-Based Fraud Ring Sentenced for Multimillion-Dollar COVID-19 Relief Scheme
    In Crime News
    Seven members of a Los Angeles-based fraud ring were sentenced for a scheme to fraudulently obtain more than $20 million in Paycheck Protection Program (PPP) and Economic Injury Disaster Loan (EIDL) COVID-19 relief funds.
    [Read More…]
  • Ohio Man Pleads Guilty to Attempting to Provide Material Support to a Foreign Terrorist Organization
    In Crime News
    An Ohio man, who was scheduled to start jury trial today, pleaded guilty Friday evening to one count of attempting to provide material support – himself, as personnel – to foreign terrorist organizations, namely ISIS and ISIS Wilayat Khorasan (ISIS-K).
    [Read More…]
  • Military Uniforms: Issues Related to the Supply of Flame Resistant Fibers for the Production of Military Uniforms
    In U.S GAO News
    Prior to Operation Enduring Freedom and Operation Iraqi Freedom, Department of Defense (DOD) personnel with flame resistant (FR) uniforms were mainly aviators, fuel handlers, and tank crews. With the growing prevalence of the improvised explosive device (IED) threat, all ground forces serving in Iraq and Afghanistan have been exposed to the possibility of fire-related injuries. The Ike Skelton National Defense Authorization Act for Fiscal Year 2011 extended to 2015 the authority to procure fire resistant rayon fiber for the production of uniforms from certain foreign countries, provided by section 829 of the National Defense Authorization Act for Fiscal Year 2008 and originally set to expire in 2013. This letter discusses the briefing developed in response to the requirement in the Ike Skelton National Defense Authorization Act for Fiscal Year 2011 to report on the supply chain for FR fiber for the production of military uniforms. Specifically, the act required GAO to analyze several elements of the supply chain, including the current and anticipated sources of FR rayon fiber; actions DOD has taken to identify alternatives to FR rayon fiber; impediments to the use of such alternatives; and the impediments posed to efficient procurement of FR rayon fiber by existing statutory or regulatory requirements; among others. On March 15, 2011, we provided a draft of the briefing to Congress to satisfy this requirement.In summary, an Austrian-headquartered company is presently the only source used for FR rayon fiber to support the manufacturing of FR uniforms for DOD. However, the department has taken a number of steps over the past 5 years to identify alternative FR fabric blends. For example, the military services have sought fabric/garment submissions through sources sought notices, market surveys, or solicitations in 2006, 2007, 2009, and 2010 to explore available options and have tested a wide variety of FR fabrics. Based on our review of military service testing, it is unclear if FR rayon's flame resistant characteristics are better than all other alternatives. Further, some DOD and industry officials stated that FR rayon has several advantages, including improved comfort, moisture absorbency, and ability to be dyed, while others have stated that fabrics with FR rayon tend to be less durable than those using other FR fibers. With respect to legal requirements applying to the production and use of FR rayon fibers, immediately relevant to our assessment was the Berry Amendment, which generally prohibits the use of funds available to DOD for the procurement of certain items when not grown, reprocessed, reused, or produced in the United States, absent an exception. Two exceptions relevant to FR rayon fiber are the general availability exception under the Berry Amendment itself, which results in a domestic nonavailability determination (DNAD), and the exception unique to FR rayon provided by the authority found in section 829 of the National Defense Authorization Act for fiscal year 2008. DOD indicated that a DNAD issued in 2001 for rayon yarn for use in military clothing and textile items provides the basis for the waiver presently used for purchase of FR rayon for military uniforms. We are not making any recommendations in this report.
    [Read More…]
  • Areas with High Poverty: Changing How the 10-20-30 Funding Formula Is Applied Could Increase Impact in Persistent-Poverty Counties
    In U.S GAO News
    What GAO Found Some federal agencies have been statutorily required to use the “10-20-30 formula” when allocating funding for certain programs. That is, agencies must allocate at least 10 percent of designated funds to counties with poverty rates of at least 20 percent over the last 30 years (persistent-poverty counties). However, GAO found the formula has not always increased the proportion of funding awarded to those counties. The Department of Commerce's Economic Development Administration (EDA) and Department of the Treasury's Community Development Financial Institutions (CDFI) Fund both awarded at least 10 percent of designated funds to persistent-poverty counties in fiscal years 2017–2020, but generally had done so before 2017. Most of their programs subject to the formula already were required to target funds to economically distressed areas. The Department of Agriculture's (USDA) Rural Development awarded less than 10 percent of designated funds to persistent-poverty counties in at least one fiscal year for six out of 10 appropriations accounts. Rural Development set aside 10 percent of designated funds for use in those counties, which officials said met the statutory requirement to allocate these funds. Officials said some programs had not received a sufficient number of applications from these counties to meet the threshold because the programs are not well-suited to areas with severe poverty. For example, it may not be financially prudent for local governments in persistent-poverty counties to participate in a loan program to finance community facilities if the governments cannot service the debt. The purpose of the 10-20-30 formula—to increase the proportion of funding awarded to persistent-poverty counties—could be better achieved by focusing its application on programs that do not already target such areas and which can provide meaningful assistance to economically distressed communities. The three agencies GAO reviewed used different datasets and methodologies to identify persistent-poverty counties for the 10-20-30 formula. Appropriations laws for 2017–2020 required the agencies to use data from different years and sources, some outdated, to identify the counties. EDA also used a methodology that identified more than 100 additional persistent-poverty counties, than the other two agencies. Requiring each agency to identify persistent-poverty counties in this way is inefficient, and the inconsistency limits the ability to compare targeted funding across agencies. Using a uniform list of persistent-poverty counties, updated each year, would reduce administrative costs and facilitate assessments of the formula's impact across agencies. Such a measure also could help ensure more consistent investment in areas with current poverty rates of at least 20 percent. USDA's Economic Research Service has the technical capabilities to produce such a list and officials said that doing so each year would not be resource intensive because the agency already publishes other related work using the same data. Why GAO Did This Study Since 2009, the 10-20-30 formula has been applied to appropriations for certain federal programs and accounts. This includes programs and accounts administered by USDA's Rural Development, Treasury's CDFI Fund, and Commerce's EDA that averaged more than $10 billion in each fiscal year from 2017 to 2020. GAO was asked to review certain issues related to the 10-20-30 formula. This report examines (1) the proportion of funds subject to the 10-20-30 formula that these agencies awarded in persistent-poverty counties in 2017–2020 and the effects on funding levels to these areas, and (2) how agencies identify persistent-poverty counties. GAO analyzed agency budget and administrative data for fiscal years 2017—2020. GAO also reviewed documentation, such as program descriptions and funding notices, and interviewed agency officials.
    [Read More…]
  • Four Plead Guilty to Multi-State Dogfighting Conspiracy
    In Crime News
    Four defendants pleaded guilty to federal dogfighting and conspiracy charges for their roles in an inter-state dogfighting network across the District of Columbia, Maryland, Virginia and New Jersey.
    [Read More…]
  • South Padre Island man heads to prison following the discovery of more than 22K pornographic images
    In Justice News
    A 68-year-old local man [Read More…]
  • Secretary Blinken’s Call with Qatari Deputy Prime Minister and Minister of Foreign Affairs Al-Thani
    In Crime Control and Security News
    Office of the [Read More…]
  • Secretary Blinken’s Call with Canadian Foreign Minister Joly
    In Crime Control and Security News
    Office of the [Read More…]
  • Cameroonian Citizen Extradited from Romania to Face Covid-19-Related Fraud Charges
    In Crime News
    A citizen of Cameroon was extradited to the U.S. yesterday to face federal charges for his alleged involvement in a fraud scheme perpetrated against American consumers.
    [Read More…]
  • United States Joins Intergovernmental Forum on Mining
    In Crime Control and Security News
    Office of the [Read More…]
  • System Review Report of the GAO OIG Audit Organization (prepared by the Architect of the Capitol OIG)
    In U.S GAO News
    Government Auditing Standards require that each organization conducting engagements in accordance with these standards must obtain an external peer review. The objectives of a peer review are to determine whether (1) the reviewed audit organization's system of quality control is suitably designed and (2) the organization is complying with its quality control system so that it has reasonable assurance that it is performing and reporting in conformity with professional standards and applicable legal and regulatory requirements in all material respects. Peer reviews of Offices of Inspector General (OIGs) must be conducted by reviewers independent of the audit organization being reviewed at least once every three years in accordance with guidance established by the Council of the Inspectors General on Integrity and Efficiency. The GAO OIG received a peer review rating of "pass." The Architect of the Capitol OIG completed the peer review of the GAO OIG audit organization for the year ending March 31, 2021 and concluded that the system of quality control has been suitably designed and complied with to provide the GAO OIG with reasonable assurance of performing and reporting in conformity with applicable professional standards and applicable legal and regulatory requirements in all material respects. For more information, contact Mary Arnold Mohiyuddin at (202) 512-3087 or mohiyuddinm@gao.gov.
    [Read More…]
  • Goldman Sachs Charged in Foreign Bribery Case and Agrees to Pay Over $2.9 Billion
    In Crime News
    The Goldman Sachs Group Inc. (Goldman Sachs or the Company), a global financial institution headquartered in New York, New York, and Goldman Sachs (Malaysia) Sdn. Bhd. (GS Malaysia), its Malaysian subsidiary, have admitted to conspiring to violate the Foreign Corrupt Practices Act (FCPA) in connection with a scheme to pay over $1 billion in bribes to Malaysian and Abu Dhabi officials to obtain lucrative business for Goldman Sachs, including its role in underwriting approximately $6.5 billion in three bond deals for 1Malaysia Development Bhd. (1MDB), for which the bank earned hundreds of millions in fees.  Goldman Sachs will pay more than $2.9 billion as part of a coordinated resolution with criminal and civil authorities in the United States, the United Kingdom, Singapore, and elsewhere. 
    [Read More…]
  • Cyprus Travel Advisory
    In Travel
    Reconsider travel to [Read More…]

Crime

Network News © 2005 Area.Control.Network™ All rights reserved.