The U.S. Customs and Border Protection (CBP) department announced June 13 that it had begun testing new data processes at airports that will capture biometric information on travelers leaving the United States. It's a long-awaited development, but one that's arriving as the FBI is working to eliminate consumer privacy protections on its biometric database.
The CBP began initial testing June 13 at the Hartsfield-Jackson Atlanta International Airport that will run until Sept. 30, on a single flight a day, from the United States to Japan. Travelers aged 15 through 78 will be required to participate.
When travelers present their boarding passes, their "digital photos" will be taken, the CBP said in a statement, in a process designed to take under 3 seconds.
"The test will evaluate CBP's ability to successfully compare the image of a traveler taken during departure against an image the traveler previously provided, in an automated fashion and without impacting airport operations," the CBP stated.
It also noted that travelers with a U.S. passport "will not have their data retained for the purposes of this test once it is confirmed that they are the true document holder." Further, after an evaluation of the test, the data will be deleted. During the test, the data will be held for comparison in "secure CBP data systems," said the department.
In 2013, following a security breach at the Pentagon, the Websites of the CBP and the Office of Personnel Management were hacked by the Tunisian Cyber Army and Al-Qaeda Electronic Army.
The CBP said that implementing a "biometric exit" solution has been a challenge at international U.S. airports because their exit-processing infrastructure varies considerably. Still, the agency plans to have a solution in place at all of the highest-volume U.S. airports by 2018.
In January, at a hearing before the Senate Subcommittee on Immigration and the National Interest, a Senate panel called the CBP and the Department of Homeland Security to task for the long overdue project. Twenty years ago, Congress mandated the collection of biometric data from travelers exiting the country.
"If Disneyland can do this, then the federal government ought to be able to do it," Sen. John Cornyn (R-Texas), said at the hearing, according to FCW.
The CBP measure is designed to better secure the U.S. border and ensure that foreign travelers are who they say they are. However, it comes at a time when the FBI has aroused further distrust about the government's use and handling of biometric data.
In May, the FBI moved to exempt the Next Generation Identification (NGI) system, its database of biometric information, from consumer protections put in place by the Privacy Act of 1974. Those protections include the right for a person to know what information the government has on him or her; the right to be judged only on data that is accurate, relevant and timely; the right to correct inaccurate information; and the right to take the FBI to court if it doesn't follow the law.
Though requests for information had been made for years, the FBI didn't publish a Systems of Record Notice about the NGI until May 5, the same day it proposed the privacy exemptions.
On May 27, several dozen organizations, from Uber to the American Civil Liberties Union (ACLU), signed a letter to the privacy analyst at the U.S. Department of Justice, asking that the 30-day review period be extended.
They noted that biometric technologies such as facial recognition may misidentify African-Americans, young people and women at higher rates than white people, older people and men.
"The Privacy Act was enacted to ensure that individuals had an enforceable right to know the records that the government keeps about their activities," the groups added. "While there may be legitimate reasons for exempting some law enforcement activities from some of the Act's provisions, exemptions must not render the Act meaningless."
"I think the [CBP] tests highlight the extent to which this is a technology that security agencies are going to want to use more and more … and that it's a tool that's going to be more and more powerful, and that we'll need stronger and stronger checks and balances around," Jay Stanley, a senior policy analyst with the ACLU Speech, Privacy, Technology Project, told eWEEK.
"Once that face-recognition data gets collected," he added, "they're going to want to use it for all kinds of purposes."
Stanley noted that the Justice Department, in acknowledgment of the groups' request, did extend by 30 days the window for public comment on the FBI's proposed changes. During that time, he said, the ACLU be signing on to some comments, and others will be alerting members of the public. "And we'll see what happens," he concluded.