US Customs and Border Protection uses facial recognition technology for identity checks in some border locations. As of July 2022, CBP rolled out this technology at 32 airports for travelers leaving the United States and at all airports for travelers entering the country.
We testified that CBP’s privacy signs, which inform the public about the use of this technology, were not always current or available where this technology was used.
Our previous recommendations included that CBP ensure that its privacy notices are complete and available in places that use this technology.
Example of cameras and screens used for facial recognition at Port Canaveral harbor
What GAO found
US Customs and Border Protection (CBP) has made progress in testing and implementing facial recognition (FRT) technology in air, sea and land ports of entry to create entry-exit records for foreign nationals as part of its program biometric entry-exit. As of July 2022, CBP has deployed FRT at 32 airports to biometrically confirm the identity of travelers departing from the United States (air exit) and at all airports for arriving international travelers.
Facial recognition technology in use at an airport
In September 2020, GAO reported that CBP had taken steps to incorporate privacy principles into its program, such as prohibiting airlines from storing or using traveler photos for their own purposes. However, CBP had not consistently provided travelers with information on FRT’s locations. Additionally, CBP’s privacy signage provided limited information on how travelers could request to opt out of FRT screening and it was not always posted. Since then, CBP has ensured that privacy notices contain complete information and is taking steps to ensure that signage is more consistently available, but it needs to complement its efforts to distribute updated signage in locations where FRT is used. Additionally, CBP requires its business partners, such as airlines, to follow CBP’s privacy requirements and may check partners to assess compliance. As of May 2020, CBP had only verified one airline partner and had no plan to ensure all partners were verified. In July 2022, CBP reported that it had conducted five5 assessments of its airline partners and that it has three more assessments underway. These are positive steps to ensure that air traveler information is safeguarded. However, CBP should also monitor other partners who have access to personally identifiable information, including those in other travel environments, suppliers and contractors, and partners in land and sea ports of entry.
CBP evaluated the accuracy and performance of FRT air outlet capabilities through operational tests. Tests found that the air outlet exceeded its accuracy targets but failed to achieve a performance target for capturing 97% of traveler photos because airlines did not photograph all travelers consistently. As of July 2022, CBP officials report that they are planning to remove this requirement by removing the photo capture target because the airline’s participation in the program is voluntary and CBP has no staff to monitor the photo capture process. photos at each gate.
Why GAO did this study
Within the Department of Homeland Security (DHS), CBP is charged with the dual mission of facilitating legitimate travel and protecting the borders of the United States. In response to federal laws requiring DHS to implement a biographical and biometric data system for foreign nationals in and out of the U.S. In response, CBP prosecuted FRT to verify a traveler’s identity in lieu of a ” visual inspection of travel identification documents.
This statement addresses the extent to which CBP has (1) incorporated privacy principles and (2) evaluated the accuracy and performance of its use of FRT. This statement is based on a September 2020 report (GAO-20-568), along with updates in July 2022 on actions taken by CBP to respond to previous GAO recommendations. For that report, GAO conducted site visits to observe CBP’s use of FRT; revised program documents; and interviewed DHS officials.