A new audit from the Government Accountability Office (GAO) published this week accuses Customs and Border Protection (CBP) of negligence in the providing of complete and accurate privacy notices, as well as failing to conduct audits that would ensure its facial recognition technology complies with privacy standards.
The report was conducted at the request of a bipartisan group consisting of Rep. Bennie Thompson, D-Miss, and Sens. Ron Johnson, R-Wis, and Gary Peters, D-Mich.
The GAO audit pays particular attention to the CBP’s increasingly common use of facial recognition technology at points of entry into the country, and its poor attempts at informing the public of the processes involved, pointing to inaccurate information being displayed or signs that are placed in hard-to-see places.
“We have done a number of reviews looking at CBP’s efforts to develop and implement a biometric entry and exit system and we have, over the years, identified long-standing challenges in CBP’s efforts to develop and implement that system,” said Rebecca Gambler, the director of GAO’s homeland security and justice team, in an interview with Nextgov.
Gambler says that CBP has in fact taken some steps aimed at addressing concerns regarding privacy, but there are more areas that require attention.
For this latest report, the GAO focused on CBP’s facial recognition solution used for identity verification at entry and exit points, including at land, sea and air ports of entry, though it is most commonly used at airports. It can be found in 27 different airport facilities around the country including Hartsfield-Jackson in Atlanta, Dulles in Virginia, and JFK in New York.
The privacy audits conducted fall into two main categories, with the first concerning keeping the public informed about how privacy commitments are being upheld (as well as how to opt-out of participating), and the second focusing on how the CBP conducts oversight of any program partners, which for the most part are airlines.
Specific issues found in the audit that highlight the CBP’s shortcomings in keeping the public informed include signs obscured from view by other signs, signs containing false information regarding the length of time CBP would retain biometric data captured, and CBP call center staff without knowledge of where facial recognition technology was deployed.
To conduct the audit, GAO officials visited sites where the tech was used and interviewed some CBP agents, while also reviewing program literature, results from pilot programs, and other relevant documents like Privacy Impact Assessments.
September 4, 2020 – by Tony Bitzionis