Biometric Exit Frequently Asked Questions (FAQs)
In 2004, Congress required DHS to develop a biometric entry and exit system. In 2013, Congress transferred the entry-exit policy and operations to U.S. Customs and Border Protection (CBP). As part of the border security mission, the agency is deploying new technologies to verify each traveler’s identity – both upon arrival in, and departure from the United States.
Just before departure, each international traveler’s photo is taken, by either CBP-owned cameras or equipment provided by the airlines or airport authority. CBP compares the photo with existing images from passports, visas and other travel documents, as applicable, in a secure environment using the Traveler Verification Service (TVS). These images include photographs taken by CBP during the entry inspection, photographs from U.S. passports and U.S. visas, and photographs from previous DHS encounters. See the TVS Privacy Impact Assessments (PIA) for more information.
Individuals seeking to travel internationally are subject to the laws and rules enforced by CBP and are subject to inspection. However, if a U.S. Citizen does not wish to participate in the biometric entry or exit process, he or she must request to be processed using alternate procedures, such as presenting travel credentials to an available CBP Officer or authorized airline personnel.
CBP is committed to protecting the privacy of all travelers. Toward this end, CBP employs four primary safeguards to secure the data:
- Secure Encryption: CBP IT systems use HTTPS/SSL encryption during the storage of personally identifiable information and during the data transfer between the camera and the TVS cloud matching service.
- Biometric Templates: CBP creates biometric templates of each (1) historical photo and (2) newly-captured photo for matching and storage. What are biometric templates?
- Strings of multiple numbers representing images that can be matched against other templates that represent facial images
- Irreversible—cannot be reverse-engineered to reconstruct the photo by anyone outside of CBP
- Brief Retention Periods: CBP discards the photos of U.S. Citizens within 12 hours after their identities have been verified and deletes the photos of non-U.S Citizens within 14 days from CBP systems.
- Secure Storage: Facial images are stored in secure CBP systems and, for a brief period of time, in a secure cloud environment for matching, thus mitigating potential privacy risks.
- The cloud service provider adheres to the security and privacy controls required by National Institute of Standards and Technology (NIST) Special Publication 800-144, “Guidelines on Security and Privacy in Public Cloud Computing,” and the DHS Chief Information Officer.
The CBP Office of Information and Technology (OIT) completed a System Security Plan for the TVS application as part of the Certification and Accreditation (C&A) process, in accordance with the requirements defined under the Federal Information Security Management Act (FISMA). The most recent C&A for the TVS was completed on December 12, 2017. A Privacy Compliance Review will follow later in 2018 to ensure that the TVS is operating in compliance with privacy and data protection best practices.
CBP retains the photos of U.S. Citizens until their identities have been verified. CBP temporarily retains photos of all other travelers for up to 14 days in secure CBP systems to support system audits, to evaluate the TVS facial recognition technology, and to ensure accuracy of the facial recognition process. CBP also enrolls non-U.S Citizens, in association with their encounters with CBP, and stores their photos in the DHS Automated Biometric Identification System (IDENT), in order to biometrically record their entry/exit and to ensure more accurate TVS matching in the future.
CBP is dedicated to protecting the privacy of all travelers. CBP only uses photographs to verify traveler identities and create a record of entry or exit. Photographs of non-U.S. Citizens may be maintained in secure systems and shared in accordance with the relevant Privacy Act System of Records Notice (SORN). The newly captured images will be used to assist the CBP Officer in verifying identity and determining whether the traveler is the true bearer of travel documents. The photos of U.S. Citizens will not be retained. The photos of other travelers will be maintained for up to 14 days in the TVS cloud matching service for system audits and evaluation and may also be stored in the DHS IDENT System, only in accordance with the applicable SORN. More information is available at www.dhs.gov/privacy-impact-assessments.
CBP is testing facial recognition technology at select Transportation Security Administration (TSA) checkpoints. This technology captures photographs of travelers scheduled for international flights to verify their identity. CBP is conducting this technical demonstration to validate the accuracy and viability of capturing and matching facial images at the TSA checkpoint.
A live photo captured at the TSA checkpoint is used to compare against existing government holdings, such as your passport or visa photo. TSA incorporates mobile technology and CBP’s facial matching service into the identity verification process. If a passenger does not match a photo from existing government holdings, the TSA Officer may conduct a manual document check and may also consult a CBP Officer in order to verify your identity and documents using alternative methods. If you do not wish to have your picture taken, please notify the TSA Officer for an alternative means of identity and documentation verification.
As part of its arrangement with industry partners, CBP partners agree to encrypt the biometric data, during transmission to CBP. Questions regarding how an industry partner stores data in its proprietary systems should be directed to the relevant industry partner.
Updates and changes related to biometrics and biometric entry-exit will be communicated through relevant Privacy Impact Assessments (PIA) and System of Records Notices (SORN), in compliance with the Privacy Act and E-Government Acts, and where appropriate, through notices published in the Federal Register. The website will also be updated, as needed, with published PIAs and rules.