US flag Official website of the Department of Homeland Security

Biometric Exit Frequently Asked Questions (FAQs)

General

How does this work?

Just before entry or exit, each international traveler’s photo is taken, either by CBP-owned cameras or equipment provided by the airlines, airport authority, or cruise line. CBP’s biometric matching service, the Traveler Verification Service (TVS), compares the new photo with DHS holdings, which include images from photographs taken by CBP during the entry inspection, photographs from U.S. passports, U.S. visas and other travel documents, as well as photographs from previous DHS encounters. See the most recent TVS Privacy Impact Assessment (PIA) for more information.

Are U.S. Citizens required to provide biometrics for the entry-exit system?

While U.S. Citizens who are entering or exiting the country are generally required to be in possession of a valid U.S. passport, CBP does not require U.S. Citizens or exempt aliens[1] to have their pictures taken. Travelers who do not wish to participate in this facial comparison process may notify a CBP Officer or an airline, airport or cruise line representative in order to seek an alternative means of verifying their identities and documents. CBP discards all photos of U.S. Citizens within 12 hours of identity verification.

 


[1] By law, CBP may require certain aliens to provide biometric identifiers to confirm their admissibility pursuant to 8 CFR 235.1(f)(ii) or, at specified airports, their departure pursuant to 8 CFR 215.8(a)(1). Some aliens are exempt from any requirement to provide biometrics, including: Canadian citizens under section 101(a)(15)(B) of the Act who are not otherwise required to present a visa or be issued a form I-94 or Form I-95; aliens younger than 14 or older than 79 on the data of admission; aliens admitted A-1, A-2, C-3 (except for attendants, servants, or personal employees of accredited officials), G-1, G-2, G-3, G-4, NATO-1, NATO-2, NATO-3, NATO-4, NATO-5, or NATO-6 visas, and certain Taiwan officials who hold E-1 visas and members of their immediate families who hold E-1 visas unless the Secretary of State and the Secretary of Homeland Security jointly determine that a class of such aliens should be subject to the requirements of paragraph (d)(1)(ii); classes of aliens to whom the Secretary of Homeland Security and the Secretary of State jointly determine it shall not apply; or an individual alien to whom the Secretary of Homeland Security, the Secretary of State, or the Director of Central Intelligence determines this requirement shall not apply.

 

Partners

What requirements does CBP have of its partners who collect data?

A number of airlines, airport authorities and cruise lines may opt to leverage their own technology in partnership with CBP to facilitate identity verification. In compliance with CBP’s business requirements, these industry partners deploy their own camera operators and camera technologies meeting CBP’s technical specifications to capture facial images of travelers and use the Traveler Verification Service (TVS) facial comparison service for identity verification. Each camera must be connected to the TVS via a secure, encrypted connection. While the photo capture process may vary slightly according to the unique requirements of each participating airline, airport authority or cruise line, the IT infrastructure supporting the backend process remains the same.

Under the CBP partner process as implemented in CBP’s business requirements, CBP does not allow its approved partners to retain the photos they collect under this process for their own business purposes. These partners must immediately purge the photos following transmittal and identity verification through the TVS. Each CBP's partner's IT system must allow CBP to audit compliance with these requirements. [1]


[1] If approved partners elect to capture photos with their own cameras for their own business purposes under a separate process, these partners must provide a separate public notice, such as signage, which does not link that particular process to CBP.


 
Information Security

How does CBP secure traveler photos?

CBP is committed to securing traveler information. Toward this end, CBP employs four primary safeguards to secure the data:

  • Secure Encryption and Authentication: CBP IT systems use two-factor authentication and strong encryption to transfer the data between the camera, the Traveler Verification Service (TVS), and DHS systems. The encryption keys for the cloud service provider are stored using the provider’s Key Management Service, on hardware hosted by the provider. This service is a FedRAMP-compliant service that fully audits every time a key is accessed. The cloud service provider adheres to the security and privacy controls required by National Institute of Standards and Technology (NIST) Special Publication 800-144, “Guidelines on Security and Privacy in Public Cloud Computing,”[1] and the DHS Chief Information Officer.
  • Biometric Templates: CBP creates biometric templates of historical photos and new photos for matching and storage. Biometric templates are strings of multiple numbers representing images that can be matched against other templates that represent facial images. These templates are irreversible and cannot be reverse-engineered by anyone outside of CBP to reconstruct the photo, meaning that these photographs are not recognizable outside of the TVS system.
  • Brief Retention Periods: CBP discards the photos of U.S. Citizens and exempt aliens[2] no more than 12 hours after their identities have been verified. CBP deletes the photos of in-scope[3] travelers within 14 days from CBP systems but may retain the photos in the DHS Automated Biometric Identification System (IDENT)[4] as a biometrically-confirmed arrival or departure from the United States, as required by law. CBP documents the deletion of data from CBP systems.
  • Secure Storage: Facial images are encrypted and stored only in secure DHS systems and, for a brief period of time, in a secure cloud environment for comparison against travelers’ historical photos. CBP’s approved partners such as airlines, airport authorities, and cruise lines are not permitted to retain any photos taken for the purpose of identity verfication through the TVS, for their own business purposes.

[1] See http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf

[2] By law, CBP may require certain aliens to provide biometric identifiers to confirm their admissibility pursuant to 8 CFR 235.1(f)(ii) or, at specified airports, their departure pursuant to 8 CFR 215.8(a)(1). Some aliens are exempt from any requirement to provide biometrics, including: Canadian citizens under section 101(a)(15)(B) of the Act who are not otherwise required to present a visa or be issued a form I-94 or Form I-95; aliens younger than 14 or older than 79 on the data of admission; aliens admitted A-1, A-2, C-3 (except for attendants, servants, or personal employees of accredited officials), G-1, G-2, G-3, G-4, NATO-1, NATO-2, NATO-3, NATO-4, NATO-5, or NATO-6 visas, and certain Taiwan officials who hold E-1 visas and members of their immediate families who hold E-1 visas unless the Secretary of State and the Secretary of Homeland Security jointly determine that a class of such aliens should be subject to the requirements of paragraph (d)(1)(ii); classes of aliens to whom the Secretary of Homeland Security and the Secretary of State jointly determine it shall not apply; or an individual alien to whom the Secretary of Homeland Security, the Secretary of State, or the Director of Central Intelligence determines this requirement shall not apply.

[3] CBP may require certain aliens  to provide biometrics upon entry or exit from the United States pursuant to 8 CFR 235.1(f)(ii) or 8 CFR 215.8(a)(1).  Some aliens are exempt from any requirement to provide biometrics, including: Canadian citizens under section 101(a)(15)(B) of the Act who are not otherwise required to present a visa or be issued a form I-94 or Form I-95; aliens younger than 14 or older than 79 on the data of admission; aliens admitted A-1, A-2, C-3 (except for attendants, servants, or personal employees of accredited officials), G-1, G-2, G-3, G-4, NATO-1, NATO-2, NATO-3, NATO-4, NATO-5, or NATO-6 visas, and certain Taiwan officials who hold E-1 visas and members of their immediate families who hold E-1 visas unless the Secretary of State and the Secretary of Homeland Security jointly determine that a class of such aliens should be subject to the requirements of paragraph (d)(1)(ii); classes of aliens to whom the Secretary of Homeland Security and the Secretary of State jointly determine it shall not apply; or an individual alien to whom the Secretary of Homeland Security, the Secretary of State, or the Director of Central Intelligence determines this requirement shall not apply.

[4] See DHS/NPPD/PIA-002 Automated Biometric Identification System (IDENT) (December 7, 2012), available at https://www.dhs.gov/privacy.

Has CBP reviewed the security of the Traveler Verification Service (TVS)?

The CBP Office of Information and Technology has completed a System Security Plan for the Traveler Verification Service (TVS) application as part of the Certification and Accreditation (C&A) process, in accordance with the requirements defined under the Federal Information Security Management Act (FISMA). The DHS Privacy Office and CBP Privacy Office continually review this program to ensure compliance with the applicable federal privacy laws and regulations as well as privacy and data protection best practices.

Accuracy

What steps is CBP taking to ensure that the facial comparison biometrics technology is producing the most accurate results possible?

CBP has a robust process for performing operational assessments of CBP’s biometric system performance, including the evaluation of the performance of biometric transactions performed during arrival and departure operations. CBP also engages third parties such as DHS Science and Technology Directorate and the National Institutes of Standards and Technology (NIST) to both evaluate CBP operational data and make recommendations for performance enhancements that include biometric capture and matching.

The biometric industry as a whole has experienced significant gains in the accuracy of facial recognition and matching algorithms over the past few years. A recent NIST vendor test[1] among 127 vendor algorithms from 39 different developers revealed a 20-fold increase in accuracy between 2014 and 2018. Additionally, NIST found that with high quality photos, the most accurate algorithm can identify matches with only a 0.2 percent error rate.

CBP recently formalized a partnership with NIST to evaluate and improve the capabilities of the facial matching performance for large-scale traveler identification at air, land and sea ports of entry across the country.


[1] See https://www.nist.gov/news-events/news/2018/11/nist-evaluation-shows-advance-face-recognition-softwares-capabilities.

Privacy

How does CBP protect traveler's information and privacy?

For information on CBP's privacy policy, please visit the Privacy section.

Last modified: 
Monday, July 8, 2019 - 14:19
Tags: