Biometric Exit Frequently Asked Questions (FAQs)
In 2004, Congress required DHS to develop a biometric entry and exit system. In 2013, Congress transferred the entry-exit policy and operations to U.S. Customs and Border Protection (CBP). As part of the border security mission, the agency is deploying new technologies to verify each traveler’s identity – both upon arrival in, and departure from the United States.
Just before entry or exit, each international traveler’s photo is taken, either by CBP-owned cameras or equipment provided by the airlines or airport authority. CBP compares the photo with existing images from passports, visas and other travel documents, as applicable, in a secure environment using the Traveler Verification Service (TVS). These images include photographs taken by CBP during the entry inspection, photographs from U.S. passports and U.S. visas, and photographs from previous DHS encounters. See the TVS Privacy Impact Assessments (PIA) for more information.
U.S. Citizens who are entering or exiting the country are generally required to be in possession of a valid U.S. passport. However, CBP does not require U.S. Citizens to have their photos taken when entering or exiting the country. U.S. Citizens who do not wish to participate in this biometric process should notify a CBP Officer or an airline or airport representative in order to seek an alternative means of verifying their identity and documents. CBP discards all photos of U.S. Citizens once their identities have been verified.
 Photos of U.S. Citizens and biometrically-exempt aliens are held in CBP’s biometric matching service for no more than 12 hours following identity verification, for continuity of operations purposes.
Individuals seeking to travel internationally are subject to the laws and rules enforced by CBP and are subject to inspection. However, if a traveler does not wish to participate in the biometric entry or exit process, he or she must request to be processed using alternate procedures, such as presenting travel credentials to an available CBP Officer or authorized airline personnel.
CBP is committed to securing traveler information. Toward this end, CBP employs four primary safeguards to secure the data:
- Secure Encryption and Authentication: CBP IT systems use two-factor authentication and strong encryption to transfer the data between the camera, the TVS cloud matching service, and CBP systems. The encryption keys for the cloud service provider are stored using the provider’s Key Management Service, on hardware hosted by the provider. This service is a FedRAMP-compliant service that fully audits every time a key is accessed.
- Biometric Templates: CBP creates biometric templates of the historical photos and the newly-captured photo for matching and storage. Biometric templates are strings of multiple numbers representing images that can be matched against other templates that represent facial images. These templates are irreversible and cannot be reverse-engineered to reconstruct the photo by anyone outside of CBP,
- Brief Retention Periods: CBP discards the photos of U.S. Citizens and biometrically-exempt aliens no more than 12 hours after their identities have been verified. CBP deletes the photos of in-scope non-U.S. Citizens within 14 days from CBP systems but may retain the photos in the DHS IDENT System as a biometrically-confirmed arrival or departure from the United States, as required by law. CBP documents the deletion of data from CBP systems.
- Secure Storage: Facial images are encrypted and stored only in secure DHS systems and, for a brief period of time, in a secure cloud environment for matching.
- The cloud service provider adheres to the security and privacy controls required by National Institute of Standards and Technology (NIST) Special Publication 800-144, “Guidelines on Security and Privacy in Public Cloud Computing,” and the DHS Chief Information Officer.
 An “in-scope” traveler is any alien who is required by law to provide biometrics upon entry or exit from the United States pursuant to 8 CFR 235.1(f)(ii).
The CBP Office of Information and Technology (OIT) has completed a System Security Plan for the TVS application as part of the Certification and Accreditation (C&A) process, in accordance with the requirements defined under the Federal Information Security Management Act (FISMA). The DHS Privacy Office and CBP Privacy Office continually review this program to ensure compliance with the applicable federal privacy laws and regulations as well as privacy and data protection best practices.
CBP retains the photos of U.S. Citizens until their identities have been verified. CBP temporarily retains photos of all other travelers for up to 14 days in secure CBP systems to support system audits, to evaluate the TVS facial recognition technology, and to ensure accuracy of the facial recognition process. CBP also enrolls non-U.S Citizens, in association with their encounters with CBP, and stores their photos in the DHS Automated Biometric Identification System (IDENT), in order to biometrically record their entry/exit and to ensure more accurate TVS matching in the future.
CBP is dedicated to protecting the privacy of all travelers. CBP only uses photographs to verify traveler identities and create a record of entry or exit. Photographs of non-U.S. Citizens may be maintained in secure systems and shared in accordance with the relevant Privacy Act System of Records Notice (SORN). The new images will be used to assist the CBP Officer in verifying identity and determining whether the traveler is the true bearer of travel documents. The photos of U.S. Citizens will not be retained. The photos of other travelers will be maintained for up to 14 days in the TVS cloud matching service for system audits and evaluation and may also be stored in the DHS IDENT System, only in accordance with the applicable SORN. More information is available at www.dhs.gov/privacy-impact-assessments.
CBP is testing facial recognition technology at select Transportation Security Administration (TSA) checkpoints. This technology enables photographs of travelers, scheduled for international flights, to verify their identity. CBP is conducting this technical demonstration to validate the accuracy and viability of taking photos and matching facial images at the TSA checkpoint.
A live photo taken at the TSA checkpoint is used to compare against existing government holdings, such as your passport or visa photo. TSA incorporates mobile technology and CBP’s facial matching service into the identity verification process. If a passenger does not match a photo from existing government holdings, the TSA Officer may conduct a manual document check and may also consult a CBP Officer in order to verify your identity and documents using alternative methods. If you do not wish to have your picture taken, please notify the TSA Officer for an alternative means of identity and documentation verification.
A number of airlines and airport authorities, some of which were already incorporating the use of traveler photographs into their own business processes, may opt to leverage their own technology in partnership with CBP to facilitate identity verification. In compliance with CBP’s business requirements, these industry partners deploy their own camera operators and camera technology meeting CBP’s technical specifications to photograph facial images of travelers and use the TVS matching service for identity verification. Each camera is connected to the TVS via a secure, encrypted connection. While the photo image process may vary slightly according to the unique requirements of each participating airline and airport authority, the IT infrastructure supporting the backend process remains the same.
Under the CBP partner process as implemented in CBP’s business requirements, CBP does not allow its approved partners to retain the photos they collect under this process for their own business purposes. These partners must immediately purge the photos following transmittal to the TVS. The CBP partner's system must allow CBP to audit compliance with this requirement. Questions regarding how an industry partner stores data in its proprietary systems should be directed to the relevant industry partner.
 If approved partners elect to take photos with their own cameras for their own business purposes under a separate process, these partners must provide a separate public notice, such as signage, which does not link that particular process to CBP. To date, no airline or airport authority has communicated to CBP any plans to collect and retain this biometric data captured under this process for its own purposes.
Updates and changes related to biometrics and biometric entry-exit will be communicated through relevant Privacy Impact Assessments (PIA) and System of Records Notices (SORN), in compliance with the Privacy Act of 1974 and the E-Government Act of 2002, and where appropriate, through notices published in the Federal Register. This website will also be updated, as needed, to inform the public of published notices, policies, privacy documents and regulations.
As part of its arrangement with industry partners, CBP partners agree to encrypt the biometric data, during transmission to CBP. Questions regarding how an industry partner stores data in its proprietary systems should be directed to the relevant industry partner.
Updates and changes related to biometrics and biometric entry-exit will be communicated through relevant Privacy Impact Assessments (PIA) and System of Records Notices (SORN), in compliance with the Privacy Act and E-Government Acts, and where appropriate, through notices published in the Federal Register. The website will also be updated, as needed, with published PIAs and rules.