DHS-wide Biometrics Programs, Issues, Detailed in Data Mining Report to Congress
The comprehensive, legally mandated new Department of Homeland Security (DHS) Privacy Office’s Data Mining Report to Congress provides detailed updates on modifications, additions, and other developments to numerous department-wide programs that involve extensive data mining of biometric information to support DHS’s mission to protect the homeland, and provides examples of its effectiveness.
The annual audit report ensured DHS components’ employment of biometric data mining is conducted in a manner that protects privacy. The report “discusses activities currently deployed or under development in the department that meet the Data Mining Reporting Act’s definition of data mining, and provides the information set out in the Act’s reporting requirements for data mining activities,” the report says.
The report also noted that, “DHS continues to improve its data collection of both biographic and biometric data on travelers departing the United States.”
These improvements are discussed in detail in the report.
The report follows Biometric Update having reported that, while Congress recently passed legislation imposing potentially expensive – but unfunded –reporting and compliance requirements on Customs and Border Protection (CBP) and the Transportation Security Administration’s (TSA) programs to expand their use of biometrics, DHS’s Privacy Office’s 2018 annual report to Congress said preventing terrorism through biometrics is among the numerous biometric priorities it will put under scrutiny in the new federal fiscal year, which began last month. Furthermore, DHS’s Privacy Office indicated it will be keeping a close eye on the use of biometrics across the entire DHS enterprise with regard to keeping biometric related privacy issues in check pursuant to federal laws.
For DHS’s purposes, biometrics includes fingerprints, hand geometry, facial patterns, and iris and retinal scans. Behavioral biometrics includes voice patterns, written signatures, and keyboard typing techniques. They’re incorporated into “automated methods of recognizing a person based on a physiological or behavioral characteristic that are unique to an individual.”
In other words, biometrics provides “unification of an individual’s biographic, biometric and credentialing information to provide ‘one identity’ across all DHS business processes.”
With the creation of DHS, Congress authorized the department to engage in biometric data mining and the use of other analytical tools in furtherance of departmental goals and objectives.
The following DHS programs engage in biometric and Personally Identifiable Information (PII) data mining:
• The Automated Targeting System (ATS), which is administered by CBP and includes modules for inbound (ATS-N) and outbound (ATS-AT) cargo, land border crossings (ATS-L), and passengers (ATS-P);
• The Analytical Framework for Intelligence (AFI), which is administered by CBP. AFI provides enhanced search and analytical capabilities to identify, apprehend, and prosecute individuals who pose a potential law enforcement or security risk, and aids in the enforcement of customs, immigration, and other laws enforced by DHS at the border;
• The FALCON Data Analysis and Research for Trade Transparency System (DARTTS), which is administered by Immigration and Customs Enforcement (ICE);
• The FALCON-Roadrunner system, which is administered by ICE;
• The DHS Data Framework, which is a DHS-wide initiative;
• The SOCRATES Pilot Program, which is administered by CBP; and
• The Fraud Detection and National Security – Data System (FDNS-DS)/ATLAS, which is administered by USCIS’ Fraud Detection and National Security Directorate (FDNS)
There’s also the Global Enrollment System (GES) that collects biographic and biometric data about applicants (US and non-US citizens) for pay-for-use trusted traveler programs, including the Canadian Border Dedicated Commuter Lane (NEXUS), and the Secure Electronic Network for Traveler’s Rapid Inspection (SENTRI), in which collected biographic and biometric information is used to run criminal background and terrorist lookout checks on applicants.”
In addition, there’s:
• a-ID (a-ID), an automatic identification tag that stores a unique serial number that can be linked to a traveler profile, including biometric and biographic data;
• a-ID Issuance, which assigns a unique, automatic identification (a-ID) to in-scope travelers at Secondary Inspection;
• The Automated Targeting System/Land (ATS/L) system which “automatically cross-references TECS crossing data and other information to provide a weighted rules-based score for a vehicle to the primary CBP POE officer. The score determines whether the vehicle needs to be referred to a secondary lane for further inspection. TECS is the Treasury Enforcement Communication System supporting key business processes across DHS, including investigations, enforcement and US-VISIT. TECS maintains databases on biographic terrorist lookout lists, vehicle lookout lists, alien addresses, secondary POE inspection results and alien crossing histories;
• The License Plate Reader (LPR) system which captures license plate numbers in the proximity of a POE where the system is deployed. The LPR records is sent to, recorded, and queried in TECS;
• The Machine Readable Travel Document (MRTD) which contains encoded, machine readable traveler information, such as biographic and biometric data; and
• The National Security Entry-Exit Registration System (NSEERS), also known as “special registration,” which was developed by the Department of Justice as a national registry for travelers coming from 25 designated countries and others who met a combination of intelligence-based criteria that may identify them as a potential security risk.
Among the programs extensively discussed in the report is the One DHS Overstay Vetting effort, which was deployed as Phase 3 in July 2014, “transitioning from a pilot project to operational status. The goal of the Overstay Vetting effort is to allow ICE to deploy its investigative resources efficiently to locate high-risk overstays and initiate criminal investigations or removal proceedings against those individuals.”
The Overstay Vetting program uses what it calls the “Overstay Hotlist,” which is “a list of overstay leads derived from data obtained through ATS to develop priorities based on associated risk patterns related to national security and public safety.”
According to DHS, “This prioritized list of overstay leads is then passed on to ICE’s LeadTrac system for further investigation and possible enforcement action.”
LeadTrac is an immigration status violator database ICE’s Homeland Security Investigations (HSI) Counterterrorism and Criminal Exploitation Unit utilizes to identify and track non-immigrant visitors to the US who overstay “their period of admission or otherwise violate the terms of admission. The identities of potential violators are then sent to ICE field offices for appropriate enforcement action.”
But ATS isn’t just used in prioritizing overstay leads; it’s also employed “to vet overstay candidates received from DHS/CBP’s Arrival and Departure Information System (ADIS) in order to identify potential additional information on visa overstay candidates based on supporting data available from other source systems through ATS, i.e., border crossing information (derived from DHS/CBP’s Border Crossing Information (BCI) system), Form I-94 Notice of Arrival/Departure records (derived from DHS/CBP’s Non-immigrant Information System (NIIS)), and data from the DHS/ICE Student Exchange Visitor Information System (SEVIS).”
Each of these systems contains PII and biometrics, especially fingerprints and facial photographs.
ADIS is the central repository for storing, reconciling, and reporting on immigrant and non-immigrant traveler arrivals and departures across air, sea, and land ports of entry (POEs). ADIS matches arrivals with departures to identify illegal overstays and provides a wide range of ad-hoc queries and reporting capabilities for arrival and departure information.
Phase 3 of the One DHS Overstay Vetting effort also utilizes foreign national overstay data that’s been “obtained through system processing in ATS and ADIS to identify certain individuals who have remained in the US beyond their authorized period of admission,” or overstays, who may “present a heightened security risk.”
In January 2014, ADIS was transitioned from the Office of Biometric Identity Management (OBIM) in DHS’s National Protection and Programs Directorate (NPPD) to CBP, which tracks biographical information on identified and possible overstays from ADIS against risk-based rules in ATS that’s “based on information derived from past investigations and intelligence.”
CBP then provides the results of these analyses from ADIS to ICE for further processing –activities covered by Privacy Impact Assessments (PIAs) for ATS, US-VISIT Technical Reconciliation Analysis Classification System, and Overstay Vetting.
Three years ago, the “overstay candidate’s process was eliminated, and the weekly Overstay Leads process was moved to a daily process, streamlining the overall processing of overstays,” and in May 2016, “the data feed from the ICE SEVIS system was upgraded to a daily feed to include additional data elements necessary for overstay processing,” the audit report explained.
This Fiscal Year, CBP continues to work with ICE’s Counterterrorism and Criminal Exploitation Unit “to enhance the current interface with LeadTrac to include [these] additional data elements,” the report disclosed.
According to DHS’s latest Entry/Exit Overstay Report released in October, “there were 52,656,022 in-scope non-immigrant admissions to the United States through air or sea POEs with expected departures occurring in FY 2017, which represents the majority of air and sea annual non-immigrant admissions. Of this number, DHS calculated a total overstay rate of 1.33 percent, or 701,900 overstay events. In other words, 98.67 percent of the in-scope non-immigrant entries departed the United States on time and in accordance with the terms of their admission.”
The report said that, “As of May 1, 2018, DHS has been able to confirm the departures or adjustment of status of more than 99.20 percent of non-immigrants scheduled to depart in FY 2017 via air and sea POEs.”
While the overall Suspected In-Country Overstay rate for this scope of travelers is 1.15 percent of the expected departures, DHS said this still represents a significant number of people; More than 600,000 at the end of FY 2017.