U.S. Customs and Border Protection (CBP) was briefly mired in controversy early this month after its proposal to require U.S. citizens to be photographed by biometric facial-recognition systems at entry and exit points was published in a biannual federal document, the Unified Agenda of Regulatory and Deregulatory Actions.
The proposal wasn't new. It had actually been in the previous three Unified Agenda documents dating back to spring 2018. But this time it was picked up by the news media and quickly thereafter drew rebukes from privacy advocates in Congress and nongovernmental organizations.
A few days later, CBP announced that it would withdraw the proposal. A CBP spokesperson told me that the withdrawal decision had actually been made over the summer. Maybe so. But the optics of the conflict gave the appearance that the agency had been forced to back down by privacy activists.
To date, CBP has introduced biometric facial-recognition technology for U.S. entry, exit or both at 25 U.S. airports. Facial recognition kiosks are deployed at gates of international flights in order to advance the federal government's goal of more thoroughly tracking visa overstays by foreign nationals.
At entry points, the technology has so far enabled CBP to interdict more than 200 individuals who illegally attempted to enter the U.S., according to the agency. Photos of international visitors will be held for years and can also be used to check FBI and terrorism watchlists.
For U.S. citizens, however, submitting to the photos is optional. Alternatively, citizens can choose a manual passport check, though questions have been raised about how many Americans who are using biometric exit gates are aware of that option. CBP says it holds photos of citizens for no more than 12 hours and doesn't share the data with other agencies.
I have no particular reason not to believe that, except that the federal government has a long history of overstepping its constitutional and statutory authority in the name of security.
As recently as October 2018, for example, a Foreign Intelligence Surveillance Court judge found widespread abuse by the FBI in its use of data collected without warrants on Americans by the NSA as part of the NSA's program of mass surveillance of digital and phone communications.
Among other abuses, the court found that the FBI regularly mined such data to investigate witnesses who were not suspected of committing any crime or of being a national security risk.
One protection that privacy advocates in Congress have called for relating to CBP's facial-recognition program is a formalized rulemaking process, which would result in the program's parameters being codified in the Federal Register.
In an interview in July 2018, John Wagner of CBP's field operations office told me that the Department of Homeland Security had already drafted a rulemaking proposal. He expected it to be put forward for public comment by last October.
No such proposal, however, has seen the light of day so far, though the CBP spokesperson told me the agency intended to issue the rulemaking notice in the "near future."
I'll be watching for it. The current CBP leadership might indeed intend to discard the biometric data it acquires of U.S. citizens at entry and exit points immediately and without ever sharing that data. But I want to see the procedures formally codified, just in case someone, now or later, has other ideas.