In recent weeks, U.S. border officials have taken an unprecedented step, quietly deploying a new app, CBP One, which relies on controversial facial recognition, geolocation and cloud technology to collect, process and store sensitive information on asylum seekers before they enter the United States, according to three privacy-impact assessments conducted by the Homeland Security Department and experts who reviewed them for The Times.
The DHS assessments describe the app as necessary because border officials cannot “process all individuals at once” who are seeking protection in the United States but have been forced back into Mexico under Trump-era policies that Biden has largely kept. Officials maintain it offers a safe and efficient technical solution.
DHS officials argue that such “smart border” innovation is more effective than the previous administration’s walls and bans. Homeland Security Secretary Alejandro Mayorkas told lawmakers last week that the Biden administration was requesting $1.2 billion for modernizing ports of entry and border security technology, including ensuring “safe, orderly, and humane treatment of migrants.”
“We are working tirelessly to rebuild our immigration system,” Mayorkas said.
But several experts who reviewed the privacy assessments said the Customs and Border Protection app raised alarms about unchecked data collection and surveillance by the government on vulnerable migrants who had little choice but to consent.
“CBP’s use of face recognition poses enormous risks to privacy and is another step down a dangerous path,” Ashley Gorski, senior attorney at the ACLU National Security Project, told The Times. “Whenever the government acquires a person’s faceprint, it creates a risk of persistent surveillance, where the government could identify and track people’s movements without their knowledge.”
Others, such as Andrew Farrelly, a former Customs and Border Protection official who runs a border-management consulting company, said the app was a positive step toward a more efficient and fair process at the border.
“There is just an incredible amount of pressure right now on the border itself and the agencies that are responsible for the border to try to deal with the situation as best as possible,” Farrelly told The Times. “Applying technology is a way to do that.”
The DHS has signaled that its authority to use the app in this way may be tenuous, and some privacy risks remain unresolved, according to the privacy assessments, which are required by law. In early May, CBP sought and received “emergency” approval from the Office of Management and Budget to use the app to collect advance information on undocumented individuals, bypassing the public comment and notification process that’s required before launching new programs.
Nonetheless, U.S. border officials have already enlisted international and nongovernmental organizations, such as the United Nations refugee agency, known as UNHCR, to use the app. The organizations identify asylum seekers in Mexico who were subjected to the Trump-era policies and then submit their biographic and biometric information, including photographs, through the app to Customs and Border Protection. CBP primarily uses facial recognition to verify the information and determine whether the asylum seekers will be allowed to enter the United States to pursue their claims.
When asked about the app, CBP spokesperson Stephanie Malin said late Saturday that using it was voluntary.
“We ensure that all personal information is stored in official, secure CBP systems,” Malin said by email. “CBP is committed to protecting all sensitive information in its possession, including mitigating to the extent possible the risk of data breaches from information systems containing personally identifiable information.”
Under the Trump administration, some 70,000 asylum seekers were forced into its so-called Remain in Mexico program, requiring them to wait south of the border for immigration hearings in the United States. As the coronavirus emerged, the Trump administration went further, using Title 42, an obscure 1944 public health law, to close the border to nonessential travel and to summarily expel migrants, including those seeking asylum. Border officials have since carried out roughly 800,000 expulsions.
Biden froze the Remain in Mexico policy on his first day in office and kept the Title 42 policy in place, saying it remains necessary despite a steadily easing pandemic. But, in recent weeks, the administration has allowed more than 11,000 asylum seekers into the United States who still have open immigration cases — and hundreds more identified as the most vulnerable — by increasingly relying on CBP One, according the organizations using the app.
Homeland Security’s assessments make clear that as the Biden administration winds down its most restrictive border policies, officials expect the CBP One app to serve as a primary means of managing migration.
Said Lee Gelernt of the ACLU, who has sued over the policies: “My sense is that CBP One app is something that the government is exploring very seriously as a way to process people in the future.”
How the CBP One app works for asylum seekers
CBP developed the app, then launched it in late October to little fanfare, making it available for download from app stores but limiting its early functions to cargo carriers, non-immigrant travelers and pleasure boaters. In February, after the U.N. refugee agency started processing migrants at the border with active asylum cases, CBP put out a perfunctory news release that didn’t mention using the app for asylum seekers. In May, despite requirements that privacy notices be issued publicly beforehand, the agency retroactively published and updated the assessments for how it was already using CBP One for asylum seekers.
Under Remain in Mexico, border officials amassed a photo gallery of roughly 70,000 asylum seekers that was automatically sent to an Immigration and Customs Enforcement database, according to CBP. That database, also accessible to outside law enforcement, can hold such personal information as long as 75 years.
With CBP One, organizations such as the United Nations refugee agency send to CBP photographs of asylum seekers they’ve identified, and the app uses facial recognition to compare those pictures with those in the existing gallery.
The app then sends a response back indicating whether the person’s case is active and how long they’ve been waiting. If the app shows the case is open, an organization can arrange for the asylum seeker to get a coronavirus screening, travel to a port of entry and obtain permission from CBP to enter.
Chris Boian, a spokesman for UNHCR, declined to comment on the record about how the refugee agency is using the app. But he insisted that “the protection of personal data of persons of concern is absolutely sacrosanct,” including in work with the U.S. government.
Now, administration officials have expanded the use of CBP One again, to those identified as potentially eligible for exemption from the current COVID-19-era Title 42 policy, under which authorities have expelled migrants without a court date and with negligible processing. That means using the app, for the first time, to collect entirely new biometric data, including photographs, from asylum seekers in Mexico before they even arrive at the border.
Because undocumented individuals coming to the border often don’t have a travel document that can be used to run security checks, officers generally have to enter their information manually in a time-consuming process, according to CBP. The agency says the app will auto-populate much of the required data, calling it “a safer practice during the ongoing pandemic.”
Raymundo Tamayo, Mexico director for the International Rescue Committee, one of the main NGOs working with the asylum seekers, said the DHS had described CBP One as one “tool” to “streamline the intake of information” — not to supplant migrants’ right under U.S. law to come to the border directly and claim asylum.
“Seeking asylum is legal — even during a pandemic,” Tamayo said.
CBP’s long struggle with facial recognition
Since the ’90s, Congress has mandated a system to track entries and exits from the United States. After 9/11, surveillance efforts by CBP to identify those who overstay visas intensified, including fingerprints and photographs as well as facial recognition technology, which analyzes a person’s features to verify his or her identity by matching the features to those in another photo.
But questions persist about both the ethics and the effectiveness of the technology, particularly when employed by the U.S. government against noncitizens of color.
A federal study in 2019 of over 100 commercially available facial recognition algorithms found that accuracy varied dramatically based on the subject’s race, country of birth, sex and age. The technology was especially unreliable for border-crossing photos, and for images of those from Africa or the Caribbean.
As of last May, CBP had completed facial recognition pilots on pedestrians at five border crossings in Arizona and Texas. Officers told the Government Accountability Office that they’d used facial recognition to verify the identity of 4.4 million border crossers in three months and found 215 “imposters” — a statistical grain of sand.
There are also long-standing doubts about the agency’s ability to safeguard such data. A 2018 CBP pilot program testing facial recognition on vehicle passengers crossing the border was hacked, and more than 180,000 images were compromised, with at least 19 photos of travelers winding up on the dark web.
Why some criticize CBP One and others commend it
Sue Kenney-Pfalzer of HIAS, a nonprofit refugee advocacy group and another main NGO working with expelled asylum seekers, expressed optimism about the new mechanism, saying it could yield less reliance on smugglers and less time at ports of entry where criminals prey on vulnerable migrants if the U.S. government tells “pre-vetted” asylum seekers where and when to come.
But she cautioned, “The government needs to get the balance right, ensuring security but also ensuring that people have a meaningful opportunity to seek safety.”
CBP’s own assessments of the app’s privacy impact are mixed. At times, the agency says asylum seekers can give biographic information instead of submitting to facial recognition. But in one footnote, the agency advises that, initially, the biographic option won’t be available.
In some cases, the agency says, app users must consent to officials viewing their GPS location. But elsewhere, the assessment also says officials won’t use the geolocation feature to conduct surveillance on travelers.
CBP stresses that its app collects but does not store the information, sending it to other databases instead. The agency also says that it’s up to the other Homeland Security components or outside authorities to protect the information, or access it appropriately.
CBP asserts migrants can still come to ports of entry directly to seek asylum and don’t have to use the app. But with the border still closed to nonessential travel, the process by which NGOs identify asylum seekers and request permission for them to enter — now, through CBP One — is, in reality, the only option available.
Sophia Cope, a senior attorney at the Electronic Frontier Foundation, said the risk of relying on notoriously unreliable facial recognition technology was particularly acute for asylum seekers.
“If people’s lives depend on an algorithm determining whether or not they are who they say they are, and it’s an imperfect algorithm,” said Cope, “people may have to go back to the country they’re trying to flee because they can’t be verified.
“It may not seem like a big deal to match a preexisting photograph to someone standing in front of you,” she said. “But ultimately, the government is building a system of pervasive surveillance, and that creates a society that looks very different from a free republic.”