EPIC Comments: Circumvention of Lawful Pathways / CBP One NPRM

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER

to the 

U.S. Citizenship and Immigration Services, and Department of Justice

Circumvention of Lawful Pathways 

88 Fed. Reg. 11,704 / Docket No: USCIS 2022-0016

March 27, 2023

The Electronic Privacy Information Center (EPIC) submits these comments in response to U.S. Customs and Immigration Services (USCIS), a component of the Department of Homeland Security (DHS) and the Executive Office for Immigration Review in the Department of Justice (DOJ) notice of proposed rulemaking on the “Circumvention of Lawful Pathways”.^[1] The proposed rule was published in the Federal Register on February 23, 2023, providing only 30 days to comment on a highly significant and widely impactful administrative process. In this rulemaking, the Department proposes to effectively ban asylum seekers based on their manner of entry into the United States and transit through other countries, factors that are irrelevant to their fear of return and have no basis in U.S. law. The rulemaking would also codify and expand use of the CBP One mobile app despite serious documented bias and usability problems in the app. 

EPIC comments here to 1) protest the deficient and unnecessarily short 30-day comment window provided for this rulemaking, 2) highlight the serious privacy and safety concerns created by requiring migrants to register for asylum in third-party countries along their route to the U.S., and 3) urge USCIS and CBP not to codify, require, or expand the use of CBP One. 

EPIC is a public interest research center in Washington, D.C. EPIC was established in 1994 to protect privacy, freedom of expression, and democratic values in the information age. Our mission is to secure the fundamental right to privacy in the digital age for all people through advocacy, research, and litigation, and EPIC has a particular interest in preserving the Privacy Act safeguards enacted by Congress.^[2] EPIC also has a long history of advocating for increased privacy protections for travelers and opposing the expansion of surveillance at the border.^[3]

Background

This proposed rule responds to the end of the Title 42 public health order that was imposed in 2020 to effectively close the southern border.^[4] In March of 2020, the CDC issued an order under Title 42 changing the rights of asylum seekers by upending the usual process in which asylum seekers reach the border, cross to the U.S. and then make out asylum claims.^[5] Instead, under the CDC’s public health order, asylum seekers are currently prohibited from crossing the border unless they receive one of a few hundred interview slots available each day. The public health order has been the subject of much litigation and has remained in place after other Covid-era restrictions on international travel were relaxed or repealed.^[6] The Biden Administration modified the order five times since 2020 before deciding in April 2022 to terminate the order when the Centers for Disease Control and Prevention concluded it was not necessary for public health.^[7]

The proposed rule would create a presumption of asylum ineligibility for individuals who 1) did not apply for and receive a formal denial of protection in a transit country; and 2) entered between ports of entry at the southern border or entered at a port of entry without a previously scheduled appointment through the CBP One mobile application, subject to extremely limited exceptions.^[8] 

CBP One is an extremely flawed government tool to request an appointment at a port of entry that is inaccessible to many asylum seekers due to financial, language, technological, and other barriers, discriminates against Black and Indigenous asylum seekers, and has very limited appointment slots such that requiring asylum seekers to use the application essentially turns asylum access into a lottery.^[9] The proposed rule attempts to establish CBP One as the only mechanism to request asylum at the southern border and seeks to punish those who cannot wait indefinitely in danger while they attempt to schedule an appointment. The rule effectively replaces the restrictions on asylum imposed under the justification of public health with substantially similar permanent restrictions that are not tied to an ongoing public health emergency.

I. USCIS and the DOJ did not provide sufficient time for meaningful public comment.

The Biden administration has provided only 30 days for the public to comment on the proposed rule, effectively denying the public the right to meaningfully comment under the notice and comment rulemaking procedures required by the Administrative Procedure Act. This timeframe is insufficient for a sweeping proposed rule that would deny many people access to asylum in violation of U.S. law. On March 1, 2023, 172 organizations wrote to the agencies urging them to provide at least 60 days to comment on the complex 153-page rule that would have enormous implications for asylum access at the border and in USCIS and immigration court asylum proceedings.^[10] 

Executive Orders 12866 and 13563 state that agencies should generally provide at least 60 days for the public to comment on proposed regulations. A minimum of 60 days is especially critical given the rule’s attempt to ban asylum for many refugees in violation of U.S. law and international commitments and return many to death, torture, and violence. While the agencies cite the termination of the Title 42 policy in May 2023 as a justification to curtail the public’s right to comment on the proposed rule, this reasoning is specious especially given that the administration itself sought to formally end Title 42 nearly a year ago and has had ample time to prepare for the end of the policy. 

Providing a 30-day comment period for the proposed asylum ban is reminiscent of Trump administration practices, when agencies routinely provided 30-day comment periods on sweeping asylum rules, leaving the public little time to meaningfully assess and respond to proposed rules. 

II. The NPRM fails to consider or address the privacy and safety impacts of requiring individuals to apply for asylum along their route to the United States.

The main objective of the proposed rule is to impose a presumption of ineligibility for asylum for any migrants who did not apply for asylum in third-countries along their route to the U.S.^[11] The rule would require migrants to apply for asylum in any country along their route, increasing the volume of data collected on the migrant and creating substantial risks of detention and harm for dissidents, political refugees, and other asylum seekers who fear government repression. 

The U.S. Mexico, Guatemala, Honduras, El Salvador already voluntarily send back and forth intrusive data on migrants including biometric information under an unpublished information sharing agreement.^[12] On March 23, 2023, EPIC and a coalition of nearly 50 privacy, immigration, and human rights organizations urged the governments of all four countries to stop sending migrant information across borders.^[13] The collection and distribution of this data creates risks of political retribution, invasive surveillance, and human trafficking if the data is hacked or otherwise revealed. Imposing a new requirement on migrants to affirmatively register for asylum in countries which they do not intend to seek asylum in, and may not feel safe in, magnifies those concerns by massively increasing the volume of migrant data collected. 

The safety concerns created by this rule are evident in the harms already caused by asylum restrictions on the southern border. If implemented, the asylum ban would lead to the deportation of refugees to countries where they are at risk of persecution and torture. The rule largely bans asylum for refugees based on their manner of entry into the U.S. and travel through other countries–factors that are irrelevant to their fears of return and will lead to denials of asylum for refugees. Refugees who are otherwise eligible for asylum but banned by the rule would likely be deported to danger.

While the Trump administration’s transit ban was in effect, asylum seekers were denied all relief and ordered deported due to the ban, including a Venezuelan opposition journalist and her one-year-old child; a Cuban asylum seeker who was beaten and subjected to forced labor due to his political activity; a Nicaraguan student activist who had been shot at during a protest against the government, had his home vandalized, and was pursued by the police; a gay Honduran asylum seeker who was threatened and assaulted for his sexual orientation; and a gay Nicaraguan asylum seeker living with HIV who experienced severe abuse and death threats on account of his sexual orientation, HIV status, and political opinion.^[14]

Collecting migrant information along their route of transit and removing migrants who likely have valid asylum claims based on failure to comply with complex and newly imposed processes both create serious safety risks for migrants. Both practices will expose migrants to the precise harms they are seeking to avoid by travelling hundreds or thousands of miles to seek safety in the United States.

III. DHS should not require migrants to use the flawed and discriminatory CBP One app.

The CBP One app is critically flawed because it is not designed for use on all of the phones that migrants use, requires a flawed facial liveness test that does not work for some Black and indigenous individuals, and creates an effective lottery for limited appointments. The app has consistently expanded beyond its claimed purpose, reflecting serious concerns with either the long-term planning at CBP or agency’s candor.

DHS first rolled out the CBP One app in 2020 for the single purpose of collecting electronic I-94 forms.^[15] The app is an expansion of the CBP Roam app that was designed only to address a specific problem, people boating across the northern border on the Great Lakes and returning in a single day. Since then, CBP has consistently expanded the use of the CBP One app and failed to update its webpage or Privacy Impact Assessments to fully reflect the capabilities and uses of the app. 

After the app was rolled to for use to collect asylum seekers information and to schedule appointments, serious problems emerged. Asylum seekers currently use the CBP One app to pre-fill the forms required to apply for asylum at the southern border and to schedule appointments to register for asylum. These appointments are the only way that asylum seekers can currently legally cross the border and claim asylum. The app requires migrants to submit a selfie photograph for facial recognition comparison in DHS’ Traveler Verification Service system, and requires users to perform a facial liveness test.^[16] The facial liveness test takes a short video to determine whether there is a real person in front of the screen. In fall 2022, news reports and immigration lawyers began reporting problems with the CBP One facial liveness test. It does not recognize some Black and indigenous faces, especially in poor lighting.^[17] Failing the facial liveness test makes it impossible for individuals to apply asylum appointments. One example of the facial liveness test failing is Lidia, an indigenous Mam woman from Oaxaca who the app fails to recognize despite repeated attempts.^[18]

There are also reports that the CBP One app does not work specifically on Huawei phones, and that individuals without phones are reliant on migrant services organizations to submit applications on their behalf, creating a disadvantage when the available appointments for any given day are taken in about 5 minutes after registration opens. The cumulative effect of the issues with the CBP One app is that migrants with more technical savvy, better wifi, and more money are privileged over migrants who may be even more vulnerable. These problems are a strong indication that the CBP One app has not been properly tested and is not ready for the large volume of users it receives. The app also only provides language options for English, Spanish, and Haitian Creole, failing to reflect the linguistic needs of migrants at the border who make speak a variety or other languages or have limited literacy.^[19]

It is irresponsible to require migrants to use the CBP One app when it does not work well and creates high barriers to entry. In this context, it is even more irresponsible to codify requirements to use a flawed app in the CFR and remove flexibility for DHS to develop alternate solutions that would serve migrants needs without the serious disparate impacts caused by CBP One.

Conclusion

EPIC urges DHS and the DOJ to reverse course on the proposed changes asylum law and at a minimum seek more extensive public comment. The agencies should factor the privacy and safety of migrants into any future rulemaking on asylum and should not impose higher data collection or registration requirements on already vulnerable migrants. DHS should never require the use of the CBP One app as the sole means to apply for benefits and should not codify the use of any app with demonstrated flaws and documented biased impacts. Please address any questions to EPIC Counsel Jake Wiener at [email protected].

Respectfully Submitted,

Jake Wiener

Jake Wiener

EPIC Law Fellow

^[1] 88 Fed. Reg. 11,704 (available at https://www.federalregister.gov/documents/2023/02/23/2023-03718/circumvention-of-lawful-pathways). 

^[2] See, e.g., EPIC Comments to DHS onTerrorist Screening Database System of Records Notice and Notice of Proposed Rulemaking, Docket Nos. DHS-2016-0002, DHS-2016-0001 (Feb. 22, 2016), https://epic.org/apa/comments/EPIC-Comments-DHS-TSD-SORN-Exemptions-2016.pdf; Comments of EPIC to the Department of Homeland Security, Correspondence Records Modified System of Records Notice, Docket No. DHS-2011-0094 (Dec. 23, 2011), http://epic.org/privacy/1974act/EPIC-SORN-Comments-FINAL.pdf; Comments of EPIC to the Department of Homeland Security, 001 National Infrastructure Coordinating Center Records System of Records Notice and Notice of Proposed Rulemaking, Docket Nos. DHS-2010-0086, DHS-2010-0085 (Dec. 15, 2010), http://epic.org/privacy/fusion/EPIC_re_DHS-2010-0086_0085.pdf;. 

^[3] Dana Khabbaz, DHS’s Data Reservoir: ICE and CBP’s Capture and Circulation of Location Information (Aug. 2022), https://epic.org/documents/dhss-data-reservoir-ice-and-cbps-capture-and-circulation-of-location-information/; EPIC Comments to DHS: Advance Collection of Photos at the Border (Nov. 29, 2021), https://epic.org/documents/epic-comments-to-dhs-advance-collection-of-photos-at-the-border/; EPIC Comments to DHS on Collection of Biometric Data From Aliens Upon Entry to and Departure From the United States (Dec. 21, 2023), https://epic.org/documents/collection-of-biometric-data-from-aliens-upon-entry-to-and-departure-from-the-united-states/. 

^[4] Centers for Disease Control and Prevention, “Order Suspending Introduction of Certain Persons from Countries where a Communicable Disease Exists” (March 2020), https://www.cdc.gov/quarantine/pdf/CDC-Order-Prohibiting-Introduction-of-Persons_Final_3-20-20_3-p.pdf, accessed March 24, 2023.

^[5] American Immigration Council, A Guide to Title 42 Expulsions at the Border (May, 2022), https://www.americanimmigrationcouncil.org/sites/default/files/research/title_42_expulsions_at_the_border_0.pdf. 

^[6] Id.

^[7] Centers for Disease Control and Prevention, Public Health Determination and Termination of Title 42 Order (Apr. 1, 2022), https://www.cdc.gov/media/releases/2022/s0401-title-42.html. 

^[8] 88 Fed. Reg. 11723.

^[9] Melissa del Bosque, Facial recognition bias frustrates Black asylum applicants to US, advocates say, The Guardian (Feb. 8, 2023), https://www.theguardian.com/us-news/2023/feb/08/us-immigration-cbp-one-app-facial-recognition-bias. 

^[10] Letter from EPIC et. al re: Request to Provide a Minimum of 60 days for Public Comment in Response to the Department of Homeland Security (DHS), United States Citizenship and Immigration Services (USCIS), and Department of Justice (DOJ) Executive Office for Immigration Review (EOIR) (the Departments) Joint Notice of Proposed Rulemaking (NPRM): Circumvention of Lawful Pathways (Mar. 1, 2023), https://epic.org/wp-content/uploads/2023/03/Biden-Asylum-Ban-Extension-letter-to-30-days-comment-period-FINAL.pdf. 

^[11] 88 Fed. Reg. 11,732, “This rebuttable presumption would not apply to noncitizens who availed themselves of certain established processes to enter the United States or sought asylum in a third country and were denied. Proposed 8 CFR 208.33(a)(1), 8 CFR 1208.33(a)(1). Specifically, the rebuttable presumption would not be applicable to noncitizens who are provided appropriate authorization to travel to the United States to seek parole, pursuant to a DHS-approved parole process; presented at a port of entry at a pre-scheduled time and place, or presented at a port of entry, without a pre-scheduled time and place, if the noncitizen demonstrates that the DHS scheduling system (currently the CBP One app) was not possible for the noncitizen to access or use; or sought asylum or other protection in a country through which the noncitizen traveled and received a final decision denying that application.” (emphasis added).

^[12] See, e.g., Ranking Digital Rights, FOIA Version: Mexico/US Biometric Data Sharing Statement of Cooperation (Apr. 17, 2013), https://r3d.mx/wp-content/uploads/SOC-2017.pdf. 

^[13] EPIC et al., Joint statement: Mexico, Guatemala, Honduras, El Salvador and the United States must terminate their agreements on cross-border transfers of migrants’ biometric data (Mar. 23, 2023), https://www.accessnow.org/press-release/statement-terminate-agreements-biometric-data-migrants/. 

^[14] Human Rights First, Biden Administration Plan to Resurrect Asylum Ban Advances Trump Agenda at 5-7 (Jan. 2023), https://humanrightsfirst.org/wp-content/uploads/2023/01/AsylumBanFactsheet_final2.pdf. 

^[15] American Immigration Council, Government Documents Reveal Information about the Development of the CBP One App (Feb. 28, 2023), https://www.americanimmigrationcouncil.org/FOIA/government-documents-reveal-information-about-development-cbp-one-app. 

^[16] DHS, DHS Reference No. DHS/CBP/PIA-068 Privacy Impact Assessment for the CBP One Mobile Application (Feb. 19, 2021), https://www.dhs.gov/sites/default/files/publications/privacy-pia-cbp068-cbpmobileapplication-may2021.pdf. 

^[17] See Melissa del Bosque, Facial recognition bias frustrates Black asylum applicants to US, advocates say, The Guardian (Feb. 8, 2023), https://www.theguardian.com/us-news/2023/feb/08/us-immigration-cbp-one-app-facial-recognition-bias; John Washington, Glitchy CBP One app turning volunteers into Geek Squad support for asylum-seekers in Nogales (Mar. 20, 2023), https://azluminaria.org/2023/03/20/glitchy-cbp-one-app-turning-volunteers-into-geek-squad-support-for-asylum-seekers-in-nogales/. 

^[18] Id. (Washington).

^[19] Id.