APA Comments
EPIC Comments to CBP and OMB on CBP One Expansion for Biometric Exit
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER
to the
Office of Management and Budget, U.S. Customs and Border Protection
Agency Information Collection Activities; Revision; Arrival and Departure Record and Electronic System for Travel Authorization (ESTA)
89 Fed. Reg. 14,083 / OMB Control Number 1651–0111
April 26, 2024
The Electronic Privacy Information Center (EPIC) submits these comments in response to Customs and Border Protection’s (CBP) Revision of the Agency Information Collection on the Arrival and Departure Record and Electronic System for Travel Authorization (ESTA).[1] CBP is collecting comments on their proposed revision which would allow non-immigrant visitors to the U.S. to report their departure in compliance with Biometric Exit requirements through the CBP One app. The White House Office of Management and Budget (OMB), reviews agency Information Collection Activities and can approve or deny revisions and recommend mitigations.
EPIC comments here to 1) urge CBP not to make use of the app mandatory in the future, 2) highlight the serious privacy, safety, and civil rights concerns created by CBP One, and 3) urge OMB to take an active role in managing expansions of the CBP One app to prevent harms.
EPIC is a public interest research center in Washington, D.C. EPIC was established in 1994 to focus public attention on emerging privacy and related human rights issues, and to protect privacy, the First Amendment, and constitutional values. EPIC has a particular interest in preserving the Privacy Act safeguards enacted by Congress.[2]EPIC also has a long history of advocating for increased privacy protections for travelers and opposing the expansion of surveillance at the border.[3]
I. CBP should not require migrants or visitors to use the flawed and discriminatory CBP One app.
The CBP One app is critically flawed because it is not designed for use on all of the phones that migrants actually use, requires a flawed facial liveness test that does not work for some Black and indigenous individuals, and creates unnecessary risks of disqualifying visa eligibility for individuals. Although the current policy for Biometric Exit is voluntary, OMB must take an active role to ensure that CBP One never becomes mandatory for Biometric Exit. The app has consistently expanded beyond its claimed purpose, reflecting serious concerns with either the long-term planning at CBP or the agency’s candor.
DHS first rolled out the CBP One app in 2020 for the single purpose of collecting electronic I-94 forms.[4] The app is a remake of the CBP Roam app that was designed only to address a specific problem, people boating across the northern border on the Great Lakes and returning in a single day. Since then, CBP has consistently expanded the use of the CBP One app and failed to update its webpage or Privacy Impact Assessments to fully reflect the capabilities and uses of the app.[5] After promising to publish a standalone PIA covering CBP One’s use for Biometric Exit, the agency has failed to do so.[6] The DHS Office of Civil Rights and Civil Liberties initiated an investigation into
After the app was rolled out to collect asylum seekers information and to schedule appointments, serious problems emerged. Asylum seekers currently use the CBP One app to pre-fill the forms required to apply for asylum at the southern border and to schedule appointments to register for asylum. Currently, these appointments are the only way that asylum seekers can legally cross the border and claim asylum. The app requires migrants to submit a selfie photograph for facial recognition comparison in DHS’ Traveler Verification Service system and requires users to perform a facial liveness test. The facial liveness test takes a short video to determine whether there is a real person in front of the screen.
In fall 2022, news reports and immigration lawyers began reporting problems with the CBP One facial liveness test. It does not recognize some Black and indigenous faces, especially in poor lighting.[7] Failing the facial liveness test makes it impossible for individuals to apply asylum appointments. In one example of the facial liveness test failing, Lidia, an indigenous Mam woman from Oaxaca, tries the test numerous times only to receive an error message each time.[8]
There are also reports that the CBP One app does not work specifically on Huawei phones, and that individuals without phones are reliant on migrant services organizations to submit applications on their behalf, creating a disadvantage for poorer migrants.[9] The cumulative effect of errors and oversights in the CBP One app is that migrants with more technical savvy, better wifi, and more money are privileged over migrants who may be even more vulnerable.[10] These problems are a strong indication that the CBP One app has not been properly tested and is not ready for the large volume of users it receives.
The app also only provides language options for English, Spanish, and Haitian Creole, failing to reflect the linguistic needs of migrants at the border who may speak a variety of other languages or have limited literacy. Last year, Amnesty International concluded that “mandatory use of CBP One application violates the right to seek asylum”.[11] Later, DHS Office of Civil Rights and Civil Liberties initiated an investigation into complaints of civil rights denials resulting from mandatory use of CBP One.[12] And three dozen members of Congress directed DHS to “immediately” fix ongoing glitches and errors with the app, renewing those concerns in March of this year.[13]
The same concerns that make CBP One difficult to use for asylum seekers apply to visitors. CBP One lacks appropriate language support for many international users, people living in foreign countries may also use different cell phones, and the errors and biases that make it difficult to complete a CBP One liveness check still apply. While the proposal to use CBP One for Biometric Exit is currently voluntary, there is a risk that CBP will mandate the app as the only way to report exits from the U.S. in the future. If OMB accepts the current modification to the ESTA process, OMB should reject any modification in the future that makes CBP One mandatory for self-reporting exits from the US.
II. OMB must play a substantial role in preventing unnecessary expansions of CBP One.
CBP has clearly stated that the agency intends to use the CBP One app as a one-stop shop for collecting and processing as many different forms and as much information as possible.[14] While in the abstract CBP may derive efficiency benefits by using a single app for the agency’s varied public-facing information collection tasks, there are substantial risks. A particular use of CBP One may be justified, or may impose additional surveillance harms, collect more personal information than necessary, and create risks of individuals losing access to travel eligibility or benefits. Consequently, OMB must scrutinize each proposed expansion of CBP One and provide a check on unjustified expansions.
CBP is currently considering several expansions to CBP One, and actively shopping the app to different DHS sub-components.[15] As CBP One expands, the various databases that CBP One can feed information into also expand. Images collected through CBP One are routinely sent to CBP’s Traveler Verification Service facial recognition system and to the overarching Automated Targeting System, and may spread to other federal databases from there.[16] CBP One also collects geolocation information, providing CBP with previously inaccessible information on the location of users when they submit information through the portal.[17] There are few constraints on how facial recognition images and other data can be disseminated to federal agencies and state/local law enforcement once those images are collected. OMB therefore needs to provide a check on unnecessary data collection at the outset.
III. Using CBP One for Biometric Exit Collects Unnecessary Data and Creates Risk that Immigrants Will Lose Access to Benefits.
Using CBP One to implement Biometric Exit collects unnecessary location information and creates risks that travelers will be unable to report their exit, leading to potential visa ineligibility in the future. The CBP One app collects a geolocation ping when users submit information to the app, logging the location of the phone.[18] CBP initially stated that the GPS coordinates were retained only briefly, but now acknowledges retaining that data for one year, and providing CBP staff with access to the data.[19]
When CBP conducts Biometric Exit at airports or land borders, the agency does not get access to individuals precise location information upon their arrival in foreign countries. Currently, Biometric Exit is implemented in certain airports by collecting a facial image when travelers line up to board their planes.[20] On the northern land border, CBP receives biographic data but not facial images from the Canadian government when travelers cross the border.[21] At no point in the current process do travelers report their location once they leave the U.S. And it’s not clear if CBP is even authorized to collect biometrics on travelers once they return to foreign countries, as Biometric Exit authorizes CBP to collect this information upon departure.[22] In any case, collecting geolocation data is unnecessary to achieve biometric exit, which CBP can implement in person at air, land, and sea borders.
By allowing travelers to self-report through CBP One, the agency is passing off its obligation to collect biometric data onto travelers. In the future, the app may shift the burden for reporting exits from CBP to individuals, creating risks that individuals will be unable to report their exit and open themselves up to consequences down the line for failing to report. As reports have extensively documented, CBP One is a glitchy app that does not work well on all types of phones, and in all lighting conditions. And if self-reporting Biometric Exit is voluntary, many travelers will not report their exits. However, if CBP makes reporting exits through CBP One mandatory, then failure to report an exit could implicate future visa and travel eligibility for many U.S. visitors.
Conclusion
EPIC urges OMB to take an active role managing expansion of the CBP One app to ensure travelers’ privacy is protected and that individuals do not lose access to immigration benefits. Both CBP and OMB should factor the privacy and safety of immigrants and visitors to the US into any future consideration of CBP One expansion and should not impose higher data collection or registration requirements on already vulnerable individuals. CBP should never require the use of the CBP One app as the sole means to apply for benefits and should not codify the use of any app with demonstrated flaws and documented biased impacts. Please address any questions to EPIC Counsel Jake Wiener at [email protected].
Respectfully Submitted,
Jake Wiener
Jake Wiener
EPIC Counsel
[1] 89 Fed. Reg. 14,083. This comment submitted by email to [email protected].
[2] See, e.g., Comments of EPIC to the Department of Homeland Security, Terrorist Screening Database System of Records Notice and Notice of Proposed Rulemaking, Docket Nos. DHS-2016-0002, DHS-2016-0001 (Feb. 22, 2016), https://epic.org/apa/comments/EPIC-Comments-DHS-TSD-SORN-Exemptions-2016.pdf; Comments of EPIC to the Department of Homeland Security, Correspondence Records Modified System of Records Notice, Docket No. DHS-2011-0094 (Dec. 23, 2011), https://epic.org/wp-content/uploads/privacy/1974act/EPIC-SORN-Comments-FINAL.pdf; Comments of EPIC to the Department of Homeland Security, 001 National Infrastructure Coordinating Center Records System of Records Notice and Notice of Proposed Rulemaking, Docket Nos. DHS-2010-0086, DHS-2010-0085 (Dec. 15, 2010), http://epic.org/privacy/fusion/EPIC_re_DHS-2010-0086_0085.pdf.
[3] Dana Khabbaz, DHS’s Data Reservoir: ICE and CBP’s Capture and Circulation of Location Information, EPIC (Aug. 2022), https://epic.org/documents/dhss-data-reservoir-ice-and-cbps-capture-and-circulation-of-location- information/; EPIC Comments to DHS: Advance Collection of Photos at the Border (Nov. 29, 2021), https://epic.org/documents/epic-comments-to-dhs-advance-collection-of-photos-at-the-border/; EPIC Comments to DHS on Collection of Biometric Data From Aliens Upon Entry to and Departure From the United States (Dec. 21, 2023), https://epic.org/documents/collection-of-biometric-data-from-aliens-upon- entry-to-and-departure-from-the-united-states/.
[4] American Immigration Council, Government Documents Reveal Information about the Development of the CBP One App(Feb. 28, 2023), https://www.americanimmigrationcouncil.org/FOIA/government-documents-reveal-information-about-development-cbp-one-app.
[5] The latest CBP One PIA update dates to May 2023. Dep’t of Homeland Security, Privacy Impact Assessment for CBP OneTM, DHS Reference No. DHS/CBP/PIA-068 (May 12, 2023), https://www.dhs.gov/publication/dhscbppia-068-cbp-one-mobile-application (hereinafter CBP One PIA).
[6] CBP One PIA at 2-3, “By Summer 2022, CBP will pilot a new Self-Reporting Mobile Exit feature. This new feature will allow some nonimmigrant aliens to self-report their exit from the United States at certain ports of entry on the Northern Border….CBP will publish a standalone, function-specific PIA before making the Self-Reporting Mobile Exit feature active.”
[7] See Melissa del Bosque, Facial recognition bias frustrates Black asylum applicants to US, advocates say, The Guardian (Feb. 8, 2023), https://www.theguardian.com/us-news/2023/feb/08/us-immigration-cbp-one-app-facial-recognition-bias; John Washington, Glitchy CBP One app turning volunteers into Geek Squad support for asylum-seekers in Nogales, Arizona Luminaria (Mar. 20, 2023), https://azluminaria.org/2023/03/20/glitchy-cbp-one-app-turning-volunteers-into-geek-squad-support-for-asylum-seekers-in-nogales/.
[8] Id. (Washington).
[9] Lorena Rios, The New U.S. border wall is an app, MIT Tech. Rev. (Jun. 16, 2023), (“The International Organization for Migration surveyed migrants in Tamaulipas and found that the app seemed to present more issues on Huawei phones. Rumors abounded about potential fixes. Some migrants believed the iPhone’s iOS system works better than Android and that older versions of the app worked better than the most recent updates.”).
[10] Kate Morrissey, ‘System error’: As smartphone app becomes only way to request asylum, it locks out many migrants, The San Diego Union-Tribune, May 11, 2023, https://www.sandiegouniontribune.com/news/immigration/story/2023-05-11/cbp-one-asylum-error.
[11] Amnesty International, United States of America: Mandatory Use of CBP One Application Violates the Right to Seek Asylum, AMR 51/6754/2023 (May 2023), https://www.amnesty.org/en/documents/amr51/6754/2023/en/.
[12] Dan Salvano-Dunn and Lisa Taylor, Retention Memo to CBP Concerning the CBP One App Complaint Nos. 005827-23-CBP, 005762-23-CBP, 006024-23-CBP, 006149-23-CBP, and 006058-23-CBP, DHS Office of Civil Rights and Civil Liberties (May 24, 2023), https://www.dhs.gov/publication/retention-memo-cbp-concerning-cbp-one-app.
[13] Rep. Joaquin Castro et al., Letter from 30 Members of Congress to Secretary Mayorkas on CBP One (March 21, 2024), https://castro.house.gov/imo/media/doc/03212024lettertodhsenglish.pdf; Rep. Joaquin Castro et al., Letter from 35 Members of Cognress to Secretary Mayorkas on CBP One (Mar. 13, 2023), https://castro.house.gov/imo/media/doc/cbponeletter_final.pdf.
[14] CBP One PIA at 2-4.
[15] Rebecca Heilwil and Caroline Nihill, CBP leaning into biometrics on controversial app, raising concerns from immigrant rights advocates, FedScoop (Mar. 7, 2024), https://fedscoop.com/cbp-one-app-biometrics-immigrants-rights/.
[16] Id., (“photos sent to the app are, for instance, scanned with a facial recognition algorithm and uploaded to a Traveler Verification System gallery and the Automated Targeting System, which is used to compare traveler information to other law enforcement data, according to a privacy impact assessment published at the beginning of last year.”); Dep’t of Homeland Security, Privacy Impact Assessment Update for the Automated Targeting System, DHS Reference No. DHS/CBP/PIA-006(e) (Jan. 2017, last updated May 2022), https://www.dhs.gov/publication/automated-targeting-system-ats-update.
[17] CBP One PIA at 10.
[18] Id.
[19] Dep’t of Homeland Security, Privacy Impact Assessment Update for the
Collection of Advance Information from Certain Undocumented Individuals on the Land Border: Post Title 42, DHS Reference No. DHS/CBP/PIA-076(a) at 5 (May 12, 2023) https://www.dhs.gov/sites/default/files/2023-05/privacy-pia-cbp076%28a%29-advance-collection-for-undocumented-individuals-may2023.pdf; CBP One: An Overview, American Immigration Council at 6 (June 2023), https://www.americanimmigrationcouncil.org/sites/default/files/research/cbp_one_an_overview_0.pdf.
[20] Abigail F. Kolker, Immigration: The U.S. Entry-Exit System, CRS Report No. R47541, Cong. Research Serv. At 9-10 (May 2, 2023), https://crsreports.congress.gov/product/pdf/R/R47541.
[21] Id. at 11.
[22] Masha Borak, CBP One app criticized over extra-territorial biometrics collection, Biometric Update (Mar. 8, 2024), https://www.biometricupdate.com/202403/cbp-one-app-criticized-over-extra-territorial-biometrics-collection.
Support Our Work
EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.
Donate