Concerning Registered Air Travel
- Department of Homeland Security Disregards Public Comments and Issues Final Rule that Undermines Traveler Privacy Rights: The U.S. Customs and Border Protection, a component within the Department of Homeland Security, issued a final rule approving Global Entry, a traveler screening program, despite the substantial privacy and security risks brought to the agency's attention. Under the Global Entry program, the CBP collects detailed personal information, including social security numbers and biometric information, that should be subject to Privacy Act safeguards. However, the agency rejected EPIC's recommendations that it comply with the Privacy Act by limiting the distribution of information to only those that need the information for screening purposes. In EPIC's comments, EPIC also noted that CBP violated federal law by not conducting a Privacy Impact Assessment before implementing the new Global Entry program. For more information, see: EPIC: Global Entry. (Feb. 8, 2012)
- EPIC Urges Increased Privacy for "Global Entry" Registered Traveler Program: On January 19, EPIC filed comments with the US Customs and Border Protection (CBP), urging the agency to “to revise its establishment of the Global Entry program and to reconsider the privacy and security implications of the program.” CBP proposed to make permanent the Global Entry program, under which pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. EPIC urged CBP to ensure that Global Entry complied with the Privacy Act and to conduct a separate Privacy Impact Assessment. Those measures are particularly pressing in light of recent problems, including data breaches and bankruptcy, experienced by “Clear,” a similar registered traveler program. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for registered traveler programs would jeopardize air traveler privacy and security. For more information, see EPIC Global Entry, EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging. (Jan. 28, 2010)
The United States Customs and Border Protection (CBP) has proposed to make permanent a program called "Global Entry." Global Entry was first activated by the CBP on June 6, 2008, as a pilot program in seven airports. On August 24, 2009, CBP expanded the pilot program to 13 other airports.
Under the program, international travelers may register with the CBP by providing their passport information and a copy of their fingerprints. According to CBP, registrants must also pass a background check and an interview with a CBP officer before they may be enrolled in the program. Only individuals who are 14 years of age and older who are U.S. citizens, U.S. nationals, U.S. Lawful Permanent Residents, or citizens of certain other countries may enroll in Global Entry. Individuals may be disqualified from enrolling if they:
- Are inadmissible to the United States under applicable immigration laws;
- Provide false or incomplete information on their application;
- Have been convicted of a criminal offense in any country;
- Have been found in violation of customs or immigration laws; or
- Fail to meet other Global Entry requirements.
Registered international travelers can then bypass conventional airport security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. CBP claims that Global Entry will "streamline the international arrivals and admission process at airports for trusted travelers through biometric identification."
The CBP announcement followed the recent news that Clear, a Registered Traveler program, had entered bankruptcy, raising questions about the possible sale of the biometric database that was created. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for Registered Traveler programs would jeopardize air traveler privacy and security.
According to CBP, the information collected through the on-line application is deposited into the Global Enrollment System (GES), a system of records for CBP trusted traveler programs. CBP can share applicants' personal information, including fingerprint biometrics, with other government and law enforcement agencies. CBP stores applicants' information in two separate systems of records: "personal information" is stored in the GES, and "applicant biometrics" are stored in the Department of Homeland Security (DHS) Automated Biometric Identification System, or IDENT.
However, EPIC submitted comments to CBP in 2006 regarding the GES system of records, arguing that the database raises substantial privacy and security issues, and requesting that CBP narrow its claimed exceptions from the Privacy Act of 1974. The GES system of records is exempted from key fair information principles such as the requirements that an individual be permitted access to personal information, that an individual be permitted to correct and amend personal information, and that an agency assure the reliability of personal information for its intended use. By placing the data of Global Entry applicants into the GES system of records, CBP is expanding an a flawed system and failing to protect individuals' privacy.
Moreover, the Global Entry program repeats the failures of past "trusted traveler" programs. A “Trusted Traveler” system creates a substantial security risk, as it divides travelers into categories whose criteria can be learned and exploited. It creates two classes of travelers: trusted and not trusted. But, as security expert Bruce Schneier has explained, this could also create a third category: “bad guys with the card."
Criminals will choose applicants without previous links to terrorism, who can pass the background checks, to commit their crimes. For example, neither Oklahoma City bomber Timothy McVeigh nor Unabomber Ted Kaczynski had previous ties to terrorism, Schneier said.
Finally, the inclusion of Global Entry data into the GES system of records increases the risk of "mission creep." This is a risk that information volunteered will be used for reasons not related to their original security purposes. The GES system of records identifies seven categories of “routine uses” of personal information that will be collected and maintained in the program’s system of records. In one category, CBP anticipates disclosure to: Federal, State, local, foreign, international or tribal government agencies or organizations that are lawfully engaged in collecting intelligence or law enforcement information whether civil, criminal or administrative) and/or charged with investigating, prosecuting, enforcing or implementing civil and/or criminal laws, related rules, regulations or orders, to enable these entities to carry out their law enforcement and intelligence responsibilities. This category is so broad as to be almost meaningless, allowing for potential disclosure to virtually any government agency worldwide for a vast array of actual or “potential” undefined violations. The risk of mission creep is clear.
- EPIC Air Travel Privacy
- EPIC Biometric Identifiers
- EPIC Automated Targeting System
- EPIC Whole Body Imaging
- EPIC Spotlight on Surveillance - Registered Traveler Card
- EPIC Secure Flight
- DHS Privacy Impact Assessment: Global Enrollment System
- DHS Privacy Impact Assessment: Global Online Enrollment System
- CBP: Global Entry Program Overview
- Homeland Security Moves To Make Global Entry Permanent, Business Travel News Online, Jay Boehmer, Nov. 19, 2009.
- Homeland Security Expands Biometric Security Program, InformationWeek, J. Nicholas Hoover, Aug. 14, 2009.
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
by Ryan Calo, A. Michael Froomkin,