US Customs and Border Protection (CBP) has published a new Privacy Impact Assessment (PIA) for its Automated Passport Control (APC) kiosks and Mobile Passport Control (MPC) apps. Unlike most PIA’s, this one does not say why it was prepared, or what, if anything, about the programs it assesses has changed. But it appears to be a response — although an inadequate and possibly still a factually inaccurate one — to some of our complaints.
At many international airports and some cruise ports in the US, travelers — including US citizens — have to submit their mug shots to CBP through either an APC kiosk or the MPC smartphone app before they are allowed to proceed to CBP officers for customs, immigration, and agricultural inspections. This requirement is enforced by “line minders” manning the velvet ropes and directing pedestrian traffic inside “sterile” arrival areas. These line minders are employed by the airline, airport, and/or their contractors or sub-contractors, making it easy for CBP to deny any responsibility for their actions.
The CBP officials we met with in January denied that anyone is required to use the APC kiosks, contrary to our experience and that of other participants in the meeting.
When we complained that CBP hasn’t complied with even the minimal notice requirements of the Privacy Act and the Paperwork Reduction Act (PRA) for this sort of data collection, CBP’s Privacy Officer responded, “I do not consider this program to be operating in violation of the Privacy Act, therefore, I have nothing to investigate.”
But although CBP didn’t conduct an “investigation”, it does appear to have conducted a new “assessment” and published a new set of claims about what it is doing.
What does CBP now say about its mug shots of arriving travelers? And is it true?
We call B.S.
The new CBP Privacy impact Assessment (PIA) claims that (1) use of the APC kiosks is voluntary, and (2) the APC kiosks and MPC apps include initial popup notices including a Paperwork Reduction Act (PRA) notice and a notice of the right to opt out:
7. Notices include Intellectual Property Rights, Paperwork Reduction Act, and Section 311 of the Trade Facilitation and Trade Enforcement Act of 2015 Notice.
For starters, the claim about providing notices “prior to download” of the MPC app is patent nonsense. It’s either a deliberate and knowing lie or indicative of gross incompetence or gross negligence on the part of those who signed off on the CBP “assessment”. Nobody who has actually tested downloading or using these apps could possibly believe this claim to be true.
Hundreds of thousands of people have downloaded and installed these apps. Any of them can see that what CBP says about these app isn’t true. Who does CBP expect to fool?
A popup message citing OMB Control Number 1651-0009 (discussed further below) is displayed in the Android app after personal information including passport details and a selfie photo have been entered. But that’s not what the PIA claims. And since the Android app can only be installed through the Google Play Store, which requires root privileges on the device, there’s no way for the user to tell if any or all of this information has already been transmitted to the government and/or private parties before the notice is displayed. The same is presumably true for the iOS app available through the Apple App Store.
As for the APC kiosks, we’ve never seen a popup Privacy Act or PRA notice on any of them in the past, including when we have arrived in the US as recently as early in March 2018.
Has anyone who has entered the US more recently seen such a notice on an APC kiosk?
Has CBP added new notices to the APC kiosks in the last few weeks, or are they still lying about the APC kiosks as well as about the MPC apps?
It’s significant that CBP now says explicitly that, “use of these approaches [APC kiosks and MPC apps] is purely voluntary and [travelers] retain the option of proceeding directly to the CBP for the more traditional examination.” If you don’t want to add a “selfie” to the CBP’s files every time you enter the US, you might want to save and/or print a copy of this portion of the PIA to show the next line-mender who won’t let you out of the roped-off corral around the APC kiosks unless and until you show an APC receipt including your photo.
Have you been told that you had to use the APC kiosks, or prevented from “proceeding directly to the CBP” past the APC kiosks without using them?
And if there is a PRA notice on any of the APC kiosks, what OMB control number does it cite? Our guess is that it would be OMB Control Number 1651-0009. But so far as we can tell, neither this nor any other OMB approval or OMB control number would actually apply to mug shots of arriving US citizens.
OMB Control Number 1651-0009, which previously covered the paper customs declaration forms, was most recently amended in 2015 to add the collection of the same information as is on the paper forms through the APC kiosks and MPC apps (which have already been in use, illegally, without OMB approval). But this OMB approval was for an “extension without change of an existing information collection”, adding the kiosks and apps only as new modes of collection of the same data. The supporting documents submitted to OMB specifically stated that all of the information to be collected through the kiosks and apps was already included on the paper form. The paper form, of course, didn’t include photos or any other biometric data, and the collection of this data remains unapproved.
The CBP Privacy Impact Assessment doesn’t even pretend to address the requirement of the Privacy Act for explicit statutory authorization for collection of information about the exercise of rights protected by the First Amendment, including speech and assembly.
In our meeting with CBP officials in January, they claimed that airlines and airports (including those that own and/or operate the APC kiosks) have no interest in retaining photos or other biometric identification data about travelers or using them for other purposes. But airlines, airport operators, and their technology providers continue to say exactly the opposite, in the plainest possible terms.
For example, a white paper on biometrics for passenger processing published in March by SITA, an IT service provider cooperative founded and jointly owned by its member airlines, stress the priority placed by the industry on “interoperability and common use” of biometric data, including commercial use of government-mandated personal data:
Julie Shainock, Global Director Travel and Transportation, Microsoft … believes that it would be great for airlines and airports to have access to this information, so the airline/airport does not have to ask a passenger or guest for the same information available to other security agencies. This will eliminate redundancy….
IATA’s One ID concept seeks to introduce a collaborative identity management solution that spans across all process steps and stakeholders in the end-to-end journey from booking to destination… Rather than asking passengers to identify themselves at each touchpoint in a repetitive manner, to various stakeholders and for different purposes, the idea is to authenticate the passenger’s identity just once, to a sufficiently high standard and as early as possibly in the process, ideally prior to arriving at the airport, and then sharing this information with authorized stakeholders so that the passenger will not just be recognized but actually expected at subsequent touchpoints…
The end goal is to provide passengers with a frictionless experience as they go through the airport…. Creating this walk-through experience will require smart integration of biometrics with next-generation access control systems, as well as with the existing airline and airport systems.