The Use of Biometric Technology at the Department of Homeland Security

Austin Gould, Assistant Administrator, Requirements and Capabilities Analysis
United States House of Representatives Committee on Homeland Security
Wednesday, July 10, 2019
As Prepared for Delivery

Good morning Chairman Thompson, Ranking Member Rogers, and distinguished members of the Committee.  Thank you for inviting me to testify about TSA’s current work on assessing how biometric technology can potentially improve both the security and efficiency of our transportation system.  In June 2018, I became the Assistant Administrator of TSA’s Requirements and Capabilities Analysis (RCA) office.  RCA is responsible for driving the strategy and development of TSA’s security architecture and operational capabilities to enhance security and optimize mission performance through analysis and innovation.  RCA directly supports TSA’s mission by assessing current state operations, conducting gap analyses, managing needs identification, and developing requirements to generate new and improved security capabilities in alignment with the future vision of aviation security.   

Assessing biometrics technology for application to TSA’s missions is a key initiative for RCA.   I welcome this opportunity to explain to the Committee why TSA evaluates the potential to use facial recognition technology during its passenger screening process, how TSA leverages both the work and systems already developed by U.S. Customs and Border Protection (CBP), and the efforts we have taken to date, and continue to take, to ensure that cybersecurity, privacy and civil liberties concerns are considered and addressed at every stage of biometric testing and potential deployment.  

The U.S. aviation transportation system accommodates approximately 965 million domestic and international passengers annually – this equates to the screening of roughly 2.2 million passengers, 1.4 million checked bags, and 5.1 million carry-on bags each day.  In Fiscal Year (FY) 2018, TSA screened more than 804 million aviation passengers, representing a 5 percent volume increase from FY 2017.  Despite the significant progress the U.S. government has made to improve transportation security, aviation hubs remain high value targets for terrorists. Terrorist modes and methods of attack are more decentralized and opportunistic than ever before.  

To stay ahead of these adversaries, we have to innovate, deploy new solutions rapidly and effectively, and make the most of our resources.   In enacting the Aviation and Transportation Security Act in 2001, Congress recognized the importance of having TSA explore the use of biometric or similar technologies to enhance security in the aviation domain.  As part of its mission to protect the nation’s transportation systems to ensure freedom of movement for people and commerce, TSA is exercising this authority to assess the use of biometrics technology, such as facial recognition, for identity verification, including at the checkpoint.  Our evaluation of the use of biometrics technology is for the purpose of ascertaining how biometric technology might be used to automate passenger identity verification processes to fulfill a number of TSA security requirements, and relatedly, to determine a passenger’s ability to access areas of the airport beyond the checkpoint. 

Today, TSA Transportation Security Officers at the Travel Document Checker position at each checkpoint and airline employees at the check in desk visually compare the passenger in front of them to their photo ID to verify identity.  TSA seeks to assess whether biometrics technology can automate these processes in ways that enhance security effectiveness, improve operational efficiency, and streamline the passenger experience.  TSA’s investment in  Credential Authentication Technology (CAT) units  provides a key tool through which the agency is analyzing how biometric facial recognition may be applied and optimized at the checkpoint.   CAT authenticates the security features of a passenger’s identification document and then displays the passenger’s screening status from Secure Flight to ensures that the passenger has the appropriate flight reservation to progress through security screening and enter the sterile area.  Currently, TSA is assessing the benefits of adding a front end camera to CAT units to further improve the identity verification process.   

TSA recognized the need to outline a comprehensive approach for how it might develop and implement biometric solutions.  To that end, TSA issued the TSA Biometrics Roadmap for Aviation Security & the Passenger Experience, which is available to the public on TSA’s website, in September 2018.   The Biometrics Roadmap centers on four goals:

  • Partnering with CBP on biometrics for international travelers;
  • Operationalizing biometrics for TSA Pre✓® travelers;
  • Expanding biometrics to additional domestic travelers; and
  • Developing support infrastructure for biometric solutions.

Equally important, the Biometrics Roadmap also established as a guiding principle that TSA will adopt a “privacy by design” mindset that incorporates privacy and civil liberty considerations into each phase of biometric solution development (design, build, implement).  It also delineates that privacy protections will include restrictions to prevent the use of biometrics for purposes other than transportation security unless individuals have opted into other uses.  Importantly, passengers will always have an option to not be processed through biometrics solutions at our checkpoint.   

In 2004 Congress directed CBP to develop a biometric entry/exit program, and CBP has been developing and deploying an automated facial recognition solution since 2013 in order to comply with this mandate.  Recognizing the opportunity to align and leverage similar operational efforts amongst DHS Components, TSA signed an agreement with CBP in April 2018 on the development and implementation of joint work related to biometric technology at airports.  Because of this partnership, TSA and CBP have collaborated on a series of multi-phased pilots using CBP’s facial recognition technology, the Traveler Verification Service (TVS), for identity verification at the TSA checkpoint at three major airports. 

  • The first phase pilot, which TSA conducted at John F. Kennedy International Airport between October and November 2017, tested TVS’s ability to perform facial matching for volunteer international outbound passengers at the TSA checkpoint.  TSA did not alter any operational procedures during this phase. 
  • There were two second-phase pilot programs, also involving volunteer passengers.  One occurred at Los Angeles International Airport from August to October 2018, and evaluated using TVS’s facial matching results for passenger identity verification.  The other pilot program, which began in November 2018 at Hartsfield-Jackson Atlanta International Airport in coordination with Delta Air Lines, is ongoing and testing the long-term viability of biometrics at check-in, bag drop, and the checkpoint.  
  • The third phase of pilot programs will focus on TSA’s ability to combine Secure Flight vetting status with the identification results from TVS’s facial matching technology.

This deliberate, iterative approach to assessing facial recognition technology applications in TSA operations provides the agency with a significant learning opportunity as well as helping to refine future testing and pilot designs.   We are grounding our exploration of biometric solutions in rigorous scientific study and analysis as well as ensuring appropriate privacy and cybersecurity safeguards are in place.  While TSA and CBP coordinate efforts on passenger-facing biometrics today, TSA is also laying the groundwork for an eventual transition of relevant storage and matching capabilities to DHS Office of Biometric Identity Management (OBIM), an entity established by Congress to provide the Department with enterprise biometric solutions.   TSA has engaged OBIM regularly on the build out of its next generation Homeland Advanced Recognition Technology, which will modernize and replace the legacy Automated Biometric Identification System, as well as to receive the benefit of their subject matter expertise.

Based on the work of DHS S&T, the National Institute for Standards and Technology, and other researchers, we are aware of a variety of concerns related to differences in performance for travelers of different demographic groups and take this issue seriously. Some of these concerns pertain to risk of different error rates that correlate with user race, gender, and age.  As required by the TSA Modernization Act (Public Law 115-254, Oct. 5, 2018), TSA studied matching performance differences across biometric systems and operational environments to identify the existence of disparities on these and other grounds.   In fact, pursuant to this Act, TSA will provide a report to Congress that includes an assessment of these issues.  

TSA also recognizes that biometric technologies pose unique privacy concerns.  Reflective of such, TSA continually assesses privacy impacts and implements, as necessary, various strategies to address them in the passenger context.  Should TSA fully operationalize this technology, it will mitigate privacy risks through providing robust notice and meaningful choice of alternatives, ensuring strong data security measures, deleting biometric data promptly following the passenger transaction, and focusing the uses of the biometric data to those directly necessary for transportation security, or as authorized under the Privacy Act of 1974, 5 U.S.C. § 552a.    A number of publicly available Privacy Impact Assessments (PIAs) on the Traveler Verification Service (TVS) and CBP’s cloud-based facial matching system have been issued, which TSA has relied upon throughout the collaboration.  These PIAs will be updated and strengthened as necessary as biometric identification develops further. They can be found on the DHS Privacy Office’s public-facing website for review.

With regard to future endeavors, TSA is committed to protecting personally identifiable information, being transparent, and proactively mitigating privacy and civil liberties risks identified in the use of biometric technology.   To that end, the DHS’s Fair Information Practice Principles, known as the FIPPs, which serve as DHS’s overarching privacy principles as applied across the Department, will guide efforts to protect privacy while achieving the operational and security benefits of biometrics technology.      

Although TSA is still early in its exploration of biometric technologies, we are excited about the potential security benefits building this capability may provide.  We plan to continue testing and evaluating biometrics technology in an operational context through additional pilot programs.  TSA is planning for a pilot in the fourth quarter of this fiscal year at McCarran International Airport to test the 1:1 matching capabilities of the upgraded front-end CAT machine with a camera unit for facial recognition procedures in TSA Pre✓® lanes.  This pilot will not involve CBP technologies or processes. TSA is finalizing the PIA for this pilot to ensure the public is aware of any pilot biometric technology solutions involving the collection, maintenance, use, or dissemination of personally identifiable information.

As reflected by TSA’s March 2019 Biometrics Industry Day—an event attended by more than 120 people representing various public and private stakeholder groups including five different privacy advocacy organizations—we will continue to strive to foster communication, transparency, and input regarding our findings and approach to developing biometric solutions.  Through the information we obtain from pilots and stakeholders, we hope to gain a better understanding of the operational impacts of this technology on travelers and consider that in developing procedures for the potential use of this technology at the checkpoint.  TSA will continue to work on building a robust requirements and architecture foundation, develop an acquisition strategy, and seek to fulfill the goals identified in the Biometrics Roadmap

Chairman Thompson, Ranking Member Rogers and members of the Committee, thank you for the opportunity to testify before you today.  I look forward to your questions.