Biometric breakthrough: CBP’s innovative approach to keeping America safeBy Marcy Mason, Writer, US Customs and Border Protection
It is 07:45 on a Wednesday morning in May at Hartsfield-Jackson Atlanta International Airport in the United States (US) and passengers are boarding Delta Air Lines flight 334 to Mexico City. One by one the passengers scan their boarding passes and approach a camera that is set up on the air bridge where they have their pictures taken before they board the flight.
The photos are being matched through biometric facial recognition technology to photos that were previously taken of the passengers for their passports, visas, or other government documentation. All is moving smoothly until the US Customs and Border Protection (CBP) officers assisting the passengers are alerted that they need to check one of the travellers.
It’s a 28-year old woman, a Mexican national with a Mexican passport. The biometric system alerted the officers because when preflight information was gathered on the woman, no historical photos to match against her could be found. A CBP officer took the woman aside and looked at her passport. No visa was attached and the woman did not have a ‘green card’ to prove she was a lawful permanent resident. Upon further questioning, the woman admitted that four years ago, she had come into the country illegally.
Using a specially designed CBP biometric mobile device, the officer took fingerprints of the woman’s two index fingers. “This was the first time that we had captured this individual’s biometrics, her unique physical traits,” said Bianca Frazier, a CBP enforcement officer at Hartsfield-Jackson Atlanta Airport. “We didn’t have her biometrics because we had never encountered her before.”
As early as 2002, shortly after the worst terrorist attack in US history, legislation was passed requiring the Department of State and the Department of Homeland Security (DHS) to use biometric technology to issue visas and screen non-US citizens entering the country. Then in 2004, more legislation was passed, authorizing DHS to collect biometric data from non-US citizens exiting the country.
According to Frazier, finding people who have entered the country illegally is common. Since June 2016, when CBP and Delta Air Lines launched a pilot programme to test CBP’s biometric facial recognition exit technology, passengers like the young Mexican woman have been found daily. “Most days we find a minimum of two or three undocumented people, but sometimes we find as many as eight to 10 boarding a flight,” said Frazier.
Ultimately, the woman was allowed to board the flight, but when Frazier used CBP’s mobile device to take her fingerprints, it created a fingerprint identification number that is specifically tied to the woman. In the future, if she applies for a visa to return to the US or is encountered crossing the border illegally, an alert will be triggered, indicating that the woman had previously entered the country illegally and is on a lookout list. Additionally, when Frazier processed the traveller, the device automatically created a biometric exit record confirming that the woman left the US.
For more than a decade, the US government has been struggling to find a way to develop a practical and cost effective biometric entry/exit system that fulfills a congressional mandate to keep America safe. CBP has partnered with the US air travel industry to meet that goal and is implementing innovative ways of using biometric technology to provide better enforcement and a better experience for travellers.
By 2013, when CBP assumed responsibility for designing and implementing a system that could biometrically track travellers exiting the US, the government had been wrestling with the challenge for years. Technology was part of the problem, but how to integrate that technology into the existing infrastructure at airports without driving up costs and negatively impacting airport and airline operations was a conundrum.
CBP had been working with the airlines to verify travellers entering and exiting the country since the mid-1990s, using travellers’ biographic information – date of birth, passport number, document number, country of citizenship, etc. “The airlines sent us the manifest information in advance of a flight’s departure,” said John Wagner, Deputy Executive Assistant Commissioner of CBP’s Office of Field Operations. “We did law enforcement work based on that data.”
But then, after the 2001 terrorist attack, biographic information was not enough. To increase security, the US Congress passed legislation that added biometric requirements for tracking travellers. “Inbound passengers were easier to track because we already had a process,” said Wagner. “When travellers come off of an international flight, they are funnelled through a secure pathway to the CBP inspection area. The airline transmits the biographic data to us. We verify that information when we read a traveller’s passport and we make sure it’s accurate. That’s when we also collect fingerprints from most non-US citizens.”
With outbound flights, collecting passengers’ biometrics is much more difficult. “We’ve never constrained departures to be able to do that,” said Wagner. “We don’t have specific departure areas for outbound flights. International flights depart from all over the airport, so it was difficult to figure out where we could collect biometrics and what technology we would use.”
Added to that, CBP lacked support. “The travel industry stakeholders were vehemently opposed to any of this because they thought it would cost money and it would slow people down,” said Wagner. The challenges seemed insurmountable. “We were focused on where is the magic technology that is going to make this work and address all of these concerns. No one had been able to find it because it didn’t exist,” he said.
Wagner and his team took a fresh start. They reached out to the DHS Science and Technology Directorate, the department’s research and development arm, to learn more about the biometric technology that was available and which methods of collection would work best. Shortly thereafter, in 2014, a demonstration test lab was set up in Landover, Maryland.
“We evaluated more than 150 different biometric devices and algorithms. We put them together in different configurations and then brought in test volunteers to actually run through the process to figure out how long it took, what kind of throughput we were able to get, how well the biometrics matched, and what their performance ultimately was,” said Arun Vemury, Director of the DHS Science and Technology Directorate’s Apex Air Entry/Exit Re-engineering and Port of Entry People Screening programmes. “Over time, we brought in more than 2,000 people from 53 different countries of origin, who varied in age from 18 to 85. We were trying to mimic the demographics of travellers coming to the US.”
One of the things that Vemury learned was that the algorithms used in facial recognition technology have become much more advanced. The algorithm is the formula that identifies the unique biometric features in a finger, iris, or face and then compares those points to corresponding areas in previously collected biometrics. “Because of the improvements in facial recognition technology, we can verify people’s identities with facial recognition much more effectively today than we could even just two years ago,” said Vemury.
Concurrently, CBP was doing its own laboratory tests and conducted a series of pilots. “We ran several pilots to help us learn about the different types of biometric technology in the different environments where we work,” said Wagner. For example, CBP was aware that US passports were vulnerable to fraud and thought a biometric tool could help.
After months of testing algorithms and cameras, CBP developed a one-to-one facial recognition technology that compared inbound travellers against their passport photos. “The pilots showed us that the facial recognition technology was accurate,” said Wagner. “We grew confident that the algorithms were good enough to use and rely on.”
CBP also built a handheld, mobile device that allowed officers to run fingerprints on departing travellers. “We tested the Biometric Exit Mobile in 2015 at 10 airports around the country,” said Wagner. “It showed us we could accurately take fingerprints from a mobile device and gave our officers the capability to do law enforcement and biometric queries on a smart phone if they saw that an individual requires further investigation.”
Biometric success story
As a law enforcement tool, the Biometric Exit Mobile has produced stunning results. Case in point is an incident that occurred in May 2017 at Chicago O’Hare International Airport involving two Polish nationals who were boarding a flight to Berlin, Germany. When the couple presented their passports at the departure gate, the CBP officers did not find any US visas or country entry stamps, so they decided to run a check and swiped the couple’s passports.
The biographical information did not reveal anything adverse, but as a precautionary check, the officers used the Biometric Exit Mobile device to take the couple’s fingerprints. The officers took the index prints of the woman first and within seconds, she came back as a watch list hit. The same occurred with the man. Both had been ordered deported by an immigration judge, but they did not leave the country.
The officers wanted to clarify what they discovered, so they reached out to a colleague. “I pulled up the woman’s name and nothing came up. There was no record on her whatsoever,” said Jonathan Cichy, a CBP enforcement officer who works outbound operations at Chicago O’Hare Airport. “However, when I checked her fingerprints, there was a hit, but for a woman with a different date of birth and a different identity, which she had been arrested and deported under.”
Then Cichy looked at the manifest for the flight. “I saw they weren’t on it. There was no record of the identities they were using to get on the plane,” he said. After checking further, Cichy found that both of the Polish nationals had criminal histories with multiple identities. “But none that came up in our systems because they weren’t leaving under any of those identities. Biographics alone did not tell us the full story,” said Cichy.
The couple was allowed to board the flight, but not until Cichy had served them with legal papers to verify their departure and close out the deportation case. “If either one of them is found attempting to return to the US without permission, they could be prosecuted for reentry after deportation, a felony that carries a sentence of two to 20 years,” said Cichy.
CBP’s biometric exit tests culminated in June 2016 with a pilot programme at the Hartsfield-Jackson Atlanta Airport. Wagner and his team had a breakthrough. “We came up with a way of taking the information we receive about passengers from the airlines and matching it against information we already have in our government databases,” said Wagner.
Based on their research, Wagner and his team decided to use facial recognition technology. “We found that facial recognition was intuitive for people. Everybody knows how to stand in front of a camera and have his or her picture taken,” said Wagner.
Aside from being quicker than other biometric methods, facial recognition has additional pluses. The physical design of the camera does not take up much space, and the equipment is not costly. Furthermore, CBP already has a collection of photos for biometric comparison. “People have already provided their photographs to the government for travel purposes,” said Wagner.
But the real feat was when CBP found a way to speed up the photo matching process. “As soon as a passenger checks in with the airline, the airline tells us who is getting on the plane. At that point, we find all the photos we have of the people on the flight and we pool them, and then segment them into individual photo galleries for each passenger,” said Wagner. “If there are 300 people on the flight, we find every photo we have of those 300 people. Generally, that means we will have about 1,500 pictures because we have multiple photos of each passenger.”
Then, as the passenger boards the flight, he or she has his or her picture taken. That photo is compared to his or her individual gallery of photos rather than comparing it to a billion photos that are in DHS’s biometric database. “The matching is done in real-time because it’s a small file and it’s accurate,” said Wagner.
The Atlanta pilot also was designed with certain parameters. “We did not want to add another layer onto the travel process,” said Wagner. “We told our stakeholders, ‘We want to design something that fits within your existing operations and infrastructure. We’re trying to make things easier for travellers. We don’t want to add additional steps or processes.’”
In a discussion with Delta Air Lines, Wagner asked if the airline would be interested in participating in a biometric pilot. “We have a very strong, long-standing, collaborative relationship with CBP,” said Jason Hausner, Delta Air Lines’ Director of Passenger Facilitation. “Normally, when they approach us to do something, we’re in. We like to be in on the front end to provide our expertise and help shape things.”
In February 2016, Delta met with CBP to develop a project plan and decided to test a flight from Atlanta to Tokyo, Japan. The pilot, which began in June, was successful, so by September, CBP decided to test another flight, this time one on its way to Mexico City. After more than a year of testing, facial recognition technology has consistently shown a high rate of accuracy. “Our percent of successful matches is in the high 90s,” said Nael Samha, CBP’s Director of Passenger Systems who built the architecture for the pilot’s operating system.
Operationally, the pilot has performed well too. “One of the things we wanted to evaluate was the impact on our operations. Would it delay boarding? Would it impact our on-time performance? We’re very metrics oriented,” said Hausner. “So far, this test has not impacted us in any manner, and part of it is because of the approach that CBP has taken. They know that in order for their programme to be successful, they need to partner with us.”
During the summer of 2017, CBP conducted technical demonstrations of the biometric exit facial recognition technology with various airlines and airports throughout the country. “We wanted to show stakeholders and the public what this technology is, how it works, and explore how biometric exit technology can fit into airline and airport business models and modernization plans while addressing privacy requirements,” said Wagner.
Some airlines are already making headway. At New York’s John F. Kennedy International Airport (JFK) and in Atlanta, Delta is testing ways to combine the facial recognition technology with its boarding pass procedures. “The CBP pilot is a two-step process by design, but it seemed to us that when this is implemented across the country, it should be a one-step process,” said Hausner.
In June 2017, JetBlue Airways transformed this goal into a reality and was the first airline to board passengers using biometric facial recognition instead of boarding passes. Unlike the technical demonstrations that CBP was conducting with other carriers, JetBlue proposed the pilot. The airline wanted to design its own technology and incorporate it with CBP’s facial recognition matching system. “CBP was very open-minded with what we wanted to accomplish,” said Liliana Petrova, JetBlue Airways’ Director of Customer Experience.
The pilot, which was tested at Logan International Airport in Boston, was assembled very quickly. “CBP gave it priority and helped us do a very fast buildout,” said Petrova. “Not many partnerships, even private partnerships, function as smoothly.”
According to Petrova, the biometric system is part of JetBlue’s strategy to remove the hassle from the travelling experience. “Passengers don’t have to stop, look for their boarding passes or their IDs. The line moves faster and they don’t have to wait as long,” she said. “We’re trying to take the anxiety out of flying and allow our crew members to interact more with customers.”
JetBlue’s customer feedback was positive. “The customers are really delighted by it. They think it’s cool and they’re having fun,” said Petrova. As a result, JetBlue decided to expand the pilot with additional flights departing from Boston and JFK.
CBP’s future vision for biometric exit is to build the technology nationwide using cloud computing. “There are hundreds of airports throughout the US where we provide services for international travellers and we still need to work through the deployment schedule and timeline,” said Wagner. “We also need to determine the technology we’ll use. We’ve been working with airports and airlines to arrive at some of those answers. We want them to tell us what the equipment should look like, so that it fits in with their operational needs.”
Plans are also underway to update CBP’s biometric inbound technology. “We’ll be using the same system for our arrivals processing as we do for biometric exit,” Wagner explained. But that is not all that CBP has in store. “We’re also looking at communicating with people on their mobile devices as they disembark,” said Wagner. “If we can give travellers better guidance on how to navigate Customs and the maze at the airport, we can increase efficiency and give them peace of mind.”
An extraordinary example of how biometric exit technology is enhancing CBP’s enforcement capabilities happened in April 2017 at Chicago O’Hare International Airport. A 38-year-old, Indian national, Dipakkumar Patel, presented an emergency Indian passport to board a flight to Abu Dhabi, United Arab Emirates, where he was making a connection to India.
While inspecting the passport, the CBP officer at the departure gate did not find a US visa, there was no US entry stamp, and the pages of the passport were blank. When questioned, Patel told the officer that he had entered the country illegally through Mexico six years earlier. The officer decided to call CBP’s Passenger Analysis Unit and asked them to run the man’s name through the law enforcement databases to check if he was on a watch list.
A name came back with 22 aliases, and Patel’s name was one of them. But it was a common Indian name and the match was not conclusive. So the officer decided to do a biometric check and called his colleague to come to the air bridge to take Patel’s fingerprints. Using CBP’s Biometric Exit Mobile device, the officer swiped Patel’s passport and took prints of his two index fingers. “All of our systems were queried and within seconds it came back that he was a biometric match,” said Jonathan Cichy, a CBP enforcement officer who works outbound operations at O’Hare Airport.
“He came into the country as a Portuguese national using one identity and was leaving the US as an Indian national using another,” said Cichy. “The Portuguese passport was legally issued to him, but he had obtained it fraudulently.”
And there was more. When Patel’s name was matched to one of the aliases, an alert was sent to CBP’s National Targeting Center, the Department of Homeland Security’s Office of Inspector General, and Homeland Security Investigations (HSI). “Patel was linked to a call centre scheme where US citizens had been defrauded out of hundreds of millions of dollars in unpaid taxes,” said Cichy. All three authorities requested that CBP detain Patel and stop him from getting on the flight.
Patel was turned over to US Immigration and Customs Enforcement and was placed in a local holding facility. He remained there until investigators from the Department of Homeland Security’s Office of Inspector General and HSI arrived to interview him. Patel was arrested on charges of passport fraud and, in May 2017, was indicted by a grand jury in Atlanta, where he was taken to await his trial. In 2012, Patel had entered the US through Atlanta, using the fraudulently obtained Portuguese passport.
In August 2017, Patel pleaded guilty to a slew of crimes. In addition to false use of a passport, he plead guilty to a conspiracy charge for his role in a multimillion-dollar, India-based call centre scam that targeted US victims. According to his plea, Patel and his co-conspirators perpetrated a complex scheme in which individuals from call centres located in Ahmedabad, India, impersonated officials from the Internal Revenue Service and the US Citizenship and Immigration Services to defraud victims throughout the country.
The victims of the scam were threatened with arrest, imprisonment, fines or deportation if they did not pay the money they allegedly owed the US government. Victims who agreed to pay the scammers were instructed to provide payment using pre-paid credit cards or by wiring money. Upon payment, the call centres would immediately turn to a network of ‘runners’ based in the US to liquidate and launder the fraudulently-obtained funds. Patel served as a runner.
“Without the use of biometrics, Patel would have been allowed to depart the US and return to his home country. He would not have been linked to any of the fraud that he committed against the US and its citizens,” said Cichy. “Biometrics are a critical tool in law enforcement. They reveal a person’s true identity and help us protect America.”