Skip to main content

tv   House Homeland Security Committee Hearing on Facial Recognition Other...  CSPAN  July 11, 2019 1:57pm-4:16pm EDT

1:57 pm
committee. later in the day, he'll take questions from the house intelligence committee, both open sessions. our coverage of robert mueller's congressional testimony will be live on c-span 3, online at c-span.org, or listen with the c-span radio app. if you would like to hear the complete reading of the mueller report, listen on the c-span radio app. volume one airs friday and saturday at 7:00 p.m. eastern and volume two will air monday and tuesday also at 7:00 p.m. eastern. next, a house panel examines the government's use of facial recognition and other biometric technologies. witnesses include officials from the u.s. customs and border protection, u.s. secret service, national institute of standards and technology and the tsa. bennie thompson chairs the homeland security committee.
1:58 pm
>> the committee on homeland security will come to order. the committee is meeting today to receive testimony on a department of homeland security's use of facial recognition and other biometric technologies. without objection, the chair is authorized to declare the committee in recess at any point. i now recognize myself for an opening statement. good morning. the committee on homeland security is meeting to examine the department of homeland security's use of facial recognition and other biometric technologies. the government's use of biometrics is not entirely new. for example, fingerprints have been used as an identification tool for many decades. other biometrics include dna,
1:59 pm
voice pattern, and palm prints. in recent years, facial recognition has become the new chosen form of biometric technology. as facial recognition technology has advanced, it's used by the government and the private sector has also increased. currently dhs is collecting and storing several different kinds of biometric information and is using this information for multiple purposes. cdp and tsa are using biometrics to conform the identities of travellers, for example. the secret service is piloting a surveillance system using facial recognition. i'm not opposed to biometric technology and recognize it can be valuable to homeland security and facilitation. however, its proliferation across dhs raises serious questions about privacy, data
2:00 pm
security, transparency, and accuracy. the american people deserve answers to those questions before the federal government rushes to deploy biometrics further. last month, the committee held round table discussions with both industry and privacy and civil liberty stakeholders about the department of homeland security's increasing use of biometric technology. stakeholders have sufficient concerns that the data dhs is collecting and whether the department is safeguarding our rights appropriately. they have good reasons to be concerned. absent standards, americans may not know when, where, or why the department is collecting their biometrics. people also may not know that they have the right to opt out or how to do so. worse yet, they may not know the biometric technology is in use
2:01 pm
as it is the case when face recognition is used to passively surveil a crowd like under the secret service's pilot program. recent reports also indicate i.c.e. has been scanning through millions of americans' drivers license photos without their knowledge or consent. these troubling reports are a stark reminder that biometric technologies should only be used for authorized purposes in a fully transparent manner. data security is another important concern. frankly, the federal government does not have a great track record securing america's personal data and biometric information can be particularly insensitive. unfortunately, earlier this year, a cdp subcontractor experienced a significant data
2:02 pm
breach including travellers' images raising important questions about data security. americans want to know that if the government collects their biometric data, they're going to keep it secure from hackers and other bad actors. moreover, the accuracy of certain biometric technology is in question despite advancement in recent years. studies by highly regarded academic institutions have found facial recognition systems in particular are not as accurate for women and darker-skinned individuals. last july, the american civil liberties union conducted a test using amazon's facial recognition tool called recognition. aclu built a database of 25,000 publicly available arrest photos. using recognition, the aclu searched the database using pictures of every current member
2:03 pm
of congress. that software incorrectly matched 20 members -- 28 members -- with individuals who had criminal records. although the misidentified members included both democrats and republicans, men and women, and a wide range of ages, nearly 40% of the false matches were people of color. this is unacceptable. it is not fair to expect certain people in our society to shoulder a disproportionate burden of the technology's shortcoming. before the government deploys these technologies further, they must be scrutinized, and the american public needs to be given a chance to weigh in. biometrics and facial recognition technology may be a useful homeland security and facilitation tool, but as with any tool, it has the potential to be misused, especially if it falls into the wrong hands.
2:04 pm
today, the committee will hear from federal witnesses on this important topic. i'm pleased that we have witnesses from customs and border protection, the transportation security administration, the secret service, and the national institute of standards and technology before us. they represent just a few of the agencies involved in the government's increasing use of biometric technology. i look forward to hearing from them about how they are using biometric technology currently, their future plans, and what they are doing to address these concerns. as congress, it's our job to ensure they protect the rights of the american people before they move forward. i expect a good conversation toward that end today and continued oversight by the committee in the future. i ask unanimous consent to enter the following news articles and
2:05 pm
letters into the hearing's record, a june 10th "washington post" titled "u.s. customs and border protection says photos of travellers were taken in a data breach." a july 7th, "washington post" article entitled "fbi/i.c.e. find driver's license photos are a gold mine of facial recognition searches." and july 9th letters of "american association of airport executives and a coalition of private and civil liberties group, many of whom were represented in our meetings and briefings last month. without objection, so ordered. the chair now recognizes the ranking member of the full committee, the gentleman from alabama, mr. rogers, for an opening statement. >> thank you, mr. chairman. biometric technologies have the
2:06 pm
ability to improve immigration laws. these range from facial recognition to fingerprints to dna. these present unique privacy considerations but also clear security benefits. not only does the federal law authorize dhs to use biometrics to identify, it requires entry and exit data for all foreign nationals. this requirement has been long-standing bipartisan mandate. recent technological advancements have finally made it possible. dhs's primary focus is facial recognition at check points where travelers are already providing ids to government employees. agents can review several hundred ids in a single shift. as a result fatigue and human error allow people to fake -- with fake ideas to slip into our country every day. automating this process with biometric technology will improve security.
2:07 pm
cvp and tsa have done their homework and are working to build accurate and secure systems. dhs should continue to collaborate with experts at nist to ensure they're using accurate algorithms to power these systems. biometric systems advanced mission beyond transportation security. i.c.e. recently conducted a rapid dna pilot program to verify family ties on the southwest border. a 90 minute test can replace hours of interviews and document review. this short pilot found a disturbing number of cases where men who claimed to be the biological parent of a child quickly changed their story when asked to submit dna. the technology does not store dna in a central database and each machine can be purged daily. amid the humanitarian crisis on our border, we should be looking at things like rapid dna to protect children from abuse by smugglers who rent them as a ticket into our country.
2:08 pm
we should be using biometrics to enforce immigration laws. i.c.e. and fbi's use of dmv photos to identify criminals. i do not believe that anyone has a reasonable expectation of privacy in a government id photo, period. police have long-relied on photo books and manual photo reviews to identify suspects known as fugitives. recognition technologies can improve law enforcement by ridding the process of human error. technology cannot and should not replace the officer's final judgment, but it can speed up the identity verification for millions of people every year. halting all government biometric programs as some colleagues suggest is an easy way to avoid hard questions. taking the easy way out of this issue will not increase the gap between technology and our ability to understand it.
2:09 pm
dhs should continue to consult with experts at nist to develop standards. dhs leadership should ensure that this biometric databases are secure and have clear privacy guidelines and congress should continue to educate itself as we are today about the way we can employ this technology responsibly. and i thank you mr. chairman. i yield back. >> thank you. other members of the committee are reminded that under the committee rules, opening statements may be submitted for the record. i now welcome our panel of witnesses. our first witness is mr. john wagner, deputy executive assistant commissioner at the u.s. customers and border protection. next we have mr. austin gold, assistant administrator for requirements and capabilities analysis at the transportation security administration. next we have mr. joseph r.
2:10 pm
petro. finally we have dr. charles row main, the director of the information technology laboratory at the commerce department's national institute of standards and technology. i look forward hearing from you all today. without objections, the witness's full statement will be inserted into the record. i now ask each witness to summarize his statement for five minutes beginning with mr. wagner. >> chairman thompson, ranking member rogers, members of the committee, thank you for the opportunity to testify before you today on behalf of u.s. customs and border protection. i would like to begin with a few excerpts from the 9/11 commission report. when people travel internationally, they move through portals, may seek for a passport, may apply for visa, may stop at ticket gates at airports and sea ports. they pass through arrival points. they may transit to another gate to get to another plane.
2:11 pm
each chance is a screening. the job of protection is shared among the many defined check points. by taking advantage of them all, we need not depend on anyone in the system to do the whole job. the challenge is to see common problem across agencies and functions and develop a conceptual framework and architecture for effective screening system throughout government and indeed in private enterprise agencies and firms at those portals balance civil liberties. these problems should be addressed systemically, not in an ad hoc fragmented way. these are excepts from the 9/11 commission report. before cvp presented our current strategy, airlines, airports, and government agencies including dhs were developing their own independent biometric schemes, in other words what the 9/11 commission warned against doing, an ad hoc fragmented approach. cvp has developed a plan that includes other authorities and
2:12 pm
responsibilities in the mission set beyond just the biometric entry/exit mandate for foreign nationals. we have the solution to encompass the travel spectrum. we need a solution that would comport with the biometric plans of airports, airlines, and cruiselines. why? because we don't have a transportation system that allows the easy segmentation of only foreign visitors on international departures. previous dhs efforts failed for ten years because they tried to create a stand alone stove piped unintegrated process. as we all know, those plans were cost prohibitive, would create massive congestion, and there was significant opposition from the airlines and the travel industry. as a result cvp developed a service that goes on today when a traveler presents a passport to establish identity. cbp is only comparing the photos taken previously provided to the u.s. government for the purposes of international travel.
2:13 pm
this is not a surveillance program. since airlines and cruiselines are already required by statute to provide the biographic information, cbp assembles a small gallery of photos. these photos are from passports, visas, and previous international arrivals. a photo is taken and searched and validating the biographic data that is vetted for law enforcement concerns and corresponding to the traveller we president exam it to. we do not run it against any other database oris sources of information if it matches the pre-staged gallery photo. if a traveler matches the u.s. passport a new photo is taken. there's no need to keep it. u.s. citizens are not part of the entry exit system. recognizes there are concerns raised over inclusion of u.s. citizens, cbp has responsibilities to determine
2:14 pm
citizenship and identity of all people traveling internationally. this is a u.s. government responsibility. it's also unlawful for a u.s. citizen to travel internationally without a u.s. passport. u.s. citizenship is determined by comparing the traveller against the passport. we're automating and using a computer algorithm to enhance the facial recognition existing process. we had two travellers presenting u.s. passports claiming to be u.s. citizens. however it was found they were foreign nationals and impostures to the documents. cbp developed a standard set of business requirements. they clearly stipulate they cannot keep the photos. going back to the ad hoc approach mentioned earlier, our partners voluntarily agreed to the requirements. this makes a single consistent transparent approach to the use of the technology for the
2:15 pm
international travel. cbp is pound by requirements in the government act and homeland security act. we're signing on to the same requirements. we do recognize we can improve the public's understanding of the requirements and the opt out prosituation visions. rule making has commenced to put updates into the federal regulations currently circulated within the government. we're solving a very difficult challenge, biometric exit. we're solving it by focusing on improving the travel experience. airlines and cruiselines have reported reduced boarding times and increased passenger satisfaction using this system. this system will allow us to build a world class travel the system in the u.s. this will be the envy of the world as we try to keep pace with the record breaking growth in international travel. tax for the opportunity to be
2:16 pm
here today. and i look forward to your questions. >> thank you your testimony. i somehow recognize mr. gold to summarize his statement for five minutes. >> good morning. thank you for inviting me before you today to discuss the future of biometric identification at the trapgs security trags. i am austin gold, the assistant administrator for analysis at tas. i would like to thank the committee for working with tsa as we work with the transportation systems and particularly for your support of our officers in the field. the aviation and transportation security act of 2001 established tsa and the requirement to screen all passengers who were boarding aircraft. this screening requirement includes passenger identity verification. the act specifically recognizing the biometrics for this purpose. recognizing the need to positively identify passengers are becoming increasingly
2:17 pm
prevalent and sophisticated, tsa sought new processes and technologies to improve performance. biometrics represents such technology. in 2018, tsa released a biometrics road map which identifies the steps that the agency is taking to test and potentially expand biometric identification capability. the road map has four major goals, partner with customs and border protection on biometrics for international travellers, potentially expand biometrics to additional domestic travelers, and develop the infrastructure to support the biometric efforts. consistent with the buy metrics road maps, verifying passenger identity at certain airports. these pilots are of limited scope and duration and being used to evaluate biometric technology for use. these have been in conjunction with customs and border ex pr,
2:18 pm
supported with assessments, and passengers have the opportunity to not participate. in these cases the standard manual identification process is used. last month they observed the client under way in term fall f in atlanta for international passengers. the cam only captured image after the officer activated it. tsa collected data in atlanta that demonstrated over 99% of travelers chose to use biometric identification. from feedback we have applied sign aj in spanish and english to be sure everyone knows what is being played out. tsa is committed to addressing accuracy, privacy, and cyber security concerns associated with biometric capture and matching.
2:19 pm
in that regard and pursuant to 1919 of the tsa modernization act, dhs will submit report that includes assessments by tsa and cbp that were developed the science and technology direct rat. the report will address accuracy and error rates. we will schedule a meeting with privacy groups later this summer to ensure they understand tsa's limited use of biometric identification, have the opportunity to address any concerns, and as follow on to participation in tsa's earlier biometrics day. tsa continues to build upon the success of past pilots by conducting additional ones at select locations for limits durations to refine requirements for biometrics use. these pilots will continue to be supported by privacy impact assessments, clearly identified through bilingual airport si
2:20 pm
signage. biometrics represents unique opportunity for tsa. this can increase through point at the check point and enhance the passenger's experience. the ability to increase throughput will be essential as passenger volumes continue to grow at approximately 4% annually. we experienced our busiest travel day ever last sunday when we screened approximately 2.8 million passengers and crew. to close, tsa is systematically assessing biometrics for use. it will enhance aviation security while also increasing passenger throughput and making air travel more enjoyable. the system will only be used for passenger identification and to direct the the passenger to the appropriate level of screening automating what is currently a manual process. it will not be used for law
2:21 pm
enforcement purposes. and as always, passengers have the opportunity to not participate. thank you for the opportunity to address the important issue before the committee and i look forward to answering your questions. >> thank you for your testimony. i now recognize mr. depetro to summarize his testimony. >> i'm chief technology of the united states secret service. i want to thank you for the opportunity to appear before you today and to discuss the secret service's use of biometrics in performance of our integrative mission. as previously conveyed to staff, the secret service has significant concerns about testifying in open hearing about how we use facial recognition. therefore my testimony today on that issue will focus on the pilot program we are conducting at the white house complex. the secret service closely guards means and methods as to
2:22 pm
how we execute our protective mission. we are aware that our adversaries are watching and probing us and can exploit information discussed in this open environment to be used against us. it would not be wise or prudent to discuss in a public setting certain protocols used to carry out or protective mission. however, we would welcome the opportunity to provide information in a closed briefing. biometric tools are used on a regular basis by the secret service to investigate, locate, and sometimes arrest individuals who have committed crimes to include offenses related to threats against secret service prek tees. we understand the rapid expansion creates a new to balance capabilities with the need to preserve the you public's expectation of privacy and the secret service is committed to ensuring a balance that protects the rights to all individuals. respect to fingerprints and palm prints, the secret service has a long standing program that plays
2:23 pm
integral part in our personal security processes. our ability to process, store, search, and retrieve fingerprint and palm print images is an operational necessity. during the course of investigations involving fingerprint and palm print evidence, we use regional and databases to search for known searches. dna is one of the most effective identification tools available to law enforcement today. advances related to dna technology are rapid and the secret service remains dedicated to utilizing new applications to enhance the mission. the secret service collects dna samples along with the subject's fingerprints. samples are sent to the fbi and dna testing search and storage in the national dna database. with respect to facial recognition technology, the secret service recognizes that this technology has the potential to be a powerful tool
2:24 pm
that may assist in preventing attacks. in 2014, former secretary of homeland security johnson established independent protective mission panel to conduct assessment of security at the white house complex. among other important recommendations, the panel stated technology systems used on the complex must always remain on the cutting edge. and the secret service must invest in technology including becoming a driver of research and development that may assist in its mission. in furtherance of these recommendations, the secret service is working on a facial recognition pilot. the goal is to determine whether technology could be effectively deployed to enhance or protect the mission. while the pilot started in december of 2018 and is scheduled to be completed by the end of august 2019, the secret service began contemplating this pilot so far back as august 2014. the participants in the pilot
2:25 pm
are secret service employees who volunteered to take part in the effort. designated white house cameras that are part of the video management system captured volunteers as they moved through various locations around the white house complex. software running on a server dedicated to the pilot and on a closed network not connected to the internet seeks to match the image of the volunteers to the images in the screens. facial images are stored when ma ched to a volunteer. at the conclusion of the pilot, all images will be purged. the secret service's commitment to maintaining first amendment protections and desire to address personal privacy considerations are central factors behind any future implementation of facial recognition technology. the secret service will not adopt new technologies unless they've been thoroughly vetted to ensure that sufficient privacy protections and data safeguards are in place. in closing, the protection of our nation's leaders is paramount to this agency and to the nation. the partnerships represented here today both in congress and
2:26 pm
dhs are critical to the success of secret service operations. i thank you for the opportunity to testify concerning the age agency's use of the evolving technology and look forward to working with you as we move forward. this concludes my testimony. i welcome your questions. >> thank you for your system. i now recognize doctor row main. >> thank you for your time. thank you for the opportunity to appear before you today to discuss nist's role in biometric standards and testing for facial recognition technology. in the area of biometrics nist has been working with public and private sectors since the 1960s. nist's work improving the accuracy, quality, usability, interoperability, and consistency of identity management systems and ensures
2:27 pm
that united states interests are represented in the internationalal arena. nist research has provided state of the art benchmarks that depend on biometrics recommendations. nist leads standard activities in biometrics such as facial recognition technology but also in cryptography, electronic credentialing, software and systems reliability, and security conformance testing. all essential to accelerate the deployment of information and communication systems that are interoperable, reliable, secure, and usable. nist's biometric evaluations advance the technology by identifying and reporting gaps and limitations of current biometric recognition technologies. nist evaluations advanced measurement science for providing basis for what and how
2:28 pm
to measure. nist evaluations consistent based standards for scientifically sound fit for purpose standards. since 2000, nist's face recognition vendor testing program or frvt has assessed capabilities of facial recognition algorithms for one to many identification and one to one verification. nist expapded its facial recognition evaluations in 2017. nist broadened the scope of its work in this area to understand the upper limits of human capabilities to recognize faces and how these capabilities fit into facial recognition applications. historically and currently, nist biometrics research has assisted the department of homeland security. nist research was used by dhs in its transition from two to ten prints for the former u.s. visit
2:29 pm
program. currently nist is collaborating with dhs obim on face quality standards and dhs on customs and border patrol on the evaluation of the travel service. analyze performance impacts due to image quality and traveller demographics and provide guidance and data that allows cbp to set a threshold given cbp security goals for large scale face recognition of travellers. nist's face recognition vendor testing program was established in 20 # o-0 to provide independent evaluations of both prototype and commercially available facial recognition algorithms. significant progress has been made in algorithm improvements since the program was created. nist is researching how to measure the accuracy of forensic examiners. the study measures face identification accuracy for an
2:30 pm
international group of forensic examiners. the findings published in the proceedings of the national academy of sciences showed that examiners and other human face specialists including forensically trained and untrained were more accurate on the channelling test. it also presented data comparing state of the art facial recognition algorithms with the best human face identifiers. optimal face identification was acho achieved only when humans and machines collaborated. as with all areas, face recognition, standards development can increase productivity and efficiency in government and industry, expand innovation and competition, broaden opportunities for international trade, conserve resources, provide consumer benefit and choice, improve the
2:31 pm
environment, and promote health and safety. thank you for the opportunity to testify on nist's activities in facial recognition. and i would be happy to answer any questions that you may have. >> thank you very much for your testimony. i now recognize myself for five minutes of questioning. mr. wagner, you talked a little bit about the biometric entry and exit system. and those of us who have been around, we historically supported that system. but in the beginning, we talked about that system would be only used for foreigners and based on what i heard you talk about today, you've expanded that to taking in american citizens. can you explain the reasoning for that?
2:32 pm
>> yes. u.s. citizens are clearly outside the scope of the biometric entry/exit tracking. the technology we're using for the entry/exit program, we're also using to validate the identity of the u.s. citizen. someone has to do that. someone has to determine who is in scope or out of scope. and someone has to validate that u.s. citizen is the person presenting that u.s. passport. so, once we take the picture and match it against the passport photo -- which is what goes on right now, just in a manual review -- we use the algorithm to help make that decision. and then the photo is discarded after that because there's no need for us to save it. >> well, what i'm trying to get at is this was a policy that cbp more or less expanded even though congress gave you the authority to look at foreigners. >> well, it helps us and the airlines determine who's in scope for biometric exit and
2:33 pm
who's out. someone has to make that determination at the boarding area. it would be unfair to ask the airline to be able to do that to determine who is in scope or out of scope. >> you kind of see what i'm saying though. did cbp come back and say to congress we're looking at expanding this authority, but we need congressional approval? >> we don't see this as expanding the biometric entry/exit authority. we see this as using the authorities we have to determine the citizenship of an individual entering or departing the u.s. if we're looking for a u.s. citizen departing the u.s. right now because they have a warrant for their arrest, stop travellers in the jetway and check their passport. it's using authorities. >> i understand why you're doing it. what i'm getting at is part of this hearing is to make sure that we as members of congress give you the authority you need to do your job. but part of what i'm hearing is you've kind of taken your own
2:34 pm
initiative to do some things beyond the scope of authority that congress gave you. so, what i would like for you to do is provide the committee with the written policy by which you're doing this. >> yes, absolutely. >> thank you. dr. ramine -- i'm going to try to get it right -- you've been advising dhs a lot on tom f some of the of these things. have you looked at this expansion of authority without congressional intent with dhs? >> no, sir. that would be outside of nist's mission space which is technical evaluation and standards of the algorithms. >> all right. have you looked at the
2:35 pm
collection of data at how the data management is controlled once it's collected? >> no, sir. >> mr. wagner, i'm back to you then. explain to the committee this collection of data that you said this policy gives you. what do you do with it? >> so, when the picture is taken and provided -- comes into cbp and we match it against one of our pre-staged gallery photos that's comprised of passports and visas in previous arrivals. if it's a foreign national subject to the biometric entry/exit mandate, that photograph will be sent over to dhs to be stored in ident which is the repository. if it's a u.s. citizen and that photo matches a u.s. passport or
2:36 pm
a permanent resident, that photograph would be held for 12 hours and then deleted or purged from the systems. the only reason we hold it for that short period of time is in case the system crashes and we have to restore everything. >> okay. are you aware of recent subcontractor breach of data. >> yes. >> beg your pardon? >> yes. >> so, how is that inconsistent with what you just explained to us? >> what we were doing with that subcontractor is we were testing their camera on the u.s./mexico land boarder in a stand-alone pilot system. so, it wasn't integrated into the main cbp network. and we were testing the taking of the photographs and the license plates and the ability to take a picture of a person in a vehicle and whether that would be matchable. in this case, as far as i understand the contractor physically removed those photographs from the camera
2:37 pm
itself and put it on to their own network which was then breached. the cbp network was not hacked. the contractor -- and what we see is what i believe is they removed that in violation of the contract. and that's why our relationship has been severed with them and we're conducting investigation. >> so, you see my concern about how we control the data we collect? >> absolutely. >> thank you. yield to the ranking member. >> thank you, mr. chairman. mr. wagner, i want to pick up on what the chairman was talking about. my understanding of your response a few moments ago is that it's your belief that you have the existing statutory authority to do what you're doing. you're just exercising new technology in that process? is that accurate representation of what your answer was? >> yes. >> thank you. dr. romine, this is evolving technology. can you tell us what have been the big changes if any when it
2:38 pm
comes to the use of facial recognition and biometrics in general. >> certainly. thank you. the advances have been dramatic according to our testing the accuracy and capabilities of the newer systems that we've seen in the last few years. >> what would be some examples of newer systems? >> the advent of con vo lushal networks to do learning. >> is that ai? >> it's machine learning and artificial intelligence, yes, sir. >> what else? >> so, these are dramatically improved over previous technologies that relied specifically on particular characteristics of faces, for example. with suitable training, these systems have dramatically improved the accuracy for the best facial recognition systems.
2:39 pm
now, i want to be clear. the testing that we've done, there's still a very wide range of performance in the testing that we've done and the algorithms that we've tested. but the best ones -- and we have no direct knowledge of the convolutional networks because these are submitted to us as black boxes and we don't examine that. but in conversations with vendors who have submitted testing, that's the understanding that we have is that that new machine learning capability that deep neural networks has been the significant advance. >> has this development or advancement in the area of machine learning alleviated in any way the concerns the chairman expressed about facial recognition being list accurate when it comes to females or darker skinned individuals? >> we see because of the
2:40 pm
significant increases in the accuracy across the board, the effect of those demographic effects is diminishing. we have a report -- we're doing an analysis now, a comprehensive analysis of demographic effects under the testing evidence with ju just done. that should be out this fall. >> when you have the test results, do you share those with the public, the business community? >> we do, sir. >> great. >> we do that through public reporting and dissemination with email and other interested parties. >> do you publish those guidelines for the public consumption as well? >> we do. >> i have a letter here for the use of biometrics facial recognition and i would like to offer it for the record. >> without objection. >> with that, i yield back.
2:41 pm
>> thank you. >> thank you. >> just so we're clear, the report you referenced is not out? >> that's correct, sir. it should be out this fall. >> so, the data right now is that women and dark-skinned people are miss identified more than anybody else. >> there are demographic effects that effect age, so significant changes in age over time. age, race, and sex. there are demographic effects quantifying those in a statistically valid manner is what we're currently doing. >> so, is that women and dark skinned people? >> yes. >> okay. thank you. just trying to -- thank you. chair recognizes mr. correa for five minutes. >> thank you mr. chairman for bringing up this most important issue. this technology is very interesting because compared to
2:42 pm
fingerprints dna, you give it without essentially giving permission. you walked in a court or some camera picks up your information and it is used without your authority or permission in ways that we don't know about. doctor, you talked about false positives based on ethnicity, other factors that are still -- that technology has not gotten to the point where it can account for these factors. mr. wagner, i have a question for you which is under the tsa modernization act of last year, it requires a public report on the deployment of biometric technologies, tsa's assessment of private accurate. that report is now late. >> it is drafted. it's just circulating for final report and signature. >> so, any time now.
2:43 pm
>> any time. >> okay. if you -- will that be something that will be compared to dr. rowe main's report that will be coming out very coop. >> moving forward, we'll look at scientific reports we can to ensure biometric data performing accurately. >> let me ask you, mr. wagner, right now the way facial recognition is being used by your department, is this affecting or unduly burdening foreign travelers, race, gender e nationality? >> no, we are not seeing -- in review of our data, we are not seeing any significant error rates that are attributable to a specific demographic. that's why we've also partnered with nist to come in and review our data and help us look at it and make sure. >> so, statistically you do have mr. gold that is reviewing the
2:44 pm
day or who is reviewing the data for you to reach your conclusion that it's not adversely affecting commerce, tourism -- i'm from the state of california where commerce/tourism is a big part of our economy. i just want to make sure we're not having a lot of false negatives. >> this is having a beneficial effect on that because it's allowing airlines and cruiselines to board and unboard people quicker. >> excellent. just want to make sure we see that in the report. >> passenger experience is being reviewed by that. we're reviewing internally data and we're not seeing noticeable discrepancies in that. we've partnered with nist and will be examining our data closely to make sure that we're not unduly hurting people of a specific demographic. >> i'm glad to hear you're enthusiastic that positive answer that it's not a burdening unduly. >> absolutely.
2:45 pm
>> ronald reagan said we've got to trust but got to verify too. >> absolutely. >> i'm looking forward to seeing your data on. that in terms of the data once you're using it, what system do you have to audit to make sure that data is purged in a timely manner? you just mentioned one of your subcontractors had a breach. that information is somewhere out there. you said that is a reason you terminated that contract yet to me when that information gets out there, terminating a contract is not enough of a deterrent to making sure that those kinds of breeches, that data is actually purged in a timely manner. are you doing anything to make sure we tighten up that part of the system. >> yes. the subcontractor may face subsequent action depending on the results -- >> criminal/civil? >> potentially. >> both? >> potentially depending on what the investigation and the office
2:46 pm
of responsibilities investigating this, depending on the circumstances of how the data was taken and the intentions and why, and how it was used. there potentially could be criminal actions. >> when we have those data breaches, who do you report those to and under what time do you actually take this and say hey, this purge or this breach happened? >> well, they're supposed to report it to us almost immediately. we do report it to congress if it meets a certain threshold. and then internally we -- >> what threshold would that be? >> i don't know offhand. >> would like to look at that a little closer because small breach versus large breach, is that your threshold? size of the breach? what's your threshold? >> i believe it's 100,000, but i'll have to -- i will get back to you on that. >> chairman, i'm out of time but i think it's very important that
2:47 pm
these kinds of breaches be reported immediately to congress. >> i agree. >> mr. chairman, i'm out of time, so i yield. >> thank you very much. chair recognizes gentleman from texas for five minutes. >> thank you, mr. chairman. you know, we all want to protect civil liberties and privacy. when somebody's in the public domain as i understood in law school, there's no expectation of privacy. this technology in my judgment has really protected the nation from drug smugglers, gang members, and potential terrorists. i introduced the bitmap bill which is a biometric trans gnashal alert program. it passed in this committee. it passed 272 to 119. and now it's being eheld up. i would like to examine what the
2:48 pm
effect of not authorizing this program would have. mr. wagner, can you tell me what successes the bitmap program has had, and particularly when it comes to individuals coming from other parts of the world that are known, that are basically countries of special interest, special interest aliens, or kst, known or suspected terrorists, coming across into this hemisphere up through latin america into the united states of america? >> sure. so, the bitmap program is administered by i.c.e. it's a program they work with their foreign counterparts to utilize fingerprint technology to take fingerprints of exactly those populations you just refrpsed as they transit through certain countries in central and south america making their way from mexico into the u.s.
2:49 pm
if they show up in a central american country, the foreign authorities will use the bitmap program to collect the passport information and their fingerprints. when that person ultimately shows up at our southwest border and has mysteriously lost their passport, we're able to take their fingerprints and match it back up with that previous encounter in central america to sufficiently identify who that person is. this is the passport they had. >> is it true through that journey while the names and identities may change -- >> sure. >> -- their biometrics do not change. >> correct. >> and that's the best way to identify who this person really is. >> correct. >> can you, in this setting -- i don't know if that's possible -- give us some indication of the numbers of special interest aliens that have been stopped in this program and also known or suspected terrorists? >> i have to get back to you on that. i don't have any today.
2:50 pm
>> how significant is it? >> it's significant. it's an absolute vulnerability that as we've seen terrorists can exploit. and it's a vulnerability we need to address. >> dr. romney, i guess from what i'm hearing from you is we don't want to get this wrong. i think ms. watson coleman was talking about herself being possibly in this pool of candidates that could get somehow mischaracterized. tell me where we are with the technology. how accurate is it? >> the very best algorithms we've tested the most recently have false negative rates that are extremely low. the accuracy can range for the best algorithms in a one to many
2:51 pm
match can range into the 99.7 range. >> so 99.7% accuracy. >> yes. >> that's pretty good. >> from a scientific standpoint it's a high number for me. >> it's very high. you're a scientist. i'm not, but it sounds pretty high to me. it's always a balance in this committee and when we deal with security issues, we always have to balance these as americans and i think it's important that we balance those factors. it's stopped a lot of bad actors from coming into the united states. i hope that this committee, we could still advance that
2:52 pm
authorization and that bill through this congress because i do think it's important to protect the american people. it's one of the most important responsibilities that we have as members of congress. with that, i yield back. >> images of drivers that were taken by facial recognition technology were compromised. i represent multiple border towns where you cross back and forth into mexico for jobs, shopping, tourism, medicine. i also within the interior of the district there are border checkpoints. when they're operating, that
2:53 pm
same information is being taken, license plates and pictures of people's faces. so we want to be able to make sure that the citizens' data is secure. were there audited into the subcontractor's system prior to the hack? >> i don't know. >> can you get back to us on that please? did those private subcontractors have the authority to store the citizens' data? >> they did not have the authority to store the pictures taken by the camera from what understand. they had the authority to take them. they did not have the authority to take it off the camera and put it onto their own north america, which is apparently what happened. >> what protocols does cpb have in place to oversee subcontractor data security
2:54 pm
practices? >> they go through background checks. they're vetted, they're cleared, they're trained on the systems that they're going to work on. as far as having the audit controls on -- well, this was a stand alone pilot so it was outside of our normal north america. we apparently did not have the same level of controls and audit capabilities on that because it was a stand-alone closed system. those are things being put into place now on all those systems to make sure you can't connect to a portable media drive on that and extract information. our main network has these controls. >> can you follow up and let us know when they are in place? >> yes. >> with all pilot programs
2:55 pm
because i member going through the border checkpoints and being told it's just a pilot. that's when we need to make sure that we're operating it correctly. >> i agree. >> i want to switch now to congressional authorization. mr. wagner, it's my understanding that it is the laws that congress is enacting a biometric entry/exit system limit data collection to foreign nationals, is that correct? >> yes. >> under what authority is cbp collecting biometric information on u.s. citizens as part of the entry/exit system? >> we're using the information under usc-1357 b and 8 cfr 235.1 which allows us to consider any information or evidence
2:56 pm
pertaining to a person crossing the border and establishing their u.s. citizenship. generally a person will present a u.s. passport to us. we can look at it, we can manually review it. we can ask some questions how they obtained it. >> i'm going to switch direction. i apologize. i want to switch to the federal agencies that are scanning through u.s. citizens' driver's licenses. ice is one of those that's been identified as potentially scanning through these databases. for what purpose are your components attempting to or successfully accessing state driver's license databases in any way? >> we do use driver's license information from the states that have entered into agreements with us where their driver's license also institutes fsubsti
2:57 pm
passport to cross the border. i think we have five u.s. states and maybe four canadian provinces that entered into written agreements with us to mark the citizenship of the driver's license holder on the document so they can cross the border without having to go get a passport that serves in lieu of the passport. >> does the dmv -- >> when that person crosses the border, our agreement allows us to verify that that is a valid license and retrieve the photo from that so we can see who it belongs to. we also have law enforcement access driver's license data that we also might use in a law enforcement context that's very common for law enforcement agencies to access. >> thank you plr, mr. wagner. >> thank you all for being here today. take a step back for a moment.
2:58 pm
as a federal prosecutor for 20 years routinely dealing with homicides and matters of violent crime, some of the tools in the toolbox i had were fingerprints at first and later dna. when they both came online, at first there were concerns about how they were to be used. now they're becoming more mainstream. i hope and pray it's the same with facial recognition. all three have the capability not only of helping to solve crimes but also making sure that crimes aren't committed. but even something we don't think about enough is exonerating people who are falsely accused. look what the dna system has done for people falsely accused in prisons. it's been a remarkable breath of fresh air. so my concern is not with the efficacy of using it, my concern is that we get it right. my questions focus on the things
2:59 pm
we need to do to make it better. it's dispositive almost all the time. i don't think we're there yet with facial recognition. i'd like to get there. i'd like to ask mr. romine a couple of questions. you're charged with examing the g the gaps and limitations of facial recognition. >> the principal gaps and limitations we see is image quality. it's still true. garbage in, garbage out for
3:00 pm
image systems. so image quality has a huge impact. i'll have a report on demographics and certain issues associated with demographic effects. that's certainly true when you try to identify someone when you have a reference image that's maybe 10, 20 years earlier than the person you're trying to identify. that can be a very big challenge. similarly if someone has been injured or there's some obscuring of the face for other reasons, that can have a challenge. images that are taken non-cooperatively. and i don't mean uncooperative. i mean where someone is not standing still looking at a camera with the intent of registering an image. if you're taking an image through a windshield for example or if you're taking an image of someone who's walking and not facing a camera, those can have significant impacts on the
3:01 pm
accuracy and ability of these systems to do identification. >> what can we do to improve that portion of it? >> the industry continues to make advances. i mentioned the emergence of convolutional neural north america networks as a game changer in this space. we don't know what we don't know coming down the pike, but there continue to be improvements in our testing ove
3:02 pm
checkpoint. >> the compression, the effect of differences in demographics shrinks as well. and the report later that comes out in the fall will -- >> that sort of answers my question. you will admit that certain demographics have a disproportionate error rate. you say it's improved. how much? >> we haven't finished the analysis yet so i'm not able to answer that question currently. the report will come out in the fall. i will say that it is unlikely that we will ever achieve a
3:03 pm
point where every single demographic is identical in performance across the board, whether that's age, race or sex. but we want to know just exactly how much the difference is. >> this report will detail that when it comes out in the fall? >> yes, sir. >> i yield back, mr. chairman. >> we all look forward to the report, i assure you. chair now recognizes the gentle lady from illinois, ms. underwood. >> i represent illinois's 14th district where we drive about an hour or two to get to a major airport in chicago. so our community is always interested in learning more about the technologies that can potentially improve security at airports while still reducing the flier's wait time. it's crucial to make sure they're proven to be effective, reliable and fair. can you run through the ways tsa is currently employing biometric
3:04 pm
screening at checkpoints? >> we're only using biomet tr m technology in atlanta. that's on a pilot basis. we want to understand how the technology works, how it can improve identity verification for the traveling public and improve traveler experience. going back to image quality, we were in a fortunate case at tsa in that we really control the environment in our checkpoints so we get the highest quality images possible for biometric matching. for the pilot in atlanta we're matched up with cbp using their tvs system. we see extremely high match rates there. moving forward we'll look to pilot one to one matching capability where a traveler will provide a credential. that credential will be assessed by our cat machine and it will
3:05 pm
return a match rate on whether or not the face that's been captured matches the face that's embedded in that credential. in that scenario, no information even leaves the checkpoint and nothing's retained on the camera. that's some of the things we're looking at. i believe when we're thr ee're with these pilots, we will see that we cannot only improve passenger security but make it a much more positive experience for the traveling public by reducing wait times. >> how are the airports and airlines using the biometric screening technology beyond the tsa checkpoints? >> i can comment on atlanta with delta air lines. the kiosks use biometric
3:06 pm
identification to make sure the passenger is ticketed on that flight, to ensure the passengers are positively matched to bags for international travel. delta has a security program amendment that we've granted them to use biometric technology to do that matching at the bag drop. we use it in our checkpoint in atlanta. it's used at the gate. >> so is that the only specific agreement with an airport or airline that tsa has to govern the use of biometrics? >> right now the security program amendment that we've granted delta for the limited use only in atlanta is the only formal agreement we've entered into with the airlines. >> does tsa have any role in approving airport and airline uses of biometric technology? >> we have roles in approving the use of biometric technology where .
3:07 pm
>> we're temporarily holding it while we validate that it corresponds to the passport that person is presenting. then it's purged after 12 hours from our system. >> okay. >> from a tsa perspective we're leveraging photographs that travelers have provided to facilitate travel like passport photographs. when we capture the image at the checkpoint it is not retained at
3:08 pm
the camera. once that image is encrypted and transmitted, we only get back a match result. >> okay. >> secret service collects fingerprints, palm prints, mug shots, other identifying information on individuals who we arrest as part of our criminal investigations. >> but not as part of regular screening? you don't retain the data that you collect as part of the regular screening? >> that is correct. >> you don't store it? >> we use metal detectors, x-rays and things like that. >> to get into the white house -- >> we do not use fingerprints at the white house. we don't scan for that. >> yes, sir. >> the data that we have is sequestered in servers that are air gapped. they're not connected to the internet. in a locked door. i'm the director of the laboratory and i'm not permitted to go into that room without being escorted.
3:09 pm
it's very tightly controlled. >> i yield back. >> the chair recognizes the gentleman from north carolina mr. walker. >> thank you. 99.7%. that's pretty good or about ironically the same on base percentage that cedric richmond has in baseball. that's a topic. i do have a question. how do you ensure that the biometric data collected is secured? is the biometric identifier connected to other sensitive or private information about the person? >> the data that we have on facial recognition is not connected to identifying informati information. i'll have to double check the exact features there. >> can you do that for us and
3:10 pm
report back? so you're saying the information that you collected is secured? >> we don't collect information. we obtain it from our partners for the purposes of evaluation only. we secure that in tha secure server. >> have you ever had a breach on the information you've obtained? >> no, sir. >> thank you. questions for the panel, keep it about 10-15 seconds. that way we can get everybody in here. can you elaborate more on these programs that have been successful, specifically on the ones identifying facial recognition in any other biometric technologies. if you could elaborate on the success of them we'll start with mr. wagner. >> sure. it gives us the ability to identify a person's buy graiogrl
3:11 pm
identity. >> with our pilot in atlanta we do data collection on the number of people who are using not to provide biometric identification at our checkpoint and it was less than 1%. people seemed to enjoy it. the traveling public moves through the checkpoint very rapidly. the best part is we enhance identification there enhancing security. >> we're piloting some technology but we're in the middle of that test right now so we haven't compiled the data. the test will wrap up at the end of august then we'll be able to draw some conclusions. at this point we're still in the middle of the test. >> based on these successes,
3:12 pm
where do you see the use of biometric technologies expanding in your agency? mr. wagner? >> it will significantly transform the arrivals and departures on international travel in all our different environments, air, land and sea and can really build a very convenient, efficient, facilitative but yet secure process for us to do that. >> for us we'll build on the success of our international partnership with cbp that we're doing in atlanta to other international travel locations. we'll look to use the cbp system for our trusted travel population to do one to few or one to many matching for biometrics purposes at our checkpoints. the next step is that one to one matching that i mentioned before where a traveler can approach the checkpoint, provide a
3:13 pm
credential, have the cat machine assess the image embedded in that credential and. >> let me back up and ask this question. ms. underwood asked a couple of questions. i wanted to follow back up there. the data that you collect, is it ever collected without subjects being aware? >> no, sir. >> so the information that you do collect, do you ever share that? >> i'd have to check with our lab data and get back with you. >> i'm the secret service's chief technology officer. i work more on the engineering and technical side. i'd have to get with our forensic services division to answer that. >> fair enough.
3:14 pm
>> let me comment. in a classified setting we're going to ask that question again are the data collected that people don't know, because i think there is information being collected in the pilot at the white house that is different from the answer, but we plan to have a classified briefing on that issue. chair recognizes the.
3:15 pm
>> the wide scale deployment of facial recognition technology will have profound implications on privacy. we must look before we healeap. it is imperative to defend against mission creep. as a new yorker who lives miles away from ground zero, security is important and i know that firsthand. but facial recognition technologies that routinely misidentify women and people of color don't make us safer, they make us less safe. using this technology to help i.c.e. target immigrants for deportation doesn't target terrorism. it targets families.
3:16 pm
we've seen what happens when technology is widely deployed before congress can impose meaningful safeguards. let's not make the same mistake with facial recognition technology. we have a contractor that has a breach. we know we're seeing more use of video, deep fakes if you will. if that gets into the hands of adversaries overseas and they want to create a disruption, all you have to do is take that information, create a video from it and we're already into a really bad situation. all these technologies are evolving and i'm very concerned with the lack of specificity that we have at this stage. my question is about accuracy.
3:17 pm
that does not include instances where facial recognition technology is not able to capture a high quality image. recent testing by the dhs science and technology has shown that when capture rac-- do you findings? >> no. >> why does cbp insist on tracking a bogus statistic that ignores passengers that cannot be photographed well enough by the system to be matched? >> what we're accounting for is if we take a photograph that's of sufficient quality, are we able to match it. >> if? >> correct. then we know we need to address
3:18 pm
the camera itself and the lighting conditions to make sure we are capturing 100% of those photographs that we can then match at the 98 to 99%. two separate statistics. they're both valuable to us. >> there's also the cost of the false positive, that individual that is detained for whatever reason because there's a false positive, the cost of that person's health, the cost of that person's well-being, perhaps there's a commerce concern involved. i'm concerned about the lack of accuracy. >> if a person doesn't match the photo in this case, they present their passport as they're doing today. >> excuse me? when you're trying to match them and they don't match, what happens to that individual? >> they present their boarding pass and their passport and it's manually reviewed at that point in time, just as happens today. >> and those people aren't
3:19 pm
detained in any way? they're not asked to step aside? the process does not delay that person? >> no. they just show their passport. >> okay. i hope that's the case. will cbp commit to tracking a more meaningful statistic that captures the usefulness and accuracy at the full facial system process including the failure rate? >> we do track those rates. we track what we call the gallery completion rate. we're never going to have 100% of a gallery because not everybody needs a passport to travel. >> including the images that are not high quality, those that fail to meet your standard? >> right. we want to build it so the camera will take a high quality photograph. >> i know that's what you want to do but are you keeping the statistics on what doesn't meet that standard? >> we are. >> very good. i yield back. >> i just wanted to clarify with
3:20 pm
the secret service, the information that you've collected in this pilot program that you talked about earlier, is it my understanding that everybody that's in that are employees of the secret service and they volunteered to be in it? >> that is correct. >> also when did the pilot start? >> we published the p.i.a. back in december. it's going to run through august. we wanted it to go into the winter into the summer because of the different items people wear. the participants of the pilot are secret service employees who volunteer to take part. at the conclusion of the pilot all of that information will be
3:21 pm
deleted. we're using our current cctv system that we have at the white house. i can imagine you've got a similar system up here on capitol hill. we're using those video feeds there and we're trying to match the individuals that are in the pilot, the volunteers, to the people who we're seeing in those cameras. if there's no match, there's no record. if there is a match, then there is a record. that will be retained until the end of the pilot and then that information will be deleted at the conclusion of the pilot. >> thank you. i think the question was if you are collecting caption data and you said no. my question is whether or not it's a volunteer or a person walking the street, you are collecting data? >> that is correct. >> chair now recognizes the
3:22 pm
gentleman from louisiana mr. higgins. >> would you describe biometric technology and facial recognition technology as designed to work with trained agent, in other words man and machine working together? >> we're agnostic as to whether that is the use case or not, but our testing has verified that in the case of facial recognition, the best algorithms and the best human face recognizers -- >> i thank you for pointing that out in your testimony. >> yes. >> including forensically trained facial reviewers. >> that is correct. >> your statement stated that it presented data comparing state
3:23 pm
of the art facial recognition algorithms with the best human face identifiers, the best machines performed in the range of the best performing humans. >> that is correct. >> who were professional facial examiners. but you went onto state that optimal face identification was achieved only when humans and machines collaborates. is that an accurate assessment? >> that is correct. >> let me ask commissioner wagner is there ever an arrest made or denial to travel based solely on facial recognition technology? >> no. >> so facial recognition technology gets a hit, a high probability based on algorithms that a particular traveler is a person of interest. then an agent looks into the documentation further and has
3:24 pm
personal interaction with that individual, which either clears the individual for travel or prompts further and deeper investigation. that is correct? >> yes, that is correct. >> just to clarify, this technology is being used to enhance the efficiency and the speed by which the trained agents can move travelers through screening points, is that correct? >> yes. >> thank you for clarifying that. is the general consensus amongst travelers and airlines that this technology is a good idea, it's working well? >> i believe so, yes. >> thank you for clarifying that. let me jump into your data breach. it's a concern for all of us regardless of what side of the aisle we're on. who reported that breach? did they self-report or was it discovered? how was it discovered?
3:25 pm
who reported it? >> i believe we asked them about it. >> how much time went by? >> a significant amount of time. i need to verify this but my recollection seems to be that we asked them if any of our data was included in it and they came back and said yes. >> and not to put you on the spot here, my brother, but i'm going to. when you say an amount of time, a pretty significant amount of time, are you talking days, weeks, months? >> i have that answer. let me look for that and i will come back to you. >> okay. we'd like to know that because the contract was subsequently terminated and we would like very much to know what the course of events were regarding. what was the timeline here with
3:26 pm
this contractor from the time the breach happened to the time it was discovered and inquired about and reported and verified? and then how much time before that contract was terminated? i'd like to know and perhaps my colleagues would like to know if that contractor is still on a contracting list. that contract was terminated with that contractor, but are they still out there bidding on other contracts? i believe we'd like to know that. commissioner wagner, you have a tremendous job to do, you gentlemen. thank you for your service, all of you. it's important to the members of this committee to get things right. many ports of entry, particularly land ports, face unique challenges implementing the biometric system. can you share with us what are
3:27 pm
the primary challenges and how can we help? >> the primary challenge was finding a way to implement this into a travel system that wasn't designed to support the collection of biometrics on only a segment of the traveling public. unlike europe and asia and other places, we don't have departure controls. you don't see a cbp officer to get your passport stamps to leave the united states. we've never restricted departure like that. how do you sift and sort and differentiate between who's in scope or out of scope of the biometric exit requirement? what technology do you use to collect that biometric and how do you ensure a way that's not going to create gridlock on how to do that? >> that's exactly what you're working through right now. >> right. we found a way to use facial recognition to compare people against data they've already provided in a convenient, quick
3:28 pm
and accurate way that we can apply to all travelers using different authorities and help the airlines. >> thank you. >> chair recognizes the gentle lady from new jersey for five minutes ms. watson coleman. >> thank you for your testimony. this has a very important issue for us. we want to be safe and secure but we also want to recognize that our privacy is our privacy and we have guaranteed under the constitution and that we're not in any way infringing upon that. mr. wagner, i'd like to ask you a question. i understand the department has sent an interim final rule to omb that would expand cbp's collection of biometric data, something we've obviously expressed tremendous interest in. the committee is eager to learn as much as possible about what you intend to learn with this rule and why you haven't pursued
3:29 pm
a more transparent and deliberative process. what does this interim final rule entail? how does it address cbp's collection of biometric data on u.s. citizens? and why did you choose this closed process rather than providing notice and allowing public comment? >> there's several pieces of rule making underway. there's an interim final rule that's drafted and is circulating through the government for comment. there's also notice of proposed rule makings on other parts of what we'd like to propose to do. we're evaluating all of those right now based on a lot of comments we've received back from within the government. there are regulations in place already, though, concerning biometric exit that have been in place that we're utilizing today. through the privacy impact assessments, we're explained in greater detail that would be in the regulation probably even how
3:30 pm
the program operates and what exactly happens with it. that's publicly available. >> are you having conversations with stakeholders? >> absolutely. i've personally done two different meetings with the privacy community and all the privacy representatives. we're certainly talking with all of our travel and tourism stakeholders. there's vehement support behind this in the travel and tourism arena. of course we're talking with the airlines and airports and government partners as well. >> why is it that i'm asking you this question about why the committee doesn't have the information it needs if these discussions have been in the public realm? why am i asking you about this process? what part of this process fits this question about why you've chosen to do it in a more closed way as opposed to a more transparent way? or am i misunderstanding and
3:31 pm
just misstating? what part of your consideration, your rule making request, your request to omb don't fit this sort of public sharing? >> i'm not sure i understand the question. >> well, according to the information that i was given, the department has sent an interim final report to omb and this interim report has to do with expanding your collection of biometric data and that the process that you all are use in in dealing with omb has been a closed process. what does that mean? >> so there's certain provisions that would be in the interim final rule that if omb were to approve it, we could publish that in the federal register. you can still accept comments, i
3:32 pm
believe, on that, but the rule goes into effect. really that -- >> what is the problem with there being a more open process now? >> we're doing that too for the other provisions. >> what about the provisions -- i'm specifically asking about the provisions that you're not doing it on and what is the reason for that? so you have a number of rule making proposals, correct? >> right. >> part of this the department has sent an interim final rule to omb. and in this particular rule it deals with the expansion of cbp's collection of biometric data. the understanding that i've been given is that the process that you were engaging in is a closed
3:33 pm
process and we don't have, the committee doesn't have the benefit of what is being considered, what you're asking for. instead you've used another process that forecloses that opportunity. so i'm asking why would you choose to do that? what is it that you're asking for that you can't share in the asking, not after the fact? >> well -- >> or is there not such a thing and we're just completely uninformed? >> no. it's just different portions of the rule making process. before the rule is even finalized it would be premature to talk about what's in it or what's not because that's going to change. >> but you do that on overrule making requests but not on this specific area. >> we will be publishing a notice of proposed rule making with anything that would fall within those parameters.
3:34 pm
>> i think the point is at this point the public has no input in this process as far as we understand. >> yeah. >> the rule making process. normally the notice for rule making you push it out and you receive comment. >> we will do notice of proposed rule makings to solicit that feedback. >> you will? >> we will. >> we finally got it. okay. >> may i just have 30 seconds? >> additional 30 seconds. >> i'm curious about the secret service pilot project and i wanted to understand. i understand that you're using this pilot project now with volunteer service agents so that when they're walking, you collect that information. if it matches, it works. are you incidentally collecting
3:35 pm
other information on people who are not part of this voluntary effort? and if so, what are you doing with those sort of pictures that you capture? >> the cameras that we're using as part of this pilot are part of the white house video management system. that's the cctv system that records video from all the cameras around the complex. as we're going through and identifying those volunteers that are in there, that record is saved and we save that and we're going to evaluate that until the end of the process. >> but you do have the opportunity to review other faces as you're capturing that are in the vicinity, tourists, demonstrators, whatever. >> if it would be a false positive, that image would be retained. >> we will have a classified briefing and we'll have a lot of those questions. >> thank you for the extension
3:36 pm
of time. >> the chair recognizes the gentle lady from arizona ms. lesco for five minutes. >> i ask unanimous content to enter into the record two op-ed articles about law enforcement application of biometric technology. the first is from new york city police commissioner james o'neal and managing director of the shertoff group lee care. >> thank you, mr. chairman. i too ask unanimous consent to enter into the record three letters for responsible use of biometrics by tsa and cbp. these are from airlines for america, the international air transport association and the global business travel
3:37 pm
association. >> without objections. >> thank you. all my question are for mr. gould. my first question is the pilot program that you have working with delta down in atlanta, where do you get the photos from? is it opt in? do you get the database of passports from cbp? >> yes, ma'am. we use cbp's, t tvs matching service for that. then it is an opt-in program. passengers have the opportunity to choose whether to present biometric identification using the facial capture or to present a credential. we see a very high rate of people choosing to provide the facial image. >> okay. and just so that i understand where do you ask them if they want their photo taken? >> ma'am, there are signs
3:38 pm
throughout the checkpoint area that say we are piloting this technology and that should you choose not to participate, please let the tso, the officer know. as you approach the travel document checker position, there's an officer there and the officer will say, do you choose to provide biometric identification? in which case if the passenger says yes, they're directed to stand in a specific location for that facial capture. there's interaction with the officer at that point. >> thank you. my next question is due to i guess the success of cbp's use of biometrics and i think this technology is going to happen. i do agree with other members that we need to make sure that we have privacy and security in it, of course. but are you going to use any of the -- is tsa planning at
3:39 pm
looking at how they work with cbp and their success in order to enter it in more airports? >> absolutely. that's the reason we're doing that pilot in atlanta is to understand the interaction. >> i'm glad that you're working on it and hopefully we can get a fairly fast turn around. i probably would be interested in going and seeing what you're doing down in atlanta myself. >> yes, ma'am. >> also mr. gould, have you thought of using biometric technology or do you for the employees, the airport employees? >> yes, ma'am. we are considering using biometric identification processes for employees as well. >> thank you. and the reason that i ask that is because from some of our hearings we've been concerned about insider type threats.
3:40 pm
i think what happened up in washington airport, i can't remember, where an employee took a plane and with baggage handlers and those type of things. it seems to me that it would be logical that we use biometric screening for the employees themselves. >> yes, ma'am. that is certainly something we'll be looking at. >> thank you. i yield back. >> we now recognize the gentle lady from texas for five minutes of questioning. >> mr. chairman, thank you very much. i want to start off by asking unanimous consent to put into the record an op-ed by the houston chronicle, real abuses at the border, squalid conditions for migrants. and acting dhs secretary defense
3:41 pm
border conditions. >> without objection. >> i ask to put into the record the ig's report dated july 2nd, 2019. and two articles from the "new york times" and houston chronic chronicle. ice used facial recognition to mine state driver's licenses and then an article that says feds can driver's license photos for facial recognition gold mine. that's monday july 8th and the other is july 7th. >> without objection. >> let me thank you for your service to the nation. i've had the privilege of serving on this committee for a very, very long time. mr. wagner, i'll get to the underlying basis of this hearing, but let me be very clear that i have to speak with
3:42 pm
great ire and dismay for the behavior of individuals at the border and the refusal of the department of homeland security to cooperate with members of congress. i want to indicate that the $4.6 billion that was given last week and the whining that went on for a period of time to blame congress was a misrepresentation to the american people, because we understand that reprogramming of dollars can happen at the drop of a hat. the reason i say that is as i go into my questioning regarding these facial recognition, unless the answer changed from the time i was here, i understand there's no statutory legislation or anything that's giving you that authority. i just quickly want to say that we will not be able to tolerate -- we respect you as servants of the nation. it is unfortunate that very
3:43 pm
destructive policies of this administration has tainted very fine american servants of the people. that's what happened, because when you don't have toothpaste and a toothbrush and you have a truckload of that material on nonprofits like the conscience presence that i medical t at th border station one and also clint begging to be of help and you're telling the american people there's no one helping you i think is a sad commentary. i just want to make sure you're aware of my dismay that the mismanagement will not be tolerated. if vice president pence can go in and look after it's cleaned up, then members who have oversight responsibilities should be able to go in and look. >> understood. >> i'd appreciate if you'd report that back to the secretary. >> i will. >> let me say to the gentleman
3:44 pm
from transportation security administration, i'm interested in you looking into the treatment of crystal lynnet sonia in the atlanta airport. let me start with mr. wagner. this is horrific, the information regarding the use of these. my earlier information was that you know that people of color and women, so i get it twice, are unfortunately targeted the most. in the article it says agents with the fbi and i.c.e. have turned state driver's license databases recognition into a gold mine scanning through hundreds of millions of american photos without their knowledge or consent. in addition it says that the state department motorcycle databases into the bedrock of unprecedented surveillance and infrastructure. i want to submit an article that
3:45 pm
says zan facial recognition mistak mistakenly confused. >> no objection. >> my question to both of you is and a little extra time for them to answer, the two gentlemen from tsa and cbp. how are you doing this with the protections of due process and notice without the notice of the american people that the process even exists? what framework is there to have the fire walls that you're not turning congress people or children into convicted criminals? >> we're not seeing those same error rates that can be attributed to specific demographics in how we're doing this. how we're doing this cannot be compared to previous studies on
3:46 pm
this. there are different control factors in place. we're taking a person that is standing in front of a camera where we can take a clear picture and we're comparing it against a clear set of baseline photos from their passports or their visas where they were also standing still in front of a camera to capture such a clear picture. previous studies didn't take the same control factors into place. this is not us taken an image of a person and randomly running it against a gallery set of indistinguishable quality photographs and lowering down the accuracy rate as to what constitutes a match to make it match someone that it's not. you can do the same thing with fingerprints. >> how do you secure that data? >> when the photo is taken at the airport, it is encrypted and transmitted to cbp and to our s.
3:47 pm
it's then templatized. it's turned into a mathematical formula. it's matched up against our gallery of templatized photos. when there's a match, a match goes back to the camera with just yes or no and that unique identifier. >> the same question as to how you're utilizing and how you're protecting the data and avoiding this intrusion into the privacy of the american public without them knowing it? >> we're using cbp's tvs system. with respect to the accuracy in the matching, the one thing i would like to add is the technology is evolving so quickly and improving so quickly, we will continue to
3:48 pm
assess at every step for any additional pilots or when we consider employing this on a wider scale, we'll assess the best way to get quality image capture and be sure to employ the highest quality algorithms to ensure the highest match rate. >> okay. thank you. >> thank you. i yield pacback. thank you very much. >> the chair recognizes mr. green. >> thank you, mr. chairman. thank the ranking member, thank the witnesses for appearing. my questions have to do with the surveillance. and my first question is, are all people who are traversing areas within an airport under some degree of suspicion?
3:49 pm
who would like to answer, please? >> well, i would say that when a person's traversing an airport, they're not necessarily under suspicion. airports utilize security cameras, closed circuit television for security reasons. with respect to tsa, the only reason we use cameras and capture images is solely for the purpose of identification. >> if i could just add -- >> please. >> what we're doing is absolutely not a surveillance program. a picture of an individual is taken with their complete knowledge because they're standing in front of a camera at a time and place where they have to present a physical id to move forward. we're just replacing the value and scrutiny of the physical id with a computer algorithm. >> should i assume that person who is enter the airport and who are not within the secured area will not be subject of this technology?
3:50 pm
>> not by tsa, sir. it solely occurs at the bag drop or the checkpoint. >> or time and place where you have to present an identification to identity to g through whatever process that is. >> in houston, the bag drop occurs outside of the building, before you enter the building, you drive up in your car. you have friends and neighbors with you perhaps and you go over to an agent and that person receives your bag and gives you a ticket. would it occur in this area? >> the only place the biometric occurs is in atlanta. >> time is of the essence. we're talking about expanding, are we not? yes, sir. >> here's my concern. i'll go to the point and be as pith the as i can.
3:51 pm
one can only imagine what mr. j. edgar hoover would have done with this technology. it was mr. hoover who surveilled dr. king. they went so far as encouraging him to take his life. one can only imagine. i'm not placing you under the eye of suspicion because it's my job to make sure this technology is not abused. i take my job seriously and i need to do my job. my concerns are do you alert people to advise them they're being surveilled? >> i wouldn't characterize it as surveillance. the way the alert happens, when you approach the backdrop, they
3:52 pm
ask if you would like to use biometric surveillance. >> if you thought this was a form of surveillance, would you alert the people? >> we don't do surveillance. >> you don't do it -- excuse me. if you thought, would you recommend, if we were of the opinion that this surveillance, what do you think we should do? should we indicate that person should be noticed that they're being surveilled? >> we provide notice before the image is captured. it's purely with the consent of the traveler. >> what about consent of the person who happens to be with the traveler just a friend? >> we soly captures the picture of the person. it solely captures that image. >> my concern is suspicion less
3:53 pm
surveillance. surveilling persons not under suspicion, perhaps by accident. final question because time is running out. will there be any means by which persons engaged in litigation can acquire access to this intelligence that you have preserved for some length of time, meaning the photographs? would there be any means by which persons who engaged in litigation can acquire it? >> sir, the photographs we match against are in the cbtvs system that passport photographs. the images captured are not in the camera in any respect. we get match-no match return, if that answers your question. >> it really does not. what i'm trying to get to is this. if persons are engaged in some form of litigation, one can only
3:54 pm
imagine what that might be, would they be able to acquire a photo to show a person is at a given location? >> i understand, sir. that photo is not retained at all by tsa. it is encrypted, transferred to cpt and -- >> if the photo is delead after 12 hours, if it's a foreign national at the baggage drop the photo would also be deleted. what we would save for a foreign national is biometric of their departure. >> thank you. i assure you i want us to secure our airports and points of entry but also concerned about suspicionless surveillance. thank you. >> thank you. >> gentleman, mr. guest, you're recognized for five minutes. >> thank you, mr. chairman.
3:55 pm
mr. wagner and other guests, thank you for being here today. for at least three of our witnesses, your department fall under homeland security. your website is the department of homeland security has a vital mission to secure the many three threats we face and employees and security to cyber response to analysts to security inspectors. our goal is clear, keeping america safe. in addition to agencies represented here today, homeland security includes cybersecurity and infrastructure security agency. the united states citizen and immigration services. the united states coast guard, united states immigration and customs enforcement. it includes fema as well as customs and border protection,
3:56 pm
secret service and fema. i believe if these agencies were abolished our country would be substantially less safe. my question, beginning with you mr. wagner, can you tell me what impact it would have on the homeland of america the security and agencies you serve if these agencies were abolished by congress? >> there would be no one to process people coming and going across the border, either u.s. citizens or visitors, no one to process commercial cargo, to look for harmful goods or products coming in. no one to collect taxes due on those duties. cbp collects over $40 billion a year through the u.s. treasury for taxes and fees. there'd be no one to do that. >> would you agree with me the different enforcement capacities the department of homeland
3:57 pm
security polices, did it run a gamut of different things? we just talked about everything from the secret service, which provides protection for our dignitaries, tsa, air travel, coast guard, border enforcement, that those are very important functions of our government to make sure those agencies are funded. would you agree with that? >> yes. the origins go back to 1789 in the very beginning of the country. >> mr. gould, would you care to expound on that at all? >> i agree with what mr. wagner said. if tsa were not there, the security of transportation systems, not solely air travel would be in some degree of jeopardy. >> as you indicated, we protect the president, vice president and others and we also have criminal investigations. that is critical work we're
3:58 pm
doing. >> would each of you agree it would be irresponsible to talk about abolishing these agencies that perform such important tasks on behalf of the american people? >> yes. >> yes, sir. >> i would agree with that. >> no further questions. mr. chairman, i yield back. >> thank you. i know i was late to the hearing today. maybe it happened before i got here. i don't really remember hearing anyone mention that institutions should be abolished, just for the record. the gentleman from kansas city, mr. cleaver. >> thank you, mr. chairman.
3:59 pm
do you know james wilson? do you know who he is? probably one of the most important figures we don't know much about. he signed the declaration of independence and eventually became a member, one of the first six members of the supreme court. he said the congress shall form the grand inquisition of the executive branch. and i think that my children's children, even their children will study this era and say, that's when it got started. i'm concerned. i was in the executive branch
4:00 pm
municipality mayor of kansas city, and i know there's a -- you guys are busy, especially right now. a group of my colleagues and i found a letter and sent it to mr. wagner almost 30 days ago. we haven't gotten an answer. i didn't know if this was part of the plan to ignore congress or if you're just consumed. i'm not stupid so i know you don't have -- nobody should expect you to write a personal letter to everybody who writes you a letter, even members of congress. if you don't have enough staff, we need to know. until it completely collapses we are still supposed to provide oversight, and i'm not trying to be hostile. i'm not sure i can do a good job
4:01 pm
being hostile but i certainly can do a good job being frustrated. i appreciate your work and what you do. but i just -- i have to say that it is frustrating listening, seeing what's going on, refusal after refusal to allow congress to do its oversight. i hope that if i'm around by the time when my voice is important to say i'm not going to support non-responsiveness to congress, that i get that opportunity to say it, even if my daddy is in the white house. now, having said some of the questions that my colleagues and i asked because we thought they were important, i will ask a couple of them. time is running out.
4:02 pm
is there any statutory authority that would allow the whole process of facial recognition, or is that just an internal move? anybody. >> there are several pieces of statutory authority that authorize us to do and run this program. there's several pieces of legislation from congress requiring a biometric based entry system from certain foreign nationals. there's other statutes that authorize us to determine identity and citizenship including u.s. citizens. there has to be a way for us to make that determination that a person is a u.s. citizen and there are statutes that authorize us to consider evidence presented by that person, to make that determination. and then if it's not to the
4:03 pm
examining officer's satisfaction, regulations stipulate that person would be considered and inspected as an alien. >> thank you. mr. gould. >> sir, from a tsa perspective, aviation and transportation security act requires we screen all passengers boarding an aircraft and identify them. the act mentions exploring the use of biometrics for that purpose. that's the authority we're operating under. >> it wasn't a trick question, i just wanted to know. >> no, i understand, sir. >> last week, i participated in a demonstration in front of the treasury department, along with a number of other individuals, for the refusal to put a congressionally approved likeness of an african-american woman on the dollar. that's another whole issue. i was at the demonstration. should i and the other folk that got off that bus demonstrate
4:04 pm
expect that we were somehow surveilled and put in the category of subjects of interest? since that is what apparently takes place on the grounds of the white house? i don't want to suggest i'm as important as the president or patrick mahomes or somebody, but should i expect that? >> congressman, we do have cctv, video surveillance system around the white house. there is something pushed alerting security to that. in addition to the cameras we have many are overt on pennsylvania avenue and buildings adjacent to the white house there. >> what about other federal departments? >> i can't speak to what other
4:05 pm
federal departments are doing, congressman. >> thank you. i like your tie. >> thank you very much. i like yours, too. >> i new zealand back, mr. chair. >> thank you, sir. we recognize the gentle lady from florida, mrs. demings. >> thank you, sir and thank you to the witnesses today. for the record, i respect the jobs that you have to do. i understand how tough they are. i think all of our jobs have gotten tougher in recent years. i'm not sure why my colleague felt the need to talk about abolishing your agencies. i know no one on this committee on either side of the aisle has
4:06 pm
ever proposed such an idea. we are the committee on homeland security and we are here to make sure that you have the tools and resources to effectively do your jobs. i know it gets a little tougher when sometimes you receive unjust and improper orders and do not have the resources to effectively do your job. earlier, i heard one of my colleagues talk about the reason for biometric technologies involves speed and efficiency. i was assigned to the orlando international airport as a police commander on the worst day in aviation history on 9/11. i know that the number one responsibility for you is the safety of the traveling public, and if you can insure that and increase those odds and do it in an efficient and faster way,
4:07 pm
then that's icing on the cake. what sets us apart, as we work to keep our nation safe, what sets us apart in this country is that we can enforce the laws and write the laws but also protect an individual's civil rights. that's what sets us apart, and i will not -- violating civil rights or the perception of violating civil rights is an issue we cannot ignore and we have to deal with. when we are able to deploy new technology, that's a great and wonderful thing. i remember how exciting that was. but it's our job on the committee and your job as the head of your agencies to make sure that we can do it all. i believe in this nation we can. i know we have talked about
4:08 pm
every different thing that we possibly could. we do thank you for your endurance. i just want to go back just a minute for testing for accuracy and any biases. could you tell me who sets the minimum standards for this particular program, like, who decides what testing is done for accuracy or bias for accuracy before deploying the technology? how do you get to that baseline and say this technology, we've done the testing, spoken to the stakeholders, rear r we're ready for primetime now, understanding as you said earlier we're going back and checking up. who sets the original standards for deployment? what's acceptable and unacceptable. mr. wagner, start with you.
4:09 pm
>> we determine what constituents a match to non-match to a photo and do it with our science and technology department. we do it in consultation with nis and experts of the industry and vendors of this equipment. we have partnered with nist and starting this summer and fall, will be deeply analyzing our data to make sure we're not seeing error rates attributable to a certain demographic. we're not seeing it from our internal review of it and we want to bring experts in. >> you're saying there's a perception there is an increased error rate among people of color or have we seen some data although not significant to show that? >> i think the studies that have shown there were these biases in it had different control factors than how we're using this program. no one has really studied the
4:10 pm
way we're implementing this using those same control factors how we're doing it to get the similar results we're seeing. >> can you -- >> from a tsa perspective, we work very closely with the dsa and science director as well. they inform our test plans how we collect data and biometric pilots and how they're working, then they analyze that data on their behalf. we rely on them for semi independent and very accurate assessments of our capability. like cbp to set the standards and how the algorithms are actually working. >> mr. chairman, if i could just, when you decide we are ready for deployment, this technology, based on testing we've done, is ready for primetime, who makes that decision? is it a collective effort
4:11 pm
between the different people that you work with or did you decide that individually, based on the feedback that you received? >> we would decide that for our agency because it's our responsibility, the officer's determination, you match your passport. i use a tool or algorithm to help me make that decision, at the end of the day, it's still my judgment to do that. we would evaluate this to say, is this helpful to the officer making this determination this document corresponds to that person. >> one thing i would add to your original point, for us, the main reason to do this is increase better identity identification and security enhancements associated with that, getting people through the checkpoint more quickly, like you said, is icing on the cake. better security through using this technology is key to us. if the algorithms and match rates are not acceptable, if
4:12 pm
we're not enhancing we won't deploy it. send it back to the tsa. >> thank you, mr. chairman. >> thank you, gentle lady. due to the time, i will dispense with my questions, but just like to say that obviously based on the questioning from the members of congress, you can get a feeling on where we are concerned about issues around privacy, around equality and making sure the american people and the traveling public is safe. and so we need to continue to evolve. we know that homeland security has been an evolving living breathing entity that continues to have to see and recognize
4:13 pm
issues, try to tell them and rectify matters that are important to the american people. so, i'd just like to say, thank you for your service, tsa, cpb, your jobs, all of you actually, secret service are doing a yeoman's job for this nation and we appreciate your service and your time here today. so thank you. with that, the hearing is adjourned.
4:14 pm
coming up at the top of the hour, president donald trump is expected to announce he's taking executive action to add a citizenship question to the census. the president's news conference is live at 5:00 p.m. eastern on c-span2. later this afternoon house democratic freshmen women will
4:15 pm
talk about their experiences serving in the united states congress hosted by the bipartisan policy center. we can coverage us online and with the free c-span radio app. there has been discussing about an appearance before congress. any testimony from this office would not go beyond our report. it contains our findings and analysis and reasons for the decisions we made. we chose those words carefully and the work speaks for itself. the reported is my testimony. i would not provide information beyond that which is already public in any appearance before congress. >> former special counsel robert mueller is set to appear before two committees o

34 Views

info Stream Only

Uploaded by TV Archive on