Skip to main content

tv   House Homeland Security Committee Hearing on Facial Recognition Other...  CSPAN  December 28, 2019 1:03am-3:23am EST

1:03 am
up next, the house homeland security committee looks at the use of facial recognition technology by government. is started by peter teal talking about information in the technology sector. and trump officials speak on a recent summit on mental health. >> the committee on homeland security will come to order. meeting todayis to receive testimony on a department of homeland security's use of facial recognition and other biometric technologies. without objection, the chair is on the rise to declare the committee in recess at any point. i now recognize myself for an opening statement.
1:04 am
fingerprints have been used as a tool for many decades. other biometrics included dna, voice pattern, and palm prints. facial recognition has become the new chosen form of biometric technology. as facial recognition technology has advanced, it is used by the government and the private sector. this collection is storing different kinds of biometric information. can usetsa can't --
1:05 am
those, for example. to biometricsed technology and i recognize it can be valuable to homeland security. however, its proliferation across dhs raises serious questions about privacy, data security, transparency, and accuracy. the american people deserve answers to those questions. the committee held roundtable discussions with both industry and civil liberties. the increasing use of biometric technology. sufficients have concerns that the data dhs is whether thend
1:06 am
department is safeguarding our rights appropriately. we have good reasons to be concerned. americans may not know when the department is collecting biometrics. may not realize they have the right to opt out. they may not know the biometric as it isy is in use the case when facial recognition is used to passively surveilled -- surveil the crowd. recent reports indicate ice has been scanning through millions of drivers license photos without their knowledge or consent. these troubling reports are stark reminders that biometric technology should only be used for authorized purposes in a fully transparent manner.
1:07 am
data security is another important concern. notfederal government does have a great track record securing america's personal data. it can be particularly insensitive. they experienced a significant data breach. a raise important questions about data security. they are going to keep it secure from hackers and other bad actors. despite advancement in recent years. studies by highly regarded academic institutions found facial recognition systems are not as accurate for women and darker skinned individuals.
1:08 am
the american civil liberties union conducted a test using amazon's facial recognition. -- using recognition, the aclu search the database using pictures of every current member of congress. that software incorrectly members20 members -- 28 with individuals that had criminal records. the misidentified members ,ncluded both democrats republicans, men, women, and a wide range of ages. it is not fair to expect certain people in our society to shoulder a disproportionate burden of the technologies
1:09 am
shortcomings. before the government deploys technologies, they must be scrutinized. the american public must be given a chance to weigh in. a useful homeland security. , it is any tool especially if it falls into the wrong hands. the committee must hear from witnesses on this first topic. witnessesed we have from the transportation security administration, the secret service, and the national institution. i look forward to hearing from them.
1:10 am
there are future plans for addressing concerns. job togress, it is our protect the rights of the american people before they move forward. there is continued oversight by the committee and the future. a june 10 washington post article entitled u.s. customs including protection a data breach. the goldmine official recognition searches and july 9 with the national biometric occasions.
1:11 am
without objections, so ordered. the chair recognizes the ranking member, the gentleman from alabama are an opening statement. >> biometric technologies have the potential to improve security and better enforce immigration laws. these technologies range from fingerprints with unique diversey considerations and clear security benefits. not only does this law authorize to collectuires cbp data for foreign nationals. this has been a long-standing bipartisan mandate.
1:12 am
the primary focus is facial recognition. we are already providing ids to government employees. agents can review several hundred in a single shift. as a result, fatigue and humid error allow people with fake ids to slip into our country every day. cbp and tsa have done the homework and are working to build accurate, effective, and secure systems. ice recently -- and 90 minute test can replace hours of interviews.
1:13 am
they quickly changed their story. it can be purged daily. the beast by smugglers. in a government id photo, police have long relied on photo books at emmanuel photo reviews to identify suspects. facial recognition technologies .an improve law enforcement
1:14 am
it should not replace the officer's final judgment. this is an easy way to avoid hard questions. gap thenot increase the 20 technology and our ability to understand it. dhs should continue to consult and the clear clear public standards. leadership should ensure the biometric databases are secure and have clear privacy guidelines. congress should continue to educate itself. i yield back. >> other members of the committee, i remind them that opening statements may be submitted for the record. the first witnesses mr. john wagner.
1:15 am
the system administrator and requirements and capabilities are now any transportation security administration. and finally, we have the director of the information technology laboratory and the commerce department institute of standards and technology. without objection, the full statement will be inserted in the record. i ask each witness to summarize his statement for five minutes. >> thank you for the opportunity to testify before you today.
1:16 am
when people travel and internationally, they usually go through defined channels or portals. they may apply for a visa. upon arrival, they pass through inspection points. each of these is a screening. it the chance to establish people who are they say they are and are seeking act as for their stated purpose. by taking advantage of them all, we need not depend on anyone. we want to develop a conceptual framework and architecture. these confront recurring judgments. these problems should be addressed systemically and not in an ad hoc and fragmented way.
1:17 am
it reminds airport private lenders they were developing their own independent biometric schemes. in other words, exactly what the 9/11 commission warned against doing, and ad hoc and fragmented approach. beyond just the biometric entry for foreign naturals -- nationals. we need a solution that will comport with the modernization and emerging biometric plans. we don't have a transportation system. previous dhs efforts failed for 10 years because they tried to create a standalone unintegrated process. those plans were cost
1:18 am
prohibitive created massive congestion, and there was significant opposition. cdp developed a service that automated to the manual facial recognition process. traveling to the u.s. government for the purposes of international travel. this is not a surveillance program. since airlines and cruise lines and a small gallery of photos for the expected travelers. these are from passports, visas, and arrivals. a photo was taken and quickly searched, thereby validating the biographic data that has been vetted for national security and law enforcement concerns. we do not run the photo taken at the airport against any other
1:19 am
databases are sources of information if it matches that pre-stage gallery photo. this is part of the biometric tracking system. inclusion ofhe u.s. citizens, cvp has existing authorities and responsibilities to determine the citizenship and identity of all people traveling internationally. it is also unlawful for a u.s. citizen to travel internationally without a u.s. passport. a determination of u.s. citizenship is determined by putting a traveler with their passport. and out theating enhance this process. to travel is presenting u.s. passports claiming to be u.s. citizens and finding they were foreign nationals and impostors to these documents.
1:20 am
the partners have all agreed that the business requirements cannot keep the photos. cvp is bound by and in compliance with existing privacy technology and data collection requirements. our private sector partners and the opt out provisions. we have published a conference of privacy impact assessment and required system record notice for databases and rulemaking as to theed to put updates federal regulations currently circulating within the government. a conclusion, we are solving
1:21 am
very difficult challenge. biometric exit. we are improving the overall travel experience. lines, itnd cruise will allow us to build a world-class travel system in the u.s. we'll keep pace with record-breaking growth and international travel. >> and now mr. gold will summarize his statement for five minutes. distinguished members of the committee, thank you for --iting you before you inviting me to come before you. working with tsa as we continue to improve the transportation systems and particularly for the support of your officers in the field.
1:22 am
the screening requirement includes identity verification. it specifically mentions the tsa authority used. a fraudulent means of identification. new processesught and technologies to improve performance while protecting a passenger's privacy. biometrics represent such technology. tsa released a biometrics roadmap that identifies the is.s the agency on biometrics for international travelers, operational biometrics. toexpand biometrics
1:23 am
travelers and develop the infrastructure to support the biometric efforts. these pilots have limited scope and duration and are used to investigate biometric technology for tsa use. it has been supported by an tech assessments and passengers have the opportunity to not participate. the standard manual identification process is used. the capture camera used was an active mode, meaning that it on the captured official image after the passenger was in position and the officer activated it. tsa collected data and that demonstrated at a 9% of
1:24 am
travelers to seize biometric identification. to ensure the passengers aware are biometrics being used. to tsa's committed addressing accuracy, privacy, and concerns associated with biometric capture and matching. , dhs will submit a report that includes assessments by tsa and cvp that were developed with the support of dhs science and technology. we will also schedule a meeting with privacy groups later this summer to make sure that they understand the tsa's limited use of biometric identification.
1:25 am
they conducted additional ones. these will continue to be supported by privacy impact assessments, clearly it into five through bilingual airport signage. this capability can increase security effectiveness for the entire aviation system while also increasing throughput at the checkpoint. it will be essential as passenger lines continued to go. they experience the busiest travel they ever last sunday and screamed approximately 2.8 million passengers and crew.
1:26 am
to close, tsa is systematically assessing biometrics for tsa use. enhanceess will aviation security and increase passenger throughput and make air travel more enjoyable. used form will only be passenger identification and to direct the passenger from an appropriate level of screening, automating what is a currently manual process. and as always, passengers will have the opportunity to not participate. >> and now i recognize mr. depetro for his statement for five minutes. distinguished members of the committee. i am chief technology officer of the united states secret service. i want to thank you for the opportunity to appear before you today to discuss the secret service's use of biometrics in
1:27 am
performance of our integrated mission. the secret service has significant concerns. using facial recognition technology to enhance our protection mission. will focus on the current facial recognition technology pilot program that we're conducting on the white house complex. we are aware that adversaries can display information discussed in an open environment. it would not be wise to discuss certain capabilities and protocols. we welcome the opportunity to bring this information to you. used on a regular basis by the secret service to investigate, locate, and arrest individuals that have committed crimes.
1:28 am
it creates a need to balance capabilities with the need to preserve the expectation of privacy. with respect to fingerprints and palm prints, there is a long-standing program pay -- laying a part of the security process. retrieve fingerprint and palm print images is a national necessity. over the course of investigations, forensic examiners utilize a variety of regional databases. with respect to dna, it is on of the most effective identification tools today. been rapid andve the secret service remains
1:29 am
dedicated to the integrated mission. samples are sent to the fbi and dna testing. with respect official recognition technology, the secret service recognizes it can be a powerful tool that can assist. and must be an appropriate balance between security, privacy, and other constitutional concerns. in 2014, secretary johnson established an independent panel to conduct an assessment of security at the white house conflict -- complex. it must always remain on the cutting edge. the secret service must invest in technology, including becoming a driver of in furtherance of these recommendations, the secret service is working on a facial recognition pilot.
1:30 am
the goal is to determine whether technology could be effectively deployed to enhance or protect the mission. while the pilot started in december of 2018 and is scheduled to be completed by the end of august 2019, the secret service began contemplating this pilot so far back as august 2014. the participants in the pilot are secret service employees who volunteered to take part in the effort. designated white house cameras that are part of the video management system captured volunteers as they moved through various locations around the white house complex. software running on a server dedicated to the pilot and on a closed network not connected to the internet seeks to match the image of the volunteers to the images in the screens. facial images are stored would -- when matched to a volunteer. at the conclusion of the pilot, all images will be purged. the secret service's commitment to maintaining first amendment protections and desire to address personal privacy
1:31 am
considerations are central factors behind any future implementation of facial recognition technology. the secret service will not adopt new technologies unless they've been thoroughly vetted to ensure that sufficient privacy protections and data safeguards are in place. in closing, the protection of our nation's leaders is paramount to this agency and to the nation. the partnerships represented here today both in congress and dhs are critical to the success of secret service operations. i thank you for the opportunity to testify concerning the agent -- agency's use of the evolving technology and look forward to working with you as we move forward. this concludes my testimony. i welcome your questions. >> thank you for your testimony. . now recognize dr. romain thank you for your time. thank you for the opportunity to appear before you today to
1:32 am
discuss nist's role in biometric standards and testing for facial recognition technology. in the area of biometrics nist has been working with public and private sectors since the 1960s. nist's work improving the accuracy, quality, usability, interoperability, and consistency of identity management systems and ensures that united states interests are represented in the internationalal arena. nist research has provided state of the art benchmarks that -- benchmarks to agencies that depend on biometrics recommendations. nist leads standard activities in biometrics such as facial recognition technology but also in cryptography, electronic credentialing, software and systems reliability, and security conformance testing. all essential to accelerate the deployment of information and communication systems that are
1:33 am
interoperable, reliable, secure, and usable. nist's biometric evaluations advance the technology by identifying and reporting gaps and limitations of current biometric recognition technologies. nist evaluations advanced measurement science for providing basis for what and how to measure. nist evaluations developed consistent based standards for scientifically sound fit for purpose standards. since 2000, nist's face recognition vendor testing program or frvt has assessed capabilities of facial recognition algorithms for one to many identification and one to one verification. nist expapded its facial recognition evaluations in 2017. nist broadened the scope of its work in this area to understand the upper limits of human
1:34 am
capabilities to recognize faces and how these capabilities fit into facial recognition applications. historically and currently, nist biometrics research has assisted the department of homeland security. nist research was used by dhs in its transition from two to ten prints for the former u.s. visit program. currently nist is collaborating with dhs obim on face quality standards and dhs on customs and border patrol on the evaluation of the traveler verification service. to analyzeking performance impacts due to image quality and traveller demographics and provide guidance and data that allows cbp to set a threshold given cbp security goals for large scale face recognition of travellers. nist's face recognition vendor testing program was established
1:35 am
in 2000 to provide independent evaluations of both prototype and commercially available facial recognition algorithms. significant progress has been made in algorithm improvements since the program was created. nist is researching how to measure the accuracy of forensic examiners, matching identity across different photographs. the study measures face identification accuracy for an international group of forensic working underrs circumstances approximating real-world casework. the findings published in the , proceedings of the national academy of sciences showed that , examiners and other human face specialists including , forensically trained and recognizers,er were more accurate on the channelling test. it also presented data comparing state of the art facial recognition algorithms with the best human face identifiers. optimal face identification was
1:36 am
achieved only when humans and machines collaborated. as with all areas, face recognition, standards development can increase productivity and efficiency in government and industry, expand innovation and competition, broaden opportunities for international trade, conserve resources, provide consumer benefit and choice, improve the environment, and promote health and safety. thank you for the opportunity to testify on nist's activities in facial recognition. i would be happy to answer any questions that you may have. >> thank you very much for your testimony. i now recognize myself for five minutes of questioning. mr. wagner, you talked a little bit about the biometric entry and exit system. and those of us who have been around, we historically
1:37 am
supported that system. but in the beginning, we talked about that system would be only used for foreigners and based on what i heard you talk about today, you've expanded that to taking in american citizens. can you explain the reasoning for that? >> yes. u.s. citizens are clearly outside the scope of the biometric entry/exit tracking. the technology we're using for the entry/exit program, we're also using to validate the identity of the u.s. citizen. someone has to do that. someone has to determine who is in scope or out of scope. and someone has to validate that u.s. citizen is the person presenting that u.s. passport. so, once we take the picture and match it against the passport photo -- which is what goes on right now, just in a manual review -- we use the algorithm to help make that decision.
1:38 am
and then the photo is discarded after that because there's no need for us to save it. >> well, what i'm trying to get at is this was a policy that cbp more or less expanded even though congress gave you the authority to look at foreigners. >> well, it helps us and the airlines determine who's in scope for biometric exit and who's out. someone has to make that determination at the boarding area. it would be unfair to ask the airline to be able to do that to determine who is in scope or out of scope. >> you kind of see what i'm saying, though. did cbp come back and say to congress we're looking at expanding this authority, but we need congressional approval? >> we don't see this as expanding the biometric entry/exit authority. we see this as using the authorities we have to determine the citizenship of an individual entering or departing the u.s. if we are looking for a citizen
1:39 am
departing the u.s. right now because they have a warrant for their arrest, we will stop travellers in the jetway and check their passport. it's using authorities. >> i understand why you're doing it. what i'm getting at is part of this hearing is to make sure that we as members of congress give you the authority you need to do your job. but part of what i'm hearing is you've kind of taken your own initiative to do some things beyond the scope of authority that congress gave you. so, what i would like for you to do is provide the committee with the written policy by which you're doing this. >> yes, absolutely. >> thank you. dr. ramine -- i'm going to try to get it right -- you've been
1:40 am
advising dhs a lot on some of these things. have you looked at this expansion of authority without congressional intent with dhs? >> no, sir. that would be outside of nist's mission space, which is technical evaluation and standards of the algorithms. >> all right. have you looked at the collection of data at how the data management is controlled once it's collected? >> no, sir. >> mr. wagner, i'm back to you then. explain to the committee this collection of data that you said this policy gives you. what do you do with it? >> so, when the picture is taken and provided -- comes into cbp and we match it against one of our pre-staged gallery photos that's comprised of passports and visas in previous arrivals,
1:41 am
if it's a foreign national subject to the biometric entry/exit mandate, that photograph will be sent over to dhs to be stored in ident which is the repository. if it is a u.s. citizen and the photo matches a u.s. passport or a permanent resident, that photograph would be held for 12 hours and then deleted or purged from the systems. the only reason we hold it for that short period of time is in case the system crashes and we have to restore everything. >> okay. are you aware of recent subcontractor breach of data? >> yes. >> beg your pardon? >> yes. >> so, how is that inconsistent with what you just explained to us? >> what we were doing with that subcontractor is we were testing their camera on the u.s./mexico land border in a stand-alone
1:42 am
pilot system. so, it wasn't integrated into the main cbp network. and we were testing the taking of the photographs and the license plates and the ability to take a picture of a person in a vehicle and whether that would be matchable. in this case, as far as i understand, the contractor physically removed those photographs from the camera itself and put it on to their own network which was then breached. the cbp network was not hacked. the contractor -- and what we see is what i believe is they removed that in violation of the contract. and that's why our relationship has been severed with them and we're conducting investigation. >> so, you see my concern about how we control the data we collect? >> absolutely. >> thank you. yield to the ranking member. >> thank you, mr. chairman. mr. wagner, i want to pick up on what the chairman was talking about. my understanding of your response a few moments ago is that it's your belief that you
1:43 am
have the existing statutory authority to do what you're doing. you're just exercising new technology in that process? is that accurate representation of what your answer was? >> yes. >> thank you. dr. romine, this is evolving technology. can you tell us what have been the big changes if any when it comes to the use of facial recognition and biometrics in general. >> certainly. thank you. the advances have been dramatic according to our testing. the accuracy and capabilities of the newer systems that we've seen in the last few years. >> what would be some examples of newer systems? networksvent of neural and machine learning capability to do the image analysis or matching. >> is that ai? >> it's machine learning and artificial intelligence, yes, sir. >> what else? >> so, these are dramatically
1:44 am
improved over previous technologies that relied specifically on particular characteristics of faces, for example. with suitable training, these systems have dramatically improved the accuracy for the best facial recognition systems. now, i want to be clear. the testing that we've done, there's still a very wide range of performance in the testing that we've done and the algorithms that we've tested. but the best ones -- and we have no direct knowledge of the convolutional networks because these are submitted to us as black boxes and we don't examine that. but in conversations with vendors who have submitted testing, that's the understanding that we have is that that new machine learning
1:45 am
capability, that deep neural networks, has been the significant advance. >> has this development or advancement in the area of machine learning alleviated in any way the concerns the chairman expressed about facial recognition being list accurate when it comes to females or darker skinned individuals? >> we see because of the significant increases in the accuracy across the board, the effect of those demographic effects is diminishing. we have a report -- we're doing an analysis now, a comprehensive analysis of demographic effects under the testing evidence with -- testing we have just done. that should be out this fall. >> when you have the test results, do you share those with not only dhs but the public, the business community? >> we do, sir. >> great.
1:46 am
we do that through public >> reporting and dissemination with email and other interested parties. >> do you publish those guidelines for the public consumption as well? >> we do. >> excellent. i have a letter here for the use of biometrics facial recognition and i would like to offer it for the record. >> without objection. >> with that, i yield back. thank you. >> thank you. just so we're clear, the report you referenced is not out? >> that's correct, sir. it should be out this fall. >> so, the data right now is that women and dark-skinned people are misidentified more than anybody else. >> there are demographic effects that affect age, so significant changes in age over time. age, race, and sex. there are demographic effects quantifying those in a statistically valid manner is what we're currently doing. >> so, is that women and dark skinned people?
1:47 am
>> yes. >> okay. thank you. just trying to -- thank you. chair recognizes mr. correa for five minutes. >> thank you, mr. chairman, for bringing up this most important issue. this technology is very interesting because compared to fingerprints, dna, you give it without essentially giving permission. you walk down a corridor, some camera picks up your information and it is used without your authority or permission in ways that we don't know about. doctor, you talked about false positives based on ethnicity, other factors that are still -- that technology has not gotten to the point where it can account for these factors. mr. wagner, i have a question for you, which is under the tsa
1:48 am
modernization act of last year, it requires a public report on the deployment of biometric technologies, tsa's assessment of privacy accurate. that report is now late. be thoughts of when it will presented? >> it is drafted. it's just circulating for final report and signature. so, any time now. >> so, any time now. >> yes. >> okay. will that be something that will will be compared to dr. romine's report that will be coming out soon? >> moving forward, we'll look at scientific reports we can to ensure biometric data performing accurately. >> let me ask you, mr. wegner, right now the way facial
1:49 am
recognition is being used by your department, is this affecting or unduly burdening foreign travelers, race, gender nationality? ,>> no, we are not seeing -- in review of our data, we are not seeing any significant error rates that are attributable to a specific demographic. that's why we've also partnered with nist to come in and review our data and help us look at it and make sure. >> so, statistically you do have it, who isho is reviewing the data for you? who is reviewing the data for you to reach your conclusion that it's not adversely affecting commerce, tourism -- i'm from the state of california where commerce and tourism is a big part of our economy. i just want to make sure we're not having a lot of false negatives. >> this is having a beneficial effect on that because it's allowing airlines and cruiselines to board and unboard people quicker. >> excellent. just want to make sure we see that in the report. >> passenger experience is being improved by that.
1:50 am
we're reviewing internally data and we're not seeing noticeable discrepancies in that. we've partnered with nist and this summer and fall we will be examining our data closely to make sure that we're not unduly hurting people of a specific demographic. >> i'm glad to hear you're enthusiastic that positive -- to hear your enthusiastic that positive answer that it's not a burdening unduly. >> absolutely. >> ronald reagan said we've got to trust but got to verify too. >> absolutely. >> i'm looking forward to seeing your data. that in terms of the data once you're using it, what system do you have to audit to make sure that data is purged in a timely manner? you just mentioned one of your subcontractors had a breach. that information is somewhere out there. you said that is a reason you terminated that contract, yet to me when that information gets out there, terminating a contract is not enough of a deterrent to making sure that
1:51 am
those kind of breaches, that data is actually purged in a timely manner. are you doing anything to make sure we tighten up that part of your system? >> yes. the subcontractor may face subsequent action depending on the results -- >> criminal/civil? >> potentially. >> both? >> potentially depending on what the investigation and the office of the professional responsibilities investigating this, the ig is investigating this, depending on the circumstances of how the data was taken and the intentions and why, and how it was used. there potentially could be criminal actions. >> when we have those data breaches, who do you report those to and under what time do you actually take this and say hey, this purge or this breach happened? >> well, they're supposed to report it to us almost immediately. we do report it to congress if it meets a certain threshold. and then internally we --
1:52 am
>> what threshold would that be? >> i don't know offhand. >> i would like to look at that a little closer because small breach versus large breach, is that your threshold? size of the breach? what's your threshold? >> i believe it's 100,000, but i'll have to -- i will get back to you on that. >> chairman, i'm out of time but i think it's very important that these kinds of breaches be reported immediately to congress. >> i agree. >> mr. chairman, i'm out of time, so i yield. >> thank you very much. chair recognizes gentleman from texas for five minutes. >> thank you, mr. chairman. you know, we all want to protect civil liberties and privacy. when somebody's in the public domain, as i understood in law school, there's no expectation of privacy. this technology in my judgment has really protected the nation from drug smugglers, gang members, and potential terrorists.
1:53 am
i introduced the bitmap bill , which is a biometric trans national alert program. it passed in this committee. it passed on the house floor 272 to 119. now it is being held up. i would like to examine what the effect of not authorizing this program would have. mr. wagner, can you tell me what successes the bitmap program has had, and particularly when it comes to individuals coming from other parts of the world that are known, that are basically countries of special interest, special interest aliens, or kst, known or suspected terrorists, coming across into this hemisphere up through latin america into the united states of america?
1:54 am
>> so the bitmap program, it's administered by i.c.e. it's a program they work with their foreign counterparts to utilize fingerprint technology to take fingerprints of exactly those populations you just referenced as a transit through certain countries in central and south america making their way through mexico to the u.s. so if they show up in one of the central american countries, the foreign authorities will use the bitmap program to collect the passport information and their fingerprints. when that person ultimately shows up at our southwest border, and has mysteriously lost their passport, we're able to take their fingerprints and match it back up with that previous encounter in central america to sufficiently identify who that person is, the passport they had at that time. >> isn't it true that, through that journey, that while the names and identities may change -- >> sure. >> their biometrics do not
1:55 am
change? >> correct. >> and that's the best way to identify who this person really is? >> correct. >> can you, in this setting, and i don't know if that's possible, give us some indication of the numbers of special interest aliens that have been stopped in this program? and also, known or suspected terrorists. >> i'd have to get back to you on that. i don't have any today. >> how significant is it? >> it's significant. it's an absolute vulnerability that, as we've seen, you know, terrorists can exploit. it's a vulnerability we need to address. >> dr. romine, i guess, from what i'm hearing from you, we don't want to get this wrong. i think ms. watson-coleman was talking about herself being possibly in this pool of candidates that could get somehow mischaracterized. tell us, where are we right now with this technology?
1:56 am
how accurate is it? >> how accurate? oh. the very best algorithms that we've tested the most recently have false negative rates that are extremely low. the accuracy can range into the -- for the best algorithms, in a one to many match, can range into the 99.7 range. so -- >> the 99.7% accuracy? >> accuracy. >> that's pretty good. >> i beg your pardon? >> that's a pretty good number. >> from a scientific standpoint, we report the number. the judgment on what is a pretty good number is up to the policy makers. but it's a high number for me. >> very high. you're a scientist. i'm not. but sounds pretty high to me. i think it's always a balance in this committee, when we deal with security issues, we deal with privacy and civil liberties, we always have to balance these as americans.
1:57 am
and i think it's important that we balance those factors. but i wouldn't want to throw the baby out with the bath water. i think the bitmap program has been extremely successful. stopped a lot of bad actors from coming into the united states. and mr. chairman, ranking member, i hope this committee -- that we could still advance that authorization and that bill through this congress, because i do think it's important to protect the american people. it's one of the most important responsibilities that we have as members of congress. with that, i yield back. >> thank you very much. the chair recognizes the gentle lady from new mexico for five minutes. >> thank you, chairman. last month, cvp announced there was a data breach along the southern border. as a result, thousands of
1:58 am
license plate numbers and images of drivers that were taken by facial recognition technology were compromised. i represent multiple border towns where you cross back and forth into mexico for jobs, shopping, tourism, medicine. i also, within the interior of the district, there are border checkpoints. when they are operating that same information is being taken, license plate and pictures of faces. we want to be able to make sure that the citizens' data is secure. were there audits into the subcontractor system prior to the hack? >> i'm not aware of that. i don't know. >> can you get back to us on that, please? >> did these private subcontractors have the authority to store those u.s. citizens' data? >> they did not have the authority to have the pictures taken by the camera, from what i understand. >> so not even to store it. they did not have the authority
1:59 am
to take any pictures of faces? >> they had the authority to take them. they did not have the authority to take it off the camera and put it onto their own network, which is apparently what happened. >> they did, ok. and what protocols does c.b.p. have in place to oversee a contractor and subcontractor data security practices? >> i mean, they go through background checks. they're vetted. they're cleared. they are trained on use of the systems that they're going to work on. as far as having the audit controls on -- this was a stand-alone pilot, outside our normal network. we apparently did not have the same level of controls and audit capabilities on that, because it was a stand-alone closed system. those are things being put into place now on all those systems to make sure you can't connect a
2:00 am
portable media drive on that and extract information. our main network has these protocols on them but we didn't have them on this type of system. >> did you say those are in place now? you've corrected the problem? >> they're being put into place. >> can you follow up and let us know when they are in place? >> absolutely, yes. >> that's something of deep concern. thank you. with all pilot programs, because i remember going through the border checkpoints and being told, you know, this is a pilot. so don't worry about it yet. it's just a pilot. that's actually why -- when we need to make sure that we're operating it correctly. >> agree. >> i want to switch now to congressional authorization. mr. wagner, it's my understanding that it is a law that congress is enacting, a biometric entry-exit limit data collection to foreign nationals. is that correct? >> yes.
2:01 am
>> and under what authority is cbp collecting biometric information on u.s. citizens as part of the entry-exit system? >> we're using the information under 8usc1357-b, which allows us to consider any information or evidence pertaining to a person crossing the border and establishing their u.s. citizenship. so generally a person will present a u.s. passport to us. we can look at it. we can manually review it. we can ask questions how they obtained it. >> thank you, i'm going to switch direction. i apologize. i know some of that was already covered. i want to switch to the federal agencies that are scanning through u.s. citizens' driver's license. and ice is one of those that's been identified as potentially scanning through these databases. for what purpose are your components currently attempting to or successfully accessing state driver's license databases
2:02 am
in any way? >> so for the biometric program we're discussing, we're not using driver's license information. we do use driver's license information from the state that have entered into agreements with us, where their driver's license also substitutes for a passport to cross the border. i think we have about five u.s. states and maybe four canadian provinces that entered into written agreements with us to mark the citizenship of the driver's license holder on the document so they can cross the border without having to go get a passport that serves in lieu , of the passport. >> does the dmv in those states require probable cause or warrants to access that information? >> when that person crosses the border, our agreement allows us to verify with them that this is a valid license and to retrieve the photo from that so we can see who it belongs to. we also have other law
2:03 am
enforcement access through -- with biographical driver's license data that we also might use in a law enforcement context . that's very common for law enforcement agencies to access. >> thank you. >> thank you very much. the chair now recognizes the gentleman from new york. >> thank you, mr. chairman. thank you all for being here today. taking a step back, as a federal prosecutor for 20 years, routinely dealing with homicides and matters of violent crime, some of the tools in the toolbox that i had were free -- were fingerprints at first and later, dna. when they both came online, at first, there were concerns about how they were to be used. now i think they're becoming more mainstream. and i hope and pray that it's the same with facial recognition. but all three have the capability not only of helping to solve crimes but also making sure that crimes aren't committed.
2:04 am
but even something we don't think about enough is exonerating people who are falsely accused. look what the dna system has done for people falsely accused in prisons. it's been a remarkable breath of fresh air. so my concern is not with the efficacy of using it. my concern is that we get it right. like we've done with fingerprints and like i think we have done with dna. so my questions focus on the accuracy and the things you need to do to make it better. my colleagues have asked great questions about the use of it and the extent of the use and we're going to have to have more discussions about that. i am very concerned about the accuracy. that was a big thing with dna starting out, and now dna, the accuracy and the testing is amazing. it's a positive almost all the time. i don't think we are there yet with facial recognition. i'd like to get there. with that in mind, i want to ask mr. romine a couple of questions. you talk about the fact that you're charged with examining the gaps and limitations of certain things, including facial recognition.
2:05 am
what do you see as the gaps and limitations of it right now? >> the principle gaps and limitations we see involve a couple of things. one is image quality. it's still true, garbage in, garbage out for software systems. and so image quality has a huge impact. we see, as i said, i'll have a report on demographics. and there are certain issues associated with demographic effects. that's particularly true when you're trying to identify someone when you have a reference image that's maybe 10, 20 years earlier than the person that you're trying to identify. that can be a very big challenge. similarly, if someone has been injured or there's some obscuring of the face for other reasons, that can have a challenge. images that are taken, noncooperatively, and i don't
2:06 am
mean uncooperative. i mean where someone is not standing still, looking at a camera, with the intent of registering an image. if you're taking an image through a windshield, for example, or if you're taking on image of someone who is walking and not facing a camera, those can have a significant impact on the accuracy and the ability of these systems to do identification. >> what can we do to improve that portion of it? >> the industry continues to make advances. i mentioned the emergence of a convolutional neural network as a game changer in this space. we don't know what we don't know coming down the pike but i think there continue to be improvements that we see in our testing over time. so the industry is making great strides. >> you mentioned also -- in
2:07 am
response to a question from one of my colleagues that the demographic effects of facial recognition software are diminishing. could you expound what you mean by that? you say it's 99.7% accurate but it's probably not 99.7% accurate for certain segments, for example, a darker skinned female. i want to know what you're doing to make that better and how we can make it stronger. >> that's correct. from nist's perspective, what we do to make things better is provide an evaluation capability, so we're not doing any training. >> understood. >> and development. however, i would say that anytime the overall performance of the system improves as democratically as facial recognition as improved over the last five to six years, the compression, the effect of differences in demographics shrinks as well. and the report later, once we finished our analysis, the report that comes out in the fall will -- >> that sort of answers my
2:08 am
question. i mean, you'll admit that certain demographics have a disproportionate error rate. and so you're saying it's improving. how much has it improved? >> we haven't finished the analysis yet, so i'm not able to answer that question currently. the report will come out in the fall. i will say that the -- it is unlikely that we will ever achieve a point where every single demographic is identical in performance across the board, whether that's age, race or sex. but we want to know just exactly how much the difference is. >> and this report will detail that when it comes out in the fall? >> yes, sir. >> thank you very much. i yield back, mr. chairman. >> we all look forward to the report. >> indeed. >> i assure you. the chair now recognizes the gentlelady from illinois. >> thank you. mr. gold, i represent illinois's 14th district, where we drive about an hour or two to get to a major airport in chicago. our community is always interested in learning more about technologies that can
2:09 am
potentially improve security in airports while reducing wait time. however, before implementing any new technologies, it's really important, crucial to make sure that they're proven to be effective, reliable and fair. so can you please run through the ways in which tsa is currently employing biometric screening at checkpoints? >> yes, ma'am. currently we're only using biometrics technology in the international terminal, terminal f in atlanta. that's on a pilot basis. our approach to biometrics every -- implementation at tsa is extremely deliberative. we want to understand how the technology works, how it can improve and how it can improve verification for the traveling public and improve the passenger experience. going back to the discussion on image quality that happened before, we're in a fortunate case at tsa in that we really control the environment in our checkpoints so we can ensure optimal lighting, optimal distance from the camera so we get the highest quality images possible for biometric matching.
2:10 am
for the pilot in atlanta, we're matched up with cbp, using their system, and we see extremely high match rates there. moving forward, we'll look to pilot one to one matching capability where a traveler will provide a credential. that credential will be assessed by our cat machine. it will return a match rate on whether or not the face that's been captured matches the face embedded in that credential. in that scenario, no information even leaves the checkpoint and nothing is retained on the camera. that's some of the things we're looking at. i believe when we're through with, you know, these pilots that we're doing for biometric development, we will see that we cannot only improve passenger security but also make it a much more positive experience for the traveling public by reducing wait times. >> that is great. how are airports and airlines using the screening technology beyond the tsa checkpoints, if
2:11 am
you are aware, and what other uses are planned for the future? >> right now i can comment on really what we're doing in atlanta with delta airlines. in atlanta, the delta airlines kiosk uses biometric identification when the passenger checks in, should they choose to do so, to make sure that that person is actually the passenger ticketed on that particular flight. tsa has oversight of the bag drop to ensure that passengers are positively matched to bags in the international travel. and so delta airlines has a security program amendment that we've granted them to use biometric technology to do that matching at the bag drop. we use it at our checkpoint in atlanta. then it's, of course, used at the exit point, at the gate. >> ok. and so that's the only specific agreement with an airport or airline that tsa has to govern the use of biometrics? >> right now the security program amendment that we've
2:12 am
granted delta for the limited use only in atlanta is the only formal agreement we've entered into with the airlines. >> and so does tsa have any role in approving airport and airline uses of biometric technology? >> we have roles in approving the use of biometric technology where tsa has equities. again, i would go back to say that would be the checkpoint and bag drop. so if an airline wanted to use biometrics at the bag drop to positively match that traveler to that bag, they would have to request a security program amendment and we would have to issue it. >> ok. as the use of biometric data continues to expand, illinoisans understandably have a lot of questions about how sensitive personal data is used and stored. i'd like to open this question up to the panel. under what circumstances do your components collect data on u.s. citizens? we can start with mr. wagoner. -- wagner.
2:13 am
>> we're temporarily holding it while we validate that it corresponds to the passport that person is presenting. then it's purged after 12 hours from our system. >> ok. >> from a tsa perspective, we're leveraging photographs that travelers have provided to facilitate travel, like passport photographs. when we capture the image at the checkpoint, it is not retained in the camera. once that message is encrypted, and transmitted, we only get back a match result. >> ok. secret service collects fingerprints, palm prints, mug shots, other identifying information on individuals who we arrest as part of our criminal investigations. >> but not a part of regular screening. you don't retain the data that you collect as part of the regular screening? >> that's correct. >> you don't store it? >> no. the regular screening, we use metal detectors, things like that. >> and fingerprints. to get into the white house. >> we do not use fingerprints at
2:14 am
the white house. we don't scan for that. >> great. yes, sir. >> the data that we have is sequestered in servers that are air-gapped. they're not connected to the internet. in a locked door -- i'm the director of the laboratory and i'm not permitted to go into that room without being escorted. so it's very tightly controlled. >> thank you so much. i yield back. >> thank you. the chair recognizes the gentleman from north carolina, mr. walker. >> thank you, mr. chairman. 99.7%. that's pretty good. or about the same percentage as games, butaseball that is another topic. i have a question for you, dr. romine. is the biometric identifier
2:15 am
connected to other sensitive information about the person? >> the data that we have on facial recognition is not connected to identifying information. and so i'll have to double-check the exact features there. but i'm -- >> can you do that for us and report back? so you're saying that the information that you've collected is secured. >> the information we're collecting -- we don't collect information. we obtain it from our partners for the purposes of evaluation only. and we secure that -- it's in a secure server. >> let's use the word obtain instead of collect. have you ever had a breach on the information you've obtained? >> no. >> questions for the panel. keep it to about 10, 15 seconds would be good. that way we can get everybody in. can you elaborate more on these programs that have been successful, specifically on the
2:16 am
ones that identify facial recognition and any other biometric technologies, if you can elaborate either on the success of them or adding security benefits or extraditing -- or expediting travel for passengers? we will start with mr. wagner. >> sure. it gives us the ability to validate a person's biographical identity within two to three seconds without having to actually handle the physical passport. it allows us to link it in a secure way. so the person we did our national security checks against, on international flights, corresponds to the person in front of us. >> mr. gould? >> sure. with our pilot in atlanta, we do data collection on the number of people who are choosing not to provide biometric identification at our checkpoint and it was less than 1%. people seem to enjoy it. the traveling public moves through the checkpoint very rapidly. the best part, we enhance identity verification, thereby enhancing security. >> does that impact you at all?
2:17 am
>> not really. right now we're piloting some technology. but we're in the middle of that test right now, so we haven't compiled the data. the test will finish up at the end of august. then we'll have a chance to go through and review the data. then we'll be able to draw conclusions be it but at this -- some conclusions. but at this point, we're still in the middle of the test. >> dr. romine? anything there? >> no, sir. >> based on the successes, ner andcally mr. wag mr. gould, where do you see the use of biometric technologies expanding in your specific agency even beyond a complete role of the pilot programs? >> it will significantly transform the arrivals and departures on international travel in all our different environments, air, land and sea. and really build a very convenient, efficient but yet secure process for us to do that. >> mr. gould? >> sure. so for us, we'll build on the success of our international partnership with cbp that we're doing in atlanta to other international travel locations.
2:18 am
we will look to use the cbp system for our trusted travel population to do one to few or one to many matching for biometric purposes at our checkpoints. then really the next step that we're looking at is that one to one matching that i mentioned before where a traveler can approach the checkpoint, provide a credential, have the cat machine credential, authentication technology machine, assess the image and match it to a photograph that's taken right there. >> mr. dipietro, do you ever share your information with local or state governments? >> information with respect to fingerprints? >> information that you collect. let me back up and ask this question, because i think i've got time to get it in. ms. underwood asked a couple questions. there seemed to be just a touch of hesitancy. i wanted to follow back up. the data that you collect, is it ever collected without subjects being aware? >> no, sir. >> so the information you do
2:19 am
collect, fingerprints, etc., do you ever share that with state or local? >> i'd have to check with our lab director on that and get back to you. >> are you familiar with any circumstances that you have in the past? >> i'm the secret service's chief technology officer. i work more on the engineering and technical side. i'd have to get with your -- with our forensic services department to answer that. >> thank you. i yield back, mr. chairman. >> just let me comment. in a classified setting, we are gonna ask that question again, of the data collected that people don't know, because i think there is information being collected in the pilot, at the white house. that is different from the answer. but we plan to have a classified briefing on that issue. the chair recognizes the gentlelady from new york for five minutes, ms. clark. >> thank you, mr. chairman.
2:20 am
some would say let's not make, when it comes to national security, let's not make the perfect the enemy of the good. but unfortunately, the good is not good enough when bias is baked into the algorithms that create false positives. the stakes are far too high for individuals, and too costly, particularly for women and people of color. the wide scale deployment of facial recognition technology will have profound implications. we must look before we leap. it is imperative that congress impose safeguards. -- safeguards and ensure algorithms do not make their way into widespread use. as a new yorker, one who lives just miles away from ground zero, national security is crucially important. and i know that firsthand. but facial recognition technology that routinely misidentifies women and people of color don't make us safer.
2:21 am
they make us less safe. using this technology to help ice target immigrants for deportation doesn't protect us from terrorism. it terrorizes hardworking families. and when cbp uses these technologies on u.s. citizens traveling abroad without providing a transparent opt-out process, that's potentially unlawful. we've seen what happens when technology is widely deployed before congress can deploy meaningful safeguards. let's not make the same mistake with facial recognition technology. you have a contractor that has a breach. we know we're seeing more use of video. deepfakes, if you will. that information gets in the hand of an adversary overseas and they want to create a disruption in our nation. all you have to do is take that information, create a video from it, and bam. we're already into a really bad situation. i don't know if we're looking at
2:22 am
the inter-connectedness of all of these technologies, particularly because they're all evolving. and i'm very concerned about the lack of specificity that we have at this stage. so my question is about accuracy, mr. wagner. cbp boasts that the facial recognition algorithm it uses is able to make a match of 98% or 99% of the time. but that statistic does not include instances where facial recognition technology is unable to capture a high-quality image due to human error, poor lighting or other environmental factors. recent testing by the dhs science and technology director has shown that when data capture factors are included, the rate -- the error rate increases to around 10%. do you dispute the findings? >> no. >> ok.
2:23 am
and why does cbp insist on tracking a bogus statistic that ignores passengers who cannot be photographed well enough by the system to be matched? >> well, what we're accounting for is, if we take a photograph that's a of sufficient quality, are we able to match it? >> if? >> correct. and then we know we need to address the camera itself and the lighting conditions to make sure that we are capturing 100% of those photographs that we can then match at the 98% to 99%. two separate statistics. they're both valuable to us. >> and there's also the false-positive, the cost of the false-positive. that individual that is detained, for whatever reason, because there's a false-positive. the cost of that person's health, the cost of that person's well-being. perhaps there's a commerce concern involved. i'm concerned about the lack of accuracy. i'm very concerned about -- >> a person doesn't match the photo, in this case. they present their passport as they're doing today.
2:24 am
>> excuse me? >> if a person doesn't match a photograph, they simply present their passport -- >> when you're trying to match them and they don't match, what happens to that individual? >> they present their boarding pass and passport and it's manually reviewed at that point. just as happens today. >> and those people aren't detained in any way? they're not asked to step aside? they're not asked -- the process does not delay that person? >> no. they just show their passport. >> ok. i hope that's the case. will cbp commit to tracking a more meaningful statistic that captures the usefulness and accuracy of the full facial recognition process, including the rate at which the person -- the system fails to capture a quality image? >> we do track those rates. we track what we call the gallery completion rate. we're never gonna have a 100%, because not everybody needs a passport to travel. >> including the images that are not high quality? those that fail to meet your standard?
2:25 am
>> right. we want to build it so that the camera will take a high-quality photograph. >> i know that's what you want to do. but will you be keeping the statistics on what doesn't? >> we are, correct. >> very well. i yield back, mr. chairman. >> the chair recognizes the ranking member. >> thank you, mr. chairman. i want to clarify with the secret service. the information that you've collected in this pilot program that you talked about earlier, is it my understanding that everybody that's in that are employees of the secret service and they volunteered to be in it? >> that's correct. maybe if i can explain how we're doing the pilot, that might help. >> also, when did the pilot start? >> so we published it back in november. it began in december. it's gonna run through august. we did that on purpose. we wanted it to go from the winter into the summer, because of the different items people wear, so that we had a good amount of time where we were assessing it. maybe if i just explain a little
2:26 am
bit of how the pilot is working, that might help explain this for you. as you indicated, the participants in the pilot are secret service employees who volunteered to take part in this effort. the facial images are stored, when an associated match is recognized on an individual. i am one of the volunteers. at the conclusion of the pilot, all that information will be deleted. we are using a current cctv system we have at the white house. i can imagine you've got a similar system on capitol hill that you use for cctv surveillance. we're using those video feeds there. and we're trying to match the individuals that are in the pilot, the volunteers, to the people who we're seeing in those cameras. if there's no match, there is no record. if there is a match, then there is a record. that will be retained till the end of the pilot. then that information will be deleted at the conclusion of the pilot.
2:27 am
>> thank you, mr. chairman. >> thank you. but i think the question was, if you were collecting caption data and you said no. , and my question is whether it's the volunteer or a person walking the street, you are collecting data? >> that is correct. >> that's right. the chair now recognizes the gentleman from louisiana, mr. higgins. >> thank you, mr. chairman. director romine, would you describe biotech, biometric technology and facial recognition technology as designed to work with trained agents, man and machine, working together? is this what nist is working towards? >> we're agnostic as to whether that is the use case or not. but our testing has verified that in the case of facial recognition, the best algorithms and the best human face
2:28 am
recognizers, the trained face recognizers -- >> thank you for pointing that out in your testimony. nist's research, in an effort to measure the accuracy of forensic examiners, including forensically trained facial reviewers, your statement stated that the state of the art facial recognition algorithms with the best human face identifiers, the best machines performed in the range of the best performing humans -- >> that's correct. >> who are professional face examiners. but you went on to state that optimal face identification was achieved only when humans and machines collaborated. is that an accurate assessment? >> that is correct. >> and let me ask commissioner wagner, is there ever an arrest made or denial to travel based solely on facial recognition
2:29 am
technology? >> no. >> thank you. so facial recognition technology gets -- let's call it a hit. a high probability based on algorithms that a particular traveler is a person of interest. and then an agent looks into the documentation further and has personal interaction with that individual, which either clears the individual for travel or prompts further and deeper investigation. is that correct? >> yes, that's correct. >> so just to clarify for america watching, this technology is being used to enhance the efficiency and the speed by which the trained agents can move travelers through screening points. is that correct? >> yes. >> thank you for clarifying that. is the general consensus amongst travelers and airlines that this technology is a good idea, it's working well?
2:30 am
>> i believe so, yes. >> thank you for clarifying that. let me jump into your data breach. it's a concern for all of us, regardless of which side of the aisle we're on. who reported that breach? did they self-report or was it discovered? how was it discovered? my first two questions about that. who reported it? contractor or did you all discover it? >> i believe we asked them about it. >> and how much time went by? >> a significant amount of time. i need to verify this. but my recollection seems to be that we asked them and if any of our data was included in it. they came back and said yes. >> and not to put you on the spot here, my brother, but i'm going to. when you say an amount of time, a pretty significant amount of time, are you talking days, weeks, months?
2:31 am
>> i have that answer. let me look for that and i will come back to you. >> ok. we'd like to know that, because the contract was referred to as subsequently terminated, and we would like very much to know what the course of events were regarding -- what was the time line here with this contractor, from the time the breach happened until the time it was discovered and inquired about and reported and verified. and then how much time before that contract was terminated. and i believe -- i'd like to know and perhaps my colleagues would like to know if that contractor is still on a contracting list. if that contract was terminated with that contractor, but are they still out there bidding on other contracts? i believe we'd like to know that. commissioner wagner, you have a
2:32 am
tremendous job to do. you gentlemen, thank for your service, all of you. it's important to the members of this committee to get things right. many ports of entry, particularly the land ports, face unique challenges implementing the biometric entry-exit system. can you just share with us -- and this is my final question -- what are the primary challenges and how can we help? >> the primary challenge was finding a way to implement this into a travel system that wasn't designed to support the, say, collection of biometrics on only a segment of the traveling public. unlike europe and asia and other places, we don't have departure controls. you don't see a cbp officer to get your passport stamped when you leave. we've never restricted departures like that. so international flights commingle with domestic flights. then with each individual fight, -- individual flight, you've got
2:33 am
u.s. citizens, permanent residents and visitors. how do you sift and sort and differentiate between who is in scope or out of scope of the biometric exit requirement? what technology do you use to collect that biometric? and how do you ensure a way that's not going to create gridlock at the airports or sea ports or land port when we get to it on how to do that? >> and that's exactly what you're working through right now? >> so we found a way using the facial recognition to compare people against data they've already provided, in a convenient and quick and accurate way, that we can apply to all travelers using different authorities and help the airlines board the planes even faster. >> commissioner, thank you for that. my time has expired. >> thank you very much. chair recognizes the gentlelady from new jersey for five minutes. ms. watson-coleman. >> thank you, mr. chairman. thank you, gentlemen, for your testimony. it is a really important issue for us. we want to be safe and secure but we also want to recognize that our privacy is our privacy and we have guarantees under the constitution and that we're not in any way infringing upon that. mr. wagner, i'd like to ask you a question.
2:34 am
i understand the department has sent an interim final report to omb that would expand cbp's collection of biometric data, something we've obviously expressed tremendous interest in. the committee is eager to learn as much as possible about what you intend with this rule and why you haven't pursued a more transparent and deliberative process. what does this interim final rule entail? how does it address cbp's collection of biometric data on u.s. citizens? and why did you choose this closed process rather than providing notice and allowing public comment? >> there's several pieces of rule makings under way. there is an interim final rule that's drafted and is circulating through the government for comment. there's also notice of proposed rule makings on other parts of what we'd like to propose to do. we're evaluating all of those right now, based on a lot of the comments we've received back from within the government.
2:35 am
and we may take a different route. there are regulations in place already, though, concerning biometric exit that have been in place. that we're utilizing today. through the privacy impact assessments, we've explained in greater detail than would be in the regulations probably, how to program operates and what exactly happens with it. that's publicly available. >> are you having conversations with stakeholders? >> absolutely. i've personally done meetings with -- two different meetings, the east coast and west coast -- with the privacy community and all the privacy representatives. we're talking with all of our travel and tourism stakeholders. there is vehement support behind this in the travel and tourism arena. and, of course, we're talking with the airlines and airports and our government partners as well. >> why is it i'm asking you this question about why the committee doesn't have the information it
2:36 am
needs if these discussions have been in the public realm? why am i asking you about this process? what part of this process fits this question about why you've chosen to do it in a more closed way as opposed to a more transparent way? or am i just misunderstanding and misstating? >> well -- well -- >> what part of your consideration, your rule making requests, your request to omb , don't fit this sort of public hearing? >> as -- i'm not sure i understand the question. >> well, according to the information that i was given, the department has sent an interim final report to omb. and this interim report has to do with expanding your collection of biometric data.
2:37 am
and that the process that you all are using to -- in dealing with omb has been a closed process. what does that mean? >> so there's certain provisions that would be in the interim final rule that if omb were to approve it, we could publish that in the federal register. you can still accept comments, i believe, on that, but the rule goes into effect. really, that -- >> what is the problem with there being a more open process now -- >> we're doing that too for the other provisions. >> well, what about the provisions -- i'm specifically asking about the provisions that you're not doing it on. and what is the reason for that? >> well, i'm -- i'm -- >> all right. so you have a number of proposals. rule-making proposals, right? >> correct. >> part of this, the department
2:38 am
has sent a final -- an interim final rule to omb. and in this particular rule, it deals with the expansion of cbp's collection of biometric data. the understanding that i've been given is that the process that you are engaging in is a closed process. and we don't have -- the committee doesn't have the benefit of what is being considered, what you're asking for. instead, you've used another process that forecloses that opportunity. so i'm asking, why would you choose to do that? what is it that you're asking for that you can't share in the asking? not after the fact. or is there not such a thing and we're just completely uninformed? >> no.
2:39 am
it is just different portions of the rule-making process and before the rule is even finalized, it would be premature to talk about what's in it or what's not in it, because that is going to change. based on the feedback and our discussions with omb, it is going to change. >> but you do that on other rule-making requests but not on this specific area? >> we will be publishing a notice of proposed rule making with anything that would fall within those parameters. >> it's somewhat frustrating. >> i think the point is, at this point, the public has no input in this process. as far as we understand. >> yeah. >> the rule making process. normally the notice for rule making, you -- >> right. >> you push it out and receive comment. >> we will do notice of proposed rule makings to solicit that feedback. >> you will? >> we will. >> ok. after the fact. >> ok. >> may i just have 30 seconds?
2:40 am
since you so generously used about -- >> i will give you an additional 30 seconds. >> i'm curious about the secret service pilot project. and i wanted to understand -- i understand that you're using this pilot project now with volunteer service agents so that when they're walking, you collect that information with the matches that works. are you incidentally collecting other information on people who are not part of this voluntary effort? and if so, what are you doing with those sort of pictures that you capture? >> so, ma'am, the cameras that we're using as part of this pilot are part of the white house video management system. that is the cctv system that records videos from all the cameras around the complex. we retain that data for 30 days as part of the cctv process. as we're going through and identifying those volunteers that are in there, that record is saved. and we save that and we're gonna evaluate that until the end of the process.
2:41 am
>> but you did have the opportunity to review other faces as you're capturing that are in the vicinity, tourists, demonstrators, whatever? >> it would be like a false-positive, somebody who wasn't in our pilot but we thought it was -- >> because we are concerned about what happens -- >> we will have a classified briefing. >> thank you. >> and we'll have a lot of those questions responded to. >> thank you for the extension of time and thank you very much . >> the chair recognizes the gentlelady from arizona, ms. lesko, for five minutes. first if you don't mind, i'd like to yield a few seconds to my calling, mr. higgins. >> five minutes. >> mr. chairman, i ask unanimous concept to enter into the record two op ed articles in support of biometric technology. the first is from the new york city police commissioner and the second is from managing director of the sherrtoff group. >> without objection. the gentlelady is recognized for
2:42 am
the additional time. >> thank you, mr. chairman. i too ask unanimous consent to enter into the record three letters expressing support for the effective and responsible use of biometrics by tsa and cbp. these letters are from airlines for america, the international air transport association and , the global business travel association. >> without objections. >> ok. thank you. all my questions, mr. chairman and members, are for mr. gould. is, theirst question pilot program that you have working with delta down in atlanta, where do you get the photos from? is it opt in? do you get the database of passports from cbp? that's my first question. >> yes, ma'am. we use cbp's tbs matching service for that. cbp has access to state department photos for the back end matching.
2:43 am
and then it is an opt-in program. passengers have the opportunity to choose whether to present biometric identification, using the facial capture, or to present a credential. and we see a very high rate of people choosing to provide the facial image. >> ok. and so just so that i understand, where do you ask them if they want their photo taken? >> ma'am, there are signs throughout the checkpoint area that say we are piloting this technology, and that should you choose not to participate, please let the officer know. as you approach the tdc, the travel document checker position, there's an officer there. and the officer will say, you know, do you choose to provide biometric identification? in which case, if the passenger says yes, they're directed to stand in a specific location for that facial capture. so there's interaction with the officer at that point. >> thank you. that's very informative. my next question is, due to i
2:44 am
guess the success of cbp's use of biometrics, and i think this is, you know -- this technology is going to happen. i do agree with other members that we need to make sure that we have privacy and security in it, of course. but are you going to use any of the -- is tsa planning on looking at how they can work, i guess, with cbp and their success, in order to implement it in more airports? >> yes, absolutely, ma'am. that's the reason we're doing to -- we are doing the pilot in atlanta, is to understand that interaction between us and the cbp tbs system and what benefit that system brings to the tsa checkpoint, the identification verification process. >> good. i'm glad that you're working on it and hopefully we can get a fairly fast turnaround. i probably would be interested in seeing what you're doing down there in atlanta myself. >> yes, ma'am. >> also, mr. gould, are you planning on using this, or have you thought of using biometric
2:45 am
technology or do you, for the employees, the airport employees? >> yes, ma'am. we are considering using biometric identification processes for employees as well. >> thank you. and the reason that i ask that is because from some of our briefings, hearings, i think, we've been concerned about insider type threats. i think what happened up in -- what was it, the washington airport? i can't remember, where an employee took a plane and -- >> seattle. >> yeah, seattle, washington. and with baggage handlers, those type of things. it seems to me that it would be logical that we use biometric screening for the employees themselves. >> yes, ma'am. that is certainly something we'll be looking at. >> all right. thank you. and i yield back my time. >> thank you. >> thank you. we'll now recognize the gentlelady from texas for five minutes of questioning. >> mr. chairman, thank you very
2:46 am
much. i want to start off by asking unanimous consent to put into the record an op ed by the houston chronicle, real abuses at the border, squalor conditions for migrants, ask unanimous consent. >> without objection. >> ask unanimous consent for the usa today article, acting secretary of defense, border conditions. >> without objection. >> and i ask unanimous consent to put into the record the i.g. inspector's record dated july 2, 2019. >> without objection. >> and i ask to put into the record two articles, i'll put them together, they are found both in the new york times and in the houston chronicle. new york times -- well, excuse me. new york times, ice uses facial recognition to mine state driver's license, and then an article that says feds scan driver's license photos for facial recognition gold mine,
2:47 am
and that's monday, july 8. and the other is july 7. ask unanimous consent. >> without objection. you,rst of all, to all of let me thank you for your service to the nation. i've had the privilege of serving on this committee for a very, very long time. i will get to the underlying basis of this hearing, but let me be very clear that i have to speak with great ire and dismay for the behavior of individuals at the border and the refusal of the department of homeland security to cooperate with members of congress. that thet to indicate $4.6 billion that was given last week, and the whining that went on for a period of time to blame congress was a misrepresentation to the american people, because we understand that reprogramming those dollars can happen at the drop of a hat. the reason i say that is, as i
2:48 am
go into my questioning regarding the facial recognition, unless the answer changed from the time i was here, i understand there's no statutory legislation or anything that's giving you that authority. you are going to look for it, maybe you will answer the question differently. i just quickly want to say that we will not be able to tolerate -- we respect you as servants of the nation. it is unfortunate that very destructive policies of this administration have tainted very fine american servants of the people. and that's what's happened, because when you don't have toothpaste and a toothbrush and you have a truckload of that material, nonprofits like the conscious presence that i met at the border station one and also clint, begging to be of help, and you're telling the american people there's no one helping you, i think it's a sad commentary. so i just want to make sure you're aware of my dismay that we will not be tolerating it. and the mismanagement will not be tolerated and the
2:49 am
accusations against members will not be tolerated. if vice president pence can go in and look after it's cleaned up, spic and span, then members who have oversight responsibility should be able to go in and look. >> understood. >> i'd appreciate it if you'd report that back to the secretary. >> i will. >> thank you. let me say to the gentleman from transportation security administration, i'm interested in you looking into the treatment of crystal lynette sonia and chereef mohamed hoteff, around april 14, in the atlanta airport. let me start with mr. wagner. this is horrific, the information regarding the use of these, and my earlier information was that you know that people of color and women -- so i get it twice -- are unfortunately targeted the most. in the article, it says agents
2:50 am
with the fbi and ice have turned the state driver's license databases recognition into a gold mine, scanning through hundreds of millions of american photos, without their knowledge or consent. in addition, it says that the state department motor vehicle databases into the bedrock of unprecedented surveillance and infrastructure. i want to submit into the record, mr. chairman, an article by amazon that says amazon facial -- not by amazon -- amazon facial recognition mistakenly confused 28 congressmen with known criminals. i will not put the congress person's name into the record but i think most of us would like not to be known as known criminal. >> no objection. >> my question for both of you, and a little extra time for them to answer, the two gentlemen from tsa, and from cbp, how are you doing this? with the protections of due process and notice, without the notice of the american people that the process even exists?
2:51 am
what framework is there to have the firewalls that you're not turning congress people or children into convicted criminals? >> well, we're not seeing those same error rates that are -- that can be attributed to specific demographics in how we're doing this. and how we're doing this cannot be compared to previous studies on this. there are different control factors in place. you know, there's different -- we're taking a person that is standing in front of a camera where we can take a clear picture and we're comparing it against a clear set of base line photos from their passports or visas where they were also standing still in front of a camera to capture a clear picture. that's why we have such accurate rates. previous studies didn't quite take the same control factors into place. this is not us taking an image of a person and randomly running it against a gallery set of indistinguishable, say, quality photographs and lowering down
2:52 am
the accuracy rate as to what constitutes a match to make it match someone that it's not. i mean, you can do the same thing with fingerprints. if you only -- >> how do you secure that data? >> when the photo is taken at the airport, it is encrypted, transmitted to cbp and to our cloud space. it's then templatized, turned into a mathematical formula. there is a unique identifier associated associated with that. there's no biographical data associated with that. it's matched up against our gallery of templatized photos. when there's a match, a message goes back to the camera with just yes or no and that unique identifier. >> let me move quickly to mr. gould. let me think tsa for their frontline service of protecting america. thank you, mr. chairman, for the indulgence. the same question as to how you're utilizing and protecting
2:53 am
the data and avoiding this intrusion into the privacy of the american public without them knowing it. >> we're using cbp's tvs system. the answer that was provided applies to tsa as well. with respect to the accuracy in the matching, the one thing i would like to add is the technology is evolving so quickly and improving so quickly, we will continue to assess at every step for any additional pilots or when we consider employing this on a wider scale, we'll assess the best way to get quality image capture and be sure to employ the highest quality algorithms to ensure the highest match rate. >> ok. thank you. thank you. >>thank you. yield back. thank you very much. >> the chair recognizes mr. green. >> thank you, mr. chairman. thank the ranking member, thank the witnesses for appearing.
2:54 am
my questions have to do with the surveillance. and my first question is, are all people who are traversing areas within an airport under some degree of suspicion? who would like to answer, please? >> well, i would say that when a person's traversing an airport, they're not necessarily under suspicion. airports utilize security cameras, closed circuit television for security reasons. with respect to tsa, the only reason we use cameras and capture images is solely for the purpose of identification. >> if i could just add -- >> please. >> what we're doing is absolutely not a surveillance program. a picture of an individual is taken with their complete knowledge because they're standing in front of a camera at
2:55 am
a time and place where they have to present a physical id to move forward. we're just replacing the evaluation and scrutiny of the physical id with a computer algorithm. >> should i assume that person s who enter the airport and who are not within the secured area will not be subject of this technology? >> not by tsa, sir. it solely occurs at the bag drop or the checkpoint. >> or time and place where you have to present an identification to establish identity to go through whatever process that is. >> in houston, the bag drop occurs outside of the building, before you enter the building, you drive up in your car. you have friends and neighbors with you perhaps and you go over to an agent and that person receives your bag and gives you a ticket. so would it occur in this area? >> right now the only place the
2:56 am
identification is occurring is at terminal f in atlanta. >> time is of the essence. we're talking about expanding, are we not? >> yes, sir. quick -- >> here's my concern. i'll go to the point and be as pithy as i can. one can only imagine what mr. j. edgar hoover would have done with this technology. it was mr. hoover who surveilled dr. king. they went so far as to send a letter to dr. king encouraging him to take his life. one can only imagine. now, i'm not placing you under the eye of suspicion. but it's my job to make sure this technology is not abused. i take my job seriously and i am protecting you by doing my
2:57 am
job. my concerns are do you alert people to advise them they're being surveilled? >> sir, i wouldn't characterize it as surveillance. the way the alert happens, when you approach the bag drop, they ask if you would like to use biometric identification. >> if you believed this was a form of surveillance, would you alert the people? would you alert the public? >> we don't do surveillance. >> you don't do it -- excuse me. if you thought, would you recommend, if we were of the opinion that this is surveillance, what do you think we should do? should we indicate that person should be noticed that they're being surveilled? >> we provide notice before the image is captured. it's purely with the consent of the traveler. >> what about consent of the person who happens to be with
2:58 am
the traveler, just a friend? >> we solely captures the picture of the traveler who has consented, the camera is only about two feet away and it solely captures that image. >> thank you. but we are considering expansion. my concern is suspicionless surveillance. surveilling persons not under suspicion, perhaps by accident. final question because time is running out. will there be any means by which persons engaged in litigation can acquire access to this intelligence that you have preserved for some length of time, meaning the photographs? would there be any means by which persons who are engaged in litigation can acquire it? >> sir, the photographs are
2:59 am
passport photographs. damages are not retained in any respect. we's get back a match or no match return. >> i am really asking this. if the person is involved in a form of litigation, would they be able to acquire a photo to show a person was at a given location? >> i understand. they will not. it is encrypted and a match is returned. after 12 hoursd 12 hours. a foreign national would be deleted. what we keep is the biometric
3:00 am
exit of their archer. >> thank you. andeatly appreciate this want us to secure our airports and ports of entry. i'm also concerned about suspicionless surveillance. you are recognized for five minutes. >> thank you, chairman. thank you for being here today. i know that at least three of our witnesses fall under the department of homeland security. , theads as follows homeland of security has a vital homelando protect our from the dangers we face. requiring employees in jobs that , toe from aviation security chemical facility inspectors. clear, keeping
3:01 am
america safe. includessecurity cybersecurity and infrastructure security agencies. services, coast guard, customs enforcement, includes fema as well as customs and border protection, secret service, and the tsa. believe that if these agencies were abolished, our country would be less safe. is, can you tell me what impact it would have if homeland security were abolished by congress? tothere would be no one process people coming and going across the border. there would be no one to process commercial cargo, to look for harmful goods or products.
3:02 am
no one to collect the taxes due on those duties. over $40 billion a year into the u.s. treasury through duties, taxes, and fees. meand would you agree with that the different enforcement departmentof the security police run a gamut of different things? we described secret service ,hich provides protection, tsa which is responsible for air travel. that those are important functions of our government, would you agree with that? >> yes. 1789 andns go back to the beginnings of our country. >> would you care to expound on that? >> i agree with what mr. wegner
3:03 am
there, tsa were not security transportation system would be in some degree of jeopardy. >> as you indicated, we protect the president vice president, and others. criminal investigations are critical work we are doing. >> would you agree it would be irresponsible to talk about abolishing these agencies? >> yes. -- yes, sir. >> i would agree with that. >> chairman, i yield back. >> thank you. you know -- i know i was late to the hearing --ay, but i don't really maybe it happened before i got here.
3:04 am
i didn't mention or hear anyone mention these institutions should be abolished, just for the record. the gentleman from kansas city, mr. cleaver. >> thank you, mr. chairman. his mr. wilson here -- is mr. wilson here? he signed the declaration of independence and became one of the first six members of the supreme court. he said that congress shall form grand inquisition of the
3:05 am
executive branch. i think that my children's children and even theirs will study this era. -- era and say that's when it got started. i was concerned. i was a mayor of kansas city. busy, you guys are especially right now. a group of my colleagues and i signed a letter and sent it to mr. way 30 years ago -- days ago. -- know if this
3:06 am
was a plan to ignore congress or not. know you -- i shouldn't write a personal letter to everyone who writes, even a member of congress, but if you lack staff, we still need to know. we are to provide oversight. hustle, i'mng to not sure i could do a good job, but i can certainly do a good job at being frustrated. work, but i your , it is frustrating just see what's going on. to allowfter refusal congress to do its oversight. if i'm around at a time when my voice is important
3:07 am
say i'm not going to support nonresponsive instances of congress. having said that, some questions my colleagues and i asked, i will ask a couple of them. is there any statutory authority that would allow the process of thatl recognition, or is just an internal move? >> there are several pieces of statutory authority that authorize us to do and run this program. there are several pieces of legislation from congress requiring a biometric-east
3:08 am
system for foreign nationals. based system for foreign nationals. there has to be a way for us to make determinations that this person is a u.s. citizen and there are statutes that authorize us to make that determination. if it is not to the examining authors -- officers satisfaction , the person would be considered as an alien. perspectivea aviation and transportation and crew boarding aircraft, fundamental we positively identify them. the act explores the use of biometrics for that purpose. >> it wasn't a trick question, i just wanted to know. >> i understand.
3:09 am
participatedi demonstrations from the present dutch -- it's a whole another issue, but i was in the demonstration. should we expect that we were somehow surveilled and put in the category of subjects of interest? since that is apparently what takes place on the ground of the white house. should i expect that? have aressman, we do
3:10 am
video surveillance system around the white house. published.pia in addition to cameras, many are over on pennsylvania avenue. >> what about other departments? >> i can't speak to what other departments are doing. >> thank you very much. >> i yield back. .> thank you, sir we recognize the gentle lady from florida, mrs. demings. >> thank you, sir and thank you to the witnesses today. let me just for the record, say that i respect the jobs that you have to do.
3:11 am
i understand how tough they are. i think all of our jobs have gotten tougher in recent years. i'm not sure why my colleague felt the need to talk about abolishing your agencies. i know no one on this committee on either side of the aisle has ever proposed such an idea. we are the committee on homeland security. youwe are here to make sure have the tools and resources to do your jobs. but i know it gets a little tougher when sometimes you receive unjust or improper orders and do not have the resources to effectively do your jobs. collie talkeard a about biometric technologies involving speed and efficiency.
3:12 am
assigned the orlando international airport as a police commissioner on 9/11. i know that the number one responsibility for you is the safety of the traveling public. that or docan ensure that in a efficient or faster way, than that is just icing on the cake. apart as wes us work to keep our nation safe, what sets us apart in this country is that we can enforce the laws and write the laws, but also repacked and individuals civil rights. apart, and iets us will not be violating the civil rights or the perception of civil rights.
3:13 am
it is an issue we cannot ignore and we need to deal with. we are able to deploy new technology. that is a great and wonderful thing. was.exciting that but it is our job on the committee your job to make sure we can do it all. i believe we can. we do thank you for your endurance. i want to go back one minute testing for accuracy and biases. could you tell me who sets the minimum standards for this particular program? decides what is done for accuracy a bias? -- of bias?
3:14 am
say you are ready primetime understanding, as you said, that we are always going back and checking up. who sets the original standards before deployment? thewagoner, we start with 'llwagoner -- wagner, we start with you. >> we would. we determine what constituents a match to non-match to a photo and do it with our science and technology department. we do it in consultation with nist and experts from the industry and vendors of this equipment. we have partnered with nist and starting this summer and fall, will be deeply analyzing our data to make sure we're not seeing those error rates that are attributable to a certain demographic. we're not seeing it from our internal review of it and we want to bring experts in. >> you're saying there's a
3:15 am
perception there is an increased error rate among people of color or have we seen some data although not significant to show that? >> i think the studies that have shown there were these biases in it had different control factors than how we're using this program. no one has really studied the way we're implementing this, using those same control factors on how we're doing it. and i would expect them to get the similar results we're seeing. >> from a tsa perspective, we work very closely with the dsa and science director as well. they inform our test plans how we collect data and biometric pilots and how they're working, then they analyze that data on their behalf. we rely on them for semi independent and very accurate assessments of our capability.
3:16 am
like cbp, we rely on our friends at nist to set the standards and how the algorithms are actually working. >> mr. chairman, if i could just, when you decide we are ready for deployment, this technology, based on testing we've done, is ready for primetime, who makes that decision? is it a collective effort between the different people that you work with or did you decide that individually, based on the feedback that you received? >> we would decide that for our agency because it's our responsibility, the officer's determination, you match your passport. i use a tool or algorithm to help me make that decision, at the end of the day, it's still my judgment to do that. we would evaluate this to say, is this helpful to the officer making this determination this document corresponds to that person. >> ok. >> one thing i would add to your original point, for us, the main reason to do this is increase better identity verification.
3:17 am
and security enhancements associated with that, getting people through the checkpoint more quickly, like you said, is icing on the cake. better security through using this technology is key to us. if the algorithms and match rates are not acceptable, if we are not enhancing security, we won't deploy it. that decision will be made internal to the tsa. >> thank you, mr. chairman. >> thank you, gentle lady. due to the time, i will dispense with my questions, but just like to say that obviously based on the questioning from the members of congress, you can get a feeling on where we are concerned about issues around privacy, around equality and
3:18 am
making sure the american people and the traveling public is safe. and so we need to continue to evolve. we know that homeland security has been an evolving, living, breathing entity that continues to have to see and recognize issues, try to curtail them and rectify matters that are important to the american people. so, i'd just like to say, thank you for your service, tsa, cpb, your jobs, all of you actually, secret service, are doing a yeoman's job for this nation and we appreciate your service and your time here today. so thank you.
3:19 am
>> with that, the hearing is adjourned. [gavel]
3:20 am
♪ years, c-span has been providing america unfiltered coverage of congress, the white house, the supreme court, and public policy events from washington dc and around the country. created in 1979, c-span is brought to you by your local cable or satellite provider. c-span, your unfiltered view of government. >> congress returns the first week of january. the house needs to decide on impeachment measures and send it to the senate. eventually, the sad will hear the case against president trump and take up the u.s.-mexico-canada trade agreement.
3:21 am
and congress will hear president trump deliver the state of union address. -- state of the union address. watch live on c-span. the impeachment of president trump. follow the process on c-span. live, unfiltered coverage on c-span.orgmand on and listen on the free c-span radio app. >> high, everyone. everyone, i am here to encourage you to continue to wrap up the competition. this is actually about the time i started so you still have time. offices and i'm
3:22 am
here to tell you that this was an incredible opportunity to express my thoughts and views about the political climate while collecting with local state leaders. excited you are all interested in this and pursuing this because it is a once-in-a-lifetime opportunity. you have until january 20 to create a documentary that explores an issue you want presidential candidates to address. ofare giving away a total $100,000 in cash prizes. for more information, go to our website. teal talks about competition between the u.s. and china and the technology sector.


info Stream Only

Uploaded by TV Archive on