Skip to main content

tv   House Hearing on Facial Recognition Technology Uses at Homeland Security...  CSPAN  February 14, 2020 5:46pm-8:01pm EST

5:46 pm
[ cheers and applause ] >> monday, president's day, american history tv is live at 9:00 a.m. eastern from mount vernon, the home, library, and museum of our first president, george washington with historian and ceo of mount vernon. also it's the start of museum week highlighting washington, d.c. museums with exhibits exploring the american history. watch american history tv and be sure to watch american history tv on c-span3. joan wagner is the deputy assistant official for field operations. he testified before the house homeland security committee on how to use facial recognition technology. >> the committee on homeland
5:47 pm
security will come to order. let me say at the outset a number of our members are still in route from the prayer breakfast this morning. and they will join us accordingly. the ranking member being one of them. the committee is meeting today to receive testimony on the department of homeland security's use of facial recognition of biometric technologies. without objection, the chair is authorized to declare the committee in recess at any point. good morning. the committee's meeting today to continue examining the department of homeland security's use of facial recognition technology. the committee held part one of this hearing in july of last year after new ths that the department was expanding its use of facial recognition for varying purposes such as confirming the identity of
5:48 pm
travellers including u.s. citizens. as facial recognition technology has advanced, it has become the chosen form of biometric technology used by the government and industry. i want to reiterate that i'm not holy opposed to the use of facial recognition technology as i recognize that it is be a valuable tool to the homeland security and serve as a facilitation for the department's varying missions. but i remain deeply concerned about privacy, transparency, data security, and accuracy of this technology and want to ensure those concerns are addressed before the department deploys it any further. last july, i, along with other members of this committee shared these concerns at our hearings and left this room with more questions than answers. in december 2019, the national
5:49 pm
institute for standards and technology published a report that confirmed age, gender, and racial bias in facial recognition algorithms. nist, for example, found that depending on the algorithm, african-american and asian-american faces were misidentified 10 to 100 times more than white faces. although cvp tout ths that the match rate for this facial recognition system is over 98%, it is my understanding that nist did not test cdp's current algorithm for its december 2019 report. moreover, cvp's figures do not account for images of travellers who could not be captured due to a variety of factors such as lighting or skin tone, likely making the actual match rate significantly lower. these findings continue to
5:50 pm
suggest that some of this technology is not really ready for prime time and requires further testing before widespread deployment. misidentifying even a relative small percentage of the of the traveling public could affect thousands of passengers annually, and likely would have a disproportionate effect on certain individuals. this is unacceptable. their security also repaint an important concern. last, year a cbp contractor experienced a significant data breach, which included traveler images being stolen. we look forward to hearing more about these lessons cbp learned from this incident and the steps that it takes to ensure that biometrics data is kept safe. transparency continues to be key. american people deserve to know how the department is collecting facial recognition data and weather department is
5:51 pm
in fact safeguarding their rights when deploying search technology. that's why we are here seven months later to continue our oversight. i'm pleased that we again have witnesses from cbp and nist before us provide us with an update and answer our questions. we will also have testimony from the office of civil rights and civil liberties. this office is charged with ensuring the protection of our civil rights and liberties as it relates to the departments activities. no easy task, especially these days. be sure that under my leadership, this committee will continue to hold the department accountable for treating all americans equitably and ensuring that our rights are protected. i look forward to robust discussion with all the witnesses, and i thank the members for joining us today.
5:52 pm
welcome, to the panel of witnesses. the first was this, mister jean minor, the deputy executive assistant commissioner for the office of field operations, u.s. customs and border protection. in his current role, he oversees nearly 30,000 federal employees and manages programs related to immigration, customs, and commercial trade related cbp missions. -- previously served as chief of the labor and employment law divisions for u.s. immigrations and customs -- doctor charles romine is a director of information, at the national institute of standards and technology. in this position, he oversees the research program that focuses on testing and
5:53 pm
interrupt realty, security, usability, and reliability of information systems. without objections, the witnesses full steam and will be inserted in the record. and now i ask each witness to summarize their statements for five minutes. beginning with mr. wagner. >> good morning, chairman thompson, ranking member, large members of the committee, thank you for the opportunity to testify before you today on behalf of customs and border protection. i'm looking for the opportunity to discuss this report. since cbp has been using an algorithm -- identified in the report, we are confident that our results are corroborated with the findings of this report. more specifically, the report indicates, while there is a wide range of performance, (interpreter) >> >> (interpreter) -- 189 different algorithms that nist reviewed, the highest performing once had minimal to undetectable levels of demographic based error rates. the report also highlights on the operational virus that
5:54 pm
compact error rate, such as gallery size, photo age, for equality, numbers of photos of each subjected in the gallery, camera quality, lighting, human behavior factors, all influence the accuracy of an algorithm. that's why cbp has constructed the operational valuables and the deployment of the technology to ensure that we can attain the highest level of match rates, which remain in the 97 to 98% range. one important note is that missed did not test the specific cbp operational contract to measure the conditional impact these variables may have, which is why we entered into an mou -- to evaluate our specific data. but as we build out the congressionally mandated biometrics based exit system, we are creating a system that not only meets the security man they, but also in a way that is cost-effective, feasible, and facilitated for international travelers. identity requirements are not new and crossing the border, we are taking an international flight. several existing laws and
5:55 pm
regulations require travelers to establish their identity and citizenship when entering into and departing the united states. cd -- to inspect the travel documents presented by individuals, to verify the authenticity of the document and determine if you belong to the actual person presenting it. again, these are not who requirements. use official comparison technology automates the process that is often done manually today. the shortcomings of human manual review and making facial comparisons is well document, humans are prone to fatigue, and biases that include gender biases, fingerprint biometrics have also documented gaps in their performance, small percentage of people that we cannot capture things, from as well as demographic correlation's based on age and we are all round aware of the issues of common names when we rely on a biographical venting
5:56 pm
scheme, so no one system is perfect. however since the united states as well as many of the other countries put a digital photograph and electronic chip on a passport it would seem to make prudent sense that the technology may be useful in the rifle holder, and may be more difficult to forge or alter illegitimate pass for as security features stronger but we are still vulnerable to a person using a legitimate document, particular u.s. travel document that israel that blocks of someone else. using facial comparison technology today we have identified 252 impostures who include people using 75 genuine travel documents. privacy continues to be entitled to our biometrics mission, cbp is compliant with the privacy act, the eagle ferment act of two dozen, to the homeland security act in 2000, two and departmental policies i government the collection of maintenance, and
5:57 pm
personally identifiable information. cbp recently published dates to the appendices and covering this program, and record notices that have been published on the databases to store the information. we have met three times with representatives of the privacy advocacy community, as well as discussions with the oversight board and the dhs privacy and advisory committee. in november cbp summit to the office of management and budget of rulemaking to solicit public comments and amendments to the federal regulations, and one final note is that our private sector partners, the airlines in the airports must agree to documented cbp business requirements if they are submitting to photographs that cbp is part of this process. these requirements include a provision that images must be deleted after they are transferred to cbp and may not be --
5:58 pm
stakeholder, f's the devastating attacks 9/11, how can we make sure this isn't happen again? part of that answer is they recommend the dhs should complete as quickly as possible a bio metric entry exit screening system and then it was quote unquote an essential investment in national security. cbp is answering that call and carrying out the duties conference is trying to strengthen its biometrics efforts and verifying people say what they are. so thank you for appearing, today i look forward to your questions. >> thank you for your testimony, i now recognize anne -- to summarize his statement for five minutes. >> good morning, distinguished members of the committee, thank you for the opportunity to appear before you today to discuss homeland security using facial recognition technology, dhs is committed to this and it remains an important
5:59 pm
cornerstone to secure the homeland, i would like to make three overarching points to my testimony today, first the office for civil rights and civil liberties has been and continues to be engaged with the dhs operational components to ensure facial recognition technology is consistent with civil liberties, law and policy, second operators researchers and civil rights operators must work together to prevent algorithms from getting to by isis in the use of facial recognition technology, and very facial recognition technology can serve as an important tool to increase the efficiency and effect -- effectiveness of the facilitation of awful travel, but it is final that these profile programs utilize this in a way for rates and values now to achieve these three points, they won influence policies and programs throughout their at lifestyle, to it gauges with department offices and components and development of new policy and
6:00 pm
programs to ensure that protection of civil rights and civil liberties are fully integrated into their foundations. three monitors operational executions and engage the stakeholders to provide feedback on the consequences of policies and programs, and fourth and finally we investigate complaints and make recommendations to dhs components such as complaints including allegations of racial profiling or other bias. crcl recognizes -- in facial recognition algorithms. as raised by this committee, and supports we are setting about rhythm's used in facial recognition systems to identify and mitigate -- crcc will continue to support the collaborative relationship between the national institute of set -- the dhs science technology -- and dhs components including u.s. customs and border protection to that end in carrying out its mission, crcl advices the ages components and department offices by
6:01 pm
participating in enterprise level groups working on biometric and facial recognition issues. further, crcl directly engaged with dhs components. for example, crcc all is engaging with cbp in the implementation official recognition technology with biometric entry and exit programs. crcl advised an appropriate combinations for individuals wearing religious headwear, for individuals with a sincere religious objection to be photographed, and for individuals who may have a significant injury or disability, and for whom taking photographs may present challenges or not be possible. as dhs and their facial recognition programs, evolve crcl will be collaborative directly with cbp, -- further, see our ceo will engage communities with cbp and dhs snp to inform the public regarding the programs and address potential concerns. finally, we will continue to evaluate any potential alleged
6:02 pm
violations of civil rights and civil liberties in order to further inform our policy advice and strengthen dhs's facial recognition program. crcl a successful recognition technology requires ongoing oversight and quality assurance. initial validation and regular revalidation, and a close relationship with the users and oversight offices. in this way, it can be developed to work properly, and without him permissible bias, when it achieves initial operating capabilities and then continually, throughout its entire production life cycle. we will have to work with the operational components to ensure the policies and practices of also that the human part of the equation, the users, are also focused on responsible deployment of this technology, working in a matter that prevents and permissible bias in dhs activities. again, i thank you for the opportunity to appear before you today and i look forward to answering your questions. >> thank you also for your testimony. i now recognize doctor romine
6:03 pm
to summarize his statement for five minutes. >> thank, you chairman thompson, ranking member rodgers, and members of the committee. i'm chuck romine, director of the information technology laboratory at the national institute of standards and technology, also known as nist, thank you for the opportunity to appear before you today to discuss our role in standards and testing for facial recognition technology. in the areas of biometrics, missed has been working with public and private sectors since the 1960s. biometric technologies provide a means to establish or identify human space on one or more physical or behavioral characteristic. face recognition technology comparison individual facial features to available images for verification or identification purposes. our work improves the accuracy, quality, usability, inter op realty and consistency of identity management systems and ensures that u.s. interests are represented in the international arena. missed research has provided
6:04 pm
state-of-the-art technology benchmarks and guidance to industry and u.s. government agencies that depend upon biometrics recognition technology. our face recognition vendor testing program provides technical guidance and scientific support for analysis and recommendations for utilization of face recognition technologies, to various u.s. government and law enforcement agencies, including the fbi, dhs, cbp, and i are paula. that missed interagency report 1280, released in 2019, qualified the accuracy of face recognition algorithms for demographic groups defined by sex, age, and raise, or country of birth, for both one to one, and one too many identification search algorithms. it found empirical evidence for the existence of demographic differentials in face recognition algorithms that miss devaluated. the report distinguishes between false positives and false negative errors, and
6:05 pm
knows that the impacts of errors are application dependent. missed conducted tests to quantify demographic differences for 189 face recognition algorithms from 99 developers, using four collections of photographs with 18 point to 7 million images of 8.49 million people. these images came from operational databases provided by the state department, the department of homeland security, and the fbi. i will first addressed what what verification applications, their false positive differentials are much larger than those related to false negative and exist throughout many of the rams tested false positives may present a security risk as they allow access to impostors. and false positives are hiring women in men and are higher in the elderly and the young compared to middle east adults. regarding race we measured higher false positive in asian and african american ages relative to those caucasian,
6:06 pm
there's also hire false positive and native american alaskan indian and alaska islanders this two applies to more islanders where a notable exception was for some algorithms -- in one to one positives for asian and caucasian for those in -- not caused an effect, one possible connection then an area furry searches the relationship between an algorithms performance and the data used for the algorithm itself, i will now comes on one too many search auger, the impact of errors this application, false positives in one too many are very important because the call -- false accusation as a consequence, for most algorithms they saw more and african american women, however
6:07 pm
the study found that some one too many out condoms game similar false positives rates across the demographics. some of the most accurate fell into this group. this last point underscores one overall message of the report, different algorithms perform differently, indeed all of our reports to note wide variations in recognition accuracy and an important result from the demographics study is a demographic effects are smaller with more accurate algorithms. nist is proud of it's positive impact on the evolutions of biometric a possibility, ace with nist broad expertise in laboratories and unsuccessful collaboration's with the private sector and other government agencies, nist is actively pursuing the standards and measurement research necessary to deploy interim operable secure and usable identity management systems. thank you for the opportunity to testify on these activities
6:08 pm
in facial recognition and identity management, i'd be up to answer any questions you may have. >> thank you very much think all the witnesses for their testimony, each member is reminded that he or she has five minutes to question the panel, i now recognize myself for questioning's. doctor we will start with you, tired of your nist report was like next generation technology and i understand that cbp will use or reviewed existing technology? >> we are not certain of that i certainly intend to continue our investigations though the existence of the specific algorithms that we test those algorithms are submitted to us by the vendors, we have no independent way to correlate whether those are the they difficult algorithms used in
6:09 pm
the field. >> so -- part of what you said is how the technology is deployed depends on the application of the technology, explain that a little more into the committee. >> certainly, our approach is that the, the significant thing to be cognizant of is the risk associated with the deployment and the studies that we do help to inform policy makers such as members of congress as well as operators of these technologies about how to quantify those risks at least for the algorithms themselves. the deployed systems have other characteristics associated with them that we don't test, we tested only the algorithms currently and the second point
6:10 pm
is that that risk that comes from the air rates associated with the algorithms is part of a much larger risk management than the operators have to take for example access to critical infrastructure is an access control systems to critical infrastructure is different than access to a phone and that you might have, the risks are different. >> thank you. mr. wagner, can you share with the committee the extent that cbp goes to protect the information collected in this process? >> sure. so the photographs that are taken by one of our stakeholders's cameras, they are encrypted, transmitted securely to the cloud infrastructure, where the gallery is positioned. the pictures are temple ties, which means they are turned
6:11 pm
into some kind of mathematical structure, they can't be reversed engineered, and they are matched up with the photos that we've pre-staged in the gallery. and then just the response goes back, yes or no, with a unite identifier. >> so the comment that 2%, 3% of people who are miss identified, what does it cbp do to try and get that to zero? >> right. it's not that they are misidentified. it means we didn't match them to a picture in the gallery that we did have of them. so we should have match them, and you are right, they should be at zero. that's when we look at the operational variables, the camera, the picture quality, the human behaviors when the photo was taken, the lighting, those different types. then the age of the photo. and then, what we've seen in the next report, your gallery
6:12 pm
size impacts your match rate. i think missed tested galleries up to 12 million in size, we are comparing against a few thousands and most. then the numbers of photos we have of the particular individual can impact which one we match against, and the age of the photo. so, if you had your pace port taken at age 20, and you are now 29, and your face has changed, in the dimensions, we will struggle to match against that, which is compounded by poor lighting conditions on the person moving, or taking a poor quality photo. >> well -- mister mina, listen to what you just heard. how have you dealt with complaints from citizens about this technology? >> mister chairman, we've received one complaint that references facial recognition technology. however, we have not seen a
6:13 pm
trend, and that's when we would open an investigation. we are working, as i mentioned, on the policy side of the house, advising cbp directly. the other way we also hear from the community is we have community engagement round tables around the country, we have heard concern in those forms about the technology, and we are using that to inform our advice. >> can you provide the committee with where you have held those forums around the country? >> yes, absolutely. we have -- we do round tables in about 18 cities, not to say that these concerns have been raising each location, but some. we will continue to have those discussions with cbp and essentially as well at future round tables. >> thank you. lastly, mr. wagner, i'm not sure you have you have information on this, but last month, iranian and lebanese
6:14 pm
nationals, and individuals who travel to iran and lebanon, most of whom were u.s. citizens, green card, were targeted, detained, and subjected to prolonged questioning of up to 12 hours at the blane area port of entry. i understand and internal see the bp memo, in this case, people were questioned based on their religion. which is completely unacceptable. i understand cbp has admitted to enormous mistakes in this incident. if you know how this situation happened, and what is cbp doing that it never happens again? >> there was no national ... directive or guidance that went out other than, because of the ... the things taking place in
6:15 pm
iran, concerns about retaliation, we put our field managers on alert to be more vigilant about current events that are happening. and work with your local state, and federal counterparts, and be vigilant. there was some more prescriptive guidance that went out at the local level in blane, washington. which we are reviewing right now because there's a lot of concerning things i think that we saw in the interpretation of that guidance, and the management oversight, as that was unfolding, and people were being referred in for additional inspections and questioning, and there's some concerning points about the management engagement or lack thereof of what transpired. so there is an internal investigation, civil rights and civil liberties is conducting and a investigation, and when we get the results from that we will proceed accordingly depending on what the results
6:16 pm
say. >> are you aware of that? >> yes, we do have an open investigation in this matter. >> okay are you ready? >> i'm ready thank you. >> yield to ranking member for the opening statement. >> sorry for being late, we just came back from the national prayer breakfast. thank you mister chairman after the tragic events of september 11th congress recognize that biometrics his terms were central and following the recognition, we charge the creation of an automatic biometric entry and exit system, transportation system already demonstrated the capability of biometrics to improve security, facilitate travel and veteran forest immigration laws. government and private sector, have made enormous strides in the accuracy, speed, and deployment of biometrics systems, biometrics technologies of all types have
6:17 pm
seen improvements, these advances in facial recognition algorithms in particular are transformational, the national institute of standards and technology is the leader in testing and evaluation of biometric technologies. doctor romine have done incredible work to get the industry to understand the capability of currently available algorithms. i'm concerned that some of my colleagues have already jumped to the misleading concluding that the nist report, the majority tweeted that this report shows facial recognition is even more unreliable and racially biased and be feared, if the majority had taking the time to read the full report before tweeting they would've found that the real headline is that the facial recognition algorithm has no statistically detectable race or gender bias in other words nist could find no statistical evidence that algorithms at the dhs is
6:18 pm
adopting daines racial bias, i hoped my colleagues would listen to doctor romine, to show how that racial gender bias is undetectable in the most accurate algorithms. the reality is that facial recognition technology is can improve existing prostheses by reducing human error these technologies are tools that cannot and will not replace the final judgment of cbp officers concerns regarding privacy and civil rights are well-intentioned but these concerns can be fully addressed and how biometrics systems are implemented by dhs i look forward to hearing the steps that zero seattle is taking to coordinate with cbp and to protect the privacy and civil rights of americans and as i've said before halting all biometric programs is not a solution. doing so ignores the critical facts technology and dhs uses is not racially biased does not violate the civil rights, it is
6:19 pm
accurate and most importantly does protect the homeland. i appreciate the chairman calling a hearing today, it's important for congress to further educated self-on this issue, i look forward to getting the facts and i yield back chairman. >> thank you very much, i wish you heard the testimony because there were some testimony that we heard to the contrary of that. >> i look forward to probing them on that. >> i recognize the gentleman for his questions. >> my statement is wrong, to get to the chairman's point, anyone can jump at it. >> i would never tell congress they are wrong. >> you are one of the few people that won't do that, literally i mean, my understanding is there is no statistical evidence that there is racial bias, is that is an accurate statement? >> thank you for the question, in the highest performing algorithms one too many matches
6:20 pm
the highs performing algorithms we saw undetectable the bias the demographic differentials that we were measuring we say are undetectable in the report. >> so what do you mean by undetectable? >> what i mean by that in the testing that we undertook, there was no way to determine, the idea of having absolutely zero false positives is a big challenge. >> did you test the nist being used by the dhs? >> we tested, we have no and a pair -- we have no way to test that it's been using that by cbp, it's something that they would have to attest to, from our
6:21 pm
perspective the vendor provides us algorithms, they are black boxes that we test, just the performance of the algorithm that is submitted by the vendor. >> mister wagner are they working to implement algorithms. >> we are using an earlier version and we are testing any see three and the plan is to use it next month in march to switch over and top grade to that one. doctor romine who can participate in the vendor test? is it fair to say that some are more accurate and sophisticated than others? >> yes that's correct, anyone around the globe can participate, we have participants from industries, by a metric industries around the country but also from universities and some experimental systems as well. >> great, thank you mister
6:22 pm
chairman. >> thank you chris after much, and wagner the nec3 you don't have it operational anywhere in the country? you are testing it, that technology goes into being, you said next month? >> the nec3 we are trying to event next month, the earlier version of it now is operational. >> but the one we are talking about is not? >> correct. >> doctor romine, to be clear you mention that african americans and asians get misidentified? >> in the highest performing algorithms we don't see that statistical level of significant for one too many algorithms for the identification for this we do see the one to one algorithms we do see evidence of
6:23 pm
demographic effects for african americans, for asians and others. >> the chair recognizes miss slotkin for five minutes. >> thank you for clarifying that it was hard to understand so just to be clear doctor, can you pronounce here name. >> romine. >> so my apologies. >> that's quite all right. >> so in a certain segment of these algorithms there is some evidence that they have higher rates of mistakes for african americans and asians, asian americans -- >> it is correct that most of the algorithms in the one too many do exhibit those differentials, the highest performing ones and the one too many do not. >> so some do, some do not, i'm just trying to clarify. >> thank you all for being here,
6:24 pm
i'm from michigan so we have a long history of needing our cbp officers to protect us, the detroit airport in all of our bridges and crossings, so can you help me understand, is this technology being used in any way at our bridge crossings in the northern border? >> no not at the bridge crossings. >> but at the airport? >> at the airport yes. >> so while i recognize it seems to be a small number of these programs where there detected more problems with particularly african american then asian americans walk me through the process where it would be sort of, you are an average citizen, and you are from my district, or an african american woman, let's say we employ this technology and it shows a positive, write a link, just walk me through that process and how you would deal
6:25 pm
with that at the actual border for that actual citizen. >> you would then just show your passport, it is what you do today and the person would manual review it if you did not match. >> if they did show the passport but the technology still showed a match what does that officer do in that situation? >> if the machine is saying one thing in the passport is saying another? >> we would go on the basis of the document presented, which photograph we have identified you with or which identity we identified you with. >> then that person would cross the border and go on, i'm just asking so what the average person understand how this is being implemented? >> we are matching people against the passport photo, we have an electronic copy of that. >> excuse me for a moment, staff you're being most disrespectful to the hearing. >> when you are flying to a country you preassembled a gallery of those photographs, so in the officers screen they will see the photograph which
6:26 pm
should be printed on your passport that should be on that electronic ship in your passport and will look at you and make sure that you are all that same person. if it doesn't match against than that when you have to figure out why. >> and when you figure out why is that individual allowed to progress, we go to windsor to see a concert, we go to canada quite often in michigan. >> it could be as simple as looking at your passport document and then we just figure what happens later. >> so it happens with that data let's say a woman has gone to her concert in canada what happens to her data where it's flagged that she is matt just, that she is falsely flagged again someone who is done something wrong, what happens in the department to that information? >> if you are u.s. citizens, in the new photograph we take is discarded after 12 hours, there is no need for us to keep the new photograph, there is a record of the transaction that you crossed the border, if there is some type of error our
6:27 pm
analysts would look at it and correct it basically, if you have matched which happens very often your name data birth to the wrong person even know you're by a graphic match is identical to someone else that is where we can also use the facial recognition to help distinguish between the people with the common names and we can put notes in the system then to advise the officers to suppress that information when we require your passport the next time. >> tell me this technology where you have been implementing in different borders, tell me what are the results? how many people have you identified in a positive way that needed to be identified, tell me some statistics to demonstrate the value of these programs. >> 43.7 million people run through it today it, all the different locations, inbound, outbound, cruise ships, land,
6:28 pm
pedestrians. we have caught 252 impostors people with legitimate documents belong to someone else and i think 75 of those were u.s. travel documents, remember u.s. travel documents, the only biometrics we have is that digitized photo that state department has put on the electronic chip, there's no fingerprint record or climate to get a u.s. passport, not advocating for one, there isn't one there so the only biometrics we have on a travel document is a digitized photograph. that is a worldwide standard, that trip is a to be opened by any country participating in that scheme that can access the chip and pull off the digital photograph and then do some type of comparison to that. >> so in my remaining time, tens of millions of people that have gone through this technology, tell me a little bit more about your stats, how many positive, how many negative hits? >> so our match rate is about
6:29 pm
97 to 90%, that two to 3% generally means that we couldn't find that person in that preassembled gallery, meaning we did not match against anything, matched against the wrong person we didn't find a match of people traveling, it could be various environmental are operational reasons it's. >> how many are false positives? >> i'm not aware of any, there may be a handful, but i was not aware of any. so as we build this and test this and not seeing that. i think my time has expired, thank you gentlemen. >> thank you chair recognizes the gentleman from texas, mr. mccaul. >> tank you the 9/11 commission recognize the use of biometrics for those entering and leaving the united states and i believe that technology is our friend and stopping terrorists and bad actors from entering this country, we have seen that time and time again and my first question is, my understanding
6:30 pm
is the entry exit program, american citizens can opt out of that program, is that correct? >> yes that's recruit correct. >> so there's no requirement at all americans have to subject themselves to. this >> but people have to identify their identity, either man out you will preview or technology, they are u.s. citizens but they are excluded from the biometric requirement, but they can anne -- >> just like we use with global entry, most of my concern students love global entry, you know i got the clear program as did mr. -- put your fingerprints down and get to the tsa pretext line, this technology i think has made it easier for the traveling public but also the great thing is it doesn't lie,
6:31 pm
biometrics it's you and it's hard to fake that and last congress we passed at the committee my bill, the biometrics identification transnational or program known as bit map, i know this isn't nice program not cbp that passed overwhelmingly in a bipartisan way on the floor anne, it reauthorize a successful program certified under the obama administration and that secretary johnson and i talked a great deal about, how can we use bit map to identify when these people are coming into our hemisphere and they may change their names multiple times on the route to get to the united states yet their facial recognition, their biometrics don't, their names do but not their biometrics, this has been in my judgment a very successful program in
6:32 pm
keeping terrorists, human traffickers and bad actors out of this country, in fact this program has been rolled over 155,000 encounters persons of interest and 460 known and expected terrorists, including arresting violent criminals and rapists involved in transnational criminal organizations so wagner can you talk on why that program is so valuable to the security of the united states and the american people. >> it is critical important because as you mentioned people do change their by a graphic details, most of our watch list searches are by a graphically based but if we can identify people, especially people traveling via air that we have national security concerns about and they are entering our hemisphere, entering in central
6:33 pm
or south america we can work with our partners down there and establish on a biometrics basis to that person is so no matter what identity they show up in later if they show up on the u.s. mexican border we can run the biometrics comfort mission to see who were they when they first flew into the hemisphere, it is critically important. >> the travel documents can change and passports are stolen and manufactured. >> absolutely. that is not accurate but the biometrics don't lie. >> correct people change documents, steal documents, borrow documents, purchased documents, it's harder to alter them now but the ability to get a legitimate document that looks like you and if you can pass by the visual inspection of someone glancing at the two by two photograph is then yeah, that's where the risk. is >> it's unfortunate the senate in its usual wisdom did not pass this bill, they
6:34 pm
stalled a lot of legislations the chairman and i in a bipartisan way past last congress and that's unfortunate, i would hope that we can pass this bill again this congress and i do think we have to look at civil liberties and privacy as well but i do think this is an entry exit oft out, it implies primarily to americans who wouldn't want to opt in and for nationals and bit map applies really two for nationals themselves and so i want to thank the witnesses for your testimony, chairman thank you for having, this i yield back. >> thank you very much the chair recognizes the gentle lady from new york for the stop. >> thank you very much, i think our ranking memory in our expert witnesses who testified before us today and it's time that we face the facts, unregulated facial recognition is just not an option, we can debate and disagree about the
6:35 pm
exact situations where we should permit the use official recognition but we should all agree that there is no situation where facial recognition should be used without face cards against biased and protection for privacy. right now in terms of regulation, facial recognition is still in the wild west, meanwhile facial recognition technologies are routinely miss identifying women and people of color. although there are some promising applications for official recognition these benefits don't outweigh the risk of automating discrimination. we have seen what happens when technology is widely employed before congress can deploy meaningful safeguard, so let's all up before we leave, mr. wagner some of our staff have observed issues with facial recognition technology screening at airports, for example we have seen passengers and darker skin doctors not being able to be matched due to
6:36 pm
lighting or poor factors. so do they track how many they failed to capture photos of sufficient quality for matching? >> we track the number -- we don't own all the cameras so it's difficult for us to track what an airline how many pictures they might be taking before the summit won two was for matching because in the departure environment the airlines are the one that on them. so we are tracking how many pictures we receive and what our match rates against them are. >> yeah i was just wondering about the quality, if the photo quality is not good enough the accuracy of the matching algorithm is irrelevant. >> absolutely, we set a minimum standard, the picture has to be of this quality. >> but do you track the number of photos that don't meet your standard? you said you have all these other partners that are taking photos using their materials then now you're dealing with
6:37 pm
something that has become irrelevant if you don't know what subset of those don't meet your quality control. >> we know the pictures that they transmit to us whether or not they meet but we don't know how many attempts they made and you don't know the quality, you don't know how much of that, what percentage of that doesn't meet your standard. >> we look at the number of passengers -- >> do you know the percentage that dome you sanders? >> now i. don't >> how dues cbp plan to address these issues to ensure they can capture high quality image of passengers? >> well the partnership with nist, we have a high performing algorithm now we look at the operational variables to make that even more high performing. >> so what i would say to you until you have met that standard you are not doing the public a service, of quality
6:38 pm
control. >> we are developing that standard but it's not developed. >> i don't necessarily know if we are matching into 97 to 98% rate. >> let me go onto another question when you are in that 3% it doesn't matter about the other 90 -- >> we have not seen demographic base rates in that percent, so that's why we partnered with nist to help us understand that better. >> i understand since our last airing they completed biometrics entry entry system at the airports, the results indicated that the system accurately matched but to the sex of actually capturing it was significantly lower. 80% compared to 97%. most of these issues were attributed to airlines reverting to manually
6:39 pm
processing passengers to speed the boarding process, are you aware of these findings? >> yes and that is we were developing the operational variables to look at number one doesn't even work? can we make it work and now we look at and work with the airlines to not shut down their boarding, what is the ease of the application of the traveler engaging with that? >> so quickly, what steps is cbp using to capture air rates? >> it would put the requirement on the foreign national who has to comply with the biometrics exit congressional mandate, then we can work with the carriers to increase the rate and which -- >> can you provide the committee with those steps? >> sure, absolutely. >> so you spoke in your testimony about impermissible bias, i was just wondering since to use that terminology,
6:40 pm
is the inverse, is that a part -- is there something called permissible bias? >> so i think if i understand your question correctly, the reason we use that term in permissible bias, because as we have talked about there are lots of reasons why there may be a failure to calls a match, lighting or environment, our offices really working on an air based on a projected characteristic, like race, sex, or age, so when i make that reference to impermissible bias that is what i referred to. >> so there's no bias that is permissible, in other words is there is a cork of some sort and you find it to be so inconsequential that it becomes part of your standard, that because permissible bias, and is trying to understand by what you mean? >> i think when i'm focusing on
6:41 pm
is what is actually prohibited by law that our office would look at, it's really based on those protected characteristics, now of course obviously cbp and folks across at department are trying to eliminate any bias, any reason however in terms of what we do as a policy office we are really focused on the potential for bias in those protected air areas. >> very well, i yield back, thank you mister chairman. >> chair recognizes the gentleman from new york. >> thank you mister chairman and i appreciate you having this hearing this very important hearing, i commend all my colleagues for the probing questions because it's important but i will make this general observation base as my time as a prosecutor. when i was a first a prosecutor dna evidence was this weird science thing that no one really knew about and as we went on and as they got refined in as a got better it became a very potent tool not just for a law enforcement but to
6:42 pm
exonerate people who are wrongly accused of crimes. i see the biometrics technology filling a similar similar role, it's gonna help law enforcement it's also gonna do a dramatically good thing to prevent misidentification of criminal conduct and i am harden for that. so one of the things that i am most ardent about was from romine, the highest programs have no statistical anomalies, that means that at some point the algorithms will get to the front lines and i encourage you to get them to the front lines quickly and i encourage mr. mina never let your guard out and follow the system to make it better, because in the end we are all gonna benefit, i trust my colleagues so i will have to ask something of mr. wagner that occurred yesterday that is very important my constituents in general but in the new york state in particular. every fifth 2020 was said to new york state saying why
6:43 pm
homeland security can no longer have new york drivers licenses as part of the formula for the trust to travel program and that is because new york state under the green line law which it passed for bids access by cbp and ice to the new york data base so can use summarize for us and i'd like to incorporate into the chairman first of all? >> can it be incorporated into the record. >> without objection. >> so can you summarize the contents for this letter and then i have a follow-up question for you. >> my understanding, erie state because of the law that they passed without consultations shut off the access to motor vehicle data that included driver license information licensed registration, vehicle information, so in our operations any of the work that we do where we would use that information to help validate and identity, an address, a
6:44 pm
vehicle the ownership of a vehicle is impacted by not being able to do that indirectly and the breath of our mission goes way beyond i think what the losses about immigration enforcement and you are impacting the customs mission and all the other areas in which we operate. >> is there any other state in the country that is having this problem with customs? >> we have worked some other agreements with other states to continue to access the data for the work that we do. >> so am i to understand that new york states is the only one that four breeds customs and border protection to have access -- >> yes it's the only when i'm familiar with right now. >> even california? >> california we have a separate agreement where we continue to access their information. >> now i just want to know as long as i have a couple of minutes here, some of the
6:45 pm
things that are in the letter, tell me if this is correct? >> on a daily basis i see you new york dmv data and an effort to combat transnational gangs, human smuggling and trafficking of weapons and other contraband, child exploitation, child exploitation, exploitation of sensitive fraud and identity theft. is it fair base not having access to data to -- database it hampers at? >> any lawn investigation that uses that would be impacted. >> i yield back the balance of my time. >> thank you, chair and the lady from new york, miss rice for five minutes. >> thank you mister chairman, let's continue on talking about what happened with new york, cbp were they made aware of the policy before the acting territories announcement on fox news? >> yes. >> so you were aware of it, no notification was made to
6:46 pm
congress about blocking access to these federal programs to new yorkers? >> i don't know. >> well there was none. >> so personally we at my offices already received an influx of new questions about this policy literally overnight, 50 to 80,000 new york state residents are affected who have pending global entry enrollment or renewables this is going to have an enormous impact on people, many of whom entered into this program because their jobs require them to travel internationally. so what do you plan to do about all those people that are going to be impacted? >> well without the ability to help validate their identity. >> you have their fingerprints. yeah but if they haven't been arrested the fingerprints don't tell us anything. what were the fingerprints
6:47 pm
tested if you haven't been arrested? >> what are you trying to figure out. >> validate their addressed, their identity and the risk of status that we have four people in that program without the ability to do that how would we do that. so new york state shut off without consultation our access to that information in december, how would we continue to operate and validate who people are? >> going forward what about the people who already have it, i have global entry. so when i go to renew it i'm not gonna be able to do that and yet here i am a sitting congresswoman with global entry so to me, to me i understand the distinction that you are making there are 15 understates and you say you have individual agreements with all of them where they do not block access to this database.
6:48 pm
15 other states. >> i'm not aware of any other state blocking our access to that information. >> so we are gonna follow up, directly with you, because there are 15 other states that allow undocumented people to get drivers licenses. >> i'm not aware of them blocking our information. >> so you're not being aware is not a sufficient answer because there could be other states that do and it seems to me that this is once again an attempt by this administration, particularly donald trump who firmly was a new yorker to punish new york. so you and i are gonna follow up on this and i appreciate you trying to answer these questions but we need more information and i appreciate your attempt to answer these questions, i yield back, thank you mister chairman. >> thank you very much, wagner just for the record can a person have global entry
6:49 pm
without drivers license? >> yes i believe so. i'm trying to figure out how you are going to council all these people and some of them don't even drive and -- >> well it is a new york state identification but they have a passport. a validation of that information. >> but they have a passport, they have a passport. >> how do we validate the actress of where they live? >> my drivers license has a post office box so i'm just try to figure out are you being punitive -- >> why is the information blocked for that purpose that? >> i'm using why would you cancel it. >> why with the new york state block this information for this purses? >> in the fridge and-ification our security? >> but you can prove it with
6:50 pm
other documents i mean that, well chair recognizes the gentleman from louisiana mr. higgins. >> thank you mister chairman, i yield one minute to my colleague. >> i have a quick follow-up question with my colleague, it's a quite simple one really, first of all it is clear that it hampers investigation with ice, and ability to get certain identification information that are available in drivers dmv database, i just want to make sure it's clear, my colleague from new york that as many other states that have possible, like allowing illegal aliens to get drivers license, that's not the issue, the issue is is there any other state in the united states of america that completely blocks customs and border protection and ice
6:51 pm
access to dmv records? >> i don't believe so. >> so in my opinion and that is out of respect for my colleague in new york i do not believe this is a political exodus, only night would have to do is entering a similar agreement that those other 15 states have entered into with customs and border protection and ice that they verify where they will use it for immigration enforcement purposes these it for a law enforcement purposes and for global entry and those types of things. >> that's correct, you can do that. >> i think that's a discussion we would have the state. >> you have done it with other states? >> yes, thank you. i yield back. just to follow up on a new your question because it's fascinating topic, are you aware of negotiations or communications prior to new york legislative body passing this law with customs and
6:52 pm
border protection, were we upfront with this communication at all? >> it seemed to me like this should have known what was happening. >> our access was turned off and our officers and agents in the field called and said what happened to our access? >> so you are saying as far as you know and you can certainly advise if you do not know, i am no way of knowing, but as far as you know sir was there an ongoing communication during the course of the development of this legislation in the state of new york with law enforcement agencies like custom border protection and ice. >> one would hope that there was. >> doctor romine, you mentioned blind box testing, would you clarify that means it as your products are tested your facial recognition products provided by vendors that they are tested without your knowledge of who
6:53 pm
the vendor a's, you are strictly looking at the results of the algorithms themselves? >> so when i use the phrase black box testing, i mean we don't have any insight into the characteristics of the algorithm itself, we publish an api. >> you know the identity of the fender? >> it is self identified, itself identified as you are studying this, the product itself. >> just to clarify that, can any vendor submit an algorithm to nist for testing? >> yes sir. >> and in the process by submitting that product is standardize? >> it is sir. >> the top performing algorithms like custom and border protection who uses, is there a wide variance between what you are referring to as a top performing algorithm and say academic projects, perhaps
6:54 pm
submitted for testing. >> yes there is a wide variance in performance of algorithms at the top. >> so in your scientific assessment of nist, facial recognition technology, is what do you say that we are referring to the top performing algorithms that are being used by customs and border protection are far and beyond some of the common products that are presented to you? >> the top performing algorithms are significantly better in the air. >> can you confirm for this committee's or that it is indeed the top performing our them at this point being used by our federal law enforcement agencies? >> i have no way to independently verify that. >> but we just said customs and border protection is using the top. >> i didn't say that. >> can you confirm that, good sir? >> we are not using the
6:55 pm
algorithm they tested but the previous version and we are switching in upgrading to the version that they tested next mth, we are using our high performing. >> go to the next one. i think that vaguely answers the question in my time is expired. >> thank you very much, chair recognizes gentleman from new jersey. >> thank you mister chairman. who and where is all this facial recognition data stored and please described under one specific standard does it allowed to be shared or used or transferred if that is the case?
6:56 pm
>> we are using as a database travel document database these are photographs collected by the u.s. government for the purpose of putting on the travel document, a u.s. passport or visa that is issued to a foreign national or a photograph at a foreign national when they arrive in the united states under the visa program we would take their program or read it from a chip in their passport and store that that is what forms the baseline gallery that we match against. new photographs retake of a person, so if we match it to a u.s. travel passport or a data those photos are discarded, okay after 12 hours just for some mark if you are foreign national that goes to a system called -- where it is stored under the protocols of the systems under the data attention which is under 70 years. >> okay and follow up with that
6:57 pm
you know, we are living in an age where everything is being hacked, what type of security measures protections have been put in place regarding the security of this data? >> so the databases are housed within the u.s. government, cbp doesn't necessarily keep for own any of those permanent databases, they are owned by department of state and other branches of dhs we access a lot of that information, we use it and we match against it and then we put information back into them. >> okay, you know i continue to have hits come across my desk about the mishaps and disadvantages racial -- facial recognition and, the racial bias, it's my
6:58 pm
understanding that the technology continues to misrepresent and irregularly identified people of color and women. so at my hearing from the majority of the panel that that is not the case because it keeps coming to us, so there has to be some validity? >> an hour testing, for the one to one identification algorithms we do see evidence of demographic effects differences with regards to race and sex an age in the one too many identification testing that we did for the algorithms that we tested there was a small set of high performing algorithms that had undetectable differentials but the majority of the algorithm still exhibit those
6:59 pm
characteristics. >> let me add and can you give a description of the difference between the two sets? >> yes sir in verifying and identity a bio metric is matched solely in the case of face recognition, a picture is matched against. >> is that the one to. one >> yes the verification is to try to determine if you are who you say you are and it's matched against a gallery of one in essence. >> and the one too many is matched in the case of cbp's application wanted to perhaps thousands for the airline, the traveling public or one to millions in the case of law enforcement such as fbi to try to identify a suspect. >> so you are saying that the
7:00 pm
percentage of identifications in the one to one you have more incidents of this, this bias i should say. >> i should clarify in the algorithms we tested that is correct however many of the vendors who chose to participate in the one too many testing did not choose to participate in the one to one and those are some of the highest performing in the one too many. >> okay thank you, i yield back. >> sheridan ices gentleman from north carolina mr. walker. >> thank you mister chairman i'd like to yield for one minute to determine from louisiana. >> thank you doctoral maine i have a question regarding the effectiveness of the technology that you tested regarding children, is it a potential if we are assembling the gallery of photographs of children you
7:01 pm
crossing the border some of them are being exploited and false identifications presented how does the technology work with children compared to the mistakes in areas and other demographics and can this technology be used to protect children that are perhaps being exploited crossing our borders coming into our country and if so what can we do to protect the privacy of these children because they are minors. >> the application specifically is something that we don't test, what we have tested is the effectiveness of the algorithms in terms of error rates and we do find that for children in the one to one setting the one that you just described there are demographic effects that are differentials that the narrates are higher in the one
7:02 pm
to one case with respect to age, so it is more difficult based on our testing, it appears more difficult. >> but there is no gallery, there is no one too many. >> we have no such gallery. >> if we did develop that with this contest the effectiveness and be a tool to protect children. >> we could undertake many different testings to determine the effectiveness. >> thank you. >> thank you representative higgins, mr. wagner is a true that a bio metric entry exit system uses less personally identifiable information and the current system that we have in place. >> yes because currently you open your passport booklet in show to an individual to either say check or bags to go through screening, for the plane, as an officer you are exposing year
7:03 pm
information on your passport page, someone who could be looking over your shoulder, someone could be looking at you are disclosing into a person who doesn't actually need to know all that additional information forces standing in front of a camera with no identifiable information other than your face in which they can already see and your picture is taking on the screen comes a green check mark and that person as you have been validated by the government record to proceed, so you are sharing actually less information in this instance. >> so not only sharing this information, but on a scale of one to ten, ten being the highest how would you rate this as continuing to develop and rightfully so would be the highest security possible for travelers compared to anything else we are doing now, right now on top of everything else we are doing and brings us close to ten, where we want to be. >> when the representative talked about some of the children involved are there any numbers or statistics based on
7:04 pm
people you have caught, either involved in humor -- human trafficking or another nefarious activity because official recognition? >> on the land border we have 240 impostures, meaning they had legitimate documents belonging to other people, 18 of those 7% were under the age of 18 so they would be considered children 73 of those had u.s. passports or u.s. passport cards, 46 of them for almost 20% had criminal -- criminal record so they were trying to hide. >> do you believe these were identified strictly because of the use of facial recognition or was there any other aspect or involvement? >> our officers are very good at identifying the behaviors and a person when they present a travel document, a lot of times i can also be a cue that the person is hiding something
7:05 pm
but the technology on top of the officer skill and ability should bring us to that security posture that they would bring us to near perfect. >> there any policy difference between the u.s. citizen and non citizen? >> everyone has to establish their identity by law, everyone has to produce some time of identification. the process scrubbing this 12 hours is wet? >> if you take a new picture we discarded after 12 hours we are looking at actually shrinking that to last time and the only thing is we have to restore everything. >> so chair recognizes gentlelady from las vegas, miss titus. >> i thank you mister chairman, i find this interesting, the more you talked a less high now it turns out unfortunately, my karen airport is in my district, it's very busy, one of the
7:06 pm
busiest in the country a lot of international tourists come through there, so i know we have talked a lot about the use of this facial recognition for security reasons, i would like to talk about it in terms of how it affects the passengers experience, we want people in las vegas to have a good experience from the time they land to the time they leave, so how do you work to courtenay using this for security and also reducing wait times or serving the passenger as opposed to making it more difficult for the passenger. >> so it absolutely supports our travel and tourism goals as well, it makes a much better passenger experience, american being into an, more consistent passenger experience, as you go through the airport the number of stops you have to make to produce a piece of paper or open your passport again or provide another form of validation to go forward, you can use the facial recognition
7:07 pm
and the camera to have that same process and it is quick enough that you walk up your pictures taken into the three seconds your moving forward, so what we are seeing is reduced wait times, the airlines as they incorporated into the burning process are reducing their boarding times of the aircraft, sometimes as much as 40, 45%, it's a different atmosphere for the traveler because you're not fumbling for your documents are forgetting where you put your boarding pass or getting stuck in line, or forgot where you put your passport, so it is creating a better process for the traveler. so you can't leave your face on the plane, and you can't leave your face in the bathroom you can't forget that like people do with their travel documents so it is making an easier process, everyone knows how to take a picture and what we see is people are enjoying this
7:08 pm
process a lot better for them, and we are seeing the lines are reduced. >> are you working with tsa or local law enforcement to make this all run smoothly or is that not necessarily? >> we are working very closely with tsa and we have run a few pilots with, then we have an ongoing pilot in atlanta where we builds the gallery, as the person prints out there boarding paso any place now where they have to show their passport at the airport, say when they are departing the u.s. you could take a picture and validated against their calorie so you are outside of the airport and you just walked to the airport and you have your boarding pass and the picture goes into that galleries so steps like, checking your bags where you have to show the idea to the airline person, you have a camera there that can do that you go to the tsa checkpoint, tsa can take the checkpoint, we built it for the biometrics requirement and we want to make
7:09 pm
that environment available to all the other places in the airport where you show your passport to do, that so yes for tsa you can take a picture and then you go through screening, you go aboard the play in the airport takes your picture and we confirm it, without ever showing your passport to the airliner showing your boarding pass to the airline. >> suppose you find somebody does it match, my understanding while this goes through an app and law enforcement if they are busy or if the person responsible for checking out the non-matches doing something else, do you have some kind of staffing model for who is responsible for that because i heard it comes through an app and says there's no action that you are supposed to take that is very clear, sometimes they just ignore it. >> depending on where you are in the airport, generally would be the airline or cbp, we will just look at the physical
7:10 pm
passport which is what you are presenting now, we would make a determination, and now if we have doubts of if you match the picture on your passport, which happens, or if the airline has doubts the new may be called over a name i ask the person for another form of 80, additional questions, we may do a further inspection on them, so if you don't like your passport photo from a visual review this is the same kind of things that would occur. we have been having a lot of confusion about going to the real idea to just regular drivers licenses, people don't know they have to do, that we are trying to get the word out, some states need to provide the funding, is that transition part of your consideration as you develop this new system or it did not connected? >> it's not connected to. us >> not gonna make a difference. >> not. really >> so people who use their passports instead of
7:11 pm
reliably it will matter? >> right because these are international travelers we are talking about so they generally have a passport. >> you don't see this moving to national as well as international one sits up and running. >> i would refer to tsa on how this might be upright to a domestic flight, i think there is some good discussion to have their that if people have passports and you can electronically confirm them even on a domestic flight should the traveler opt into this i think you would be a good government to build a system like this if that's what people would want. >> well thank, you thank you mister chairman. >> thank you, chair recognizes the gentlelady from illinois, gentleman from texas, mr. crenshaw. >> thank you it has been an interesting hearing to watch, so just more information on the facial recognition technology that we are discussing here
7:12 pm
today it seems to be abnormally controversial and we are not talking 1984 style, government surveillance not like china has we are not talking about official recognition in the national mall or downtown houston, we are talking about facial recognition at air, land, seaport entry, where the government has not only the authority but the responsibility to know who enters the country and checking identification, of course, and it seems from the answer we have got in that cbp is using the best algorithms with a almost no bias, that is what we have established as far as i understand it, locations with facial recognition technology those locations are marked, correct? >> yes it is where you would normally present your passport, locations where facial recognition technologies are employed are required, presented a form of identification already, and
7:13 pm
trains are allowed to opt out of facial recognition and present photographic identification to a cbp officer who will then compare the entrance, correct? >> biometric data is stored for no more than 12 hours in an encrypted virtual cloud, correct? >> correct. >> metric data is stored in i'd, and correct? >> correct. >> given the above and knowing where official recognition technology is used requirement to present photo id, the ability to opt out and the secure storage, what is the major privacy concerns and i am missing, how can we improve? this >> i think what we have heard from the privacy community is, people get used to the convenience of this technology and that bleeds over into the commercial world or their private sense and they may be more likely to allow
7:14 pm
that to happen outside of government requirements and my discussions with them, you know there's also an expectation by the public that they have this in the private life so why should interactions be so antiquated, why should there are travels through the airport be so antiquated and frustrating, don't they expect the same convenience should apply whether traveling internationally? >> one way this could be used as a very positive sense to combat human trafficking, is there a way that tools like this can be integrated with other tools like spotlight, safer, battle human trafficking, sex trafficking? >> sure what this helps us to do, our core vetting processes our bio graphically missed, the name and date of birth are submitted to a watch list through an airline application,
7:15 pm
through tsa and we that, we do those background checks on the basis of who the airline tells us who is flying, who checked, and who purchased to take it, but when you can then use a bio metric to say you have vetted the right person, you have the assurances that that is the person who is actually traveling and not just their passport is traveling under a different person that is being trafficked so it helps us close those vulnerabilities of impostors for nefarious or being trafficked or victimized to be able to do that using imposture documents. >> in my limited time left, can this be used to combat visa over stays as well? >> yes we, we track visa over stays primarily by the biographical formation but by implementing the system we have biometrics lee confirmed almost
7:16 pm
44,000 over stays, the biometrics validation that these people overstayed and leaving the u.s. later than they were authorized to do so, so just about 44,000. >> thank, you i yield back. >> thank you chair recognizes the gentleman from new york. >> thank you mister chairman, so the nypd has in the past used facial recognition to compare photos from crime sees against its own internal arrest databases, some state lawmakers want to take that ability away from agencies, do you support agencies using facial recognition in the course of their investigation? >> congressman that is not necessarily an issue that we have looked at, we are primarily looking at the dhs uses of facial recognition
7:17 pm
technology, primarily we have focused as doctoral mine mentioned less so on the identification piece where you have sort of this, you are trying to match a photo to a gallery of tons, you are looking at a much narrower, the verification if i understand the technology correctly and again our role there is to make sure that we are addressing these concerns regarding, bias whether that is again based on race, or national origin, age, gender as we talked about. >> so one thing i think has been absent in this conversation is the way that civil liberties can be infringed upon in the absence of technology. can you speak to this for a minute or two, i'm thinking of false positives, people who are being arrested for at least questioned further based on five of a verbal description. >> absolutely congressman, i
7:18 pm
think it is obviously critically important to blend both the use of technology as well as the and user in this process, i don't think it is an either or proposition, as we have advised cbp and other components that is from a policy make a perspective that is really where we see the greatest benefit is really that interaction between the technology and the user, as mr. wagner talked about earlier, if there is a false negative for example then he would have the lion officer or age and looking at their actual passport or travel documentation and then if it matches the person goes along on and they board the flight. >> right i think it's important to note so we are all on the same page that the use of technology has consistently been implemented to preserve our public safety but also protect civil liberties that it is being lost in this
7:19 pm
conversation is yet again people are unnecessarily politicizing an effort to keep us say, it's not perfect and you will have to work to do to make it even better, mr. wagner you're gonna have to hear from another new yorker. so i am not a supporter of this new york legislation that was passed, i think it is unfortunate and wrong that you all were not notified but two wrongs do not make a right someone ask you some very simple questions, if you all were setting out to be the professional for so you are and do this professionally do you think that in advance of announcing this you should have told congress what was wrong and what would happen if it was not fixed or addressed? >> sorry i have to defer to dhs on that. >> come on man. this is ridiculous, this is simple question, that's a
7:20 pm
simple question, we heard about this from fox news, this is politics at its worst, we are talking about acting like professionals right now, if there is a problem that needs to be addressed and you all are doing this, do you think it was appropriate that we were not told well in advance so that we could try to arrive at some solution, to think that's okay? is that the way you want to carry this out. >> i'm not gonna comment on that. >> you're not gonna comment, so the fact that you have given very clear and declarative answers plea fuzzy i think we can all assume what you are thinking and unwilling to say right now, so let's commit to actually trying to solve problems here, we have members of congress that will be able to, you have more members of congress, millions of other people that are now held at a
7:21 pm
balance, my staff so all kinds of people, all types of people. politics, if you really were making an effort to address a problem, to address a problem, you would have had a system, a proposal and it goes sheepish, in a conversation, letters written, that is the way business is conducted, so let's put that aside, would you now commit now that we've all engage in our politics to actually have a sensible meetings and commerce seasons about a way forward to solve this issue, sure, thank you. >> so gentlemen time has expired i recognized the gentlelady miss underwood. >> thank, you many of my constituents have to dry over an hour to get to this major airport in chicago and
7:22 pm
therefore we are always interested in learning more about technologies that can improve airports acuity weekends, but biometrics data is rife with abuse, it is important to ensure dhs uses facial recognition and other technologies that are fair and reliable in an effective way. mr. wagner, although children under the age of 14 are not required to be screened many do go through screening that collects their biometric in formation, had a cbp store and secure this information? i am talking about under 14. >> i think if you are outside the scope of the bio metric tracking requirement, 13 to 70, nine i think we discard all that information, let me verify. >> would you be willing to provide the committee of that information, both the procedure and the policy to do so. >> yes. >> are there any differences in how cbp collects, uses, or secures children's biometric and formation in comparison to adults? >> so if a child presents, does
7:23 pm
it just take it and immediately delete or is it going to be going through some kind of filter off, we want that kind of information. >> you have. it >> so this 2019 reports as that children are more likely to be misidentified, of course we know that other groups like we discussed today, people of color, seniors are also misidentified, mr. wagner what actions is cbp taking to correct the powers and arrows. >> we are using a high performing algorithm that we are not seeing these demographic based error rates, if someone does not match to either the gallery or the document they are presenting we will fix sickly examine the document and look at the picture and if we have the confidence it is the person we can do that through questioning, we can do that through additional forms of identification, we do that through inspection of the, person sometimes it's just looking at the passport and saying okay that you go ahead,
7:24 pm
it all depends on how discrepancy you look from your travel document to your photograph. >> some are confused, cbp expands the biometrics screening program as a way to find communication. >> right now we have signage, a lot of people don't read signs at the airport, we have gate announcements that the airline should try to meet before boarding and again there's always competing announcements going on and sometimes it's tough to understand what is being said, we are actually looking with the airlines, could we print things on the boarding pants could we get notifications when they are getting their checking information or electronic information we can provide, we are looking at additional ways to do that, and we started taking out some privacy advertisements advising people of their requirements and what their options are as well to.
7:25 pm
>> well it is certainly my interest making sure that every passenger understands that when this is happening into they have a choice to opt out, i would certainly urge cbp to strongly consider an issue this committee is timeline for perhaps outlining how we can improve that communication to all passengers, the cbp capturing report the raid of misidentification at each port of entry where biometrics technology is being used? >> what we track is the people that we take a photograph of or receive a photograph of and are not able to match it to their travel document that is in our gallery, that is a two to 3%, already a view of that information does not show noticeable discrepancies on a free type. >> my question is capturing and reporting entry. >> we want to know the false positives are we seeing more at certain places, more --
7:26 pm
>> we are not seeing false positives that are matching into a different identity, we are not seeing that with this technology. >> or mistaken identities? >> we are not seeing, that more likely you don't match against anything, so we get no information return. >> okay doctor romine, can you respond to what nist means to algorithm and the testing? >> the testing that we do does not result in recommendation specifically to the vendors other than to take the data that we provide the evaluation results and strive to use those results to improve their methods. >> so you are saying you don't have a lot of interaction of the developers? >> we have informal interaction with them in the way that the
7:27 pm
scientists to do this biometric testing are part of a larger biometrics community, we see the vendor representatives, the scientists at meeting and so on, but with regards to this testing the feedback that we provide to the vendors is the test results. >> all right so you all aren't doing convenience with industry and helping them improve the quality of their product? >> you do post events but more as a convenor to get the community to gather to discuss different techniques, but we know provide other than sort of in the general scientific community sense we don't provide specific recommendations for their improvement. >> i recognize my time is expired, we would just want more information like that in writing. >> chair recognizes gentlelady from new jersey, miss coleman. >> thank you for your testimony
7:28 pm
and thank you chairman. a couple of questions, the role of -- it seems to me that there hasn't been much coronation amongst the dhs on direction from dhs regarding the deployment of biometric technologies you can correct me if i'm wrong is there any sort of department right strategy for the use of biometric technologies or are movements like yours given wide latitude to stand up by metric programs as you please? >> i'm sorry. >> are you a lone ranger? >> are we what? >> i'm sorry did hear that. doesn't seem that there is a department wide oversight, i
7:29 pm
want to know whether or not you are getting directions from others because i would like to ask what is your role and to what degree have you been involved in the oversight and in signing off on how things are being done. >> as we build out new programs we are bound by certain statutes that require us to publish systems of record notice, your privacy impact assessment where things are reviewed by our internal counsel or our privacy officer and to make sure and meet all the requirements, the authority to collect where you are, doing is your timeline for storing it and sharing it is that all permissible, is it consistent with your mission, are you authorized to do those things? >> so are you operating with your silo, this is what the losses with regards to what you can do, is this how you execute
7:30 pm
based on what your interpretation is of that or is there a dhs component that plays into this as well and says ok but this is how we want to see this. >> depending on the acquisition process, there is a multitude of people at dhs that look at the acquisition, the resources spent, there is a whole process to go through for approval before various boards that authorized the expenditures and the investment in, that there is the dhs privacy officer so there is a lot of oversight by dhs already in this, process certainly the rule makings. so there is a lot of oversight. >> it is my understanding that there is no centralized body, they gives the approval, is
7:31 pm
that correct that crcc l approved your program? >> do you know? >> now they would necessarily not go to them for approval. >> well approval in the sense of maintaining and protecting privacy. >> so things are reviewed by them and i will refer to my colleague. why don't i answer that in a couple of different ways congresswoman. let me step back and talk about the first part of your question regarding the enterprise level review, i think one of the ways they produce at space in that dialog is by serving on enterprise level wide working groups across the department that include representatives from different biometric identity managements where we are talking about a lot of these issues, now we don't have a privacy impact model that we do work with the privacy office regarding not just facial
7:32 pm
recognition technology but certainly other forms of biometrics and edification that the department uses, with regard to our relationship we work with them in a couple of different ways, first is very directly in terms of offering them advice and then also we go on site visits and we work our cbp and the privacy, privacy and civil liberties engagement board. >> so is your role anything than just advice, observation in advice? you have no authority to say now that isn't working, that is a violation, no, that's it right, advice. >> that is not entirely accurate, yes we do have an advisory capacity we also have a compliance function where we do offer recommendation. >> if they don't follow them? >> then we can elevate it if necessary. >> i have one last question and the question has to do with just the whole system that is used when we are picking
7:33 pm
pictures and who's in charge of determining whether or not the lighting is good the background is adequate the cameras are good they are placed right so that we can get the best pictures and we need to get is there anyone in charge of that? >> cbp would be and that is based on our results of say the metrics and you can have an airport with a bank of boots and the windows are such that the sunlight comes in and effects these boots in the morning in these boots in the afternoon. these are the things we have to look at as we deploy this what are the environmental factors that are going to add fluids all the different locations that we try to adjust. >> we review the data and the results of what happens. on bases weekly daily or monthly. >> we may know what time the sun comes in and that window
7:34 pm
and that window and you know. >> i would say we do it continuously to get the best production we can. >> thank, you thank you very much, chair recognizing the ranking member. >> thank you i have a unanimous request, the chair recognizes the gentlelady miss jackson-lee, let me share the -- thank the gentleman, and let me recognize all the government witnesses and thank you for their services, let me renew the inquiry that will be pursued by chairwoman rice but i will add to it and that is mr. wagner a better understanding of the committee on the denial of clear interests of traveler as it relates to states that may not have the laws that you think are appropriate or in the
7:35 pm
instance of new york closing out access to the issue of drivers license, i raise the question because we should look as a federal government and what other identification options may be, valid i know that we have known each other for a long time and i would think that you would be willing to look at that so that we can find common ground, let me pursue this line of reasoning and pleas witnesses understand that i'm not saying this is what you are doing, i need to understand you are thinking, so to the deputy executives and commissioner wagner, would you accept the fact that biased could be introduced by technology if the application developer of the programs have a bias into how an application reacts to different types of people because it's technology. >> yes. >> i would also make the point that it's a little bit humorous i'm sure the people in iowa were trusting of the app before
7:36 pm
they had something going on, there we can all see where we are at this point, would you accept that mr. mina? >> yes. >> so an algorithm could be note that this is not point to what you written to flag all black men wearing dreadlocks, this is in terms of how technology can be. >> i guess you could. >> so you can say on the record to your knowledge you are not using that. >> we are not using that. >> i'm sure dreadlock where to be glad of, that mr. amina? >> yes that is possible and we have not seen that in our view as well. >> so mr. remain. >> it's certainly possible. >> so here we are to my colleagues that are advocates from the committee we are dna
7:37 pm
lovers, i wrote the violence against women act and put on millions of dollars for dna enhancement so we understand that the added technology, but as the department of homeland security we made a commitment post 9/11 with george bush going to the trade and saying here are the firefighters but at the same time he also hurt muslims that were indicating that it's not the blanket world that happen to be muslim, so in particular i want to try and find out what aggressive role do you play in helping to not have platitudes, forgive me i'm not suggesting you do but you aggressively ensure that the buys is against black women with dreadlocks, manager locks, muslims, chic swearing attire we have been through that and i put on this committee from the beginning that is not technology but in the now sophisticated technology is not
7:38 pm
undermining the civil liberties and civil rights of this nation and those coming in innocently to the country, you can use the new technology as well and then to mr. remain, let me find out how are you continuing to do your assessment of these algorithms to ensure that it looks like you are not able to get the exact one that mr. wagner's team is, using that concerns me, i need you to get every accurate piece of information, and what aggressiveness are you doing to protect the american people? >> thank you for the question, i think we are doing a lot of different things across the spectrum and this program in policy, again i want to focus our attention is really on the application, not so much on the appliqué -- algorithm itself but how it is apply to this, program in this cage cbp, we do that on the policy making side, working
7:39 pm
directly with the people, advising on implementing policies as well as offering suggestions as it relates to application for example, folks wearing religious headwear or folks that have objected to photography based on religious reasons or people who are disabled or otherwise injured and aren't able to take pictures. we also do it through our robust community engagement, we talk to members of the community across the country and mister chairman i actually have the information in front of me regarding some of the areas, the issue has been raised in portland, atlanta, chicago, seattle, and also to a lesser extent in southern california primarily by that new york city stakeholders and we've heard concern regarding facial recognition technology and one of our primary roles is to be the eyes and ears of the department, we inform our colleagues at cbp, at dhs, at -- hear the concerns we are seeing, how do we work together to try to address some of these problems or potential problems
7:40 pm
before they have greater effect and then also towards the back and we have a robust compliance process and while we don't have an active investigation on facial recognition that is always something we are looking at, if we see a trend we most certainly open investigation and advise in that way as well. as he answers mister chairman. i just want to say this on the record, if we can get answers from mr. wagner about what is most storied about retaining information. >> doctor romine, just submit in writing and answer the question. >> thank you, mr. romine, my question was -- >> i beg your pardon ma'am. >> my question was what are you doing to be accurate in your testing, you are not sure if you had the accurate app that
7:41 pm
they were using but what are you doing to be aggressive and making sure we don't have the bias in these algorithms? >> the tests that we take are determined to check if there are demographic differences commonly called bias, the fact that i know that there is strong interest in testing with data that is more representative and we have signed a recent mou with the cbp to undertake continued testing to make sure that we are doing the very best that we can to provide the information that they need to make sound decisions. >> thank you very much, i yield. back thank you. >> we recognize mr. green, from texas. >> thank you, i think the witnesses for appearing as well and i would like to address some intelligence that has been afforded me, the indication is
7:42 pm
that -- asian and african american faces were ten times more likely, ten to 100 times be likely to be misidentified then why faces and i am curious to whether or not there is something inherent in the technology that creates an inverse relationship with reference to the identification of whites juxtaposed to african americans and asians. is there something inherent in the technology, meaning if you want to absolutely identify whites will there be something that you cannot adjust such that you get the same absolutely justification with minorities, asians, african americans, or if you want to absolutely identify african americans and asians will you as a result of technology not
7:43 pm
be able to properly identify whites. >> very interesting question congressman, and let me clarify first at those differentials that we observed were not in the case of identification but verification, the one to one testing rather than the one too many testing in general we saw those demographic differences for african americans and for pacific an island nations as well but in the case that you are talking about we don't, our work has not today focused on cause and effect, what is it that is causing the algorithms to exhibit certain kinds of behavior. we are really just testing the proof of performance. so i don't know the answer to your question. >> so your answer is intriguing, because this is not the first
7:44 pm
opportunity for the word to be heard that we have these difficulties and at some point it would seem that we would move from testing technology as it is to understanding why technology performs the way it does, help me to understand why we haven't made that move. >> the question that you asked is a very challenging open research question but we do have some indications, there are algorithms that have been submitted to our testing from asian countries that do not exhibit the demographic differentials on asian faces so we can't guarantee but we think that's an indication that the training data that are being used for the algorithm development may have a significant impact on their ability to discern or exhibit
7:45 pm
demographic differences for demographic populations. >> do you believe that is it important for us to move expeditiously to resolve this question and this issue so that we don't bend our selves having deployed something en masse that we know to be defective or have some degree of inefficiencies associated with it. the efficacy of this is important. >> yes sir and i think those are two different things to think about, the performance testing that we currently execute can help operational agencies ensure that they are not to play things that exhibit demographic differentials, the research question that you tina that is fascinating about what is the causes of these demographic -- demographic differentials is a much deeper much more difficult
7:46 pm
question. >> is it fair to say that the countries and i have about 45 seconds left, but the countries that employ the technology that have indicated to you they are having fewer challenges is it fair to say that that technology also captures white men sufficiently? in the testing that we did for the specific one that i am referring to, the high performing algorithms from asian countries that don't exhibit the demographic differences on nations, it's in comparison to caucasian faces. there is no difference in the performance are no discernible difference in the performance on location faces and asian faces from certain asian developed algorithms and one speculation is that i may be the trading data that are used. >> thank you mister chairman, i yield back. >> thank you the chair recognizes gentleman from rhode
7:47 pm
island for five minutes, thank you i want to thank our witnesses and thank you for your dedication to this issue, this very important issue. i believe that technology is an important part of the solution to some of our most vexing issues and challenges including how to manage an ever growing number of international travelers so this is been a good discussion here today. what i wanted to ask you if mr. wagner, we know that technological solutions such as facial recognition software the algorithms are only as good as the data that has been informing them so i want to know how has cbp adjusted or augmented the data that it uses to train its facial recognition software and what are you doing to ensure the software is continually updated as more robust data sets and algorithms
7:48 pm
are incorporated into training. >> so that's who we were closely, with the vendor whose algorithm we are using and we work closely with them to incorporate their updates in their latest and greatest products into how we are using them and then as we review the data we look to make those operational adjustments that do affect metrics and that will be the quality of the photograph the human factors the size of the gallery is really important, and this galleries up to 12 million people on the margins of the capabilities of these algorithms we are doing this with a couple thousand an interesting coalitions is how much better improved is your metrics in what is the impact on any biases on a much smaller gallery or sample size. i think this is what we are getting it earlier, what are these variables that we can
7:49 pm
rise or lower to help address some of what the error rates are showing us. >> okay to that point then how does cpp incorporate feedback from officers about errors that official recognition software in the fields is in the machine they learned and the officer interacting with someone in the software doesn't getting correct unless that feedback is fed back into the system in the system doesn't learn. >> absolutely we look at system logs themselves what we also talked to the officers that provide the feedback and we are also on site to witness in observe and discuss with those officers as we deploy these. >> so i understand the trusted traveler program shares information with other countries and how does cbp share biometrics in formation with other countries and what steps does it take to ensure those countries use the data
7:50 pm
responsibly is that accurate number one in my understanding is and how we are guarding that day. >> i'm not aware of how we would share or or even sharing. >> the trusted troubling program. >> we might share a person status that there are approved in the program but we are not sharing their fingerprints. >> let me ask that one for the record, i asked that you would get back to me on this, what types of information do we share on the trusted traveler program i think that is important for us to know and if we do share whatever information we do share i want to know what steps we take to ensure those countries use those data responsibly. >> so i'm gonna go to, i know this question has been touched on earlier so i'm gonna ask it perhaps in a different way but
7:51 pm
prior to our hearing on this topic last july we were notified of the incident a network of a contract someone claiming to be a foreign agent gained access to drivers and faces and license plates that the point of entry how to cbp, how is cbp ensuring that the personal data it collects for facial recognition technology screening programs whether by the government or vendors or private sector are being protected from unauthorized access and also what assurances can you give our committee that the root causes of the made 2019 breach has been addressed and as to reduce the likelihood of another breach so, the airlines that provides the cameras that transmit to cbp we
7:52 pm
have a signed set of business requirements which they commit to not storing not saving any of the photographs they take, they take the picture transmitted to us and purdue from their system, one of the other conditions is that we have to be available for cbp to audit their cameras and technology to ensure that they are following those rules we are about to commence and not at one of the airlines and a couple of months and start that process to do that but to make sure that's not happening thank you mister chairman i would ask that mr. wagner get back to me in writing as soon as possible on the trusted traveler program and the information he shared with partners. okay so does the young lady want to ask the question >> chairman thank you so very much and i ask unanimous consent to
7:53 pm
place and this not to the witnesses but amazon facial recognition mistakenly confused congressmen with unknown criminals so mister wagner are you using the amazon technology we are not using their matching algorithm to and thank you mister chairman and you gave mr. a detailed response so let me try to change around to do you have a team that is directly responsible not just for the implementation but for the internal analysis of the utilization of the app or the technology that you are using so that it is on site so you are able to get firsthand knowledge of the violations or abuses by way of the technology is that information coming back to your office? when i say that to your sector
7:54 pm
part of it is our office and working in conjunction with the field locations so do you have a team that is responding to that? >> we have teams that review the data, reports and the functioning of the system and compliance of the officers using that technology and i'll just say this i know we have a lot of work to do and maybe there can be a classified briefing i would like to do a deeper dive on how that is done and whether they store how long they keep the data on mr. jones and mr. various name we will work through it. >> the data is all worked in compliance with record notices so a photograph of the u.s. citizen that we take it's only stored for 12 hours and then purged, a picture of a foreign
7:55 pm
national is said over to the department database where it is stored, the wrecker of the border crossing is and store it in other systems to the system and record system. >> very interesting we will follow up on your request thank you witnesses so let me insert in the record a letter from the electronic privacy information center and a press release from u.s. travel association and mr. wagner, if you are aware of any notification requirements that a state would be noticed, i'm talking about the global entry situation, and looks like new york is just the first of one
7:56 pm
or two others since we have been sitting here, mr. cuccinelli said washington state might be in a similar position. i am just wanting to make sure that if this is the way forward then surely in light of what mr. rose and some of the other new yorkers on this committee have said there should be some notice that this is about to happen and not just a press conference so i think if you are aware of any please get it back to us in the committee, we would love to have it. i think the witnesses for their testimony and the members for their questions, members of the committee they have additional questions for the witnesses and we ask that you respond expeditiously and writing to those questions.
7:57 pm
without objections, the committee record will be kept open for ten days, no further business, the committee stands adjourned. [inaudible conversations]
7:58 pm
7:59 pm
8:00 pm
next the challenges on combatting disinformation, head by georgetown law for technology,, line policy, this is an hour and a half. all right everyone, thank you


info Stream Only

Uploaded by TV Archive on