Security Expert Reaction On U.S CBP Uses Facial Recognition To Verify Travelers

According to its February report, the U.S. Customs and Border Protection used facial recognition tools to scan over 23 million travelers’ faces at 30-plus points of entry in 2020, and failed to turn up a single example of an individual impersonating someone else at an airport.

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
February 15, 2021 2:44 pm

<p>Facial recognition over the past several years has been an active tool within various government groups, whether at the local, state, or federal level. Regarding CBP, their use has the citizen or visitor standing in front of them with their passport. By scanning the passport and using the facial recognition system, the agent can determine if the person is the right person or an imposter.  <br /><br />Having no imposters come through in 2020 and with 23 million coming into the U.S. could be due to lockdowns in various countries and restrictions on travel, which might have slowed imposters\’ progress to gain entry in the U.S. illegally.<br /><br />While the report does not provide any data or audit results, it\’s unclear whether the Government Assurance Office (GAO) conducted any test with a \"fake\" imposter to see if they could bypass the CBP.  </p> <p>In cybersecurity or physical security, organizations want to test and monitor their perimeters, whether electronic or physical. These audits can determine any areas of improvement and if the processes and procedures are operating as required.</p>

Last edited 1 year ago by James McQuiggan
Stuart Sharp
Stuart Sharp , VP of Solution Engineering
InfoSec Expert
February 15, 2021 2:39 pm

<p>We should not assume that the CBP facial recognition tools have failed simply by a lack of imposter identification, as this may simply be the result of fewer individuals attempting to enter the country as a result of Covid. Nevertheless, while biometrics have a role to play in identification, it does face significant limitations. Most people don’t realise that Biometric authentication relies on a probabilistic model, not deterministic. When comparing a facial or fingerprint scan to the stored value, the system accepts a degree of variation. This is called the False Acceptance Rate (FAR) metric, which is the probability that the system will incorrectly identify a user as valid. Realising that facial recognition is simply verifying that the scan is ‘similar’ to the stored image, you can see that there is a real risk that the CBP tools are not detecting skillful imposters.</p>

Last edited 1 year ago by Stuart Sharp
Josh Bohls
Josh Bohls , Founder
InfoSec Expert
February 15, 2021 2:10 pm

<p>The system may not have identified anyone using false credentials, but I suspect the agency considers it a huge success in that it was able to collect a massive trove of images of visitors that can be directly linked to their passports. This is the holy grail of AI/ML system training data and will serve to improve the system dramatically over time.</p>

Last edited 1 year ago by Josh Bohls
3
0
Would love your thoughts, please comment.x
()
x