23 House Democrats have signed a letter to acting Homeland Secretary Kevin McAleenan expressing concern over reports of facial recognition systems being used on American citizens.

The big picture: Regulating facial recognition software has bipartisan support. Republicans and Democrats are worried about potential abuse of power by law enforcement and have suggested implementing federal laws to restrain the technology. Others are concerned it could be used as a tool for authoritarian surveillance, as in China and other states.

What's happening: In their letter, Democratic lawmakers cited reports that U.S. Customs and Border Protection (CBP) are using facial recognition tech at airports to scan American citizens under the Biometric Exit Program — which "expressly limits the collection of biometric data to foreign nationals."

"It remains unclear under what authority CBP is carrying out this program on Americans," they write, citing reports that the agency has partnered with TSA and commercial airlines to monitor citizens.

under what authority CBP is carrying out this program on Americans," they write, citing reports that the agency has partnered with TSA and commercial airlines to monitor citizens. CBP claims it "does not require U.S. Citizens or exempt aliens to have their pictures taken on entry" to the country and "does not require any travelers to have their photos taken when exiting" the U.S., through the Biometric Exit Program.

U.S. Citizens or exempt aliens to have their pictures taken on entry" to the country and "does not require any travelers to have their photos taken when exiting" the U.S., through the Biometric Exit Program. House Democrats questioned this claim, arguing that "the random nature of this pilot program does not allow travelers the requisite advanced notice to make an informed decision on their willingness to participate."

Where it stands: CBP employs the biometric exit process in 17 locations, an agency spokesperson told Axios.

CBP has biometrically processed more than 19 million travelers using facial recognition across air entry, air exit, and preclearance locations with a match rate of more than 97%, as of May 14, the spokesperson said.

The other problem: Last week, CBP said images of travelers collected through the agency's growing facial-recognition program were compromised in a "malicious cyberattack," the Washington Post reports. According to CBP's initial reports, fewer than 100,000 people were affected and the stolen information only included photographs.

CBP says it discards all photos of U.S. citizens within 12 hours of identity verification. Photographs compromised in that "malicious cyberattack" were "of people in vehicles entering and exiting the U.S. over a month and a half" through an unnamed border entry port, the Post reports.

The Hill reported that a CBP spokeswoman confirmed the agency had received the House Democrats' letter.

Read the full letter:

Go deeper: Reports detail spread of secretive facial recognition in the U.S.