Customs and Border Protection collects a wealth of information through the technologies deployed at the ports of entry, all of which is stored in a master crossing record the agency keeps on every individual that enters the country.

That record contains information gathered at every crossing: the time, date and port of the crossing, the information taken from their travel documents, photos and data collected on their belongings and vehicles, and determinations made by customs officers throughout the process. For non-U.S. citizens, this also means biometric data, such as photos and fingerprints.

That record also includes data culled from a variety of federal databases and sources. But CBP doesn’t automatically share its records with other parts of the government--even other Homeland Security components. However, there are procedures and agreements in place that enable some information sharing, spreading the data beyond just CBP’s control.

Over the last few months, Nextgov has been reporting on where and how CBP collects information on people crossing the border, where and how that data is stored and shared, and the agency’s plans to collect and further integrate more data in the near future.

How Data Is Collected

Nextgov visited the Port of San Luis, Arizona in June, a land crossing on the southern border and one of two locations testing a facial recognition program for pedestrian travelers. CBP has been testing the program at land, air and sea ports for a year, using the controversial technology to meet a Congressional mandate to use biometrics to authenticate travelers’ identities. The agency wants to integrate facial recognition technology into all ports of entry by 2025.

Minus the facial recognition program, the Port of San Luis is a standard example of what travelers would see at any land crossing: identity confirmation and baggage check-in the pedestrian lanes and some more advanced scanning in the vehicle lanes.

“There can be significant differences in especially the geography of ports, different sizes, different volumes of travelers, etc.,” said a CBP IT official, one of four officials provided to Nextgov on background. “Having said that, they all try and receive the same level of technology in the sense that we’re not going to have travelers get different experiences at different ports—especially for individuals who are looking to not follow all the rules.”

The information collected by those technologies at any point in the process is immediately updated on the individual’s crossing record. For instance, if a traveler in the vehicle lane is referred for secondary inspection, the officer in secondary might be using a different application to review the crossing record but can already view the information collected during the primary inspection.

For pedestrians crossing the border at San Luis, the first technology they encounter is the facial recognition program. An in-motion camera captures an image of a traveler’s face as they walk up to a counter. When the person provides their name and documents, that image is compared against information in CBP’s Traveler Verification Service database.

Information on the crossing—such as name, date and country of birth, and other biographical information; the dates and locations of previous border crossings; citizenship or immigration status; and a host of other related information—is stored in the TECS database, which contains a master crossing record for every person that enters the U.S.

The data is gathered through the technology used at each port of entry and fed additional information through updates sent from databases managed by federal partners, such as the State Department and U.S. Citizenship and Immigration Services. More on that database later.

The facial recognition pilot began in San Luis in September 2018.

“Of course, at first with anything, it was a little rough at the beginning,” San Luis Watch Commander Jolene Reynaga told Nextgov. “But now I think we’re starting to get everything flowing through. The travelers are more equipped to know, ‘OK, I have to take off my hat. I’ve got to take off my glasses. I’ve got to walk forward.’ It’s that education of the traveling public, as well.”

But speed isn’t the true goal.

“It reduces the threat of imposters—people using other people’s documents,” said Justin Winburn, chief CBP officer at San Luis Port of Entry. “On top of that, it just helps us do our jobs much quicker. When you have the tools and technology and these upgrades that are given to us, it speeds things up.”

For example, Winburn pointed to a gas tank scope—a mirror lens on the end of a snake-like cord that can be used to look inside a vehicle’s fuel tank. Prior to getting the scope, if officers suspected something in the tank, they would have to put the car on a lift, drop and drain the tank to have a look. Now, they can simply look in the tank and see whether anything is hidden inside.

“The same thing applies to facial recognition,” Winburn said. “As these people come in, they’re presenting their documents, that officer is confident in this technology. They know that when it takes that picture of them, the technology is saying that this person is who they say they are, so now [the officer] can focus on different parts of the inspection if they need to—is this person nervous, is their story not matching up? Yes, they are who they say they are, and I don’t have to send them to secondary for that. But are they hiding contraband or are they just trying to get from point A to point B?”

As of July, the program had captured 139 alleged imposters in 2019.

“It’s a great tool for the officers. It helps them out. It easily compares the document that they’re trying to use to come into the United States,” said Linda Thornbloom, program manager for primary applications at San Luis and head of development for the port’s facial recognition program.

After the facial recognition test and a conversation with the CBP officer, pedestrian travelers put their bags through a standard x-ray machine for scanning before being welcomed to the U.S.

While the vehicle lane does not currently use facial recognition as part of the screening process, the agency collects far more data points on drivers.

As vehicles approach the crossing station, they wait in line to drive between two pillars that make up the radiation portal monitor, or RPM, scanner, designed to detect the slightest traces of radiation.

The data from the RPM scanner is uploaded directly to the cloud, allowing officers at the crossing to analyze the data or request an expert opinion from scientists at CBP’s Laboratories and Scientific Services office. Lab techs at the LSS bureau—which is staffed 24/7/365—can review the details of the scans and let officers know whether the radiation poses a threat or is simply a residual amount leftover from a recent dental x-ray or medical procedure.

After the RPM, drivers pull forward toward the booth with the customs officer. On the way, a camera takes a picture of their license plate.

The license plate reader also takes a picture of the driver, according to Reynaga. At most ports of entry, that photo is not run through the facial recognition algorithm at this time. However, CBP has been running a pilot program at the Anzalduas crossing in Texas using facial recognition algorithms to match those images.

“The spirit is, we take this existing system, what you saw with the pedestrian system, we’re using the facial gathering to match to an image that we have on file,” a CBP IT official told Nextgov. “That image we have on file is tied to various appropriate bits of biographic data and we’re able to say, ‘Ah, here’s this person and we’ve matched them to this identity that has presented themselves for entry in the past.’ Vehicle would be very similar.”

What’s still to be worked out is exactly how the image is captured, whether through a windshield when a picture is taken of the license plate—like in Anzalduas—or by a camera mounted in the booth with the officer.

From there, travelers in the vehicle lane get their first interaction with a human—a customs officer in a booth with a computer. The officer sees results from the first two scans—radiation and license plate—and follows up with the traveler’s documents and questions about what they are bringing across the border.

Currently, the officer compares the documents with records in CBP’s database—just as it’s done in the pedestrian lanes. The vehicle lanes also have another technology component not seen on the pedestrian side: CBP has implemented a program called the Secure Electronic Network for Travelers Rapid Inspection, or SENTRI, which allows frequent travelers to obtain a RFID tag that beams the driver’s information—including all the details of their crossing record—to the booth while the vehicle is still in motion.

Ultimately, this only saves three to five seconds per vehicle, Winburn said. But averaging 8,500 cars passing through the port each day—for about 3.1 million a year—that quickly adds up.

From an IT and data perspective, the impact is much bigger.

“If a vehicle is coming through one of our ready lanes—where … the lane has been suited for travelers that have documents that have RFID capabilities—they will, as part of that crossing, be asked to present that document and oftentimes the officer will read that document via a RFID reader,” an IT official said. “If face has nothing to do with this—and it doesn’t at the moment—that crossing record will then go into systems that say, ‘OK, this person crossed on this day, at this port, at this location. They presented a travel document; we did a RFID read of that document and this is the information that was collected from that RFID read.’”

In the future, Reynaga said she would like to see all documents become smart documents, similar to the RFID tags used in the SENTRI program.

Embedding every travel document with RFID technology would save officers from having to manually type information from birth certificates or passports, saving time and preventing long lines and delays. “Everybody should have them,” she said.

And that’s where CBP headquarters is going, according to the IT officials who spoke to Nextgov.

Where the Data Goes Next

Along with the information gathered through the crossing process, the master record contains data gathered from other federal departments, such as the State Department and other components of the Homeland Security Department, such as USCIS and Immigration and Customs Enforcement. Data from all those departments with a mission concerning travel and immigration flows into CBP databases and coalesce in the master crossing records.

Currently, the facial recognition system being tested at select ports is cordoned off from the rest of the data gathering. For U.S. citizens, the image taken at customs is deleted after 12 hours and is never shared or copied, according to IT officials.

CBP maintains the database used to match travelers with their photos, so the data collected through the facial recognition program never leaves CBP systems. As the State Department updates its information, that data is automatically shared and updated in the CBP database. The result is a self-contained system that can match facial recognition photos against State Department records without interacting directly with those systems.

“During the facial recognition process, we don’t call out to the State Department, so we don’t leave any record or footprint in their database during that process,” a CBP IT official explained.

For the time being, images of U.S. citizen are not added to the crossing record, as CBP’s current authority only allows the agency to use the images to verify identity.

“In the fullness of time, especially if and as we consider the possibility of a nationwide deployment, you may see those retention periods change,” another official said. “I think that’s going to be a discussion for a while.”

When it comes to non-U.S. citizens, the retention rules change drastically.

For the facial recognition program, CBP keeps a copy on file for up to two weeks for testing before it is deleted from that system. However, as with other biometric processes in the past—such as fingerprinting—the information is also forwarded on to the Automated Biometric Identification System, or IDENT, the Homeland Security Department’s central biometric database, which currently contains data on more than 250 million people. Under current authorities, Homeland Security can hold on to that biometric data for up to 75 years.

Homeland Security is in the process of migrating IDENT to the cloud under the new Homeland Advanced Recognition Technology, or HART, system.

“If you think of the fingerprint process, a picture is taken at the same time as those fingerprints. Those photographs were not used for facial matching when collected … but they were retained,” an IT official said.

“They send the picture to IDENT saying this person was verified through simplified arrival, as opposed to verifying them by fingerprint,” said Thornbloom, the facial recognition lead at San Luis.

Information stored in the IDENT database is also cross-referenced back to the master crossing records maintained by CBP, meaning images of non-citizens captured through the facial recognition program make their way back to the crossing record.

Individuals’ master crossing records, whether citizens or non-citizens, can be shared, though only if proper procedure is followed.

“Data stays with CBP unless there’s some law enforcement reason another agency asks for it. There’s rules around how we share that data,” an IT official said.

The crossing record is available to all components of CBP, including customs officers at ports of entry and border patrol agents in between. But other agencies within the Homeland Security Department have to go through a formal process to access the information. That includes other agencies that work on immigration and border missions, such as USCIS and ICE.

“If this information is shared, it’s only when there’s clear authority for them to as part of their mission have crossing information,” another official said, reiterating that any non-CBP agency would still need to go through the formal request process.

“If ICE, in the conduction of their mission are needing to know who is compliant with the terms of their admission,” i.e., whether someone has overstayed their visa, “that would be information that CBP would have a hand in providing,” the official said. “They don’t collect crossing information themselves, so, naturally, we coordinate with them for those elements where they are executing components of their mission.”

“It doesn’t mean that no one in ICE can access the data,” a third official confirmed, but “generally” they would not have standing authority to access master crossing records without submitting a request.

The other two major components of CBP—Border Patrol and Air and Marine Operations—also collect a significant amount of data. As the collection methods used by all three divisions continue to be digitized, and as the agency as a whole moves to the cloud, that data is being ever-more integrated and used to create an instant mosaic of any individual that crosses the boundaries of the nation.

Editor's Note: This story was updated to clarify the names of a database and program.