A months-long review of policies, operations and capabilities of biometric applications across the Department of Homeland Security (DHS) found that department components are not working together to make the best use of how these technologies are developed, acquired and deployed, according to a new strategy framework for biometrics released by DHS this week.

The DHS Biometrics Strategic Framework 2015-2025 also says there is a lack of an integrated biometrics strategy for the department and there are capability shortfalls in a number of areas. The framework is dated June 9 and was released on Aug. 26.

Unidentified traveler submitting a fingerprint at a Customs and Border Protection workstation. Photo: CBP
Unidentified traveler submitting a fingerprint at a Customs and Border Protection workstation. Photo: CBP

The DHS Office of Biometrics and Identity Management maintains the department’s authoritative biometrics repository, the Automated Biometric Identification System (IDENT), which stores records on more than 200 million identities and currently fields more than 300,000 daily transactions. IDENT is also interoperable with two other key biometric databases, the FBI’s Next Generation Identification System and the Defense Department’s Automated Biometric Identification System.

However, the framework document says DHS hasn’t coordinated how each of its components interfaces with external databases, saying interfaces are “not standardized across DHS.”

“Access to external federal biometric databases, however, through bilateral interoperability agreements, is not fully implemented, requiring DHS components to employ mission centric solutions for integrating certain biometric exchanges with the [FBI] and [DoD],” the framework says. “This requires DHS components to work independently with the FBI and DoD to integrate with each biometric system for access to data that assists in identifying and adjudicating subjects.”

DHS components use biometrics, primarily fingerprints, in a number of applications with the ultimate goal to be able to make decisions about people encountered in various environments such as airports, in remote areas between ports of entry, and in other scenarios. For example, Customs and Border Protection collects and or verifies more than 180,000 fingerprints and photos each day from trusted travelers and foreign nationals entering the United States at or between ports of entry, and in enrollment centers for trusted traveler applicants.

The United States Citizenship and Immigration Services collects fingerprints and high-quality photos from 12,000 aliens daily applying for immigration benefits. The Transportation Security Administration collects fingerprints from 6,000 applicants each day for various identity credential programs such as the Transportation Worker Identity Credential and the Hazardous Material Endorsement. Other DHS agencies also collect and verify fingerprints, photos and iris images.

But the team that put together the new biometrics framework, which was ultimately spawned by Homeland Security Secretary Jeh Johnson’s Unity of Effort initiative launched in April 2014, found a wide range of shortcomings in the way DHS and its components go about the business of biometrics.

In addition to interoperability issues with external databases, the framework says that in the cases where CBP and TSA collect or use photos, these images are not of sufficient quality for facial recognition. It also says that while IDENT can store a number of biometric modalities, it only offers matching for fingerprints, “limiting operational components’ ability to implement the use of alternate biometrics that may better suit operational needs.”

Other observations made in the framework include each DHS component “works independently to design, develop, acquire and deploy biometric solutions,” a lack of an “overarching DHS biometric rule” when it comes to policies, privacy and other regulations, “each component communicates their requirements independently with industry without giving industry a consolidated view of the DHS market,” a lack of “formalized collaboration across DHS” to spread best practices and other knowledge, and “each component develops their own acquisition vehicles” buy biometric systems despite overlap between these vehicles.

This all leads to higher costs through duplication of effort, discourages industry investment due to a lack of understanding of DHS need, discourages interoperability across mission space, and longer time to market, the framework says.

The framework lays out a vision for biometrics at DHS for the next decade that calls for a unity of effort in the department-wide approach to the technology, outlining three goals. The first is to be more effective in identifying subjects, which will involve refreshing outdated biometric collection systems, centralizing access to federal and international biometric databases, enabling field users of biometric systems to have more rapid access to data to verify or identify subjects, and expand the use of multimodal-biometrics to identify threats.

A second goal is to “Transform identity operations to optimize performance,” with objectives to include automating identity processes, move away from an encounter-based approach to biometrics to a person-centric process—which expands the situational awareness about a subject—and expediting security processes through the use of biometrics for faster transit and reduced vulnerabilities and fraud.

The final goal is to improve internal processes and bolster innovation. The framework lists a number of objectives under this goal, including formalizing joint requirements efforts to find efficiencies, create department-wide authorities so that all components understand their permissions for collecting and sharing biometric data, ensure a consistent approach to privacy policies across the department, improve communications with all stakeholders in and out of government “to promote innovation and better articulate requirements,” have standardized solutions to minimize duplication of services within DHS that interface with IDENT, and establishing a governance structure to prioritize and manage the objectives of a department-wide biometric portfolio.