The document from CBP’s online portal also references smuggling and the use of electronics alleged to have broken rules on intellectual property rights, among other instances of trade violations.  

The spreadsheet references nearly 200 allegations, all of them closed, made in recent years through CBP’s E-Allegations program, described by the agency as an electronic portal for “the trade community and general public.” These complaints are typically made by members of the trade community, the agency told FedScoop, but do not reveal the result of CBP’s final determination. An FAQ page for the E-Allegations program notes that the Trade Secrets Act, the Privacy Act, and CBP regulations prevent the office from disclosing enforcement actions taken in response to a case.

The items listed in the document’s violator product field are provided by the reporting entity. Some of the complaints regarding products appear to be closed relatively quickly, within a day, while other investigations take several months or even more than a year.  According to CBP’s FAQ page, the agency can sometimes intercept counterfeit merchandise or hazardous material “shortly after an allegation is received,” while the processing of other cases can take longer, if, for example, a penalty is involved. 

CBP said it can also receive allegations from private citizens, government agencies, media, non-governmental organizations, and witnesses, but it cannot provide information on the sources of different allegations to protect their safety, citing law enforcement sensitivities. CBP told FedScoop that it cannot publicly disclose confidential business information related to importations. 

The document included 62 complaints related to intellectual property, 39 on classification of merchandise, and 17 for country of origin markings. Many of the complaints involved e-cigarettes, e-bikes, electrical metallic tubing, and electric guitars, including a counterfeit Gibson ES-335. 

One case was partially redacted, but referenced “child surveillance video” and involved “national security,” though no other details were provided. CBP would not comment on individual cases. Another case involved Huawei cell phones, which was listed under “other” in the trade violations category. (Huawei, notably, is one company included on a U.S. import ban of certain Chinese firms.)

Several allegations involve forced labor and Apple products. One investigation, which was opened in September 2021 and closed after roughly 15 months, involved an accusation of forced labor and a product described as “Apple iPhone.” Another allegation, which was received in August 2020 and closed December 2022, involved an allegation of forced labor and a product described as “Apple store employee uniforms.” 

One complaint, which was received in April and closed in June of last year, involved an accusation of forced labor and “Fake Airpods and Apple Watches.” The spreadsheet includes references to many other fake Apple products. 

“Apple does not tolerate forced labor and looking for the presence of forced labor is part of every supplier assessment we conduct,” an Apple spokesperson said in a statement to FedScoop. “Our supplier standards are the strongest in the industry and those protections apply across the supply chain, regardless of a person’s job or location.

They continued: “Last year alone we conducted more than 1,500 assessments of our suppliers — including surprise audits — to validate compliance in key areas including working hours compliance, hiring practices, labor and human rights, and health and safety management. Throughout our comprehensive assessments we have found no evidence of anyone being forced to work in our supply chain.”

Apple did not address FedScoop’s questions about the specific allegations.

In a report on its supply chain released this year, Apple outlined its approach to prevent forced labor, including surprise assessments of suppliers, “specialized forced labor assessments for at-risk suppliers,” and a requirement for many suppliers to participate in facility-wide assessments. Assessments run by the Responsible Business Alliance, an industry group that Apple works with and is a member of, are specifically referenced. The report states that Apple “strictly” prohibits labor recruiting in places where the company says it can’t do due diligence. Apple said further audits are planned. 

Other allegations in the spreadsheet were related to smuggling, non-trade criminal activity, broker violations, and antidumping and countervailing duties.  

Concerningly, several of the products seemed to involve electronics that a person would insert into their bodies for the purpose of surveillance; some of those were cited for health and safety violations. 

These include a case involving a product described as “Invisible Secret Spy Earphone Nano Wireless Earpiece for Mobile Phone,” though part of the description was redacted. Another product alleged to have violated health and safety rules — and whose description was not redacted — was described as “Invisible Secret Spy Earphone Nano Wireless Earpiece for Mobile Phone in my ears and Philip s microchip in my heart inside my ribcage and chest.”

Both investigations were closed within a day. 

The post CBP document of alleged trade violations reveals claims about forced labor, national security issues appeared first on FedScoop.

But, even though ICE says it has received no new requests for the use of commercial telemetry services since December 2022, the agency has filed a privacy impact assessment with the Department of Homeland Security’s privacy office for review. This kind of documentation is supposed to be released when agencies deploy a technology that could involve someone’s personal information. If and when that assessment is finalized, ICE plans to develop procedures focused on guiding the use of commercial telemetry services.

ICE did not address a series of questions posed by FedScoop regarding the draft PIA and CTD at the subcomponent.

The move comes as civil rights advocates have raised repeated concerns about the use of commercial telemetry data. Relatedly, Sens. Ron Wyden, D-Ore., and Rand Paul, R-Ky., have introduced the Fourth Amendment is Not for Sale Act, which seeks to rein in the government’s use of this information, among other measures.

Adam Schwartz, the privacy litigation director at the Electronic Frontier Foundation, previously told FedScoop that the digital rights nonprofit’s “view is that the Fourth Amendment to our Constitution ought to be interpreted by courts to bar the government from purchasing this kind of data given that — in order to acquire this data directly from a person or from their service provider — they would have to get a warrant.”

Within DHS, the use of this data has raised alarm bells. Last September, the department’s office of inspector general released a redacted report highlighting that agency subcomponents had not followed the law nor complied with policies surrounding privacy. ICE, in particular, was flagged for using this data without an approved privacy impact assessment. The OIG’s office identified nine contracts covering access to two different databases for this data between fiscal years 2019 and 2020. 

ICE appears to have sent mixed messages on its approach to telemetry data. The subcomponent originally rebuffed a recommendation by the OIG to stop using this data until it obtained an approved PIA. At that time, DHS argued that telemetry data was “an important mission contributor to the ICE investigative process” and “can fill knowledge gaps and produce investigative leads.” In response to the OIG report, the agency said ICE was working to finalize a draft geolocation services PIA and taking steps to mitigate privacy risk concerns. 

Then, in January, ICE told FedScoop it was in compliance with the OIG recommendation and that it had stopped using telemetry data, but the agency did not provide an update on whether any related PIAs surrounding the technology had been approved. In March, the nonprofit journalism outlet NOTUS reported that DHS expected to stop buying access to this data, citing three people familiar with the matter. 

The fact that ICE says it has a PIA under review at the department’s privacy office with procedures focused on the use of this data pending finalization, while at the same time noting that it hasn’t received any new telemetry data requests since December 2022 and that no operational units had received approval for buying the data since 2021, has raised questions among civil rights groups.

“We’re very concerned about, again, to what extent DHS is really able to provide accountability and oversight over ICE and whether ICE’s words or actions can be trusted,” said Julie Mao, co-founder and deputy director of Just Futures Law, a legal organization that focuses on immigrant rights. “Because they’re saying one thing about not wanting to use CTD — but then also clearly confirming that they’re moving forward with trying to use the same data.” 

The status of other recommendations made in the OIG report also remain unclear. Customs and Border Protection, for instance, was also instructed to discontinue use of phone location data until it obtained a privacy impact assessment. CBP told FedScoop that it didn’t have a need for telemetry data after the expiration of its contracts in fiscal year 2023, following an evaluation of the technology that began with a small group of staff in 2018 overseen by the CBP Privacy and Diversity Office and the CBP Office of Chief Counsel. 

The agency also said it discontinued a contract for the technology following FY2023. Contracts with its Field Operations’ National Targeting Center expired in September, and if the agency wants to use the data again, CBP said it will incorporate the OIG’s recommendations. 

But CBP did not respond to a question about the status of a privacy impact assessment for its past use of commercial telemetry data, which the DHS subcomponent originally said it expected to complete at the end of March. There doesn’t appear to be a PIA listed on the DHS website for this data.

DHS headquarters did not answer FedScoop’s question about the status of a department-wide commercial telemetry data policy, which the agency previously said it expected to complete at the end of June. The agency told FedScoop that its privacy policy and compliance instructions apply to personal information and that it has taken steps to implement recommendations from the OIG while continuing to address recommendations related to this data.

“The Department of Homeland Security (DHS) is committed to protecting individuals’ privacy, civil rights, and civil liberties,” an agency spokesperson told FedScoop. “The DHS Privacy Office coordinates with Components to embed and enforce privacy safeguards in DHS systems, technology, forms, and programs that collect personally identifiable information or have a privacy impact.”

The post ICE pursuing privacy approvals related to controversial phone location data appeared first on FedScoop.

The Emerging Innovative Border Technologies Act from Reps. Lou Correa, D-Calif., and Morgan Luttrell, R-Texas, calls on DHS to deliver a plan to Congress for how the agency can leverage AI, machine learning and nanotechnology to “enhance, or address capability gaps in, border security operations.”

“Border security means keeping drug and human traffickers away from our communities — and new, bleeding-edge technology that is already available for commercial use would give our hard-working officers the tools they need to keep us safe,” Correa, ranking member on the House Border Security and Enforcement Subcommittee, said in a press release. “Through this bipartisan effort, Congress will better understand how our officers can use new technology to stop smugglers, as well as identify and respond when migrants are crossing in remote and deadly conditions, and hopefully deliver them the resources they so desperately need.”

Luttrell, who serves with Correa on the House Border Security and Enforcement Subcommittee, said in the press release that the legislation “aims to combat and neutralize threats at our borders.”

“As cartels and foreign adversary operations become more sophisticated amidst the ongoing border crisis, the United States must deploy the latest and most advanced technologies available to our borders to disrupt these threats,” Luttrell said. “I’ll continue to push for effective measures to safeguard our country and enforce our laws.”

The legislation tasks at least one innovation team member from DHS’s Customs and Border Protection with researching new, innovative and disruptive commercial technologies that could be adapted into border security operations, in an attempt to “address both capability gaps and urgent mission needs and assess their potential outcomes,” per the press release. 

The innovation team will coordinate with the agency’s acquisition program office and others within CPB on identifying technologies, analyzing procurement methods, assessing privacy and security implications on border communities, and looking into legacy CBP technologies. 

In conjunction with DHS’s Science and Technology Directorate, CBP would additionally be responsible for incentivizing the private sector “to develop technologies that maybe help CBP meet mission needs” on border security, while also exploring partnership opportunities with small and disadvantaged businesses, intra-governmental entities, university centers of excellence and federal laboratories. 

The report to Congress — specifically the House and Senate Homeland Security committees — from the commissioner of CBP is due within 180 days of the enactment of the legislation. It should include operating procedures and protocols for reaching agreements on the use of technologies for border security, as well as planning and strategic goals, such as projected costs and performance indicators.  

The legislation from Correa and Luttrell comes less than a month after DHS released its first-ever AI roadmap, outlining the agency’s current uses and future plans for the technology. The roadmap includes several callouts to border security, including the agency’s use of “non-intrusive inspection technology to make border screenings more efficient and to combat the risks associated with smuggling fentanyl and other illicit goods.”

The post Bipartisan House bill calls on DHS to leverage AI for border security appeared first on FedScoop.

The congressional watchdog, tasked by a bicameral, bipartisan group of lawmakers to investigate FOIA response delays, found that the backlog jumped from 14% in 2013 to 22% in 2022, with the growing complexity of requests, staffing shortages and increasing threats of litigation also cited as impediments to the work.

A host of tech-related problems, including with FOIA request management systems and other processing tools, came up regularly during the January 2023 to March 2024 performance audit by the GAO, which conducted four virtual focus groups with senior officials representing 23 Chief Financial Officers Act agencies. 

“As technology has developed, we are able to store so many more records than in the past,” a senior FOIA agency official told the GAO. “When we search large volumes of data, we receive tons of records back that are potentially relevant. Unfortunately, we don’t have the budget to invest in sophisticated software that would help us to review the volume of records that we receive. So at the end of the day, it’s one person that’s having to review tens of thousands of records for potential responsiveness, which is a huge issue. It takes a lot of time.”

Another focus group participant called out requests related to email records or internal communications, such as chat and text, as their agency’s “most complex and time-intensive responses.” The large volume of records combined with coordination challenges with other agencies presents a legitimate problem, the official said.

When pressed by the GAO on how agencies could overcome technical challenges and pare down backlogs, some officials pointed to governmentwide adoption of technology upgrades, ensuring that FOIA offices use identical systems to streamline document review and general coordination. Standardization in tech upgrades will become increasingly important as agencies deal with a proliferation of agency records in electronic formats, officials added.

While standardized tech upgrades to support FOIA requests haven’t materialized yet, agency officials who have leveraged new technologies have seen a marked difference in their efficiencies. 

“We now have the ability in our FOIA office to search our agency’s email system,” one focus group participant said. “Before we were using our information technology staff to provide that service, where we would request that they run searches. They would use key terms, then come back to us, and we would have to go back and forth with different search terms, until we got it right. The ability for us to do the search has enabled us to finish these in a more timely and efficient way, which we couldn’t do previously.” 

Another official said their agency uses technology to remove “duplicative entries in extremely large volumes of responsive documents,” while another spoke of going from five different systems to process requests across multiple bureaus and offices to just one, “and that’s streamlined and automated a lot of our processes,” they said.

The FOIA office within Customs and Border Protection and the agency’s IT leaders were cited specifically by the GAO for their use of robotic process automation, a new technology that allowed staff to more “quickly search for records with specific criteria, and complete simple, routine FOIA processing tasks.” Per the Department of Homeland Security, CBP closed more than 12,400 simple requests thanks to the RPA tool, saving FOIA staffers over 1,500 hours of work. 

The GAO offered four recommendations to the Department of Justice, whose Office of Information Policy, along with the Office of Government Information Services, provides support and resources to agency FOIA offices. Those recommendations ask the Attorney General to direct OIP to issue guidance to agencies on effective backlog reduction plans, advise agencies to identify staff- and skill-related support efforts, develop a process to examine data reporting, and update training materials and related agency reporting standards.

The OIP has previously recommended that agencies “use enhanced technology to process requests,” per the GAO, pushing FOIA staff to partner with agency IT leaders to assess the efficacy and costliness of new tools, as well as acquiring “proper FOIA case management systems to automate the request intake process.”

On Capitol Hill, lawmakers applauded the release of the GAO’s report, which comes in the aftermath of the 2015 bipartisan FOIA Oversight and Implementation Act and was timed for release during Sunshine Week.

“An increasing backlog of FOIA requests compromises the already dwindling trust the American people have in their government,” House Oversight and Accountability ranking member Jamie Raskin, D-Md., said in a statement. The GAO’s report “not only outlines the key challenges that agencies face in their efforts to process FOIA requests in a timely manner, but it also highlights a pathway to transparency and regaining public trust in our institutions. Congress must ensure agencies have the resources needed to live up to FOIA’s promise.”

Sen. John Cornyn, R-Texas, added that FOIA serves as “a cornerstone” for the country’s “belief in open and transparent government.” The GAO report “should serve as a starting point to reduce the backlog of FOIA requests so Americans can continue to hold those who represent them accountable.”

The post Tech issues are part of the problem — and solution — for FOIA backlog, GAO finds appeared first on FedScoop.

The disclosure, published to the Federal Register last month, states that CBP is introducing a new biometric capability into the app that’s meant to accelerate the Department of Homeland Security’s effort to collect biometric information from nonimmigrants leaving the country, requiring a “selfie” photo with geolocation tracking to confirm that they’ve actually departed. The update is also intended to decrease travel document fraud and improve the agency’s “ability to identify criminals and known or suspected terrorists.”

The app’s update would allow nonimmigrants who are departing the U.S. to “voluntarily provide biographical data, facial images and geolocation,” a step that aligns with a Department of Homeland Security mandate to collect biometric information and support CBP’s plan to fully automate I-94 collection. Individuals are subject to Form I-94 if they are nonimmigrant U.S. visitors; CBP issues I-94 forms to individuals at the time that they “lawfully enter” the U.S., serving as an arrival and departure record.

“Having proof of an exit via the CBP One app would provide nonimmigrants some information for CBP officers to consider in the event the officer is unsure whether a nonimmigrant complied with the I-94 requirements provided upon their previous entry,” the notice reads. 

Additionally, CBP stated its intention to update the Electronic System for Travel Authorization website to require applicants to provide a selfie along with the already required passport biographical page photo. 

The new disclosure also mentions a “liveness detection” feature that’s meant to confirm that the photo is recent and not an older photo. That information, according to the Federal Register posting, is supposed to be filed in the Arrival and Departure Information System, a travel history database that CBP is pushing to expand, according to a privacy impact assessment for the platform. 

The CBP One expansion comes after the agency in September announced plans to utilize the technology before someone arrives in the United States. That information, according to the disclosure, is supposed to be shared with U.S. Citizenship and Immigration Services and air carriers working with CBP’s document validation initiative. In this case, photos sent to the app are, for instance, scanned with a facial recognition algorithm and uploaded to a Traveler Verification System gallery and the Automated Targeting System, which is used to compare traveler information to other law enforcement data, according to a privacy impact assessment published at the beginning of last year.

“Noncitizens are able to use the CBP One mobile application to schedule an appointment at one of seven Southwest Border [ports of entry] and present themselves for inspection to a CBP officer,” Benjamine “Carry” Huffman, then-acting deputy commissioner at CBP, said during a border-focused House hearing last year. “The ability to use the app cuts out the smugglers, decreases migrant exploitation, and makes processing more efficient upon arrival at the [ports of entry].” 

After publication of this story, and more than two weeks after FedScoop reached out for comment, a CBP spokesperson said in an email that the app digitally serves travelers who need to interact with the agency, and permits them to do things such as provide advance notice of the import of biological materials, apply and pay for an I-94 document, and schedule perishable cargo exams.

Additionally, migrants located in Central or North Mexico who do not have sufficient admission documentation can make an appointment and remain in place until presenting for their appointment. This cuts down on migrant crowding in immediate border areas, according to the spokesperson. 

The app’s appointment scheduling functionality, according to the spokesperson, has increased CBP’s capacity to process migrants and cut down on bad actors who could endanger and take advantage of vulnerable migrants.

The purpose of this system, according to the agency’s September posting, is to confirm the identity of someone entering the U.S. and to run that information against potential criminal databases. That disclosure also noted new CBP One applications for certain nationals of countries like Haiti and Colombia, as well as a new program for Ukrainians.

Yet the CBP disclosure from late February is new in that it applies biometrics to those exiting the United States, rather than those entering. Though no time frame is specified, the posting puts the number of respondents expected to use the CBP One in the hundreds of thousands. This expansion only adds to concerns held by immigration rights groups.  

“We are concerned about the ever-expanding surveillance capabilities and requirements that CBP is adding to CBP One. With little notice or oversight, CBP has expanded biometric and geolocation surveillance to individuals not even in the U.S.,” Julie Mao, the co-founder and deputy director of Just Futures Law, a legal organization that focuses on immigrant rights, said in an email to FedScoop. 

She continued: “What business and for that matter legal authority does CBP have to conduct such biometrics and geolocation capture outside the U.S.? This is part of DHS’s disturbing and unchecked externalization of U.S. immigration policy, and therefore surveillance, to other countries.” 

The app has previously come under fire for its technical capabilities. Amnesty International said that mandatory use of CBP One violates peoples’ right to pursue asylum, pointing to risks related to privacy, discrimination, and surveillance. The National Immigration Project and the immigrant rights group Together & Free have also documented the difficulties faced by those who are unable to book an appointment through the app. 

Reviews on two of the most prominent app stores, the Apple App Store and the Google Play Store, also show people pointing to technical issues with the CBP One app. For instance, one person complained in January that the app only works for people with modern Android phones, making it difficult for people in Cuba to use. Another review, posted in December, noted issues with the app’s software not recognizing their face; the CBP spokesperson told FedScoop that this is related to issues in the USCIS system that someone might need to correct before they’re able to move forward in the app. Other complaints note that the app freezes or posts error messages. 

There are other concerns about the app’s technical abilities, particularly surrounding AI. A letter from Human Rights Watch to several entities within DHS warned that the app’s liveness detection “does not always work for asylum seekers with darker skin tones.”  

“CBP’s use of photo recognition to access these features is of concern, particularly in light of the issues we saw when CBP One first launched,” said Raul Pinto, deputy legal director for transparency at the American Immigration Council, which does extensive work looking at the CBP One app. “At that point, there were numerous reports that racial minorities had trouble accessing certain functions of the app.”

In response to FedScoop’s questions, an agency spokesperson said on March 12 that the app no longer receives time-out errors and also resolved bandwidth issues with a third-party provider within weeks. The agency also confirmed that devices using CBP One app appointments need to meet certain RAM requirements and operating system requirements for Android and iOS. 

Additionally, CBP said that biometric traveler verification service matching has a match rate of 99.4% on entry and 98.1% on exit, and that between 2017 and 2022, people using the system from African countries in had a 99.5% match rate, while people coming from Central American countries had a 99.6% match rate. 

Notably, the current status of the liveness detection feature appears to be inaccurately described in DHS’s AI inventory,which the agency has updated several times within the past year. In that inventory, CBP says the tool uses a selfie and artificial intelligence algorithms, and specifically, machine vision, to confirm that it is a live picture and “not a photo, mask, or other spoofing mechanism.” The tool is still listed in the development and acquisition phase, even though DHS already appears to be using it. CBP did not respond to a question about the discrepancy. 

The app is facing several investigations within DHS, including from its Office of Inspector General, which is currently looking into the use of CBP One on the Southwestern border. When asked about the status of that investigation, the OIG office said that it was ongoing and that, upon completion, results would be published to its website.

Meanwhile, the DHS’s Office for Civil Rights and Civil Liberties is also conducting an investigation into difficulties faced by migrants using the app, though it declined to comment. And the Boston-based Lawyers for Civil Rights, which had sent concerns to the DHS civil rights office, said they were aware of changes to the app but had otherwise not heard an update from DHS.

The new updates to the app come amid ongoing discussions on the Hill about the Biden administration’s broader approach to immigration policy. Some Democrats have argued for increased funding for the app to boost its technology, while others have criticized the app, including Sen. Cory Booker, D-N.J. who called the way it’s been deployed “inherently discriminatory.” 

Congressional Republicans have also criticized CBP One — but for different reasons. Rep. Mark Green, R-Tenn., chair of the House Homeland Security Committee, said in a release last October that DHS Secretary Alejandro Mayorkas “has utterly abused the CBP One app in his quest for open borders.”  

Editor’s note: This piece was updated on March 14 to include comments and background from CBP, which responded after publication. 

The post CBP leaning into biometrics on controversial app, raising concerns from immigrant rights advocates appeared first on FedScoop.

“Like other law enforcement agencies, Homeland Security Investigations (HSI) employs various forms of technology to investigate violations of the law, while appropriately respecting civil liberties and privacy interests,” the spokesperson said.   

The move comes amid ongoing bipartisan concern about law enforcement agency purchases of peoples’ location data without obtaining a warrant. Sens. Rand Paul, R-Ky., and Ron Wyden, D-Ore., have proposed the Fourth Amendment is Not for Sale Act, which would require law enforcement agencies to seek the permission of a court before paying for location data. The Federal Trade Commission also recently took action against the selling of location data by data brokers. Civil liberties experts continue to raise alarms about the practice, too.

Adam Schwartz, the privacy litigation director at the Electronic Frontier Foundation, said the digital rights nonprofit’s “view is that the Fourth Amendment to our Constitution ought to be interpreted by courts to bar the government from purchasing this kind of data given that — in order to acquire this data directly from a person or from their service provider — they would have to get a warrant.”

“This is sort of the government credit card exception from the warrant requirement,” he added. “This is a question that the courts have not reached yet, in part because the government is secretive about what they are doing.” 

ICE’s decision to stop buying this data is a marked change from late September, when the inspector general of the Department of Homeland Security released a partially redacted report noting that three components of the agency — ICE, Customs and Border Protection, and the U.S. Secret Service — had not complied with the department’s privacy policies in regard to commercial telemetry data (CTD). ICE specifically did not have an approved CTD privacy impact assessment, a type of disclosure meant to provide an overview into how personal information could be used by a digital technology deployed by the government, violating internal DHS privacy policies and the E-Government Act. 

(The OIG report also highlighted employee misuse or irresponsible use of CTD as a risk. For instance, one CBP employee used CTD to track their coworkers for no investigative purpose, the report states).

At the time, ICE had said it would continue to use CTD, that it was working to finalize a geolocation services PIA in the first quarter of this year, and that it was implementing privacy risk mitigation strategies, among other efforts. That response did not satisfy DHS, which noted that its recommendation would be “open and unresolved until ICE completes PIA requirements or discontinues its non-compliant use of CTD.” Notably, DHS OIG’s office found that ICE had nine contracts and access to two CTD databases during fiscal years 2019 and 2020, which they used to conduct more than 16,000 searches. 

The two other DHS components mentioned in the report also provided comments to FedScoop. CBP “discontinued its contract utilizing CTD technology” after the end of fiscal year 2023, according to a spokesperson. 

“DHS, including CBP, uses various forms of technology in furtherance of its mission, including tools to support investigations related to, among other things, illegal trafficking on the dark web, cross-border transnational crime, and terrorism,” the spokesperson added. “DHS leverages this technology in ways that are consistent with its authorities and the law.”

Alexandria Worley, a spokesperson for the U.S. Secret Service, said in an email that “as a matter of operational security, the Secret Service does not comment on our protective means and methods,” though she referenced internal privacy compliance policy on discussing PIA requirements. 

“As part of this policy, the Secret Service also works hand-in-hand with the DHS Privacy Office to determine if/when additional privacy compliance documentation is required. OIG determined that these corrective actions met the intent of their recommendation and considers the issue resolved.”

An Oversight.gov posting notes that eight of the recommendations from that OIG report remain open, including a plan for the chief information officer of DHS to create a formal department-wide policy for CTD. The department’s original response estimated that it would complete the recommendation to create a policy by June 2024. 

DHS CIO Eric Hysen did not respond to a request for comment about this policy. The department’s inspector general office said that DHS had still not provided an update on its progress on the recommendations — past the typical 90-day response time. 

“Typically, following issuance of our reports, within 90 days, the Department submits to DHS OIG a recommendation update letter,” said a spokesperson for the OIG. “We look forward to receiving the Department’s 90-day update letter for OIG-23-16.”

The post ICE says it’s stopped using commercial telemetry data appeared first on FedScoop.

The additions include the U.S. Customs and Border Protection’s use of its Traveler Verification Service, a tool that deploys facial comparison technology to verify a traveler’s identity, in addition to the Transportation Security Agency’s deployment of that same tool for the PreCheck process. 

The department also added the Federal Emergency Management Agency’s geospatial damage assessments, which uses machine learning and machine vision to assess damage caused by a disaster, and CBP’s use of AI to inform port of entry risk assessment decisions. 

While the four additions were picked up by a website tracker used by FedScoop on Oct. 31, all appear to have been already public elsewhere — three for at least a year — underscoring existing concerns about inventories not reflecting the full scope of publicly known AI uses. 

When asked why the uses were added now, a DHS spokesperson pointed to its process for evaluating public disclosure.

“Due to DHS’s sensitive law enforcement and national security missions, we have a rigorous internal process for evaluating whether certain sensitive AI Use Cases are safe to share externally. These use cases have recently been cleared for sharing externally,” the spokesperson said in an emailed statement.

Aside from the Department of Defense, those in the intelligence community, and independent regulatory agencies, federal agencies are required to post publicly their uses of AI in an annual inventory under a Trump-era executive order. But they’ve so far been inconsistent in terms of categories included, format and timing. Among the concerns researchers and advocates have pointed to is apparent exclusion of public uses in the inventories.  

Use of the Traveler Verification Service facial comparison technology has been referenced elsewhere on the TSA’s website since at least early 2021 and on the CPB’s website since at least 2019, according to pages archived by the Wayback Machine. And according to a Government Accountability Office report, the Traveler Verification Service was developed and implemented in 2017. The use of AI for geospatial damage assessments has also appeared on FEMA’s website since August 2022, according to the Wayback Machine’s archive.

The spokesperson also noted that DHS Chief Information Officer and Chief AI Officer Eric Hysen testified on CBP’s port of entry risk assessment use case at a September hearing before the House Oversight Subcommittee on Cybersecurity, Information Technology, and Government Innovation.

Ben Winters, a senior counsel at the Electronic Privacy Information Center who also leads its AI and Human Rights Project, called the lack of promptness and completeness in the disclosure “concerning.”

“AI use case inventories are only as valuable as compliance with them is. It illustrates why the government does not have the adequate oversight, transparency, and accountability mechanisms in place to continue using or purchasing sensitive AI tools at this time,” Winters said in an emailed statement to FedScoop.

He added that he hopes the Office of Management and Budget guidance “does not broadly exempt these types of ‘national security’ tools and DHS chooses to prioritize transparency and accountability moving forward.”

Currently, there isn’t a clear process for agencies to add or remove things from their inventories. In the past, the OMB has said that agencies “are responsible for maintaining the accuracy of their inventories.”

DHS previously added and removed several uses of AI in August. At that time, it added Immigration and Customs Enforcement’s use of facial recognition technology, as well as CBP’s use of technology to identify “proof of life” and prevent fraud on an agency app. It also removed a reference to a TSA system that it described as an algorithm to address COVID-19 risks at airports.

The agency also expects to soon release more information about its work with generative AI, according to the spokesperson.

“DHS is actively exploring pilots of generative AI technology across our mission areas and expects to have more to share in the coming weeks,” the spokesperson said.

The post Homeland Security adds facial comparison, machine learning uses to AI inventory appeared first on FedScoop.

The agency is considering awarding a five-year blanket purchase agreement against the General Services Administration’s multiple award schedule for application development and operations and maintenance support. In order to be awarded the project, offerors would have to participate in a source selection procedure comprising two phases.

The request states: “The mission of the Office of Information and Technology (OIT) within U.S. Customs and Border Protection (CBP), is to deliver high-quality information technologies and services to CBP, other government agencies, the traveling public and the international trade community in support of the agency’s day-to-day activities to secure the border and facilitate trade and travel.”

OIT manages the larger agency’s IT operations and technology infrastructure to support employees’ ability to be responsive to new threats, including officers and agents who perform field operations. 

Within the request, the agency provided a sample of operations and maintenance metrics to demonstrate the issues that the Cargo Systems Program Directorate team handled from January 2023 to August 2023. 

“From May to August 2023, CSPD received between 45 to 120 new incidents per week with an average of 81 new incidents created per week,” the notice states. “CSPD teams resolved between 45 to 100 incidents a week with an average of 81 incidents resolved per week.”

CBP’s acquisition strategy, listed on the RFI, contains two phases for “offerors” to participate in, earning ratings from the agency to determine their progression through the award determination process. The award would be based on a “best-value trade-off basis,” gathered from the procedures. 

Phase one will require information offerors to address “project scenarios applicable to the subject requirement” in order to demonstrate their capabilities to support complex challenges through written technical responses. The agency would then evaluate and rate every response, letting only the highest-rated offerors be considered for the second phase. 

For the second phase, the notice states that information offerors would have to provide “technical and management approaches,” along with evaluations based on past experience and performance.

The post Customs and Border Protection begins process for IT acquisition appeared first on FedScoop.

CBP’s passenger systems program directorate has until Sept. 30 to move all of its applications to the cloud, Tyson Walker, director of the TECS Modernization Division within that directorate, said during an ACT-IAC event Wednesday. He added that any apps that are not moving to the cloud are being retired and eventually replaced.

Once the apps are moved over, the agency will begin to migrate the rest of its databases to the cloud. Eventually, CBP’s physical data center will be closed down, Walker said.

“The app layer is generally like I mentioned, it’s our low-hanging fruit because we’ve already containerized [them on-premise], we’re just deploying our apps” to the cloud, Walker said in the session. 

Walker reported that 76% of the app layer has already been moved over to the cloud and believes the agency will get more than 90% migrated by the deadline. After moving apps, the directorate will focus on moving over databases within the following year. He said many of those have already been migrated as well.

“CBP wants everything migrated, all their systems migrated to the cloud by 2025,” Walker said. “Within my directorate, our deputy assistant commissioner has given us 2024. So he wants everything done a year prior to when we have to be out.”

The passenger systems directorate has identified applications that are not going to be migrated because they are either going to be replaced with a modernized version, or the app’s functionality will be moved to another app that is being moved to the cloud. 

“Nothing is going to our physical data center for CBP. It’s going to be literally closed down in a few years,” Walker said. “So everything is moving to the cloud. And if it’s not moving to the cloud, it’s getting retired and sunsetted.”

CBP is also in the process of migrating some apps while they’re being modernized, which Walker called “kind of the worst case,” because of the timelines for the migration. He noted that the agency will not complete this process for these specific apps in time for the Sept. 30 deadline.

The post Customs and Border Protection directorate fast-tracks move to the cloud appeared first on FedScoop.

The Department of Homeland Security agency identified the cybersecurity model as an area of focus in its IT strategy document for 2023 to 2027, which was published recently. Ensuring federal agencies adopt zero-trust architecture remains a top priority for the White House.

In the new report, CBP said one of its goals for the next four years is to shift its existing “perimeter-facing” cyber protection model to zero trust in an effort to “create a more robust and resilient security, simplify security management, improve end-user experience, and enable modern IT practices.” 

The move comes as the Biden administration has focused on zero trust implementation across the federal government to enhance cybersecurity. In January 2022, the Office of Management and Budget outlined a path for implementing zero-trust architecture throughout the federal government by 2024 and required agencies to start taking certain steps. 

Zero trust refers to a cybersecurity framework that includes continuous authentication throughout its architecture for improved security. The structure moves away from models with defenses that existed at only the perimeter of a network.

CBP also listed developing and maintaining its cyber workforce and improving cybersecurity awareness at the agency as part of its cyber goals. In addition to cybersecurity, CBP’s strategy includes goals for mission infrastructure, mission applications, trusted partners, enterprise IT governance and Chief Information Officer business operations.

The post Completing move to zero trust among Customs and Border Protection’s new IT goals appeared first on FedScoop.