DHS is Collecting Biometrics on Thousands of Refugees Who Will Never Enter the US

The Homeland Security Department months ago started collecting biometric information on every refugee who is referred for resettlement in the United States, and it retains the data even if those people never set foot in the country.

Every year, the United Nations High Commissioner for Refugees sends profiles on tens of thousands of refugees to federal agencies, which uses that information to determine if the person can enter the country. Those profiles contain biographic information like name, birthday and country of origin, and as of late, they also include biometric data.

In January, the UNHCR entered an agreement with U.S. Citizenship and Immigration Services to share fingerprints, iris scans, face images and other biometric data on the refugees it refers for resettlement in the U.S. The agency said the agreement will help officials better identify and vet potential refugees. However, the program will also trap some of the world’s most vulnerable people in federal law enforcement’s web of biometric data-sharing agreements, which has come under sharp scrutiny in recent months.

“Biometric verification guards against substitution of individuals or identity fraud in the resettlement process,” USCIS officials said in a privacy impact assessmentfor the program. “Many refugees live for long periods in asylum countries, and the use of biometrics ensures that there is [an] unbroken continuity of identity over time and between different locations.”

Related: Trump Removes Top DHS Staff

Related: How DHS Is Trying to Sort Good Cyber Tools from Snake Oil

Related: Trump’s Border Obsession Is Courting Disaster

According to the PIA, USCIS will use biometric data to identify individuals during security screenings, interviews and other steps in the refugee admissions process. Officials said the information will be stored in Homeland Security’s Automated Biometric Identification System, or IDENT, and eventually its replacement system, the Homeland Advanced Recognition Technology. According to agency officials, IDENT already houses biometric information on more than 250 million people.  

While USCIS requires biometric data collection for all immigration services, the information-sharing program with UNHCR could ultimately allow the agency—and its numerous federal partners—to build biometric profiles on people who never enter the country. 

Individuals might drop out of the refugee resettlement process for a variety of reasons, but the department “may in those cases continue to hold biometrics on individuals it may not encounter,” officials said in the PIA. According to UNHCR data, less than a quarter of the nearly 85,000 cases reviewed by USCIS in 2018 resulted in the refugee being approved for admission to the U.S. The agency rejected 33,485 refugee referrals and closed another 30,438 cases for unspecified reasons, but under the new program, it would still be able to maintain biometric profiles on those individuals.

And the Homeland Security Department isn’t the only group that can access that data. The agency shares its biometric database with numerous agencies “tasked with national security and counterterrorism responsibilities,” including but not limited to the Justice, Defense and State departments. According to the PIA, those agencies could gain access to biometric and biographic data on a refugee whenever they can demonstrate a “mission-related need” and Homeland Security has uncovered “derogatory information” on that individual. In the PIA, officials didn’t specify what sort of information would meet those thresholds.

“A centralized database of biometric data belonging to refugees, without appropriate controls, could really lead to surveillance of those refugees as well as potentially coercive forms of scrutiny,” Amos Toh, an artificial intelligence researcher at Human Rights Watch, said in a conversation with Nextgov. “I think there needs to be a lot more clarity on … how this data is being shared and is being used.”

In the PIA, USCIS officials also said the agency doesn’t obtain direct consent from applicants before they receive their biometric data, so they rely on the UNHCR to “inform individuals … that it may share their data.”

However, Toh said language and cultural barriers, as well as the “enormous power disparities between humanitarian agencies and refugees,” could make it difficult for people to give informed consent. Other humanitarian aid workers have expressed similar concerns.

“If there are issues around consent, then sharing [biometric data] with third-party governments like the U.S. really compounds that problem,” Toh said.

In recent months, lawmakers from both parties have called for stricter regulationson the government’s use of facial recognition and other biometric identification software. Despite the backlash, the Homeland Security and other law enforcement agencies plan to ramp up their use of the tech in the years ahead.