22 July 2022
The US Department of Homeland Security (DHS) is touting ‘Enhanced Border Security Agreements’, offering access to its vast biometric databanks in exchange for other states reciprocating. Reports suggest the UK is already participating, although there is no official confirmation of this. In the EU the proposals have caused a furore amongst privacy-minded MEPs. A document produced by the DHS, obtained by Statewatch, shows what the USA is offering foreign states.
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
Transatlantic marketing effort
The document (pdf), entitled ‘DHS International Biometric Information Sharing (IBIS) Program’ and with the sub-heading ‘Enhanced Biometric Security Partnership (EBSP)’ is effectively a sales pitch to potential “foreign partners”.
The IBIS Program, it states, provides “a scalable, reliable, and rapid bilateral biometric and biographic information sharing capability to support border security and immigration vetting,” which:
“…creates value for the United States and its partners by detecting fraud, identifying transnational criminals, sex offenders who have been removed from the United States, smugglers of humans and narcotics, gang members, terrorists and terrorist-related information, and the travel patterns of criminals.”
270 million identity records
It does this by providing “partners” with access to vast quantities of data held by the DHS, namely the IDENT/HART database, “the largest U.S. Government biometric database and the second largest biometric database in the world, containing over 270 million identities from over 40 U.S. agencies.”
These include “the U.S. Departments of State, Justice, and Defense, and state and local law enforcement entities,” says the document.
States that wish to participate must first negotiate an “Enhanced Border Security Agreement (EBSA) or similar agreement,” which provides “a flexible but enduring framework to facilitate information exchange for criminal, border and national security, immigration, and counterterrorism purposes”.
Participating states may then submit biometrics to the DHS through “a secure encrypted gateway called the Secure Real Time Platform (SRTP)”. The document notes that this can be done “at high volumes (up to millions of transactions each year)”.
In response to a successful search “DHS can immediately provide available and sharable associated biometric, biographic, derogatory, and other encounter information to the partners,” a process that the DHS boasts does not require any manual intervention – for example, to check whether legal requirements have been fulfilled.
The quid pro quo, of course, is reciprocal access to the databases of partner states:
“In turn, DHS may submit biometrics to IBIS partner countries to search against their biometric identity management systems in order for partner countries to provide DHS with sharable biographic, derogatory, and encounter information when a U.S. search matches their biometric records. This high-volume matching and data exchange is accomplished within minutes and is fully automated; match confirmation and supporting data is exchanged with no officer intervention.” (emphasis added)
As Pirate Party MEP Patrick Breyer pointed out after a meeting of European Parliament civil liberties committee members with the DHS:
"Millions of innocent Europeans are listed in police databases and could be exposed to completely disproportionate reactions in the USA. The US lacks adequate data and fundamental rights protection. Providing personal data to the US exposes our citizens i.e. to the risk of arbitrary detention and false suspicion, with possible dire consequences, in the course of the US “war on terror”. We must protect our citizens from these practices."
Liberal MEP Sophie in 't Veld, of the Renew group, has tabled a parliamentary question to the European Commission to ask, amongst other things, "How will the ‘geopolitical’ Commission prevent the US from gaining direct access to biometric databases in the EU?"
1.1 billion “encounters”
Each of the 270 million identities held in the IDENT/HART database may have multiple ‘encounters’ associated with it, explains the document:
“IDENT contains over 1.1 billion ‘encounters,’ each of which consists of a distinct biometric collection by a U.S. government agency on a specific date and time for a particular purpose. Each of the approximately 270 million unique identities may have multiple ‘encounters’ associated with it, and DHS is able to share information on each separate encounter when there is a biometric match to the identity, consistent with policy and legal requirements.”
Each of those encounters may have substantial amounts of information recorded in relation to them: biometric data, personal information (such as names, nationality, travel document data and more) and “encounter data” (for example, the purpose of the “encounter”, such as a visa approval or “apprehension”).
The document also refers to “derogatory information” which purportedly enables officials “…to quickly understand important contextual information without needing to reference or interpret U.S. law.”
Depending on the permissions granted by “law, policy and international instruments,” this derogatory information may include:
Amongst the purported benefits of detecting criminals and terrorists, the document also refers to “Enhanced Capacity to Share Information Across Ministries and Agencies”; “Advanced Data Analysis”; and “Possible Integration with Other U.S. Programs”. There is no detail on what those programs are.
New requirements for the Visa Waiver Programme
News about the Enhanced Border Security Agreement (EBSA) emerged last month after it transpired that the DHS was approaching EU member state governments directly, bypassing the European Commission.
Matthias Monroy remarked:
“Initially, participation is voluntary. But starting in 2027, it will become mandatory under the U.S. Visa Waiver Program (VWP), which allows visa-free entry into the United States for up to 90 days.
Several times, the government in Washington had tightened the rules in the VWP. Since 2006, travelers have been required to carry biometric passports. This was followed in 2008 by the obligation to pre-register entry in the ESTA travel authorization system.
Finally, bilateral Preventing and Combating Serious Crime Agreements (PCSCs) were required of all VWP participants. Through these, it is mutually possible to request fingerprints and DNA profiles in individual cases.”
The EBSA (which has also been reported under the name of Enhanced Border Security Partnership, while the DHS document uses the term Enhanced Biometric Security Partnership) would vastly increase the scale and scope of biometric data exchange between the USA and “partner” states.
DHS officials reportedly told MEPs that the UK is already participating in the program, although the Home Office refused to give any specific details when asked by The Register.
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.