Comments by the Center for Immigration Studies
On a Proposed Rule
By the Department of Homeland Security
To Expand the Use of Biometric Identifiers
This commentary is in response to the publication in the Federal Register of a Proposed Regulation by the Department of Homeland Security (DHS) and its subordinate agency, U.S. Citizenship and Immigration Services (USCIS) at 85 FR 56338 on September 11, 2020. The commentary is submitted on behalf of the Center for Immigration Studies, a nonpartisan organization dedicated to the study of all forms of immigration and naturalization to the United States, as well as the laws, regulations, and policies that undergird them. Following are our views.
While we follow the general outline of the proposed regulation in offering our views, the subject matter titles in italicized print are ours, as a way of pointing to the particular area of concern upon which we are commenting. All references to page numbers relate to the Federal Register (F.R.) annotations indicating beginning and ending of printed pages.
II. Executive Summary
A. Purpose and Summary of the Regulatory Action
As we understand it, the regulation proposes to amend and amplify current rules regarding the collection and retention of various forms of biometric data by USCIS, as well as its sister subordinate DHS agencies, U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE), when dealing with biometrics collected under the USCIS regimen.
Promulgation of the Regulations
As a first general observation, we commend DHS and USCIS for the promulgation of these regulations, which are, in our opinion, overdue given the advances made to date in the collection, retention, and use of biometric identifiers. They will substantially aid the Department and its agencies in protecting the national security and the public safety and combating fraud in the immigration and naturalization benefits processes.
Speaking with One Voice to Garner Public Trust on Biometric Collection
We note, however, that as DHS itself states within the summary of the proposed regulations, increased collection of any form of biometrics, including DNA, will be a subject of great sensitivity and scrutiny. For this reason, it is imperative that the rules and policies governing collection, retention, use, and potential sharing be clear, concise, and completely consistent across the entire organizational platform, as well as within each agency bearing a responsibility for biometrics collected pursuant to the regulatory scheme. To this effect, we direct your attention to the recent Government Accountability Office (GAO) report concerning facial recognition biometrics collected by CBP for entry/exit purposes (GAO 20-568, "Facial Recognition: CBP and TSA are Taking Steps to Implement Programs, but CBP Should Address Privacy and System Performance Issues", September 2020). Although CBP's data collection and purposes differ from those proposed under this regulation, the fundamental point remains the same: Garnering and maintaining public understanding — and therefore trust — is paramount and best served by ensuring that the department and agencies speak with one voice, without deviation, in forms, statements, Q&As, online and public remarks, and how the personally identifiable information (PII) collected via biometrics may be applied. As the GAO report makes clear, this is not an easy matter given the multiplicity of agencies and field offices that will be involved.
What Constitutes an "Immigration Benefit"?
DHS states in the summary of proposed regulations, at p. 56341, that:
The proposed definition of biometrics would authorize the collection of specific biometric modalities and the use of biometrics for: Identity enrollment, verification, and management in the immigration lifecycle; national security and criminal history background checks to support determinations of eligibility for immigration and naturalization benefits; the production of secure identity documents; and to perform other functions related to administering and enforcing the immigration and naturalization laws.
While this seems all-inclusive, we are obliged to ask: Is admission to the United States at a port of entry an immigration benefit, and therefore encompassed in the full panoply of biometrics collection? We think it is, and we believe the department should say so directly, even though the POE admissions process is not the prime focus of this regulation, because it will pave the way for further regulatory development by CBP in its inspectional responsibilities and also because doing so is consistent with an enterprise-wide approach to biometrics throughout DHS.
Types of Biometrics Collected
Reference is made in various places within the summary and other portions of the proposed regulation to the types of biometrics collected. All are enumerated in a series of bullet points enumerated on p. 56341. It is not a surprise that these modalities correspond almost exactly to the biometrics collectively comprising the FBI's Next Generation Identification (NGI) systems. We do not say this disparagingly but with approval. Collection of various biometric modalities is most useful when there are other databases and systems against which the DHS collections may be compared, when permitted by statute, regulation, and policy. Ensuring compatibility with NGI therefore is essential for DHS across its entire enterprise, where biometrics is concerned.
We note, though, that NGI will also provide the capacity to conduct text-based searches of tattoos, scars, and marks that might be of use in specific cases, but no reference is made to such a modality by DHS. Consistent with our prior remarks about the importance of transparency, we suggest that the regulations be modified to specifically provide for this capacity when an individual presents unusual physical characteristics that would be useful to search against, even though it is a kind of "biometrics-at-one-remove". Use of this capacity might be particularly useful, for example, when conducting benefits adjudications involving asylum, refuge, or other important and sensitive cases (withholding, CAT) in order to eliminate the possibility of terrorists, war criminals, human rights abusers, or internationally wanted persons from adopting new identities to enter the United States, as has happened in the past, both distant and recent. While use of this NGI subsystem would certainly be an outlier among the hundreds of thousands of applications and benefits handled annually, as a tool it should not be foreclosed. The history of every conflict from World War II on clearly shows that persecutors often avail themselves of the very immigration mechanisms designed to shelter their victims from them.
We recognize that regulations provide for confidentiality of information in refugee/asylee cases, but believe that should DHS work closely with the FBI's Criminal Justice Information System division in order to develop a "blind" testing mechanism, if this is deemed legally necessary to permit maintenance of confidentiality while minimizing the chance that serious malefactors can abuse the immigration system to obtain benefits permitting them to live and work in the United States. (We further discuss blind testing later in our comments, under "Collection and Handling of DNA as a Biometric".)
Biometric Collection Exclusions
In its summary (see, specifically, footnote 4), DHS states that it "will not require biometrics to be submitted by agents, representatives, interpreters, preparers, or guardians." (Emphasis added.) Failing to collect biometric data from guardians puts alien minors at risk. Much is made throughout the summary about the importance of protecting vulnerable children from the risks of predation from human traffickers and smugglers, and fraudsters posing as family. (See, e.g., p. 56340: "DHS proposes to collect biometrics at any age to ensure the immigration records created for children can be related to their adult records later, help combat child trafficking, smuggling, and labor exploitation", and p. 56341: "DHS's ability to collect biometrics, including DNA, regardless of a minor's age, will allow DHS to accurately verify or refute claimed genetic relationships among apprehended aliens and ensure that unaccompanied alien children (UACs) are properly identified and cared for.")
This legitimate concern is the fundamental basis for DHS's argument in favor of a) eliminating age restrictions on the collection of biometrics; and b) including DNA sampling among the techniques to be used. If, however, individuals into whose care ("guardians") are not also subjected to the same rigorous checks as others — including, ironically, the minors themselves — the regimen for protecting these children is self-defeating. The department must reconsider this exclusion because without adequately investigating the background and bona fides of non-familial adults into whose care an alien minor will be placed, DHS might find itself handing such minors over to individuals who intend to use, abuse, or manipulate them. We note that this has already happened in the past, for example in one instance when so-called sponsors took charge of unaccompanied minor border-crossers from the Office of Refugee Resettlement and those minors were later discovered working manual labor in near-peonage conditions.
Not only should the department subject guardians to biometric checks, but it should do so even when an individual has been formally designated a guardian by state administrative agencies or courts of jurisdiction. The reason is simple: Should by tragic circumstance an alien child be placed into the hands of a designated guardian later discovered to be predatory or abusive, the scrutiny will be intensive and the questioning harsh in asking why DHS and its subordinate agencies did not use due diligence and its own authorities in order to determine the fitness of the guardian before handing over the child. It is unlikely that post-facto rationalizations or justifications will spare the department from extraordinary criticism and loss of public trust if it did not use its authorities to conduct biometric checks when it had the opportunity to do so.
When Biometrics May Be Required in Reopened Cases
The summary, at p. 56341, states in pertinent part, "The rule further proposes that a lawful permanent resident or U.S. citizen may be required to submit biometrics if he or she filed an application, petition, or request in the past and it was either reopened or the previous approval is relevant to an application, petition, or benefit request currently pending with DHS." (Emphasis added.) This leaves an open question in our minds as to cases involving denaturalization investigations where it is suspected that an individual has committed fraud or material misrepresentation in the procuring of citizenship and an inquiry begun. We think this should be considered a "reopening" within the context of the rule. The significance of the issue is hardly a one-off, given the findings from past Office of Inspector General reports regarding the massive amount of identity fraud that apparently attended thousands of cases involving naturalization of criminals, prior deportees, and other aliens ineligible for citizenship — enough cases that USCIS found it necessary to create from whole cloth field denaturalization units, and the Justice Department's Civil Division created a unit of litigators dedicated to denaturalization (see also, e.g., the Justice Department press release regarding the first successful denaturalization as the result of Operation Janus). It is our understanding that many hundreds of cases continue to be looked into under Operation Janus and Operation Second Look. Clearly, the capability to require newly obtained biometrics to compare against past records of the suspect could be useful, sometimes critical, in such cases. DHS and USCIS should be more specific in outlining the circumstances under which a denaturalization investigation constitutes a "reopening".
Inconsistent Application of Biometrics Rules Between DHS and DOJ
The regulatory summary, at p. 56340, acknowledges that there are significant discrepancies between the proposed rule governing DHS collection and maintenance of biometrics, and those being used by the Executive Office for Immigration Review (EOIR), which constitutes the immigration courts and appellate tribunal within the Department of Justice:
DHS recognizes that removing the age restrictions associated with biometrics collection in DHS regulations, without removing the age restrictions in DOJ EOIR regulations, could create disparate processes for biometric collections in immigration adjudications. Specifically, a child under 14 may be required to submit biometrics for an application submitted to USCIS, but the same child would be exempt from biometrics for an application submitted with DOJ EOIR. These disparate authorities could also cause confusion given USCIS collects biometrics at its ASCs for many applications and petitions adjudicated by EOIR. However, DHS and DOJ will continue to be bound by their respective regulations. To the extent that any controversy may arise interpreting DHS and DOJ regulations regarding the removal of age restrictions for biometrics collection, until DOJ removes its age restrictions DHS intends to follow DOJ regulations with respect to age restrictions when collecting biometrics for an application or petition that will be adjudicated by EOIR.
We are concerned that the discrepant rules will not only act to undermine public understanding and trust in collection of biometrics for immigration purposes, but also result in significant internal confusion, and possibly error, within DHS agencies when acting as the executors of DOJ collection policies. We are left to wonder why the two departments did not coordinate a rollout of revised and updated biometrics collection that would have included the immigration courts, given the stakes involved. If inter-department dialogue is necessary to achieve this, it should be done, sooner rather than later. The promulgation of these regulations makes the matter even more pressing.
Collection and Handling of DNA as a Biometric
The department proposes to expand its use of DNA testing, when relevant to adjudications involving relationships based on familial ties that genetics can prove or disprove:
DHS currently does not have in place express regulatory provisions to require, request, or accept DNA testing results to prove genetic relationships, but because documentary evidence may be unreliable or unavailable, in some situations, individuals are allowed to voluntarily submit DNA test results. Under this rule, DHS may expressly require, request, or accept DNA evidence to demonstrate the existence of the claimed genetic relationship. DHS proposes to treat raw DNA (the physical sample taken from the applicable individual) that is taken as a distinctive biometric modality from the other biometric modalities it is authorized to collect, and not handle or share any raw DNA for any reason beyond the original purpose of submission (e.g., to establish or verify a claimed genetic relationship), unless DHS is required to share by law. [Emphasis added. Proposed rule at p. 56341.]
We wholeheartedly agree with the expansion, which is consonant with advances in the science and testing procedures relevant to DNA, and which will act to significantly curb fraud while protecting alien minors, as discussed previously. We are deeply concerned, however, about the phrase "unless DHS is required to share by law", which implies a failure or refusal to share other than in undefined, exceptional circumstances. We believe this constitutes a misinterpretation of the law.
In justifying its position, DHS in the summary refers to Sec. 1367 of Title 8 in the United States Code (U.S.C.), which in subsection (a) lays out limitations on use of PII (including biometrics) when it has been collected for purposes of an immigration adjudication, and further provides for penalties to be levied against officers and employees who violate those limitations. But paragraph (2) of subsection (b) includes a significant exception to the limitations and penalties that DHS apparently chooses to ignore, to wit:
(2) The Secretary of Homeland Security or the Attorney General may provide in the discretion of the Secretary or the Attorney General for the disclosure of information to law enforcement officials to be used solely for a legitimate law enforcement purpose in a manner that protects the confidentiality of such information. [Emphasis added.]
The problem with the language of the rule as proposed is one of circularity. DHS states that it will comply with legitimate law enforcement requests, but law enforcement agencies (LEAs) are unlikely to know that DHS is in possession of DNA samples that are relevant to their cases because the department has maintained them in confidentiality. This will almost inevitably at some point result in the grant of a benefit to an individual who later proves to have been culpable of heinous crimes that might have been prevented, or the suspect apprehended more rapidly — both of which are clearly in the interest of public safety and national security — were a different approach taken, in which the department opted instead to establish a strict regimen that is respectful to PII but not blind to the risks of refusal to share.
We do not speak in hyperbole when we state that the current regulatory proposal is not in the public interest. Department officials should remember that it has happened before; we refer specifically to the Resendez-Ramirez and Batres cases, both of which even to this day many years later figure prominently in FBI Criminal Justice Information System (CJIS) division literature. (See, e.g., section 1.5 of the FBI's "Privacy Impact Assessment Integrated Automated Fingerprint Identification System (IAFIS)/Next Generation Identification (NGI) Biometric Interoperability" document.) Although the biometrics in those cases, which involved multiple murders and rape, were fingerprints and not DNA, the point remains the same: The suspects remained at large because information available within DHS databases was not shared with other agencies.
In specific relationship to DNA, we note that the FBI has developed a robust DNA database and matching capacity (NDIS/CODIS). This allows for comparison of DNA samples collected at crime scenes with DNA samples contained in various repositories, thus allowing police to identify the crime scene samples and move toward identifying and arresting suspects in such cases, which for the most part involve serious crimes such as murder and sexual assault. Without comparison of DNA samples collected by DHS and its component agencies, such matches will never occur and suspects may remain at large for a significant period of time, and when ultimately apprehended, if the trail leads back to DHS having been in possession of DNA samples that might have resulted in rapid apprehension and resolution, there will be an unending series of criticisms and unanswerable questions.
As we noted earlier in our comments, the department must promptly engage in consultation with FBI CJIS to determine whether it might be possible to establish a system of blind-match testing in which samples are submitted identified by singular alphanumeric identifiers (perhaps generated by computer algorithms) without sharing other PII relating to any sample. Under such a regimen, if a match were to occur, the FBI would notify the interested LEA, which could then formally request from DHS/USCIS the remainder of the PII relating to the alphanumeric identifier in order to permit it to further the criminal investigation. Such a system of blind testing would allow DHS to safeguard the privacy of individuals whose DNA does not result in a match, while at the same time furthering the interest of public safety by ensuring that criminals do not remain free to commit further crimes or be granted immigration benefits to which they are not entitled. It is clear that the language of 8 U.S.C. Sec. 1367(b)(2) contemplates and permits both the DHS Secretary and the Attorney General to authorize participation in exactly such a system.
VAWA and "T" Visa Biometrics Collection
The proposed rule would require Violence Against Women Act self-petitioners to provide biometrics as a way of more fully and accurately determining whether such petitioners have criminal records or are persons of good moral character (GMC). We endorse this change. However, DHS suggests that it will then eliminate as redundant the current requirement of producing police clearance letters from the self-petitioner's places of residence for the three years before filing. Clearly, collection of fingerprints, photos, etc., for matching against FBI databases will not reveal criminal histories in foreign countries.
The police clearance requirement should be maintained in the regulations for any period a self-petitioner resided abroad over a defined timeframe — perhaps 10 years, which is consistent with some other provisions of the Immigration and Nationality Act relative to GMC. Such a course would be consonant with the department's intent to extend the GMC requirement as indicated in its summary remarks. It is also consistent with the department's stated course of action with regard to "T" visa applicants, who will continue to be obliged to submit foreign police clearance letters.
We recognize that foreign police clearance letters are susceptible to fraud and forgery, particularly when collected by the petitioners themselves, but think that they are nonetheless useful, if for no other reason than that if discovered to be fraudulent, the submitting self-petitioner may be prosecuted and stripped of her/his status and removed.
Limited Retention and Use of Biometrics
The summary, at p. 56345, states, "The expanded use of biometrics stands to provide DHS with the improved ability to identify and limit fraud because biometrics technology measures unique physical characteristics that are more difficult to falsify than documentary evidence of biographic information, when collected under controlled circumstances and retained and used for a limited period of time." (Emphasis added.)
We are unable to discern the utility of discarding biometrics that have been previously collected, provided that appropriate safeguards have been built into the systems that collect and retain the information. In fact, we believe that doing so is completely contrary to the department's earlier assertions that expansion of its collection and use of biometrics will aid in combating fraud, and protecting national security and public safety during the entire immigration lifecycle in a person-centric system. Absent prior baselines, how can later iterations of biometric collection be compared against the same individual to protect against identity theft, or to provide additional opportunities to continually vet individuals to ensure that they have not become criminals or national security threats? They cannot.
We strongly suggest eliminating the phrase "... retained and used for a limited period of time". It is anathema to a "person-centric" system which relies on baselines and increments in its biometric collection system to ensure the kind of continuous vetting the department contemplates, and which has become so obviously necessary in our modern immigration system to protect the American people against ongoing asymmetric national security, terrorist, and transnational gang threats.
B. Summary of Costs and Benefits
Has Historical Fee Waiver Statistical Data Been Applied in Arriving at Costs and Benefits?
Throughout the summary, the department makes reference to the fact that fee waivers may be granted to various individuals seeking benefits, which will inevitably include therefore waivers of the proposed new fees for biometrics collection. We note also that certain categories of applicants such as asylees or refugees do not pay fees, at least under currently existing extant regulations.
The question comes to mind, therefore, with regard to Table 1 on p. 56344, whether the total quantitative figures for the two bullets found at the top of column two:
- $158,940,196 for about 2.17 million individuals to submit biometrics
- $138,356,283 for about 1.63 million new $85 biometric services fees
account for either the categories of alien applicants who do not pay fees or for those who are granted waivers.
In regard to the latter (fee waivers), we presume that USCIS maintains figures relating to the percentage of various applications in which fee waivers are granted, which would permit more precision in calculating fees collected. If, on the other hand, USCIS does not maintain such figures, then we suggest that the agency's business management model is flawed since it is impossible to monitor either the consistency or propriety of waivers granted by officers if they are not subject to quantification and examination. Over the course of time, this could have an appreciable impact on the agency's capacity to support itself through the collection of fees — something that has become a source of considerable public discussion of late. The question of adequate fee waiver data — and how much waivers are costing the agency — becomes even more pressing in light of a recent federal district court decision out of California in which DHS's new proposed regulation for enhanced fees was enjoined.
The same fee-waivers question arises for that category later found in column two which relates to DNA collection:
- Potential annual costs for principal filers and beneficiaries/qualifying family members to submit DNA evidence range from $22.4 million to $224.1 million. These figures are based on current costs and depend on how many individuals submit DNA evidence in support of a family-based benefit request.
In any case, it is imperative that the department state forthrightly whether or not past statistical data regarding how often, and for what applications and petitions, fee waivers have been granted in providing the calculations described above in the Tables contained in the proposed rule — and if not, why the data has not been provided.
III. Background and Purpose
B. The Use of Biometrics by DHS
Application of Section 1367 of Title 8 of the United States Code
The final paragraph of Section III B of the summary speaks in detail about the content and application of 8 U.S.C. Sec. 1367, but focuses exclusively on the provisions relating to confidentiality and penalties for improper disclosure. We believe that this focus lends itself to an inappropriate and imbalanced emphasis. In prior comments, we have pointed out the importance of the follow-on subsections of that statutory provision, at 8 U.S.C. Section 1367(b)(2), which authorizes disclosures for legitimate law enforcement purposes.
While in our commentary we discussed the possibility of engaging in blind-match testing or other mechanisms in comparisons of DNA against the FBI NDIS system, it is clear to us that even in the absence of blind match testing, it is entirely within the discretion of the DHS secretary to authorize DNA comparisons when there are legitimate law enforcement reasons to do so. We believe that the scenarios and real-life examples that we laid out, for instance with the Resendez-Ramirez and Batres cases, provide more than adequate justification and in fact create an expectation that the department take a more responsible position toward the sharing, under strict safeguards, of this critical law enforcement tool.
Taking a more constrictive interpretation defies logic. Consider: it is accepted practice to routinely submit fingerprints of applicants, including a multiplicity of individuals seeking benefits covered by confidentiality provisions, in order to ensure that they are truly eligible and not terrorists, national security threats, predators, criminals, or other wanted persons. Fingerprints, like DNA — indeed, like palm prints, voice prints, and iris scans — are all unique individual biometric identifiers. If the confidentiality provisions are to be construed so stringently, then should those other identifiers also not be shared? But of course to arrive at such a conclusion is illogical because confidentiality must always be balanced against the public safety when administering a regimen of benefits to be granted to, or withheld from, aliens for any reason.
In short, it is not in the interest of the United States or its citizenry to permit serial killers or violent predators to go unapprehended or, worse, to derive immigration benefits, simply because of a willful failure to "connect the dots", when that can be done by match testing against available DNA samples of wanted suspects. For this reason, we strongly encourage amendment of the proposed regulation to make clear that DNA will be tested against FBI databases in a manner consistent with a balance of personal privacy with public interest.
IV. Discussion of Proposed Changes
B. Verify Identity, Familial Relationships, and Preclude Imposters
2. Special Treatment of DNA Evidence
Circularity of Logic with Regard to Use, Retention, and Sharing of DNA
Much is made of the unique nature of DNA biometrics and the sensitivity surrounding DNA collection. We do not dispute this, but also believe that to focus entirely on sensitivities at the expense of public safety and national security will ultimately result in avoidable tragedy. How, exactly, will LEAs know that a DNA sample collected by the department or its subordinate agencies may be of use or significance to them if there has been no match testing in advance? They will not, and this puts them into the invidious position of engaging in unnecessary fishing expeditions to find out, once they become aware of the existence of a DHS DNA database. This in turn will force DHS to decide whether it will entertain such speculative requests or fight them legally — which is neither a desirable nor necessary position for the department to place itself in when the law itself provides for reasonable and intelligent alternative courses of action.
Instead, it is better by far to establish a rigorous system of automated and secure testing that dispenses with the need for such fishing expeditions and allows both DHS and its federal, state, tribal, and local partners to focus only on suspects of legitimate interest. In fact, it can readily be argued that establishing a nationwide system of match testing actually enhances confidentiality and privacy by reducing the kind of ad hoc approaches (and concomitant chances for error in decision-making by field offices), if and when they are approached by LEAs within their geographical jurisdiction seeking to determine whether DHS is in possession of DNA-specific information that might aid them in solving criminal investigations.
For this reason, the department must rethink its position on the use and retention of biometrics (most especially including DNA) prior to promulgating the final regulation. It must not dispense with elements of its core mission — protecting the national security and public safety — when the law permits it by regulation to establish an automated matching system that promotes those values while at the same time respecting privacy.
This concludes our commentary on the proposed regulatory changes. We are pleased to have had the opportunity to offer our views.
Dan Cadman, Fellow
Center for Immigration Studies