For the US-Americans who still have a job, their homes are their new workplaces. Zoom is the new conference room; a messy dining room table is a de facto desk. Among the workers with the luxury of getting paid from the comfort of their couches are business people, journalists, nonprofit staff—and the engineers maintaining the United States’ automated facial recognition system that shares citizenship applicants’ information with law enforcement agencies, like the Federal Bureau of Investigation, and civil society organizations.
The US Citizenship and Immigration Services (USCIS) permitted the contractors behind their biometric capabilities to do “telework”, according to a modification notice published on the federal government’s contracts website on March 17, two days after a White House letter urged federal agencies to provide more telework opportunities to their employees.
Raking in $89 million for the deal, the contractor designed, and now operates, a “custom biometrics system” that “automated facial and iris recognition” for lawful immigration applications, while also “speed[ing] delivery of new capabilities to field agents” and “scal[ing] to meet the capacity of biometrics storage,” among other things, the company wrote in a case study.
As a matter of work, the contracted engineers have access to “sensitive” personally-identifiable information of non-citizens, the contract work statement notes. As a result, they have extensive security hardware requirements and procedures. But does that translate to their home? It’s unclear—Filter is awaiting responses from the contractor.
But one nongovernmental organization has warned that the migration of work to the home comes with risks. People keen on accessing private information are “taking advantage of the fact that many people who are working from home have not applied the same security on their networks that would be in place in a corporate environment,” wrote the World Economic Forum in a March 30 update to their Global Agenda.
Even when operated in the office, the functioning of the biometric system has some serious privacy issues. The USCIS biometric information is shared in bulk with the FBI’s Next Generation Identification, a program used for criminal background checks—in effect potentially breaking the statutorily-protected privacy of the estimated 50,000 immigrants who have been abused or trafficked. Organizations like social service agencies use the FBI’s background-checking tool to evaluate beneficiaries, and they may be accessing restricted information about the applicant’s history.
In 2017, the Privacy Office ordered USCIS to develop an Information Sharing and Access Agreement with the FBI, but as of February 2020, they have yet to do so.
The bulk sharing is an issue of the USCIS, not necessarily of the contractor. But if there’s already glaring system-wide lapses in privacy protection, what are we to make of the people managing the biometric database working in spaces that have been identified as vulnerable to cyberattacks?
Photo by @neonbrand via Unsplash