CBP One: An Overview

On October 28, 2020, U.S. Customs and Border Protection (CBP) launched a mobile device application called CBP One. Over the last two years, the agency has expanded CBP One’s uses, becoming the only way certain migrants seeking entry into the United States can submit necessary information to CBP prior to their arrival. In January 2023, the Biden administration announced that CBP One would be the primary method for migrants arriving at the U.S.-Mexico border seeking asylum at a port of entry to preschedule appointments for processing. CBP One also became the only way that Cubans, Haitians, Nicaraguans, and Venezuelans seeking to secure travel authorization to obtain parole through special programs for those nationalities can submit their biometric information to CBP. The use of CBP One to pre-process asylum seekers has raised concerns both about gaining access to a legal right through a smartphone app and about the privacy implications of the app. 

CBP created a public-facing webpage for the app that describes CBP One’s uses and shares the U.S. Department of Homeland Security’s (DHS) Privacy Impact Assessment (PIA) about the app. The agency updated its webpage in January 2023 as the new scheduling and information submission features became part of new immigration initiatives announced by the U.S. government. CBP’s webpage fails to inform users, however, about how the app is required to complete these new processes or how CBP plans to retain users’ information. The new features significantly expand the use of CBP One beyond the original purposes CBP shared with the public when it rolled out the app. The original uses included 1) providing travelers with access to Form I-94 information, 2) scheduling inspection appointments for perishable cargo, and 3) assisting international organizations who sought to help individuals enter the United States.  

Some of the tools utilized by CBP One, such as the ability to locate users through their phones’ GPS capabilities and the agency’s requirement that users submit photos through the app, have been criticized by advocates, researchers, and even the U.S. government.  

Instead of clearly explaining CBP One’s new functions, which are essentially mandatory for people seeking advance travel authorization or processing at ports of entry, on its public-facing website, DHS updated the CBP One PIA. The PIA is a dense document that details the use and functionality of CBP One but is not easy to understand. In addition, CBP does not announce to the public when it makes updates to the PIA. 

In light of the limited and scattered information CBP has published about the app, CBP One’s future continues to raise concerns, particularly as CBP expands the app’s uses. This fact sheet compiles and discusses the information that is currently publicly available about CBP One.  

How Does CBP One Work? 

CBP One can be downloaded from various online stores that offer mobile applications. After downloading the app, users create an account at Login.gov—a website that allows users access to participating government agencies. CBP One users must provide email addresses, create passwords, and—in some cases—phone numbers to create their Login.gov accounts. Once users have created their Login.gov profiles, they can enter information into the app and access its different functions based on each user’s particular needs.  

As of January 2023, CBP One permits asylum seekers, migrants, and individuals applying for advance authorization to travel as part of the new parole programs to submit information before their arrival at a port of entry.  

On January 5, 2023, DHS announced that individuals seeking to enter the United States under exemptions to Title 42—a law currently used by the government to expel asylum seekers based on the COVID-19 pandemic – can use CBP One to submit information prior to their arrival and schedule appointments at certain land ports of entry at the southern border. Individuals are eligible for exemptions to Title 42 for significant law enforcement purposes, officer and public safety, and humanitarian or public health interests. Individuals seeking an exemption on humanitarian grounds must attest that they have a vulnerability that would qualify them and may be required to submit documentation of that vulnerability upon arrival but will not be able to upload these documents through the app. 

With restrictions under Title 42 potentially set to expire on May 11, a proposed regulation to process individuals seeking access to southwestern border ports of entry specifies how CBP One will be used after Title 42 restrictions expire. The regulation, if adopted, would restrict asylum to those who arrived unannounced at a port of entry and have been denied asylum in those countries through which they traveled. This restriction, however, does not apply to people who can reach Mexico and are able to make an appointment for processing at ports of entry through CBP One—essentially requiring the use of the app to seek asylum at the southwest border.  Although the proposal allows access to ports of entry without an appointment if users can show they could not access CBP One due to language barriers, illiteracy, significant technical failure, or other ongoing and serious obstacles, it is unclear from the proposed rule how migrants who claim this lack of access will be able to make their case before a CBP officer at ports of entry.  

Previously, CBP One’s function for processing individuals at the border only allowed nongovernmental organizations or lawyers to use CBP One to submit information on behalf of individuals seeking humanitarian exemptions to Title 42. Staff of certain nongovernmental organizations could use the app to input, among other information, a traveler’s name, date of birth, country of origin, contact information, travel history, travel document information, marital status, and information about their parents in order to obtain exemptions in advance of travel and receive appointments for a date and time to present at a specified port of entry. Through CBP One, the agency also collected photos of individuals seeking to be inspected and processed, which were taken by staff members of these nongovernmental organizations so those photos could be matched with photos CBP officers captured at the processing appointment time received by those individuals. In April 2022, CBP also allowed Ukrainian nationals with approved authorization to travel to the United States to use CBP One to enter their own information into CBP systems prior to their arrival at designated ports of entry to seek parole pursuant to the Uniting for Ukraine process. 

Bypassing the previous requirement that requests for exemptions be submitted by nongovernmental organizations or lawyers on behalf of travelers is a significant change. In making this change, DHS stated that users would be able to access the app from central Mexico. 

CBP states that by allowing individuals to preregister, the agency can streamline in-person processing and reduce the time border agents spend entering individuals’ biographic information, thus decreasing the time individuals are detained for questioning during processing. Initially, CBP made submission of an individual’s photograph for this function optional, but agency documents obtained through a Freedom of Information Act (FOIA) request show that a photo became a requirement for this use as well as other CBP One functions. 

The future use of this advance information collection function appears to be expansive in light of the agency’s plan to use CBP One as the main method to schedule appointments at ports of entry for people seeking asylum once Title 42 restrictions are lifted.  

CBP One allows individuals granted humanitarian parole through country-specific parole programs to complete a pre-screening process prior to entry at an airport. 

On October 19, 2022, DHS announced that Mexico had reached an agreement with the United States permitting the expulsion of Venezuelan nationals to Mexico under Title 42, in exchange for the creation of a program allowing a set number of Venezuelans with a sponsor in the United States to apply for humanitarian parole. This program uses DHS’ Advance Travel Authorization (ATA) process to collect information from noncitizens requesting advance authorization to enter the United States and seek a discretionary grant of parole. CBP One is a requirement for the collection of such information. The ATA process requires potential applicants to begin the application for advance parole by submitting financial support information through a U.S. Citizenship and Immigration Services’ web portal, and then submitting their own biometric and biographical information, including their photographs, to CBP through CBP One. Then, ATA applicants must take a “selfie” so that CBP can use the image in various stages of the vetting process. Once applicants enter their information into the CBP systems through CBP One, they receive the agency’s decision of whether to grant the request for advance permission to travel through the myUSCIS portal. 

On January 5, 2023, after a new agreement with Mexico was reached allowing expanded use of Title 42 to additional nationalities, DHS announced the implementation of new parole programs for Cubans, Haitians, and Nicaraguans modeled after the Venezuelan parole program, also known as the CHNV program. Like individuals entering the United States through the Venezuelan parole program, individuals who apply for parole through these programs must submit information through CBP One as part of the process. 

CBP One gives travelers the ability to access information related to their Form I-94.  

Form I-94 is the DHS arrival/departure record issued to travelers who are admitted into the United States. The I-94 records also contains travelers’ anticipated departure date. 

CBP One’s I-94 Mobile feature offers functions similar to those currently available on CBP’s website. In the app, travelers can apply and pay for a provisional I-94 prior to entering the United States. They also can obtain an electronic copy of their most recent I-94, view their travel history, and check how long they can remain in the country. To access this information through the app, however, users are required to submit their photograph to ensure that a “live” person is accessing the app. Documents obtained through a FOIA request show this feature of CBP One was proposed as early as September 29, 2021, yet CBP’s webpage does not indicate that a photo is required to retrieve these records. 

The I-94 feature also allows CBP to collect users’ GPS location for certain uses. For example, DHS’ CBP One PIA reveals that CBP planned to pilot a self-reporting exit feature near certain ports of entry on the northern border in spring 2021 with the hopes of expanding the self-reporting exit feature to the southern border. The app would permit travelers to self-report their exit from the United States by allowing them to send their location using their phones’ GPS capabilities so that CBP can confirm travelers are at least one mile outside the United States as required by the agency. CBP has not announced whether it implemented the pilot program described in the PIA.  

Despite the collection of information through CBP One, CBP insists in its PIA that this feature cannot be utilized to conduct surveillance on CBP One users because the GPS information is only collected at the time users voluntarily submit the information through the app. 

CBP One permits authorized users to verify whether or not individuals were enrolled in the Migrant Protection Protocols (MPP).  

MPP is a program instituted by the Trump administration in 2019 that forced certain individuals seeking asylum in the United States to wait in Mexico for the duration of their immigration proceedings. President Biden’s administration began winding down MPP in February 2021 through a process that required individuals eligible for reentry into the United States to first register with the United Nations High Commissioner for Refugees. The end to MPP has been entangled in litigation, and while individuals seeking asylum are no longer enrolled in  MPP, there are individuals who remain in Mexico awaiting their court hearings in the United States.   

During the MPP wind-down, international organizations could use CBP One to verify that immigrants in Mexico had previously been enrolled in the program. This feature relied on personnel from international organizations identified by the U.S. Department of State who could help MPP enrollees access this feature on the app and could enter information on behalf of individuals potentially enrolled in MPP. Through the app, staff members of the international organizations could access CBP One through a mobile device and take photos of immigrants they were helping. Then, the photos could be compared with pictures in DHS databases to verify that the individuals had a pending case before an immigration judge. CBP One instantaneously generated a confirmation whether individuals have a pending removal proceeding, whether the proceedings have been closed, or if a record based on the photo could not be found. If MPP enrollees did not consent to have a photo taken, the staff members assisting with verification could locate information on removal proceedings by submitting the immigrants’ Alien Registration Number, or A-Number, which is a unique number that DHS assigns to noncitizens. 

Transportation Security Administration (TSA) officers can use CBP One to verify certain travelers’ identities.   
 
DHS’ PIA states that TSA officers can use the app to identify MPP enrollees and other undocumented individuals allowed to travel for domestic travel purposes. Designated TSA supervisors can take photos of individuals to verify whether or not they were in fact enrolled in MPP. MPP enrollees may decline to be photographed, and TSA supervisors may use immigrants’ biographic information instead of a photograph to match information housed in DHS databases. Likewise, TSA supervisors can use a similar function to verify the identity of undocumented individuals who have been authorized to remain in the country who seek to travel. By taking a photo of the undocumented individual TSA supervisors can match travelers’ contemporaneous photo with those in the existing CBP galleries in order to verify travelers’ identities.   

CBP One allows cargo carriers to schedule cargo inspections.  

Cargo carriers may use CBP One as a tool to schedule, reschedule, or cancel their cargo inspections. Merchants also may communicate with CBP officers through CBP One for additional information about their inspection appointments. 

What Are Some of the Concerns Regarding CBP One? 

Issues with Photo Submission Leading to Disparate Outcomes. CBP One requires individuals seeking appointments at ports of entry and CHNV program applicants seeking to apply for travel authorization to submit a photo or “selfie.”  

Individuals who try to get appointments at southwest border ports of entry must submit a selfie to ensure the submission is being made by a “live person.” These photos are stored in “gallery” within the Traveler Verification Service (TVS) system, which is CBP’s matching service for “all biometric entry and exit operations that use facial recognition technology.” During the inspection appointments at ports of entry, CBP officers will take a new photograph of applicants to “match” the new photo with the selfies applicants submitted through CBP One. 

Applicants seeking advance travel authorization for the CHNV programs also submit a selfie with the app to conduct a liveness check. CBP uses the selfie to compare it to applicants’ passport photos and to compare it to other photos accessible by the agency to vet the applicant for law enforcement and national security purposes. The PIA describes the selfies’ uses as follows: CBP uses the selfie image for five distinct purposes: (1) to conduct one-to-one (1:1) facial comparison against the passport photograph previously uploaded to the ATA mobile application from the eChip; (2) to conduct one-to-many (1:n) vetting against derogatory photographic holdings for law enforcement and national security concerns as part of the ATA vetting process; (3) to generate a new gallery of ATA participants for facial comparison when ATA participants arrive at a port of entry; (4) to conduct 1:n identity verification once the participants arrive at the port of entry; and (5) to conduct 1:n vetting against known derogatory photographs for assistance in CBP’s admissibility determination.  

CBP One’s photo capture function has proven problematic. Advocates who assist African and Haitian asylum seekers at the U.S.-Mexico border report that CBP One is not recognizing the photos of many people with darker skin tones when the app is carrying out the “liveness” check. This issue, along with the lack of stable internet and modern mobile phones that support CBP One, has kept thousands of darker-skinned immigrants from properly accessing the app. 

Additionally, there is the potential that the selfies submitted by applicants may be incorrectly matched to the photos in the CBP galleries and these types of errors disproportionately impact racial minorities, leading to increased screening and potentially negative outcomes should a technical error not be corrected. A December 2019 report by the National Institute of Standards and Technology (NIST) found that false positive rates—the algorithms’ erroneous match of two photos of different people—were highest when matching photos of west and east African and east Asian people, and lowest when matching eastern European individuals. In a July 2021 report, NIST said that the quality of the camera and the environment in which the picture is taken affect the accuracy of facial recognition. Thus, the availability of CBP officers to check the accuracy of the systems conducting the photos’ comparison is vital to ensure racial minorities are not disproportionately impacted by the technology’s shortcomings.  

Privacy Concerns.  Advocates have raised concerns about CBP One’s photo submission requirements and the potential for the use of those photographs to surveil individuals. Several functions of the app require users to submit a photograph of themselves. The agency sought to address this issue by stating the use of CBP One is voluntary. An email from a CBP official obtained through a FOIA request shows the agency assured the Office of Management and Budget that people “can still present themselves” directly at a port of entry. The expansions of the app announced in January and February 2023 show that this statement is no longer true. 

DHS asserts that the app does not store any information locally on the device being used to access it or in the app itself, but that any information entered is stored in agency databases or systems. The photos for some of these functions are sent to the TVS. The PIA confirms that some of this information, and photographs in particular, may be stored in government databases for up to 75 years.  

By requiring travelers to submit their photos to access CBP One’s features, CBP will drastically expand its database of noncitizens’ photos and other biographic information. The wide collection of photos and corresponding biographic information generates concerns that CBP, other DHS components, and even local law enforcement could use this information for other enforcement purposes. In the PIA, DHS clarifies that the biometric information collected could be shared with other DHS agencies to vet applicants prior to allowing them to enter the United States from the systems where the information ultimately resides, and that such systems are also bound by privacy policies. However, DHS’ PIA fails to alleviate concerns that law enforcement agencies beyond CBP, including local police departments and sheriffs’ offices that may lack policies about limiting the use of such data, would be able to access travelers’ photos and other biographic information.  

Further, CBP One’s ability to collect GPS location data is concerning due to the potential for this information to be used by law enforcement to track users. DHS says this risk is fully mitigated because the app captures GPS locations only “at the exact time the user pushes the submit button.”  

DHS’ explanation overlooks the inherent dangers of apps that collect GPS location information, a danger identified in a government-issued advisory. Guidance issued by the National Security Agency (NSA) in 2020 warned mobile device users to protect “extremely valuable” location data because it can reveal details about not only the user, but also the number of users in a location, users’ movements and daily routines, and can expose otherwise unknown associations between users and locations. The NSA also advised to avoid using apps related to location because these apps inherently involve the exposure of users’ location data, and further warned that certain apps may collect, aggregate, and transmit information that exposes a user’s location. 

Location data from mobile devices is valuable to CBP because it can expose individuals’ private behaviors without their consent or even knowledge. In 2018, CBP purchased location data from commercial sources, as part of the Border Surveillance Systems implementation, which deployed various technologies to help arrest suspects and seize contraband entering the United States. CBP used this location data to track cellphone activity in unusual places, such as remote stretches of desert along the Mexican border, so that officers could arrest individuals after they entered the United States. CBP claims that the GPS location data it purchases is anonymized, but a 2018 New York Times report found that even anonymized GPS location data can easily be utilized to track and find individuals because the data can reveal people’s travel patterns and daily habits, including where individuals live, work, obtain medical care, worship, and attend political events.  

CBP One’s “Terms and Conditions,” available after users download the app, informs users of the app’s privacy policy. However, users need to review CBP One’s lengthy PIA to learn that the data only should be collected when users choose to submit their location to CBP, and that this feature requires a “just-in-time” consent before such data is collected.  

Users are being forced to use CBP One. Another major concern about CBP One is that its use is essentially obligatory for those seeking to be processed at the border. DHS has stated that the app’s use is voluntary, and the agency explains that users must consent before accessing several of the app’s features, including “just-in-time” notifications that require consent before the app deploys users’ cellphone’s camera or GPS functions. 

A CBP official said in an email that “If someone cannot provide a photo, they can still present themselves to the [port of entry] directly,” but in practice, the use of CBP One looks more and more like a requirement. For example, the documents describing the Advance Travel Authorization process for Cubans, Haitians, Nicaraguans, and Venezuelan nationals state that beneficiaries “must” enter their biographic information into CBP One and provide a photo. The ATA-specific PIA states the ATA process is voluntary, but it also indicates that the only alternatives for people not authorized to travel through the ATA are humanitarian parole or visa processing, both of which have different requirements that may be more difficult to meet for nationals of the selected countries who may be eligible for the special parole program. Additionally, Venezuelan, Cuban, Haitian, and Nicaraguans cannot present themselves at the border for processing as they would be subject to expulsion under Title 42. Lacking any other alternatives, CBP One is essentially obligatory for those seeking entry into the United States under the ATA process. 

In addition, asylum seekers are being urged to use CBP One to apply for waivers of Title 42 so that they can be inspected and processed in the United States. CBP One, according to the proposed rule published on February 23, 2023 addressing the processing of individuals at the southwest border after Title 42 restrictions expire, will become the main vehicle to seek an appointment at the border and maintain eligibility for asylum in the United States. The proposed rule states that people who encountered technical difficulties with CBP One or could not access the app due to illiteracy or language barriers may be able to access asylum at ports of entry without CBP One. But, the rule fails to explain how officers would assess a person’s inability to use CBP One.   

Also, applicants may feel undue pressure to provide consent to CBP One’s collection of data. Immigrants seeking asylum often face harrowing journeys that all too often include being turned away from ports of entry into the United States despite expressing fear of returning to their home countries. These rejections by CBP often lead to immigrants being further victimized and persecuted while waiting in Mexico to pursue asylum in the United States. Thus, immigrants may fear that by refusing consent, they could be denied entry into the United States once again.  

Further, available information about CBP One does not explain whether users are giving informed consent for the app’s collection of information. The app initially was available only in English and Spanish, and recently became available in Haitian Creole. This raises the question whether noncitizens who speak other languages understand the app’s functions or warnings. In addition, none of the documents made public thus far show that international organization personnel who used CBP One’s MPP verification feature or helped travelers make appointments at ports of entry received training on how to obtain consent from individuals whose information was entered into CBP One.  

Consent is also a key component of how CBP plans to use the self-reporting entry and exit feature as it expands to travel company operators. In DHS’ PIA, DHS explains that in the future, representatives of a travel company, such as bus drivers or plane pilots, will be able to use CBP One to submit information to CBP on behalf of “consenting” travelers. A September 18, 2018, report by DHS’ OIG discussing a pilot program that CBP conducted to collect travelers’ biometric information noted that, in order to achieve the program’s full operating capability, CBP would rely on airlines to operate cameras and take passengers’ photos. This intended reliance on airlines to increase capacity raises concerns that private transportation companies will mandate the use of CBP One by travelers with virtually no input or opportunity for customers to deny consent. 

Finally, questions remain about whether individuals know about alternatives to using CBP One so that their consent is truly voluntary. For example, the PIA indicates that some of CBP One’s functions, specifically those used to identify people in MPP, allow for records to be searched using an A-Number instead of a photo to verify identity. It is unclear whether CBP officers, TSA officers, and nongovernmental organizations’ staff communicate the option of using the A-Number to potential CBP One users before they deploy the app and subject users to CBP’s data retention. 

Lack of Transparency About Future Uses. CBP’s webpage with information about CBP One is scant on specifics about how the agency plans to expand the app’s uses.  

The future use of CBP One is unclear and various proposals that will expand the reach of CBP One should be consistently shared with the public if they materialize. The DHS Appropriations Bill published on July 28, 2022, for example, called upon CBP to work with U.S. Citizenship and Immigration Services and the U.S. Department of State to utilize CBP One for noncitizens to apply for asylum “from their home countries.” 

Similarly, DHS has failed to clearly communicate plans for future uses of CBP One in a single location on its website. For example, the agency only updated CBP One’s public-facing webpage to include information about the app’s use for the country-specific parole programs on January 6, 2023, despite the fact that the app was required for the Venezuelan parole program announced in October 2022. The information about this new use of CBP One, however, was shared in a distinct PIA that DHS published on the Advance Travel Authorization program and the federal register, which requires users to sift through complex government documents to learn details about how the app will function. 

CBP One allows travelers to access certain functions of CBP more efficiently. Some CBP One functions may expedite processing of individuals at ports of entry. However, tools employed by CBP One may expose users to inherent risks, such as the potential for surveillance or the possibility that they may be disparately treated due to the inherent flaws within the app’s functions. In spite of previous assertions that users could opt out of using CBP One, the app has become essentially mandatory for individuals to access certain immigration processes with limited exceptions, creating certain exposure to these risks.  

Unfortunately, official information about the app fails to fully address these concerns. The agency has not communicated clearly how it is expanding the use of CBP One and its functions, particularly as it relates to U.S. citizens. The need for clearer information is also imminent as the list of country-specific parole programs grows and more people are required to use CBP One. A clear description of how CBP One functions and in what contexts the agency is using the app is critical for a full public assessment of the app.