CBP One: An Overview

December 9, 2021

On October 28, 2020, U.S. Customs and Border Protection (CBP) launched a mobile device application called CBP One. With this application, the agency seeks to streamline interaction between travelers and CBP officers at ports of entry using technology which includes GPS tracking and facial recognition. While CBP has publicized three uses for the app, it is not yet clear how this app, its accompanying technology, and the data it collects will be used, especially as CBP uses the app to bolster its law enforcement databases. Information about CBP One’s future is scattered and lacks specificity.

The three CBP One functions specified on CBP’s website are: 1) merchants can make appointments with CBP for inspection of perishable cargo entering the country; 2) foreign travelers can access information about their arrival and departure record, otherwise known as an I-94; and 3) international organizations in Mexico used it to verify if individuals were enrolled in the Migrant Protection Protocols (MPP)—a  function which was added to the application as part of the now-suspended MPP wind-down process. MPP is the policy forcing certain asylum-seekers to remain in Mexico while they await their immigration court hearings in the United States. The policy was first implemented by the Trump administration in January 2019, halted by the Biden administration in January 2021, but reimplemented by the Biden administration in December 2021 as a result of ongoing litigation.

Even though CBP’s website lists only these three uses for the app, other official documents reveal several other functions. For example, the Privacy Impact Assessment (PIA) prepared about CBP One by the U.S. Department of Homeland Security (DHS) indicates that the app also could be used by international organizations to enter information about individuals, prior to their arrival at U.S. ports of entry, who are seeking waivers of exclusion based on Title 42 (a provision of U.S. health law that has allowed for the expulsion of 1.2 million people back to Mexico or their countries of origin under the guise of protecting the United States from the COVID-19 pandemic). The PIA also explains that Transportation Security Administration (TSA) officials have access to the app to allow MPP enrollees to travel domestically. Additionally, CBP revealed in a September 28, 2021, notice of information request about collection of data on individuals seeking to enter the country that CBP One could be used to schedule appointments for individuals to present themselves for processing at ports of entry.

Currently, CBP’s website does not publicize the technologies used by CBP One, such as the tracking of users’ GPS locations and facial recognition. These tools have come under scrutiny by advocates, researchers, technology companies, and even the U.S. government. This fact sheet compiles and discusses the information that is currently publicly available about CBP One.

How Does CBP One Work?

The CBP One app can be downloaded from various online stores that offer mobile applications. After downloading the app, users create an account at Login.gov—a website that allows users access to participating government agencies. CBP One users must provide email addresses, passwords, and—in some cases—phone numbers to create their Login.gov accounts. Once users have created their Login.gov profiles, they can enter information into the app and access its different functions based on each user’s particular needs. DHS asserts that the app does not store any information locally on the device being used to access it, or in the app itself, but that any information entered is stored in agency databases or systems.

CBP One gives travelers the ability to perform functions related to their Form I-94. Form I-94 is the DHS arrival/departure record issued to travelers who are admitted into the United States. The I-94 also is issued to people who are adjusting status in the country or are extending their non-immigrant status, among other uses. Additionally, the I-94 contains travelers’ anticipated departure date.

CBP One offers services similar to those currently available on the CBP website. For example, travelers can apply and pay for a provisional I-94 prior to entering the United States. They also can obtain an electronic copy of their most recent I-94, view their travel history, and check how long they can remain in the country.

However, a different feature of the I-94 function in the app would allow CBP to collect users’ GPS location. DHS’s CBP One PIA reveals that CBP planned to pilot a self-reporting exit feature in spring 2021, allowing users to self-report their exit from the United States at certain ports of entry on the northern border, although it is unclear whether or not CBP put such a plan into effect. Because CBP does not allow travelers on inbound vessels to report their arrival until they are within one mile of the U.S. border, and also requires travelers to be at least one mile outside of the U.S. border to report their exit, CBP One can collect users’ geolocation information to determine if they are within this distance of the border and thus able to use this function. The PIA describes the agency’s plan to expand the self-reporting exit pilot to the southern border,  but the app currently shows that this feature is “Coming Soon.”

CBP One permits authorized users to verify whether or not individuals were enrolled in the MPP. The MPP is a program instituted by the Trump administration in 2019 that forced certain individuals seeking asylum in the United States to wait in Mexico for the duration of their immigration proceedings. President Biden’s administration began winding down MPP in February 2021 through a process that required individuals eligible for reentry into the United States to first register with the United Nations High Commissioner for Refugees. In August 2021, a federal district court in Texas blocked the administration’s attempt to end the program and ordered the reinstatement of MPP. As a result, the wind-down process was suspended.

While the MPP wind-down was occurring, international organizations could use CBP One to verify that immigrants in Mexico had previously been enrolled in the program. To complete the verification, personnel from international organizations could access the app’s camera feature and take photos of immigrants they were helping. The photos would then be compared with pictures in DHS databases to verify that the individuals had a pending case before an immigration judge. CBP One instantaneously generated a green check mark if it found a matching record with a pending removal proceeding, a red “X” if CBP could not find information in its databases about the individual, or a yellow mark if records showed the individual’s proceedings had been closed. DHS’s CPB One PIA states that the photo verification method was optional and that if MPP enrollees did not consent to have a photo taken, the staff members assisting with verification could locate information on removal proceedings by submitting the immigrants’ Alien Registration Number, or A-Number, which is a unique number that DHS assigns to noncitizens. DHS stated that only international organizations identified by the U.S. Department of State as supporting MPP enrollees had access to this feature.

CBP One permits authorized users to collect pictures and biographic information to seek waivers of Title 42 exclusion. International organizations also have the ability to use CBP One to collect pictures and biographic information from individuals seeking waivers of exclusion based on Title 42 prior to their arrival at ports of entry to begin the asylum process. As previously noted, Title 42 is the health law that permits the U.S. government to prohibit the introduction of individuals into the United States to prevent the spread of communicable disease such as COVID-19. The implementation of Title 42 includes an exemption for individuals whom DHS determines should be allowed into the country on “consideration of significant law enforcement, officer and public safety, humanitarian, and public health interests.” By allowing individuals to pre-register with CBP, the agency sought to streamline in-person processing, thus reducing the time agents at the border spent entering individuals’ biographic information and decreasing the time individuals may have been detained during processing. International organizations’ personnel could select an option within the app labeled “Submit Advance Information” which allowed them to enter an individual’s name, date of birth, country of origin, height, weight, hair color, phone number, travel history, travel document information, marital status, information about their parents, etc. Initially, CBP made submission of photographs as part of the collection of information optional, but if the agency adopts the plan outlined in the September 28, 2021, notice of information collection request, future users of this service will be required to submit photographs. Once undocumented individuals present themselves at the border, CBP will take new photos and process them using the information captured by CBP One. The photos are processed through a CBP system called the Traveler Verification Service (TVS),  which is the agency’s system that matches individuals’ pictures as part of the facial recognition process. The length of time CBP retains photographs ranges from 14 days to 75 years, depending on travelers’ immigration status.

CBP One allows cargo carriers to schedule cargo inspections. Cargo carriers may use CBP One as a tool to schedule, re-schedule, or cancel their cargo inspections. Merchants also may communicate with CBP officers through CBP One for additional information about their inspection appointments.

What are other uses of CBP One?

CBP One also can be used by government officials for identity verification purposes. For example, Transportation Security Administration (TSA) officials could use the app to identify MPP enrollees, who are required to wait in Mexico until the date of their immigration court hearing in the United States, for domestic travel purposes, even after they have been admitted into the country. Designated TSA supervisors could take photos of former MPP enrollees, who may lack travel documentation, and match those photos with pictures contained in the TVS to verify whether or not the individuals are in fact MPP enrollees. Again, MPP enrollees may decline to be photographed, and TSA supervisors may use immigrants’ biographic information instead of a photograph to match information housed in DHS databases. This feature is not listed in the overview of the app provided to the public on CBP’s website.

CBP provided limited information about future plans for additional CBP One features in DHS’s September 28, 2021, notice of information collection request, though the process for the collection of advance information prior to noncitizens arrivals at ports of entry described in this notice has not been finalized and may change before it is finalized.

First, the information collection request notified the public about the agency’s plan to expand the advanced collection of biographic and biometric data beyond people seeking waivers of exclusion under Title 42 to essentially all noncitizens seeking to be inspected and processed when they arrive at ports of entry, even after Title 42 is rescinded. CBP asserts that this data would be voluntarily provided by people who need to be processed at ports of entry, and by consenting to its collection, the amount of time noncitizens remain in custody could be reduced. Under the proposed plan, individuals who choose to submit information in advance will be required to submit photographs. The proposal also suggests that the prior involvement of international organizations in this collection process will be phased out, and individuals who choose to provide this information to CBP in advance of their appearance at ports of entry may be able to do so on their own.

CBP’s proposal, however, does not explain how the agency will collect this information or whether individuals will need to use CBP One to pre-register with CBP prior to processing at ports of entry. As previously noted, CBP One already collected this information from individuals who sought exceptions to exclusions under Title 42 with the help of international organizations. The proposed rule mentions that, in the future, CBP One could be used by individuals themselves to switch the date or time they present at a port of entry (presumably to seek asylum)—a use for the app that has not been previously reported by CBP. Further, Troy A. Miller, the Acting Commissioner of CBP, instructed agency personnel to employ CBP One to streamline the processing of individuals at ports of entry by capturing information from individuals in advance. CBP One has the features to gather this data from noncitizens, including photos, so they can be processed for entry into the United States. But despite the Acting Commissioner’s guidance, CBP has failed to clarify whether the app will be the only means by which people who choose to submit information in advance will be able to do so.

Additionally, CBP plans to add functions to the app so that the operators of sea, land, and air travel companies can submit information to CBP about several consenting travelers at one time. For example, bus operators would be able to submit manifest information to CBP through the app. According to DHS’s PIA on the app, CBP One will become the primary app by which the public will interact with CBP.

What are some of the concerns regarding CBP’s use of CBP One?

Privacy Issues

Advocates have raised concerns about CBP One’s use of facial recognition technology and its ability to surveil individuals. CBP One has previously used facial recognition technology as part of the MPP wind-down process. However, agency documents suggest that CBP plans to broaden the use of CBP One to capture photos beyond MPP enrollees and those seeking exemptions to exclusion under Title 42 to include all noncitizens seeking to be processed at ports of entry, which could include anyone deemed inadmissible, such as asylum seekers. Through this process, CBP could drastically expand its TVS database, the system that contains the photos to be used by the facial recognition technology, with photos captured through CBP One and share them with other law enforcement agencies, raising concerns about privacy and data sharing. The DHS’s CBP One PIA states that “CBP may share information collected through CBP One both inside and outside of DHS,” which would allow CBP to share photos captured by the app with other law enforcement agencies, such as local police departments and sheriffs’ offices that may lack policies about limiting the use of such data. Privacy concerns have led companies such as Facebook, Amazon, Microsoft, and IBM to pull back their facial recognition software, including limiting sales of facial recognition products to law enforcement. This type of information sharing presents a risk that the data could be used for surveillance and law enforcement purposes that CBP has failed to address.

Additionally, DHS acknowledged that surveillance of immigrant communities through the app’s GPS location feature could be concerning. DHS stated in its PIA on the app, however, that the risk of tracking users’ movements through CBP One’s GPS tracking function was fully mitigated because the app captures GPS locations only “at the exact time the user pushes the submit button.”

DHS’s explanation overlooks the inherent dangers of apps that collect GPS location information. A 2020 advisory issued by the National Security Agency (NSA) warned mobile device users to protect “extremely valuable” location data because it can reveal details about not only the user, but also the number of users in a location, users’ movements and daily routines, and can expose otherwise unknown associations between users and locations. The NSA further advised the public to avoid using apps related to location because these apps inherently involve the exposure of users’ location data, and further warned that certain apps may collect, aggregate, and transmit information that exposes a user’s location.

Location data from mobile devices is a valuable tool to CBP. In 2018, CBP implemented the Border Surveillance Systems, which deployed various technologies, including the purchase of location data from commercial sources, to help arrest suspects and seize contraband entering the United States. CBP then used this location data to track cellphone activity in unusual places, such as remote stretches of desert along the Mexican border, so that officers could arrest individuals after they entered the United States. CBP claims that the GPS location data it purchases is anonymized, but as a 2018 New York Times report found, anonymized GPS location data can easily be utilized to track and find individuals.  Anonymized information can reveal people’s travel patterns and daily habits, including where individuals live, work, obtain medical care, worship, attend political events, etc. Custodians of this data can then use it to identify individuals. As such, location data collection can expose individuals’ private behaviors without their consent or even knowledge. As Senator Ron Wyden put it: “Location information can reveal some of the most intimate details of a person’s life—whether you’ve visited a psychiatrist, whether you went to an A.A. meeting, who you might date.” And law enforcement agencies like CBP can use this information with very few limitations.

CBP One informs users it will collect GPS location data in its Terms and Conditions. However, the Terms and Conditions do not specify when the GPS location data will be collected. Rather, users need to review DHS’s PIA on the app to learn that it should only be collected when users choose to submit their location to CBP, and that this feature requires a “just-in-time” consent before such data in collected.

Inequitable Treatment of Racial Minorities

Facial recognition technology employed by CBP One may lead to disparate treatment of racial minorities. A September 2020 U.S. Government Accountability Office (GAO) report to Congress on the efficiency of CBP’s use of facial recognition technology determined that false positive rates—when the system incorrectly finds two images to be a match when they are actually two different people—were 10 to 100 times higher for some demographics. Specifically, the report cited a study by the National Institute of Standards and Technology (NIST) that found facial recognition algorithms were less accurate for West and East African, American Indian, African American, and Asian populations, while they were more accurate for Eastern Europeans. Similarly, an earlier 2018 study found that the misidentification rates of three tested commercial face recognition software systems were highest for individuals with darker skin. The study showed that photos of darker-skinned women had the highest error rates, with the software failing to properly classify the pictures anywhere from 20.8% to 34.7% of the time. The study also found that photos of darker-skinned men were misclassified more often than lighter-skinned males in two of the three systems tested. A more recent NIST study found that while the error rates of newer algorithms have improved to below one percent, women were more likely to be misidentified, particularly Asian women. Moreover, the quality of the camera and the environment in which the picture is taken impact the accuracy of facial recognition as well. The NIST study also noted that it did not test the “actual algorithms deployed in TVS systems.”

Even if the overall rate of facial recognition failure is low, the sheer volume of searches conducted through an expanded use of the CBP One app could make the number of misidentifications problematic. In 2017, the DHS Office of the Inspector General (OIG) conducted an audit of a facial recognition program launched by CBP at nine airports to track air passengers’ exits from the United States. The audit indicated that the facial recognition technology, used correctly, identified 98 percent of travelers. According to CBP, however, one million travelers come into the United States on a given day, and thus, even with a 98 percent accuracy rate, approximately 20,000 people could be misidentified by facial recognition technology per day. In light of studies that show disparate treatment of racial minorities in the technology’s algorithms, Rep. Bennie G. Thompson, Chairman of the House Committee on Homeland Security stated: “It is not fair to expect certain people in our society to shoulder a disproportionate burden of the technology’s shortcoming.”

The consequences of misidentifying noncitizens could be dire. As Sophia Cope, a senior attorney at the Electronic Frontier Foundation, said in addressing the importance of accurate identification of asylum seekers: “If people’s lives depend on an algorithm determining whether or not they are who they say they are, and it’s an imperfect algorithm, people may have to go back to the country they’re trying to flee because they can’t be verified.”

Further, DHS’s CBP One PIA states that when people used the verification feature in the app to check if noncitizens were enrolled in MPP and received a rejection, they could alternatively enter an A-number, the unique identifier DHS assigns to noncitizens. If individuals’ A-numbers failed to produce a match, more biographic information could be entered into the app for verification purposes. Assuming these methods remain available when CBP One is used by people seeking to enter at ports of entry, as was suggested by the September 28 information collection request, questions remain as to the need for the use of facial recognition.

Users may feel pressured into using CBP One

Another major concern about CBP One is whether users have a choice about the collection, usage, and dissemination of the information collected by the app. DHS addressed this concern in the app’s PIA by stating that the app is “voluntarily” downloaded by users. DHS adds that users must consent before accessing several of the app’s features, including “just-in-time” notifications that require users’ consent before the app deploys cellphones camera or GPS functions.

In the context of using the app to collect information on potential asylum seekers, it is questionable whether users freely consent to the use of CBP One. Immigrants seeking asylum are the subject of harrowing journeys that all too often include being turned away from ports of entry into the United States despite expressing fear of returning to their home countries. These rejections by CBP often lead to immigrants being further victimized and persecuted while waiting in Mexico to continue with their immigration proceedings. Thus, immigrants may fear that by refusing consent, they could be denied entry into the United States once again.

Further, CBP’s documents about CBP One do not explain how users, especially those using the app to provide information in advance of appearing at ports of entry, grant consent for the app’s collection of information. None of the documents made public thus far provided any training to international organization personnel who had access to CBP One’s MPP verification feature, which was designed to check the identity of immigrants who were returned to Mexico by CBP officials under the MPP and sought to be paroled into the United States as part of the MPP wind-down process. While the proposed rule suggests that people seeking processing at ports of entry will soon have access to the app without the assistance of staff from international organizations, there is no publicly available information that describes how potential users will be informed of their option to decline consent for the collection of their data.

Consent is also a key component of how CBP plans to use the self-reporting entry and exit feature as it expands to travel company operators. In the PIA on the app, DHS explains that in the future, representatives of a travel company, such as bus drivers or plane pilots, will be able to use CBP One to submit information to CBP on behalf of “consenting” travelers. A September 18, 2018, report by DHS’s OIG discussing a pilot program that CBP conducted to collect travelers’ biometric information noted that, in order to achieve the program’s full operating capability, CBP would rely on airlines to operate cameras and take passengers’ photos. This past recruitment of airline resources raises concerns that private transportation companies will mandate the use of CBP One by travelers with virtually no input or opportunity for customers to deny consent.

Lack of Transparency About Future Uses

Even though CBP has published a webpage to provide information to the public about CBP One, the page is scant on specifics about how the agency plans to expand the app’s uses. Several aspects of the app are not described in the webpage, but require users to review the DHS’s CBP One PIA to learn about the app’s tools. For example, the CBP One webpage does not mention the app’s self-reporting mobile exit feature—which uses GPS location tracking—even though CBP planned to pilot this new feature by spring 2021. Nor does the webpage inform the public that the MPP enrollee verification feature uses facial recognition technology, or that TSA supervisors also have access to CBP One to verify whether individuals can travel domestically. This information is only available in DHS’s PIA on the app and its appendices. Finally, CBP’s website also fails to describe how the agency plans to deploy CBP One to capture information about immigrants who are seeking entry into the United States under exceptions to Title 42 or for processing at ports of entry after the end of the Title 42 restrictions as directed by the memorandum of Acting CBP Commissioner Miller.

The official documents on CBP One fail to address how individuals who need the app will be able to access it as CBP phases out the assistance of international organizations during the processing stage. For example, the app is currently not available in any other languages, and none of the agency’s published documents address the availability of language access in the future. Further, individuals arriving at the border without a cellphone, or who are not familiar with the process of using mobile apps, may be disadvantaged if CBP gives processing preference to those who use the app.

CBP One allows travelers to access certain functions of CBP more efficiently. Some CBP One functions may expedite processing of individuals at ports of entry. However, tools employed by CBP One may expose users to inherent risks, such as the potential for surveillance or the possibility that racial minorities may be misidentified by the facial recognition technology. So far, published official documents on CBP One have stated that the app is optional, but it is unclear whether or not it will remain optional in the future. Questions persist as to whether preference for processing at ports of entry will be given to noncitizens who use CBP One, and whether those who choose not to use it will be subject to delays that could amount to effective denials to their inspection or processing, thus compelling these individuals to use the app.

Unfortunately, official information about the app fails to fully address these concerns. The agency has not communicated clearly how it plans to utilize CBP One in the future, or if the current uses for the app are test runs for the expansion of these technologies to other travelers in the years to come. The proliferation of biometric technology across DHS, as Chairman Thompson put it, “raises serious questions about privacy, data security, transparency, and accuracy. The American people deserve answers to those question.”

Most Read

  • Publications
  • Blog Posts
  • Past:
  • Trending