- Fact Sheet
CBP One: An Overview
Modified
Published
On October 28, 2020, U.S. Customs and Border Protection (CBP) launched a mobile device application called CBP One so that travelers could access certain agency functions on mobile devices. Over the last two years, the agency has expanded CBP One’s uses. The app has become the only way that migrants arriving at the U.S.-Mexico border seeking asylum at a port of entry can preschedule appointments for processing and maintain guaranteed asylum eligibility. CBP One also became the only way that Cubans, Haitians, Nicaraguans, and Venezuelans seeking to secure travel authorization to obtain parole through special programs for those nationalities can submit their biometric information to CBP.
CBP One’s original uses included 1) providing travelers with access to Form I-94 information, 2) scheduling inspection appointments for perishable cargo, and 3) assisting international organizations who sought to help individuals enter the United States.
The app’s latest functions, like the use of CBP One to pre-process asylum seekers, has raised concerns both about gaining access to a legal right through a smartphone app and about the privacy implications of the app.
In the past, CBP has stated that by allowing individuals to preregister, the agency can streamline in-person processing and reduce the time border agents spend entering individuals’ biographic information, thus decreasing the time individuals are detained for questioning during processing. However, CBP’s January 2023 rollout of CBP One’s functions allowing individuals to request inspection appointments was plagued with technical glitches, frustrating users. Despite CBP’s efforts to improve CBP One, the app continues to raise concerns, particularly as CBP expands its uses.
CBP created a public-facing webpage for the app, which now lists CBP One’s functions and provides information for asylum seekers using the app to schedule appointments at ports of entry. The webpage also includes a link to the U.S. Department of Homeland Security’s (DHS) Privacy Impact Assessment (PIA) about the app. The PIA contains details about CBP One’s uses that are not readily available on the webpage, but the PIA is a dense document that is not easy to understand. In addition, DHS has published several other PIAs providing details about CBP One, but these PIAs are not featured or linked in the public-facing webpage. It also is not clear when PIAs are updated.
Some of the tools utilized by CBP One, such as the ability to locate users through their phones’ GPS capabilities and the agency’s requirement that users submit photos through the app, have been criticized by advocates, researchers, and even the U.S. government.
This fact sheet compiles and discusses the information that is currently publicly available about CBP One.
How Does CBP One Work?
CBP One can be downloaded from various online stores that offer mobile applications. After downloading the app, users create an account at Login.gov—a website that allows users access to participating government agencies. CBP One users must provide email addresses, create passwords, and—in some cases—enter phone numbers to create their Login.gov accounts. Once users have created their Login.gov profiles, they can enter information into the app and access its different functions based on each user’s particular needs.
In May 2023, CBP One became the primary way in which asylum seekers can seek an appointment at ports of entry and maintain guaranteed asylum eligibility.
As restrictions under Title 42—a law used by the government to expel asylum seekers based on the COVID-19 pandemic—expired, DHS published a regulation establishing new protocols to process asylum seekers at southwestern border ports of entry. This new regulation makes people who traveled through a third-country but failed to seek asylum or other protections in those countries ineligible for asylum in the United States. This restriction, however, does not apply to people who can reach central Mexico and make an appointment for processing at ports of entry through a “DHS scheduling system.” The CBP One app currently serves as this scheduling system, thereby essentially requiring the use of the app to seek asylum at the southwest border. Although the new regulation allows migrants arriving at ports of entry without an appointment to maintain asylum eligibility if users can show they could not access the appointment process due to language barriers, illiteracy, significant technical failure, or other ongoing and serious obstacles, it is unclear how migrants who don’t obtain an appointment through CBP One would be able to access the ports of entry to make that argument.
Since CBP One was first used to process individuals, CBP has incrementally shifted the app’s initial model of migration management—which relied on third parties to enter information on behalf of individuals—to individuals submitting their own information. Prior to January 2023, while Title 42 restrictions were in place, CBP One’s function for processing individuals at the border only allowed nongovernmental organizations or lawyers to use CBP One to submit information on behalf of individuals seeking humanitarian exemptions to Title 42. Staff of certain nongovernmental organizations could use the app to input, among other information, a traveler’s name, date of birth, country of origin, contact information, travel history, travel document information, marital status, and information about their parents in order to obtain exemptions in advance of travel and receive appointments for a date and time to present at a specified port of entry. Through CBP One, the agency also collected photos of individuals seeking to be inspected and processed, which were taken by staff members of these nongovernmental organizations so those photos could be matched with photos CBP officers captured at the processing appointment time received by those individuals.
In April 2022, however, CBP began to allow individuals to enter their own information, permitting Ukrainian nationals to enter their own information into CBP One. Ukrainians who had approved authorization to travel to the United States entered their information into CBP One prior to arrival at designated ports of entry to seek parole pursuant to the Uniting for Ukraine process.
Beginning January 2023, CBP changed the function in the app used to seek exemptions to Title 42, allowing asylum seekers to enter their own information into CBP One to seek appointments at certain ports of entry at the southern border. These changes provided CBP with test-runs for how CBP One is used now.
The expansion of CBP One also provided a new way for CBP to schedule appointments for individuals seeking inspection. Before May 10, individuals seeking entry under an exemption to Title 42 created their accounts with Login.gov and CBP One, and then logged in to the app at 10 a.m. CST to schedule an appointment. The process of completing the login proved cumbersome for users and was riddled with glitches that often disadvantaged people with families, who needed to input information for every member of their family, or those who could not find stable Wi-Fi signal to complete their submission.
Now, users can request an appointment by logging into CBP One between 11 a.m. and 10 a.m. the following day. Those who request appointments during this time period are placed in a pool of registrations, and CBP uses a semi-random selection process to choose the registrants who will receive the limited number of daily appointments; a percentage of the available appointments are reserved for people with the earliest registered CBP One profiles to prioritize individuals who have been waiting the longest for appointments. Users selected by the algorithm for appointments are notified via CBP One and have a 23-hour window to accept the appointment. Individuals who are not selected to receive an appointment must go through the same process the following day.
CBP One allows individuals granted humanitarian parole through country-specific parole programs to complete a pre-screening process prior to entry at an airport.
On October 19, 2022, DHS announced that Mexico had reached an agreement with the United States permitting the expulsion of Venezuelan nationals to Mexico under Title 42, in exchange for the creation of a program allowing a set number of Venezuelans with a sponsor in the United States to apply for humanitarian parole. This program uses DHS’ Advance Travel Authorization (ATA) process to collect information from noncitizens requesting advance authorization to enter the United States and seek a discretionary grant of parole. CBP One is a requirement for the collection of such information. The ATA process requires potential applicants to begin the application for advance parole by having the financial sponsor submit the financial support information through a U.S. Citizenship and Immigration Services’ (USCIS) web portal, and then submitting their own biometric and biographical information, including their photographs, to CBP through CBP One. Then, ATA applicants must take a “selfie” so that CBP can use the image in various stages of the vetting process. Once applicants enter their information into the CBP systems through CBP One, they receive the agency’s decision of whether to grant the request for advance permission to travel through the myUSCIS portal.
On January 5, 2023, after the United States reached a new agreement with Mexico allowing expanded use of Title 42 to additional nationalities, DHS announced the reciprocal implementation of new parole programs for Cubans, Haitians, and Nicaraguans modeled after the Venezuelan parole program, also known as the CHNV program. Like individuals entering the United States through the Venezuelan parole program, individuals who apply for parole through these programs must submit information through CBP One as part of the process.
CBP One gives travelers the ability to access information related to their Form I-94.
Form I-94 is the DHS arrival/departure record issued to travelers who are admitted into the United States. The I-94 records also contains travelers’ anticipated departure date.
CBP One’s I-94 Mobile feature offers functions similar to those currently available on CBP’s website. In the app, travelers can apply and pay for a provisional I-94 prior to entering the United States. They also can obtain an electronic copy of their most recent I-94, view their travel history, and check how long they can remain in the country. To access this information through the app, however, users are required to submit their photograph to ensure that a “live” person is accessing the app. Documents obtained through a Freedom of Information Act (FOIA) request show this feature of CBP One was proposed as early as September 29, 2021, yet CBP’s webpage does not indicate that a photo is required to retrieve these records.
The I-94 feature also allows CBP to collect users’ GPS location for certain uses. For example, DHS’ CBP One PIA reveals that CBP planned to pilot a self-reporting exit feature near certain ports of entry on the northern border in spring 2021 with the hopes of expanding the self-reporting exit feature to the southern border. The app would permit travelers to self-report their exit from the United States by allowing them to send their location using their phones’ GPS capabilities so that CBP can confirm travelers are at least one mile outside the United States as required by the agency. CBP has not announced whether it implemented the pilot program described in the PIA.
Despite the collection of information through CBP One, CBP insists in its PIA that this feature cannot be utilized to conduct surveillance on CBP One users because the GPS information is only collected at the time users voluntarily submit the information through the app.
Transportation Security Administration (TSA) officers can use CBP One to verify certain travelers’ identities.
DHS’ PIA states that TSA officers can use the app to identify individuals allowed to travel for domestic travel purposes. Designated TSA supervisors can take photos of individuals to verify the identity of individuals who have been authorized to remain in the country who seek to travel. By taking a photo of the individual, TSA supervisors can match travelers’ contemporaneous photo with those in the existing CBP galleries in order to verify travelers’ identities. If travelers decline to be photographed, TSA supervisors can use immigrants’ biographic information instead of a photograph to match information housed in DHS databases.
CBP One allows cargo carriers to schedule cargo inspections.
Cargo carriers may use CBP One as a tool to schedule, reschedule, or cancel their cargo inspections. Merchants also may communicate with CBP officers through CBP One for additional information about their inspection appointments.
What Are Some of the Concerns Regarding CBP One?
Issues with Photo Submission Leading to Disparate Outcomes. CBP One requires individuals seeking appointments at ports of entry and CHNV program applicants seeking to apply for travel authorization to submit a photo or “selfie.”
Individuals who try to get appointments at southwest border ports of entry must submit a selfie to ensure the submission is being made by a “live person.” These photos are stored in a “gallery” within the Traveler Verification Service (TVS) system, which is CBP’s matching service for “all biometric entry and exit operations that use facial recognition technology.” CBP added one more liveness check to the process in May 2023, as users who have been offered an appointment need to submit a selfie when logging into CBP One to confirm the appointment. During the inspection appointments at ports of entry, CBP officers will take a new photograph of applicants to “match” the new photo with the selfies applicants submitted through CBP One.
Applicants seeking advance travel authorization for the CHNV programs also submit a selfie with the app to conduct a liveness check. CBP uses the selfie to compare it to applicants’ passport photos and to compare it to other photos accessible by the agency to vet the applicant for law enforcement and national security purposes. The PIA describes the selfies’ uses as follows: CBP uses the selfie image for five distinct purposes: (1) to conduct one-to-one (1:1) facial comparison against the passport photograph previously uploaded to the ATA mobile application from the eChip; (2) to conduct one-to-many (1:n) vetting against derogatory photographic holdings for law enforcement and national security concerns as part of the ATA vetting process; (3) to generate a new gallery of ATA participants for facial comparison when ATA participants arrive at a port of entry; (4) to conduct 1:n identity verification once the participants arrive at the port of entry; and (5) to conduct 1:n vetting against known derogatory photographs for assistance in CBP’s admissibility determination.
CBP One’s photo capture function has proven problematic. Advocates who assist African and Haitian asylum seekers at the U.S.-Mexico border report that CBP One is not recognizing the photos of many people with darker skin tones when the app is carrying out the “liveness” check. This issue, along with the lack of stable internet and modern mobile phones that support CBP One, has kept thousands of immigrants from properly accessing the app.
Additionally, there is the potential that the selfies submitted by applicants may be incorrectly matched to the photos in the CBP galleries and these types of errors disproportionately impact racial minorities, leading to increased screening and potentially negative outcomes should a technical error not be corrected. A December 2019 report by the National Institute of Standards and Technology (NIST) found that false positive rates—the algorithms’ erroneous match of two photos of different people—were highest when matching photos of west and east African and east Asian people, and lowest when matching eastern European individuals. In a July 2021 report, NIST said that the quality of the camera and the environment in which the picture is taken affect the accuracy of facial recognition. Thus, the availability of CBP officers to check the accuracy of the systems conducting the photos’ comparison is vital to ensure racial minorities are not disproportionately impacted by the technology’s shortcomings.
Privacy Concerns. Advocates have raised concerns about CBP One’s photo submission requirements and the potential for the use of those photographs to surveil individuals. The agency sought to address this issue by stating the use of CBP One is voluntary. An email from a CBP official obtained through a FOIA request shows the agency assured the Office of Management and Budget that people “can still present themselves” directly at a port of entry. The new regulation on circumvention to lawful pathways clarifies that individuals can no longer simply present themselves at a port of entry.
DHS asserts that the app does not store any information locally on the device being used to access it or in the app itself, but that any information entered is stored in agency databases or systems. For example, the photos for some of these functions are sent to the TVS. The PIA confirms that some of this information, and photographs in particular, may be stored in government databases for up to 75 years.
By requiring travelers to submit their photos to access CBP One’s features, CBP is drastically expanding its databases of noncitizens’ photos and other biographic information. The wide collection of photos and corresponding biographic information generates concerns that CBP, other DHS components, and even local law enforcement could use this information for other enforcement purposes. In the PIA, DHS clarifies that the biometric information collected could be shared with other DHS agencies from the systems where the information ultimately resides to vet applicants prior to allowing them to enter the United States, and that such systems are also bound by privacy policies. However, DHS’ PIA fails to alleviate concerns that law enforcement agencies beyond CBP, including local police departments and sheriffs’ offices that may lack policies about limiting the use of such data, would be able to access travelers’ photos and other biographic information.
Further, CBP One’s ability to collect GPS location data is concerning due to the potential for this information to be used by law enforcement to track users. DHS says this risk is fully mitigated because the app captures GPS locations only “at the exact time the user pushes the submit button.” Recently, however, DHS stated that CBP will in fact store this geolocation information for a period of one year.
DHS’ explanation overlooks the inherent dangers of apps that collect GPS location information, a danger identified in a government-issued advisory. Guidance issued by the National Security Agency (NSA) in 2020 warned mobile device users to protect “extremely valuable” location data because it can reveal details about not only the user, but also the number of users in a location, users’ movements and daily routines, and can expose otherwise unknown associations between users and locations. The NSA also advised to avoid using apps related to location because these apps inherently involve the exposure of users’ location data, and further warned that certain apps may collect, aggregate, and transmit information that exposes a user’s location.
Location data from mobile devices is valuable to CBP because it can expose individuals’ private behaviors without their consent or even knowledge. In 2018, CBP purchased location data from commercial sources, as part of the Border Surveillance Systems implementation, which deployed various technologies to help arrest suspects and seize contraband entering the United States. CBP used this location data to track cellphone activity in unusual places, such as remote stretches of desert along the Mexican border, so that officers could arrest individuals after they entered the United States. CBP claims that the GPS location data it purchases is anonymized, but a 2018 New York Times report found that even anonymized GPS location data can easily be utilized to track and find individuals because the data can reveal people’s travel patterns and daily habits, including where individuals live, work, obtain medical care, worship, and attend political events.
CBP One’s “Terms and Conditions,” available after users download the app, informs users of the app’s privacy policy. However, users need to review CBP One’s lengthy PIA to learn that the data only should be collected when users choose to submit their location to CBP, and that this feature requires a “just-in-time” consent before such data is collected.
Users Are Being Forced to Use CBP One. Another major concern about CBP One is that its use is essentially obligatory for those seeking to be processed at the border and applying for humanitarian parole through the Cuban, Haitian, Nicaraguan, and Venezuelan (CHNV) program. DHS previously stated that the app’s use is voluntary, and the agency explains that users must consent before accessing several of the app’s features, including “just-in-time” notifications that require consent before the app deploys users’ cellphone’s camera or GPS functions.
A CBP official said in an email that “If someone cannot provide a photo, they can still present themselves to the [port of entry] directly,” but this is no longer the case. For example, the documents describing the Advance Travel Authorization (ATA) process for CHNV state that beneficiaries “must” enter their biographic information into CBP One and provide a photo. The ATA-specific PIA states the ATA process is voluntary, but it also indicates that the only alternatives for people not authorized to travel through the ATA are humanitarian parole or visa processing, both of which have different requirements that may be more difficult to meet for nationals of the selected countries who may be eligible for the special parole program. Additionally, Venezuelan, Cuban, Haitian, and Nicaraguans who seek entry at the southwest border will be subject to the new regulation which also requires them to use CBP One. Lacking any other alternatives, CBP One is essentially obligatory for those seeking entry into the United States under the ATA process.
In addition, CBP One is now the only way for asylum seekers who traveled through a third-country and arrived at a southwest border to apply for an appointment at a port of entry and maintain eligibility for asylum in the United States. The new regulation states that people who encountered technical difficulties with CBP One or could not access the app due to illiteracy or language barriers may be able to access asylum at ports of entry without CBP One. But, the rule fails to explain how officers would assess a person’s inability to use CBP One. In response to public comment about these exceptions to the obligatory use of CBP One, DHS suggests that those who seek to invoke the language barrier or illiteracy exceptions may have to meet a steep burden because “individuals may seek assistance, including translation, in using the app.”
Also, applicants may feel undue pressure to provide consent to CBP One’s collection of data. Immigrants seeking asylum often face harrowing journeys that all too often include being turned away from ports of entry into the United States despite expressing fear of returning to their home countries. These rejections by CBP often lead to immigrants being further victimized and persecuted while waiting in Mexico to pursue asylum in the United States. Thus, immigrants may fear that by refusing consent, they could be denied entry into the United States once again.
Available information about CBP One does not explain whether users are giving informed consent for the app’s collection of information. The app currently is available only in English, Spanish, and Haitian Creole. This raises the question whether noncitizens who speak other languages understand the app’s functions or warnings. DHS’ purported solution that users seek assistance navigating CBP One to register for appointments when there is a language barrier fails to consider that translators may not have the acumen to translate terms of use or privacy warnings to potential users.
Consent is also a key component of how CBP plans to use the self-reporting entry and exit feature as it expands to travel company operators. In DHS’ PIA, DHS explains that in the future, representatives of a travel company, such as bus drivers or plane pilots, will be able to use CBP One to submit information to CBP on behalf of “consenting” travelers. A September 18, 2018, report by DHS’ Office of Inspector General discussing a pilot program that CBP conducted to collect travelers’ biometric information noted that, in order to achieve the program’s full operating capability, CBP would rely on airlines to operate cameras and take passengers’ photos. This intended reliance on airlines to increase capacity raises concerns that private transportation companies will mandate the use of CBP One by travelers with virtually no input or opportunity for customers to deny consent.
Finally, questions remain about whether individuals know about alternatives to using CBP One so that their consent is truly voluntary. As the use of CBP One has become a requirement and the agency has failed to provide meaningful alternatives for the app, individuals have little choice but to consent to the app’s privacy risks.
Lack of Transparency About Future Uses. CBP’s webpage with information about CBP One is scant on specifics about how the agency plans to expand the app’s uses.
The future use of CBP One is unclear and various proposals that will expand the reach of CBP One should be consistently shared with the public if they materialize. The DHS Appropriations Bill published on July 28, 2022, for example, called upon CBP to work with USCIS and the U.S. Department of State to utilize CBP One for noncitizens to apply for asylum “from their home countries.” A prior version of the DHS PIA said that “CBP plans to eventually make the advance information submission functionality available to all individuals, including U.S. citizens, who intend to arrive at a land [port of entry].”
Similarly, DHS has failed to clearly communicate plans for future uses of CBP One in a single location on its website. For example, the agency only updated CBP One’s public-facing webpage to include information about the app’s use for the country-specific parole programs on January 6, 2023, despite the fact that the app was required for the Venezuelan parole program announced in October 2022. The information about this new use of CBP One, however, was shared in a distinct PIA that DHS published on the Advance Travel Authorization program and the federal register, which requires users to sift through complex government documents to learn details about how the app will function.
CBP One allows travelers to access certain functions of CBP more efficiently. Some CBP One functions may expedite processing of individuals at ports of entry. However, tools employed by CBP One may expose users to inherent risks, such as the potential for surveillance or the possibility that they may be disparately treated due to the inherent flaws within the app’s functions. In spite of previous assertions that users could opt out of using CBP One, the app has become essentially mandatory for individuals to access certain immigration processes with limited exceptions, creating certain exposure to these risks.
Unfortunately, official information about the app fails to fully address these concerns. The agency has not communicated clearly how it is expanding the use of CBP One and its functions, particularly as it relates to U.S. citizens. The need for clearer information is also imminent as the list of country-specific parole programs grows and more people are required to use CBP One. A clear description of how CBP One functions and in what contexts the agency is using the app is critical for a full public assessment of the app.