DHS’s Advanced Biometric Recognition Technology System Begins Road to Cloud

Despite the recognized risks to confidentiality, the required confidentiality assessment indicates that they are “mitigated”

The Department of Homeland Security (DHS) Homeland Advanced Recognition Technology System (HART), which replaces the former DHS Automated Biometric Identification System (IDENT) as the department’s primary system for storing and processing biometric information and associated biographies, is one more step towards being realized.

DHS’s Office of Biometric Identity Management (OBIM) has released the privacy impact assessment required for the initial deployment of HART Increment 1 slated for 2021, as the program is under development to fully transfer to GovCloud from Amazon. However, the new PIA said: “Pending any development or program change, OBIM expects this to occur in fiscal year 2020”.

Northrop Grumman last year won the coveted $ 95 million contract to develop the first phase of the HART deployment, which OBIM’s director of identity operations, Patrick Nemeth, described as a rendering much more accurate IDENT scaled to accommodate new biometric capabilities.

Indeed, the PIA noted that “the data and system architecture has been designed to be scalable to meet the expected growth in identity and image data volumes and to meet all the needs associated with larger files. HART Increment 1 includes the design and acquisition by OBIM of the physical infrastructure for HART, “as well as” the existing internal reporting functionality required to provide reports to our users, monitor recourse requests and support tasks. administrative ”.

HART serves as the central federal biometric database for national security; law enforcement; immigration and border management; intelligence; background investigations for national security posts and specific posts of public trust; and associated testing, training, management reporting, planning and analysis; development of new technologies; and other administrative uses. OBIM will implement HART in 4 incremental phases. The PIA only focuses on the HART 1 increment. OBIM will issue a PIA update before each program increment.

The old IDENT system was developed in 1994 by the former Immigration and Naturalization Service (INS) as a law enforcement system for the collection and processing of biometric data of people apprehended by the border patrol American or immigration officials. Ten years later, DHS deployed the US Visitor and Immigrant Status Indicator Technology (US-VISIT) program as the first large-scale biometric identification program to support immigration and border management.

In 2013, US-VISIT became OBIM, which in 2015 “began planning to replace IDENT with HART, a more robust system that will provide OBIM with flexible and efficient biometric data that will support the core missions of the DHS, ”DHS said. , explaining that “OBIM’s mission is to provide identity services to DHS and its mission partners that enable informed decision-making by producing accurate, timely and high-assurance biometric identity information. “

OBIM’s mission partners capture biometric data and submit it to HART to perform [its] missions and functions, which include law enforcement; national security; immigration screening; border enforcement; intelligence; national defense background investigations relating to national security posts; and accreditations in accordance with applicable DHS authorities.

DHS also retains this information to support its information-sharing agreements and arrangements with authorized foreign partners, the sharing of which, according to DHS, “enhances United States law enforcement and border control efforts. and its partners. In addition, DHS uses this information in concert with external partners to facilitate the screening of refugees to combat terrorist travel in accordance with DHS and Component authorities.

DHS stated in their new PIA that “Once OBIM completes the development and technical configurations of HART, HART will replace IDENT as the biometric registration system. HART will store and process biometric data (fingerprints, iris scans, facial images (including a photo) and link such biometric data to biographical information in accordance with the authorities and the data owner’s policies on use, retention and information sharing.

DNA retention is not included in increment 1, the PIA pointed out, and is not addressed elsewhere in the document.

“The development of HART Increment 1 is focused on providing the core infrastructure and core functionality existing in IDENT that ensures uninterrupted service continuity for existing IDENT users,” DHS said, noting that “HART Increment 1 implements a new data architecture, which includes conceptual, logical and physical data models, a data management plane, and physical record storage where each associated record can have multiple associated biometric modality images.

The migration from HART Increment 1 to Amazon Web Services (AWS) GovCloud “will provide mission partners with biometric matching capability based on multiple biometric modalities (fingerprints (including latent fingerprints), face (including photo) and iris), and additional means by making it possible to identify an individual such as a unique identifier (for example, social security number (SSN), alien number (A number)).

Increment 2 will provide additional biometric capabilities for the needs of its customers, “and will provide increased interoperability with partner agencies and improved reporting functionality. Increments 3 and 4 will include a web portal and user interface, support for additional terms and improved reporting tools. “

Amazon’s GovCloud service “is required to adhere to the security and privacy controls required by National Institute of Technology Special Publication 800-144, Public Cloud Computing Security and Privacy Guidelines, as well as the DHS Chief Information Officer.

The new PIA, however, noted that a system security plan has not been completed for the information system (s) supporting the project, indicating that “OBIM is in the process of obtaining authorization for the project. ‘exploit for HART’, which is supposed to happen by the end of the year. OBIM should release updates to the PIA before operationalizing additional increments and features.

Although the PIA states that “there is a risk that the HART facial image match results may be inaccurate or cause a disproportionate impact on certain populations,” he said, “OBIM mitigates this risk by performing a facial matching adjustment to optimize system accuracy and performance. The face comparator setting evaluates the face algorithms for biographic, biometric, and contextual factors.

There is also a “privacy risk that mismatched facial images will be disclosed to authorized HART users”, but this should be mitigated. The PIA explaining that “in the case of the 1 to 1 facial recognition service, if the match does not return a match / no match result, the facial images are examined by the OBIM facial examiners in [OBIM’s] Biometric support center [BSC], and faces that do not match are not disclosed to HART users. HART may generate a candidate list as a survey manager as part of a 1-to-many service “and” OBIM BSC may review candidate lists and provide them to authorized HART users for use only. as an investigator, and not as the sole basis for any law enforcement action.

Another potential risk noted in the PIA is “that the quality and integrity of information collected and maintained in HART may not be of sufficient quality required to fulfill its purpose of biometric and biographical verification and matching, which could result in an identification error ”.
But, presumably, according to OBIM, “HART mitigates this risk by requiring fingerprints, which are unique identifiers, and basic biographical information, to establish an identity in HART.”

Finally, concerns have been expressed within DHS, contractors, developers, employees, engineers, users, etc., as to whether the COVID-19 pandemic will significantly delay even the deployment of HART Increment 1, given the discovery of a more virulent mutated strain and projections of 3,000 deaths per day in the United States through August. OBIM acknowledges that there have been setbacks linked to the pandemic and that the deadline may well be extended to the end of the year, or even until 2021.

DHS has been silent on the impact of the pandemic not only on this program, but on many others in which large numbers of essential employees and contractors have been required to meet federal social distancing requirements.

Articles topics

Amazon | biometric database | biometrics | cloud computing | Department of Homeland Security | DHS | facial recognition | fingerprint recognition | iris recognition | law enforcement | Northrop Grumman | United States

Source link

About Shirley L. Kreger

Check Also

Huawei OpenHarmony 3.1 Beta released with new system capabilities

The OpenAtom foundation has released OpenHarmony 3.1 beta for the open source community. The OpenHarmony …

Leave a Reply

Your email address will not be published. Required fields are marked *