Ref. Ares(2022)5380614 - 26/07/2022
V0.03, 20.06.2022
EU Joint mission (eu-LISA, Frontex, COM and MS) to USA
Meetings Report
On 6 and 7 June 2022, an EU Delegation composed by eu-LISA, European Commission,
Frontex and representatives of 3 MS (with the largest extension of external land borders)
visited US and EU authorities in Washington DC, USA. The mission started on Sunday the
5th June, early am hours, while the return flight was on Wednesday the 8th of June, pm
hours, with arrival on the 9th of June, early am hours.
The European delegation, headed by eu-LISA’s Executive Director, visited the US Customs
and Border Protection (CBP) headquarters, the Washington Dulles International airport, the
Department of Homeland Security – OBIM headquarters and the Delegation of the EU to
USA, in Washington DC. The aim of this visit was to share best experiences in the context of
the implementation of entry-exit programs, including the land borders pilot deployed in the
border with Mexico, on the implementation of biometrics and other technological solutions
and, in parallel, to identify opportunities for future cooperation in areas of common interest,
especially regarding the exchange of best experiences in the use of new technologies and
challenges encountered. The delegation included representatives from eu-LISA,
Commission (DG HOME), Frontex (ETIAS Central Unit), and representatives from the
Greek, Polish and Romanian border guard and law enforcement authorities.
Visit to US Customs and Border Protection (CBP) headquarters
On Monday, at the CBP, the Assistant Commissioner from the Office of International Affairs,
Debbie Seguin, welcomed the European Delegation, counting, as well, with the participation
of the Executive Directors from: the Office of Information and Technology; Admissibility and
Passenger Program; Planning, Program Analysis and Evaluation; and the Directors from
Biometric Entry-Exit Strategic Transformation; Europe Division; and of International
Information sharing. At the Customs and Border Protection (CBP) agency, the discussion
revolved mainly around biometric solutions in the enhancement of travel security and the
results of their land border pilot programme. Both parties provided updates on the
developments in the areas of common interest. eu-LISA provided an update on the status of
the implementation of the IO architecture, with particular focus on ETIAS. A brief overview
on the main challenges in relation to the implementation of the IO architecture was provided,
focusing on the ones related to the implementation of holistic systems, the MS constraints,
the financial resources, the geography and the personnel; it was also emphasised that each
BCP has its particularities and differences compared with other BCPs. Emphasis was also
given to new developments related to Identity management and to the accuracy of
biometrics which is a key success factor. The convergence between Border management
and internal security was highlighted, with the creation of a new ecosystem, covering key
aspects such as the reliance on new technologies (implying the readiness of industry), the
EUROPEAN UNION AGENCY FOR THE OPERATIONAL MANAGEMENT OF LARGE-
Vesilennuki 5, 10415 Tallinn,Estonia
SCALE IT SYSTEMS IN THE AREA OF FREEDOM, SECURITY AND JUSTICE
www.eulisa.europa.eu
redesign of the working/business procedures across 27 Member States, capacity building
and training, as well as the integration of all stakeholders (such as for e.g. sea/land/air
carriers) having in mind the complexity of the legal environment, that takes into account both
the EU and the national level. COM informed about its role in drafting and adopting the legal
acts detailing a wide range of requirements and carrying out the information campaigns to
keep the non-EU nationals and the general public well informed. US authorities stressed that
they keep an open communication with the travellers, use orientation signage at the airport
with information about the “screening” technology and directly involve the passengers in the
pilot project. Moreover, they were intensively confronted with advocacy groups on the
collection of biometrics issue. Questions about privacy were raised by both sides. The
agency underlined that privacy by design and by default is a key requirement that is
implemented across the IO architecture. There are certain essential provisions to be
respected, such as purpose limitation which allows consultation only of the necessary
information by the end user, variable retention periods, as well as strict access control.
Frontex added the need for a clear legal basis in the absence of consent.
Concerning biometrics, in 2016, US authorities decided to use FI as the most reliable
modality for them. Pilots in Atlanta and Boston occurred with the participation of some
partner airlines. The process is divided in 3 steps: First a gallery is built based on PNR data,
in order to allow for increased accuracy for biometric identifications as well as increased
transaction performance down to 2 seconds per operation on average. Then, match
requests are received and, afterwards, a response is returned. As indicated in previous
reporting from other visits, the US approach is simplified and is cost effective. They simply
want to identify persons and for that they use simple technology (commercial tablets). They
have a flexible approach, not restricting themselves to one technology that cannot be
expanded. In addition, they want to escape from operational costs and the associated
maintenance and licences. The latter is externalised by using commercial private Cloud
infrastructure; thus the requirement to have a Data Centre is not a concern anymore for
CBP.With this approach they also externalise the SLAs. Carriers are simply connected to the
Cloud via commercial wireless networks. Data is fully protected while the number of
transactions against AFIS exceeded the number of 3 million in a daily basis (thus, lots of
data to be analysed). At land borders, they expect the numbers to triple in this respect (a
total of 171 million since 2016).
CBO streamlined also the queries in order to ensure better SLAs, in high traffic airports.
Queries vary from 1:1, 1:small n (2 to 3 flights), 1: all n (more flights). As with EU with the
authentication scheme, CBP is using CAT (Credential authentication technology) for
interacting with the carriers. When, it comes to FI, the technologies used are able to take
photos with the mask on and verify the traveller against the library.
CBP provided a HL update on the developments and preparations at their land borders with
Mexico. At the land borders, the implementation of the process is progressive. A pilot
occurred in October 2021 and ended in March 2022 and the results are still being studied.
The main focus was on managing queues, thus technologies are applied to capture facial
images on the move., even if it is also foreseen the possibility for pre-registration, and in
case someone had pre-registered, then the person will need to use a separate lane. The
system is capable at capturing the information while vehicles are passing through the check
point in slow speeds. The success rate of this technology was in the beginning
approximately at 40%. After a month they installed a second camera and the rate increased
to around 76%. CBP advised that the collection of biometrics from the passengers always
involves more time at first entry.
EUROPEAN UNION AGENCY FOR THE OPERATIONAL MANAGEMENT OF LARGE-
Vesilennuki 5, 10415 Tallinn,Estonia
SCALE IT SYSTEMS IN THE AREA OF FREEDOM, SECURITY AND JUSTICE
www.eulisa.europa.eu
Concerning trains, CBP is not advanced neither, compared to the EU. Addressing the
associated questions CBP is of the opinion that only pre-registration techniques will support
the process. The delegation understood that as the moment, trains are not yet addressed at
US level (the passengers still come out in the station in order to go through the process).
CBP claimed that generally, they rely on the biographic data and passenger information
received in advance, hence the high interest on using pre-registration solutions at other
types of borders but air. CBP advertised their interest in the new technology developments
allowing to take FP by mobile phone as well as the iris collection, considered highly
expensive to implement.
For further information, see below the PPT presented by the Executive Director, Office of
Information and Technology.
CBPSlides_Samha -
Read-Only.pptx
Visit to Washington Dulles International Airport
The first day was concluded with a visit to Washington Dulles International Airport for a live
demo using a departing flight as example. CBP demonstrated lively the exit process
involving passengers flying back to EU.CBP is exposing web services to a certain group of
carriers (under special terms and contracts) which allow them to verify the identity of the
boarding passengers against a pre-fetched CBP facial image data gallery1. The process is
passenger friendly; average commercial tablets are used, taking the picture of the passenger
and comparing it real time with the data galleryexposed in the CBP cloud, while passengers
are informed by audio means about the whole process. The process is quite fast, not going
beyond 2 secs on average for the FI identification (It is 1:N rather than 1:1 since it’s based
on facial image only). CBP officers are present at the boarding gate only in case their
presence is required to perform supplementary checks on passengers based (according to
the results of the checks made before using the data provided by the carrier). In case of no-
match, the passenger is kindly invited aside for the officer to continue the exit controls. The
automated boarding process triggers also an update in the CBP back-end regarding the
traveller file, confirming the fact of the exit from US. According to the explanations provided,
in case a traveller is not found in the gallery by any means, it will be intercepted by CBP
when it goes through the corridor towards the flight and not in front of other passengers.
Next Steps:
Both parties agreed to continue their cooperation; virtual follow-up meetings will be
organised in this matter to address aspects of common interest, such as the lessons
learned in the preparations of the land border, biometrics accuracy, technologies
used at the borders for the management of passenger flows, amongst others;
1 The gallery is created by CBP after performing border checks for all the passengers based on the list sent by
the airline company.
EUROPEAN UNION AGENCY FOR THE OPERATIONAL MANAGEMENT OF LARGE-
Vesilennuki 5, 10415 Tallinn,Estonia
SCALE IT SYSTEMS IN THE AREA OF FREEDOM, SECURITY AND JUSTICE
www.eulisa.europa.eu
It was agreed that AI and Cyber security related topicswill be covered on a follow-up
meeting (as, due to limitation of time, it was not possible to cover that part during the
meeting).
Visit to the Department of Homeland Security, Office of Biometric Identity
Management (OBIM)
On Tuesday morning, the EU delegation was welcomed at the Department of Homeland
Security by the Director of the Office of Biometric Identity Management (OBIM). Discussions
were far-ranging and included, amongst others, public tenders in the area of biometrics;
biometric system performance testing; collaboration with research institutes; multivendor
biometric architecture; and best practices and lessons learned related to the governance of
identity management. eu-LISA provided the American counterparts an update and insights
on the EU Interoperability Project.
During the meeting, both parties provided updates on the developments made in those
areas of common interest. eu-LISA provided an update on the status of the implementation
of the IO architecture and some technical challenges linked to the development of sBMS.
OBIM provided HL updates on process acceleration techniques and how they address
biometric accuracy measurement. Eu-LISA explained further that accuracy in the EU is a
strict legal requirement and it is an endless process. eu-LISA explained further that there
were some tools provide to the Member States – the users software kit – which provide an
indication to the end-user on the quality of the data (the US has it as well, but an override
button is foreseen). US representatives informed that contractors are given access to
biometric data fr testing purposes only, based on a clearance procedure. On Identity
management, OBIM provided updates on how they are organised in this matter, i.e. by
establishing an executive stakeholders board and an executive steering committee, a
biometrics capabilities committee. Emphasis is given on how to improve identity
management in order to provide the best information possible to decision makers; thus both
parties agreed to extend their cooperation in this matter. The US is using facial image for a
much shorter period than the EU (only 5 years). For FPs they only have one set of
templates, but for Facial image they stored 5. There were exchanges about contractual
setup for a possible multi-vendor biometric architecture, as well as on the solutions and
approaches used for testing biometric performance. The OBIM has decided to set-up a
biometric accuracy team, with the aim to have real-time accuracy results. For e.g. in what
concerns FPs there is a grey area and they have created a team with around 60 FPs’
experts, which are responsible for analysing everything that falls into this grey area and
assess what will be a match, or not. Lack of a minimum quality standard for biometrics at the
level of Department of Homeland Security requires the need to perform manual verifications
by biometric experts of all the raw biometric data collected “from the field”. Generally, US
relies on a remarkable investment in resources.
To Frontex’s question on how they address the need for processing legacy data and to
produce quality checks and how much staff is involved on that process, the US colleagues
confirmed that most of their operations are done by vendors, under specific contracts. OBIM
provided the ToR of their call for tender, as well as the names of their current vendors.
Next steps;
EUROPEAN UNION AGENCY FOR THE OPERATIONAL MANAGEMENT OF LARGE-
Vesilennuki 5, 10415 Tallinn,Estonia
SCALE IT SYSTEMS IN THE AREA OF FREEDOM, SECURITY AND JUSTICE
www.eulisa.europa.eu
A follow-up virtual meeting will be organised in the incoming weeks to continue the
discussion on how to address questions related to biometric accuracy measurement;
The US counterparts agreed to share a presentation with the lessons learned on this
area and the next steps to be followed
Both parties agreed, as well, to extend their cooperation in the area of identity
management, namely by sharing their experience in addressing challenges, including
in identifying and address risks and threats
The Biometrics Institute Annual Congress planned for 26-27 of October 2022 in
London is an event focusing on biometric challenges which will gather worldwide
biometric experts, OBIM representatives will be sharing their experience on this
event.
Visit to the Delegation of the European Union to the United States,
The programme for Tuesday afternoon consisted of a visit to the Delegation of the European
Union to the United States, where Mr Garkov updated the EU hosts and the representatives
from 19 Member States, on the state of play of implementation of EES, ETIAS, and the
overall interoperability architecture. The complexity of the work was highlighted with all the
different parallel projects, having as main aim to close the existing gaps, while changing the
way that border guards and Law Enforcement authorities will work in the future.
Furthermore, it was provided an overview on the several building blocks and explained that
there is a very challenging deadline to reach – end of 2023 – but this is not the end of the
process, as this new information architecture is just an important contribution for the
implementation of the Internal Security Strategy. Particular emphasis was provided on the
preparation of the MS for the EES EiO, the challenges related to the readiness of their
national developments, their BCP preparations and their alignment with the Carriers to
manage the passenger flows at BCP level. The hosts were also informed about the critical
need to accelerate the Carriers Registration. The representative of the European
Commission provided as well further information on the respective information campaigns
that are being envisaged, particularly on the EES campaign ongoing preparations, which will
directly involve the EU Delegations in the different regions of the world.
Answers were provided to a number of questions raised by different participants, namely
related to the importance of the readiness of MS’ carriers, but also from the
citizens/travellers, the connection between sBMS and SIS (FR) and the links with the
Interpol databases (BE), which is an issue pending the outcome of the ongoing negotiations
of the EU-Interpol Cooperation Agreement.
The ED concluded recalling that digitalisation is enlarging to all different areas, and provided
as example, the pilots done by the Agency on visa digitalisation and also the one on
chatbox, which creates a series of new opportunities for further developments. He
underlined that
‘Information is on our days the most important asset for MS, and for the EU
as a whole, in order to make timely and factual decisions, determining how to react to any
threats’.
EUROPEAN UNION AGENCY FOR THE OPERATIONAL MANAGEMENT OF LARGE-
Vesilennuki 5, 10415 Tallinn,Estonia
SCALE IT SYSTEMS IN THE AREA OF FREEDOM, SECURITY AND JUSTICE
www.eulisa.europa.eu
