Speaker 1:

Welcome to HSDF THE PODCAST, a collection of policy discussions on government technology and Homeland Security, brought to you by the Homeland Security and Defense Forum.

Today's program features Tom Ragland and John Wagner on the DHS touchless screening transformation. Listen in as they discuss the development of effective touchless screening, and the next steps for deploying touchless screening at airports and other security checkpoints.

Tom Ragland is with Dell Technologies Business Development and Strategic Programs, and is the former Operations Director at DHS. John Wagner is the former Deputy Executive Assistant Commissioner at US Customs and Border Protection, and the innovator behind CBP's successful global entry program and touchless screening initiatives.

Tom Ragland:

I'll just kick it off with a couple opening comments to try and frame why we put this program together this way. John and I are now in what we call, the four part team that supports Homeland Security. And most of you know the three parts, the people, the processes, and the technologies. The fourth part is the one that John and I talk about a lot and we want to share with you, the partnerships.

We're both out of government now, so we have a different perspective on the touchless passenger, on where facial recognition and the biometrics have come from in Homeland. And relatively speaking, we're doing a stage set so that Austin and Deputy Sabatino can have some more fun, and talk about where they're going next, what they're working on, and emphasize that.

Because, our role as partners is to support them in every way we can. The government affairs, government relations, and all of you. We're the people who are talking not only to our FSI partners, other government members, but our other group, the Congressional. We have to message to them why things are important. And with the relationships that John and I have acquired over the year, it's a good audience. When you're going in and they know who you are, they accept you, they trust you. You're going to have a lot better conversation. And we want to share with you some of the thoughts that we think are critical of how we got to where we are now. So, John.

John Wagner:

Sure, thanks. And thank you for that kind introduction-

... and, having me the here today. It's nice to be remembered when you're retired. But the touchless travel, the history here is real important. Because this, and I'll give a quick history of how we got to where we are today, but this came out of a recommendation from the 9/11 Commission, that the government needed to biometrically confirm when visitors came into the US and when they left. We were already doing biographical tracking, but the 9/11 Commission recommended a biometric confirmation of that. So we knew who was in the country, who was overstaying their visas, and who left.

So over the course of several years, Congress implemented several pieces of legislation, mandating the requirements of a biometric based entry-exit system. DHS implemented the arrivals portion. And not that it was easy, but it was easy in the sense that there was already a discreet process for arrivals. Every single person arriving in the US goes before, used to be INS and customs, and now the new agency under DHS, CBP. And everybody's funneled from the plane to that arrivals' hall. And you meet with the CBP officer and go on your way, or go in for other inspections, or other things.

So, departures isn't the case. The US never set up the departure system, like in a lot of countries around the world. Like in Europe, you see a border control officer and you have to get your passport stamped to leave. The US wasn't designed that way. Yes, we had departure or outbound authorities, we did outbound enforcement things, but they were nuanced, they were targeted, they were directed. There wasn't a place where we funneled all international departures to.

So you have internationals co-mingling with domestic flights. You have US citizens and permanent residents co-mingling with visitors. So where do you put a biometric collection into that process? We all travel through airports. We know how congested they are. We know how stressful travel is for a lot of people. We know how confusing it can be. So where do you put a biometric collection in there?

And, DHS tried several different efforts over the years. They've put up some self-service kiosks. And the technology would work, but it was more, where do you put it to be effective? Congress got increasingly frustrated with DHS. I think they withheld money from the secretary's office once or twice, if they didn't get the plan on how to do biometric exit.

S&T studied it and looked at, okay, the biometric process, which we're going to come back to, that biometric process. If you did it at different places in the airport, what's the impact? So do you do it at the airline check-in encounter? Do you do it at the TSA checkpoint? Because that's never congested either, right? Do you do it at the boarding area? Because that's never congested. How do you do this?

So they looked at the impacts of doing this at the different locations, and a feasible plan never developed. DHS ended up publishing a notice of proposed rulemaking, I forget the year, maybe 2009 or '10, and just said basically, "Airlines, you figure out how to collect biometrics from departing visitors and provide them to DHS." It might even specify fingerprints, I don't remember.

Airlines, airports, travel stakeholders didn't take too kindly to that, because it dumped the government's problem on them in a lot of respects. You talk about the cost, and the congestion and the confusion. And the airlines at that point are trying to move away from check-in counters. Who still goes to the check in counter every time? You're going to force people to go back to that, when they're trying to automate it. This is when mobile boarding passes were starting to happen. So it was running counter to a lot of the airlines' plan, so a lot of tension there. 2013, I believe, Congress transferred the exit mission over to CBP.

Tom Ragland:

Right.

John Wagner:

Entry-exit. And some of the people in this audience know entry-exit real well. So it landed in my lap. And look, my staff, we tried and ran a couple pilots. We really didn't have a good sense of, how are we going to approach this? To make a long story longer, what we looked at was the biometric collection process itself, and there was this pre-scripted way that DHS did biometrics. To collect biometrics, you had to read the passport. It does a biographical match first, it finds the biometrics associated with that person. You take the biometrics and it does a one-to-one match. And it does one against various enforcement lists. All in, we'll call it real time.

So that made a complicated process, because there's several steps in that transaction. So I was thinking, I'm like, "Well, our national targeting center already has all the airline data. We've already vetted the biographical data. We've got what we call a hot list of all the people we want to see before they depart." And we'd be at the gate, the departure gate waiting for that person. So if you've got a warrant out for your arrest, we'll be there to place you under arrest. The Times Square Bomber, we were there at JFK before he boarded the plane, to apprehend him.

I said, "And we can look at the biometrics when we're doing that pre-departure targeting." I said, "So what if we just took everybody's biometric from the manifest and just held it in a place, and when we encountered the person, we would just take a biometric and run it against that very small subset." So we're still doing a biographic match, but we're using the airline transmission of the APUS data, the advanced passenger information. Basically your check-in data, which we're getting prior to departure. It's the point where you actually go to print your boarding pass. So we could pull the biometrics associated with that person. We could put it into its own, we'll call it a gallery. And then when we encounter the person, we don't have to do the biographical check anymore, because we're just doing one to a small many.

We ended up on facial recognition because number one, it's easy to take a picture. We had US citizen photographs from the US passport database. So what we could do is bring this to the airline and say, "Just board the plane the way you normally do. Just take a picture as they're boarding." And one point that we had to focus on early, this was voluntary. The traveling public were voluntarily providing their information. And that was a major part of the argument with different privacy groups and with the Hill. And that took a great deal of back and forth to negotiate all of those hoops, but it was voluntarily provided. So that's a key aspect. And they, the airlines wanted no part of this. When they caught wind of it, they sent me a very nice letter that we want no part of this, this is your responsibility. But we got an airline at the time to test this with us. And it worked really well.

A partnership. Delta said, "Yeah, let's try this out." And we put it on a laptop. We set a camera up in Atlanta, and as people boarding the plane, we took their picture and you could confirm them real quick, who they were. So we said, "Okay, can we take that confirmation and run it through your departure control system and check off your boarding pass? You don't actually have to read the boarding pass, so we can have a true one step token-less, touchless process to board the plane. So you don't have to check passports anymore. You don't even have to read boarding passes." So we tried that and it worked. Next we knew, JetBlue was calling, "Hey, we want to do this." Next thing we know, Orlando calls. "We'll pay for all these." And we had this momentum building that the airlines and airport authorities saw some value into what we were doing.

We weren't just dumping a problem on them. We said, "We're actually going to automate your boarding process and we're going to speed it up," in some of the time in motion studies we did. And it's less things the gate agents have to worry about, because you've seen if you board an international flight, they're checking passports. They're reading boarding passes, they're dealing with questions. They have a million things going on. If they could just have a structured process that look, people boarding the plane, looking at a camera and they're smiling, people smiling as they board the plane. JetBlue used to make jokes with the kids. "Hey, stick your tongue out at the camera." It still works, still matching. When they get the green check mark, the kids would love it. So it was really changing the atmosphere and the dynamics of the boarding process, but making it a lot quicker and just simpler for people.

Tom Ragland:

Yeah. And I need to interject one point. Notice that the work that John is describing was done primarily between CBP and TSA. There were other parts of the DHS structure involved. There was the relationship with S&T, because they were responsible for certifying. And John and I were discussing the aspects of that, but several different parts of Homeland had their chartered areas. But we had to figure out in the operational side, how do we bring this together so it will function for the American public? And believe me, we had as many of the problems in-house as we did out of house.

John Wagner:

I mean, we set this up as a public-private partnership. So the airlines, the airport authorities could pick their own vendors. We would say we were camera agnostic. So whatever can take a picture and you can transmit it to us in this format, we'll take it. We would use, we had space in the AWS cloud, we were using the algorithm from NEC. The government owned the match. We had some business rules about the photographs and the transmission back and forth, but we left it open that number one, everybody could play and have a piece of this. We could have the industry energized to innovate and continue to make progress in better cameras, better algorithms like we're seeing today. And it wasn't just a well, government procured solution. So this through the acquisition process at DHS into a bit of a tizzy.

Tom Ragland:

He's being kind here, because for those of you who've had the pleasure of working with the procurement acquisition process at Homeland Security over the years, you know it has evolved. And I'd like to think that has systematically gotten somewhat better. But it was a major hurdle working through the procurement acquisition, in order to achieve what John is describing.

John Wagner:

It's like, they saw it as risks that the government didn't own the endpoints, the cameras. They said, "Well, you're relying on the airline to keep that camera in operations. That's a risk for you." I said, "No, that's less risk for the government and less expense. The airline's going to be using that to board the plane, so I'm pretty confident they're going to keep it up and running." And our internal IT people have a lot less things now to worry about, because they got enough on their plate and they got enough things to keep up and running. And we shared the responsibility and we built a very lean infrastructure. We built very reliable components of this. So your downtimes really were minimal.

The other piece was day one, it's like you get a new job or a promotion, you got all this ambition, you get all these great things you want to do. And we listed out a hundred things we were going to do with this technology. Everybody's going to play a part. It's going to be not only curb to gate, it's going to go past the airport to your hotel or to the theme park. So we've just had this ambitious vision.

But as you go along over the years, you have to address the privacy concerns. You got to look at the how do you really do this? Can you actually bridge this to some of the private entities, beyond that part of the travel continuum, and how do you address those privacy concerns? They're important. The limitations of certain technologies, the practicality of what you're trying to do. The funding, all these things change. And what I found with some of that acquisition process was very rigid. You were locked in, in a lot of respects to what you said you were going to do on day one.

So fast-forward a couple years, we get to the end for level, what was it, three certification or something. And S&T doesn't want to declare our system, was it effective, I think, was the word they used. Because you said you were going to do these a hundred things and you only did 50 of them. And I'm like, "Okay, but these other 50 things we changed along the way, because you've got to adjust." You got to be flexible when you're innovating and building something from nothing. How do you adjust that as you're going through this acquisition process? So at the end, "Well, you didn't do these things." I said, "Yeah, but only thing we have to measure here is, what did Congress tell us to do, and does it do it?"

Can we take a biometric from a departing visitor and match it up to the biometrics they gave when they arrived or when they got their visa? Yes, the system does that. So it's not about all these other pieces, about are the airlines using it? What's the saturation rate? What about mobile devices? What about all these other things? I said, "Yeah, those are all nice to haves, but that's not essential to, does this work? These are add-ons, we can add on down the road." Should we work through some of these very significant privacy issues, civil liberty use issues, and is this what the public wants and would they be accepting of that? But let's just measure the, why do we punish ourselves like this? Let's just measure what's required.

Tom Ragland:

So lessons learned, but really looking at how does a public-private partnership fit into that process? How do you be flexible, so you don't get buried with the sum costs? And you keep going down, a path might be wrong, but because the system doesn't let you out of it, you're kind of funneled into that, right? And you are, and one of the essence of going forward, and we're priming this now for our follow on speakers, is the partnership approach and the experiences that I know stand, obviously, you've had in Leidos. I go around the room, I see my business partners that Dell has teamed with repeatedly. You know these lessons learned of how you have to partner, in order to go forward. And it really takes the working back and forth in order to achieve it.

It's not an easy transition, because internally, we had four different parts of Homeland that were almost preening themselves to control their part of this process, making it more difficult for John to move forward operationally. And he'll tell the horror stories there. But that's fact. And we've all worked through this as partners in working with government. So this is going to only get broader and wider as all the modalities of transportation are seeking an improvement in their security, and the citizenry exchange their experience. We're all about customer experience today. So it takes both sides in order to focus, to improve that customer experience. And we're being measured right now in our today's society, that customer experience is being called out more and more. So the partnership effort has to step up to meet it. Questions? Good. And we're going to throw it out because there's a lot of experience around this room.

What questions do you have? Because we've tried to paint a picture of what has gotten us here, post 9/11. 9/11 Commission came out with the first requirements. It took us in the headquarters almost four years to delineate, "Okay, we've got a requirement. How do we operational ice it and go to the components and the offices?" And in some ways we had people leaning forward over the desk, "Oh, I got that, and let me tick them off." Procurement acquisition said it, OBUM said it. I didn't hear the same eagerness from CBP and TSA because they were more concerned about, "How do we actually take this from a planning and design and work it through?" And the first pushback we got was from the airlines. Airlines say, "Wait a minute, you're imposing another unfunded mandate on us? No, no, no, no." Then we got a little bit of pushback on the privacy side. Okay. But by being willing to engage and talk through the different concerns, we overcame that. So partnership again.

The contractors that have supported through the different offices had to align and find ways to work together. And that's not always easy. And I will say bluntly, my biggest problems in the operation side were in dealing with the C-levels. Procurement acquisition. They wanted to do it their way, without talking or listening to CBP and TSA. So these are the efforts that we have to double down on going forward. And any questions you've got, as far as thoughts you have or recommendations, we want to be a forum here where we can bring this information together so that both Chief Sabatino and Austin know they've got partners. That you can ask us to go to the Hill, message through our government relations and affairs and carry some water here. Because we're all involved, and this won't be a success in the going forward unless we have this kind of partnership.

John Wagner:

The other piece of the 9/11 Commission recommendations was looking at the travel continuum as a continuum, not taking these in isolated installments. And you have opportunities to go after threats or concerns earlier on in that continuum, if it's all connected together. You're looking at the application for travel documents, you're looking at when they board the plane, you're looking at when they arrive, when they go through CBP, when they go back through TSA to connect to their flight, to get to their destination. It's this system of systems. And that's why we built a really strong partnership with TSA on this, because we had the data just sitting there in international passengers.

So like in TVS, the Traveler Verification Service. So why not put this at the checkpoint and let TSA leverage part of this, too? And then could that be a platform or a structure for some of the bigger work? So, they've got a lot more domestic passengers than just international ones. Does this help them with what they're trying to do? But, so we don't have these independent silos as we continue to work through. And when there's a threat, it's all one chain of events that are connected through the technology that the right government agencies can then access, and do what what's required.

Tom Ragland:

Definitely.

John Wagner:

And I think a lot of lessons can be learned from the manner in which CBP constructed this. So you've got really strong parameters around, number one, there's a requirement to establish your identity at the airport, either for TSA or CBP. You have to have a passport to travel, generally speaking, and there's other travel documents. But so we didn't invent a new requirement there. Someone's already checking you against your passport or your travel document photo, and making sure it's you.

Those are the only documents that feed into the pre-staged gallery. So they're good quality photos that people have generally submitted to the government for purposes of travel. You're taking a good picture, say at the airport, where a person knows their picture's being taken, they're looking into a camera, and you can ensure you get a good quality photograph. Lighting conditions might impact some of that. And the airports depended on now what time of day it is or where the windows are. You might have sun or darkness, so you can correct for those things. But these parameters give CBP a very reliable and quick match rate. It's high 90 something percent that you're seeing, because it's a limited set with quality photos, with a good algorithm and quality other conditions. I would like NIST and others to study and do a comparison, based on those limited factors. This isn't an open-ended data.

Yeah, and when your picture's run against that limited gallery, your picture's expected to be in there. It's not like it's running against a set of random photographs of which you may or may not be in there. It's gone. Where is the person that looks like this within these thousand photos? So you're in there. So how does that manipulate the math science behind it? You can't opt out of being inspected, you can't opt out of establishing your identity, establishing your admissibility, making your binding customs declaration. You can't opt out of that. Is this an easier, more efficient way to do it? But they got to go through the rulemaking, got to give the public chance to comment. There are other authorities. As a US citizen, you have to travel on a US passport, right? CBP has the authority to check those passports, even in a departure area.

So we brought in several different authorities into this. It wasn't just entry-exit authority. So US citizens are included because, CBP has the authority and the responsibility to make sure you are who you say you are. We've got to determine you're a US citizen to know you're out of scope of the biometric exit requirement.

Yes, it is one system. Is it perfect? No. Are there enhancements that could be made? Yeah, especially the seaports, commercial seaports and Diane can talk a little bit about this, and made great progress in bringing in the cruise ships and commercial sea travel into a very similar system as air. Land board is a lot more challenging, just because of the logistics of doing it. If you look though at the numbers of say, non-American, non-Canadian, non-Mexican travelers through, actually very few crossing the land borders.

So what's the right approach to set up to ensure their departures are properly recorded? In the scenario you just mentioned, you fly in, you drive across the border, you fly out of Canada or Mexico, back to your home. Can the government accurately record that? There are some biographical data exchanges now between information, so some of that information is collected and it's matched up. That's one system that CBP uses. The Arrival Departure Information System, where all that's housed. So all the crossing records are in there. Yeah.

Speaker 1:

Thank you for tuning in. You can follow HSDF THE PODCAST on every major podcast platform. Visit hsdf.org to learn more about the Homeland Security and Defense Forum and HSDF THE PODCAST.