The Trump Administration has been stepping up the collection of data in general and more specifically from visa applicants and travelers.

Here are a few new policies:

  • A pilot program has been instituted at the border that would include DNA testing and fingerprinting of children under age 14.
  • USCIS is collecting biometric data from most applicants using the Form I-539 to extend or change their statuses. This includes all dependents, including children, of H-1B and L-1 nonimmigrants.
  • The Department of State is collecting social media identifiers from all visa applicants – affecting approximately 15 million foreign nationals planning to come to the U.S.
  • The Department of Commerce proposes to collect citizenship data in the decennial census, but is being challenged in the U.S. Supreme Court (a decision in the case is expected by the end of June).

Just as some of these measures go into effect, Customs and Border Protection (CBP) has announced that it was hit by a cyberattack that compromised photographs and license plate information of approximately 100,000 travelers. These images are captured by cameras and video recording devices at airports and land border crossings and, according to an official, the compromised data was collected somewhere along the Canadian border.

According to an official who spoke anonymously, the breach involved a subcontractor working on the data and was described as a “major incident.” The government uses a group of subcontractors to collect this sort of data and to enhance security at the borders.

Congress is concerned about the safety of information collected by the Department of Homeland Security (DHS). Senator Ed Markey (D-Mass.) has requested more information and has asked DHS whether all affected travelers will be notified. Representative Bennie Thompson (D-Miss.) said: “Government use of biometric and personally identifiable information can be valuable tools only if utilized properly . . . . We must ensure we are not expanding the use of biometrics at the expense of the privacy of the American public.” He also noted that this incident is the second breach at DHS this year. The other breach was of FEMA information about two million U.S. disaster survivors. The ACLU has commented, “This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”

CBP has the ability to operate within 100 miles of the border, so it is possible that surveillance activities could capture data of individuals who are not travelling – including U.S. citizens. Two thirds of all Americans live within 100 miles of the border.

Please contact a Jackson Lewis attorney if you have any questions.