USCIS pursuing broader data-sharing agreements with other agencies
U.S. Citizenship and Immigration Services needs to establish broader data-sharing agreements with partner agencies so all appropriate groups have access for automating aspects of the naturalization system, according to officials.
U.S. Citizenship and Immigration Services (USCIS) isn’t the only player in the “grand life cycle of immigration,” and often the State Department or Customs and Border Protection interact with people — collecting documentation or facial recognition data — before they enter the country.
Existing data-sharing agreements or memorandums of understanding (MOUs) may date back decades and cover specific uses, failing to account for how much agencies like USCIS need to repurpose and reuse that data.
“There are too many MOUs out there that say only this system can talk to explicitly only this system, but it’s like wait, wait, wait, wait five other groups in our agency need the exact same data,” said Damian Kostiuk, chief director of USCIS’s Data Analytics Division, during an ACT-IAC webinar Tuesday. “No, don’t lock me out when this is critical; if I had it I could automate and help people get through the system faster.”
USCIS is working toward semantic models that link disparate data from multiple agencies, rather than rely on a single datapoint like facial recognition. Biographic and fingerprint data can also help triangulate a person’s identity, and their original interaction with the government may have been when the State Department verified a marriage certificate that can be digitized.
The Office of the Chief Data Officer within USCIS is standing up data quality and management programs targeting external, “golden” data key to identity verification held by other agencies.
“If we can get these to work together through data-sharing agreements, honestly I’m really excited about where we’ll be and what we can do to try and remove, as much as possible, bias from these algorithms,” Kostiuk said. “We’ll just have such a huge pool of information to be able to train them, as opposed to them being trained on various, specific subsets.”
Bias in facial recognition and other biometrics data is one of several challenges USCIS must overcome before the technologies can be used to help adjudicate benefits like green cards.
Prior to the pandemic, USCIS was working on a pilot using facial recognition to remotely verify identities. That pilot is being dusted off.
“Right now USCIS, by policy, is not currently allowed to use facial recognition for any part of the process that involves adjudication of a benefit,” said Ryan Koder, chief of biometrics and scheduling. “That’s stuff that … is going to have to change.”
The Customer Profile Management System (CPMS) is USCIS’s centralized repository for all biometric data captured from immigration applicants and allowing for identity management in the form of background checks, re-checks and card production. USCIS wants to match a facial recognition image collected using the CPMS app on a mobile device with images in its catalogue, a “gold standard,” said Timothy Murray, acting chief of the Information Records and National Security Delivery Division.
Most matches have a high level of confidence, but USCIS must address other considerations like bias; certain ethnicities haven’t matched well. The good news is other Department of Homeland Security agencies have deployed mobile apps doing similar things, and its Science and Technology Directorate is working to isolate and measure specific features that lead to bias in order to come up with a response policy.
USCIS must also come up with policies for data protection involving encryption, usability so other apps can leverage the biometrics being created, and fraud addressing the “considerable threat” of deepfakes no longer being perpetrated solely by state actors, Murray said.
A final consideration is privacy and ensuring biometrics collected are used only for their intended purpose.
USCIS’s data-sharing agreements “absolutely go through the ringer” with general counsel and privacy officers to identify those purposes, while the agency’s data management program ensures flags, or else explicit controls, are in place to prevent misuse, Kostiuk said. The next step is parsing anonymized, but statistically relevant data among different groups.