Balancing Security and Privacy in CBP Biometric Exit

Published Date : 9/30/2025 

The U.S. Customs and Border Protection's (CBP) biometric exit program has evolved into a hybrid system that combines airline-installed cameras and government-issued mobile devices. While the program aims to enhance security, it has raised concerns about privacy and transparency. 

The U.S. Customs and Border Protection’s (CBP) biometric exit program has matured into a hybrid system that pairs airline-installed cameras at boarding gates with government-issued handheld devices carried by federal officers. These mobile devices, often resembling smartphones or tablets, have become a permanent feature of departure control in the United States, filling gaps whenever airlines or airports lack their own biometric infrastructure.

While CBP insists the process is routine and transparent, the program’s reliance on mobile capture has generated both confusion and unease among travelers. In one incident reported by The New York Times last week, a passenger at Boston Logan International Airport described CBP officers in the jetway photographing departing international travelers with what appeared to be cellphones. The passenger called the incident “an ambush.”

CBP later confirmed that in some cases, officers do use phone-like devices equipped with special applications to take departure photos. CBP itself has described these tools as “a handheld, mobile device that allows officers on the jetway to run travelers’ fingerprints through law enforcement databases as travelers are exiting the U.S.” After passengers scan their boarding passes, a camera set up on the jetway takes their pictures before they board the flight, according to CBP.

As of September, the Office of Information and Regulatory Affairs approved a Department of Homeland Security (DHS) rule clearing the way for biometric exit at all airports, seaports, and eventually land crossings. CBP officials have said that more than half of all departing international passengers are now biometrically confirmed, and that the numbers climb each month as more carriers are integrated.

CBP’s widening use of mobile devices comes as the DHS Inspector General completed an audit that found CBP’s vast fleet of government smartphones and tablets suffer from basic security failures that have left personal and sensitive law-enforcement information exposed to cyberattack and loss. The handheld option dates back nearly a decade. Beginning in 2015, CBP piloted the use of wireless mobile devices at Atlanta’s Hartsfield-Jackson airport, stationing officers at the loading bridge to photograph and fingerprint passengers as they boarded.

A CBP press release in July 2015 described testing “enhanced handheld mobile devices” capable of comparing exit biometrics against existing entry records. Those experiments laid the foundation for what CBP now calls Biometric Exit Mobile, or BE-Mobile, a program intended to make handheld capture a permanent part of outbound operations. The wireless handheld devices capture biometric and biographic information.

“We evaluated more than 150 different biometric devices and algorithms. We put them together in different configurations and then brought in test volunteers to actually run through the process to figure out how long it took, what kind of throughput we were able to get, how well the biometrics matched, and what their performance ultimately was,” said Arun Vemury, director of the Department of Homeland Security’s Science and Technology Directorate’s Apex Air Entry/Exit Re-engineering and Port of Entry People Screening programs.

“Over time, we brought in more than 2,000 people from 53 different countries of origin, who varied in age from 18-85. We were trying to mimic the demographics of travelers coming to the U.S,” Vemury said. “Because of the improvements in facial recognition technology, we can verify people’s identities with facial recognition much more effectively today than we could even just two years ago.”

At the center of this system is the Traveler Verification Service (TVS), a cloud-based platform that instantly matches boarding photos to images already held in government databases. In many airports, airlines provide the camera hardware on rigs mounted on stands or embedded in boarding gates. But CBP’s privacy documentation makes clear that mobile devices will also be operated by the government, and that this flexibility ensures coverage across dozens of airports where federal officers armed with phone-like devices can step into a jetway to complete the biometric check.

Procurement and privacy records shed light on the nature of these devices. In 2018, CBP issued a Privacy Impact Assessment (PIA) describing “mobile phones and specialized devices for document swipes and fingerprint collection” as running on commercial off-the-shelf hardware with a CBP-developed application to handle capture and transmission. The PIA said that during testing in 2015, “CBP recorded biometrics from in-scope aliens departing on certain flights and used statistical software to randomly select flights to screen. The pilot assessed the value of this mobile technology to existing teams of CBP officers conducting normal outbound enforcement operations, including random and targeted traveler inspections.”

Earlier assessments from the 2015 Air Exit Test used similar language, referring to “wireless handheld devices” capturing biometric and biographic information. Integration documents for airline partners, released through FOIA, require carriers to disclose a camera’s manufacturer, model, serial number, and firmware when tying into CBP’s systems, suggesting the agency carefully tracks technical specifications even if it does not disclose them publicly.

While CBP has not confirmed using a specific brand of mobile device, the configuration mirrors the agency’s own description as a phone-class device that is hardened and managed for law enforcement purposes, sometimes with add-on modules for passports or biometrics. Separate contracts with AT&T Mobility covering wireless data and device connectivity provide the communications backbone for these devices, ensuring they can upload photos to TVS from a gate or jetway. According to a June sole source award justification, CBP has AT&T Wireless Internet accounts for “mobile voice and data plans, device connectivity, and mobile hotspot services.”

What remains conspicuously absent though is a public list of the exact models of mobile devices in circulation with CBP. FOIA requests filed by advocacy groups such as the Electronic Privacy Information Center have sought technical specifications and contracts naming devices, but CBP has released only heavily redacted materials. The omission may be deliberate. Disclosing model names and firmware could expose vulnerabilities, and CBP has security, vendor, and operational reasons to withhold those details.

The effect is that travelers see only a federal officer with what looks like a smartphone, capturing a photo in seconds before they board. Behind that image is a secure pipeline of software and databases, with the device itself treated as a black box. Officials stress that U.S. citizens can opt out and that their photos are deleted within 12 hours, while non-U.S.-citizen encounter photos are held in TVS for up to 14 days and related immigration records may be retained in DHS back-end systems for as long as 75 years.

Privacy advocates warn that such practices normalize facial recognition at points of travel and risk “mission creep” into broader surveillance. They point to the 2019 breach of the subcontractor Perceptics that exposed facial images and license plate data as evidence of the hazards in expanding biometric systems. GAO has likewise pressed CBP to strengthen audits of partner airlines and ensure the cybersecurity of devices in the field.

CBP’s handheld devices are now central to its identity verification mission. They ensure that biometric exit can be enforced even in places without permanent infrastructure, making them as essential to the system as the cloud matching service itself. Yet, the absence of transparency about what those devices are, how they are secured, and how often they are deployed leaves critical gaps in public oversight.

While CBP uses phone-like handhelds to photograph departing passengers, and has institutionalized the practice, the unresolved questions concern how far that flexibility extends, what hardware is truly in use, and whether the balance between border enforcement and privacy will shift as biometric exit expands across every mode of travel. 

Frequently Asked Questions (FAQS): 

Q: What is the CBP biometric exit program?

A: The CBP biometric exit program is a system that uses biometric data, such as facial recognition and fingerprints, to verify the identities of international travelers departing from the United States. It aims to enhance security and ensure that individuals are who they claim to be.

Q: What devices are used in the biometric exit program?

A: The program uses a combination of airline-installed cameras at boarding gates and government-issued mobile devices carried by CBP officers. These mobile devices, often resembling smartphones or tablets, capture biometric data such as facial images and fingerprints.

Q: What are the privacy concerns with the biometric exit program?

A: Privacy advocates are concerned that the widespread use of facial recognition and biometric data could lead to broader surveillance. There are also concerns about data security and the potential for information to be exposed to cyberattacks or unauthorized access.

Q: Can U.S. citizens opt out of the biometric exit program?

A: Yes, U.S. citizens can opt out of the biometric exit program. Their photos are deleted within 12 hours, while non-U.S. citizens' encounter photos are held in the Traveler Verification Service (TVS) for up to 14 days and related immigration records may be retained for up to 75 years.

Q: What measures are in place to ensure the security of biometric data?

A: CBP has implemented various security measures, including using encrypted devices and secure data transmission methods. However, the agency has faced criticism for basic security failures in its mobile devices, as highlighted by the DHS Inspector General. 

More Related Topics :