Sec. 403. Biometric enterprise management
832 words·~4 min read·
/bill/116/hr/8791/ih/section-403A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than one year after the date of the enactment of this Act, the Under Secretary for Strategy, Policy, and Plans shall, in coordination with the Privacy Officer and Civil Rights and Civil Liberties Officer, and consultation with appropriate heads of components or offices within the Department, develop and coordinate a biometrics and identity management enterprise strategy for the Department that includes guidance and requirements regarding the front-end collection, use, retention, sharing, and disposal of biometric information by and within the Department and requires the establishment of robust privacy protections for individuals that, with respect to the United States VISIT program and any other such passenger facilitation program, prioritizes securing voluntary consent for the capture of biometrics from individuals through an opt-in approach rather than an opt-out approach.
Upon the issuance of the strategy, no component head shall be authorized to initiate or expand a pilot or program that includes biometrics or identity management without the Secretary determining that the program is consistent with this strategy or successor strategy. The Under Secretary for Management shall— not later than 180 days after the issuance of the biometrics and identity management enterprise strategy required under subsection
(a)of this section, issue determinations regarding compliance with the strategy for each pilot or program of the Department that uses biometric technologies or information and, where necessary, a corresponding corrective action plan for the pilot or program to come into compliance with the strategy within a year; upon issuance of determinations pursuant to paragraph (1), submit determinations together with any corresponding corrective action plans to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate; and two years after enactment of this Act, submit certifications for each pilot or program that the Secretary determines to be in compliance the strategy to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate and notification of the suspension or cancellation of any pilots or programs that are not in compliance with the strategy. Within 180 days of enactment of this Act, the Under Secretary for Management, in coordination with the Under Secretary for Science and Technology, shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate an inventory of all pilots and programs of the Department that use biometric technologies or information. The inventory shall include, at a minimum, the following information for each pilot and program— the components or Department offices involved, including their roles and responsibilities; the purpose of the pilot or program, including reason for the use of biometric technologies or information in the pilot or program; a description of functionality, including an overview of any technologies or systems used to capture, share, or match biometric information; the timeframes and locations of key events, including the actual or planned initiation and completion dates for test activities and technology deployments; estimated total cost and funding sources; any contracts or agreements entered into with other Federal departments and agencies, private or third-party entities, and educational institutions; status of implementation, including any transition plans for pilots; and status of plans for developing and issuing any related rulemakings or privacy impact assessments. Within one year of submitting the inventory required under subsection (a), the Under Secretary for Science and Technology shall conduct and submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate an assessment of all pilots or programs of the Department that use biometric technologies or information that involves facial recognition or iris scanning. The assessment shall, at a minimum, review— the impact of device specifications and installation factors, such as camera quality, lighting, and internet connectivity, of biometric collection technologies on the Department’s ability to capture accurate data across all demographic groups, including across age, sex, skin tone, and disability status, alone and in combination with each other, to inform minimum biometric capture device standards; proposed or implemented biometric collection methods to capture accurate data across all demographic groups; information security of biometric technology or systems, including lessons learned to improve resiliency against tampering or cyber threats; and independent testing results of biometric matching algorithms to verify accuracy across all demographic groups. The Under Secretary for Management shall prohibit U.S. Customs and Border Protection from expanding biometric air exit capabilities to additional airports, air terminals, or airlines, until it has demonstrated for at least three consecutive months that the program meets its validated user requirement for capturing live biometric images of in-scope travelers on participating flights for capabilities already deployed as of the date of the enactment of this Act. In this section, the term in-scope traveler means any person who is required to provide biometrics upon exit from the United States pursuant to section 215.8(a)(1) of title 8, Code of Federal Regulations.