PRIA Logo
Take the PRIA Score
Title 6Domestic SecurityRelease 119-73

§1118 Biometrics expansion

Title 6 › Chapter CHAPTER 4— - TRANSPORTATION SECURITY › Subchapter SUBCHAPTER II— - TRANSPORTATION SECURITY ENHANCEMENTS › § 1118

Last updated Apr 6, 2026|Official source

Summary

The TSA Administrator and the U.S. Customs and Border Protection Commissioner must work together on how biometric technology is rolled out. CBP may not expand, collect, use, or keep biometric data beyond what the Intelligence Reform and Terrorism Prevention Act of 2004 and the 9/11 Commission Act of 2007 already allow. Within 270 days after October 5, 2018, the Secretary must send a report to the proper Congressional committees—and to any Member of Congress who asks—that includes detailed assessments from the TSA Administrator and the CBP Commissioner about using biometrics to ID travelers. The report must cover operational and security effects, privacy risks and how to reduce them for active and passive collection, ways to find and fix matching errors tied to race, gender, or age (including facial recognition), and a focused review of the biometric entry-exit program. That entry-exit review must include error rates (false positives and negatives), whether certain traveler groups are unfairly burdened, how biometrics could help find visa overstays (including estimates of how often matches are already in databases, how often fake IDs are rejected, and what share could be caught by older methods), the number of visa overstays each year, any audits done on error rates or unequal impacts and their results, how domestic travelers can opt out of biometric scans, what traveler data is collected, who can access it and how long it is kept, what steps protect the data, and a short-term goal to promptly delete U.S. citizens’ data after identity checks. If possible, the Secretary, the TSA Administrator, and the CBP Commissioner must put a public version of the privacy assessment online at the TSA and CBP websites.

Full Legal Text

Title 6, §1118

Domestic Security — Source: USLM XML via OLRC

(a)The Administrator and the Commissioner of U.S. Customs and Border Protection shall consult with each other on the deployment of biometric technologies.
(b)Nothing in this section shall be construed to permit the Commissioner of U.S. Customs and Border Protection to facilitate or expand the deployment of biometric technologies, or otherwise collect, use, or retain biometrics, not authorized by any provision of or amendment made by the Intelligence Reform and Terrorism Prevention Act of 2004 (Public Law 108–458; 118 Stat. 3638) or the Implementing Recommendations of the 9/11 Commission Act of 2007 (Public Law 110–53; 121 Stat. 266).
(c)Not later than 270 days after October 5, 2018, the Secretary shall submit to the appropriate committees of Congress, and to any Member of Congress upon the request of that Member, a report that includes specific assessments from the Administrator and the Commissioner of U.S. Customs and Border Protection with respect to the following:
(1)The operational and security impact of using biometric technology to identify travelers.
(2)The potential effects on privacy of the expansion of the use of biometric technology under paragraph (1), including methods proposed or implemented to mitigate any risks to privacy identified by the Administrator or the Commissioner related to the active or passive collection of biometric data.
(3)Methods to analyze and address any matching performance errors related to race, gender, or age identified by the Administrator with respect to the use of biometric technology, including the deployment of facial recognition technology; 11 So in original. The semicolon probably should be a period.
(4)With respect to the biometric entry-exit program, the following:
(A)Assessments of—
(i)the error rates, including the rates of false positives and false negatives, and accuracy of biometric technologies;
(ii)the effects of biometric technologies, to ensure that such technologies do not unduly burden categories of travelers, such as a certain race, gender, or nationality;
(iii)the extent to which and how biometric technologies could address instances of travelers to the United States overstaying their visas, including—
(I)an estimate of how often biometric matches are contained in an existing database;
(II)an estimate of the rate at which travelers using fraudulent credentials identifications are accurately rejected; and
(III)an assessment of what percentage of the detection of fraudulent identifications could have been accomplished using conventional methods;
(iv)the effects on privacy of the use of biometric technologies, including methods to mitigate any risks to privacy identified by the Administrator or the Commissioner of U.S. Customs and Border Protection related to the active or passive collection of biometric data; and
(v)the number of individuals who stay in the United States after the expiration of their visas each year.
(B)A description of—
(i)all audits performed to assess—
(I)error rates in the use of biometric technologies; or
(II)whether the use of biometric technologies and error rates in the use of such technologies disproportionately affect a certain race, gender, or nationality; and
(ii)the results of the audits described in clause (i).
(C)A description of the process by which domestic travelers are able to opt-out of scanning using biometric technologies.
(D)A description of—
(i)what traveler data is collected through scanning using biometric technologies, what agencies have access to such data, and how long the agencies possess such data;
(ii)specific actions that the Department and other relevant Federal departments and agencies take to safeguard such data; and
(iii)a short-term goal for the prompt deletion of the data of individual United States citizens after such data is used to verify traveler identities.
(d)The Secretary, the Administrator, and the Commissioner shall, if practicable, publish a public version of the assessment required by subsection (c)(2) on the Internet website of the TSA and of the U.S. Customs and Border Protection.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

References in Text

The Intelligence Reform and Terrorism Prevention Act of 2004, referred to in subsec. (b), is Pub. L. 108–458, Dec. 17, 2004, 118 Stat. 3638. For complete classification of this Act to the Code, see Tables. The Implementing Recommendations of the 9/11 Commission Act of 2007, referred to in subsec. (b), is Pub. L. 110–53, Aug. 3, 2007, 121 Stat. 266. For complete classification of this Act to the Code, see Tables. Codification Section was enacted as part of the TSA Modernization Act and also as part of the FAA Reauthorization Act of 2018, and not as part of the Implementing Recommendations of the 9/11 Commission Act of 2007 which comprises this chapter.

Statutory Notes and Related Subsidiaries

Definitions For definitions of “Administrator”, “appropriate committees of Congress”, “Department”, “Secretary”, and “TSA” as used in this section, see section 1902 of Pub. L. 115–254, set out as a note under section 101 of Title 49, Transportation.

Reference

Citations & Metadata

Citation

6 U.S.C. § 1118

Title 6Domestic Security

Last Updated

Apr 6, 2026

Release point: 119-73