Last week, the U.S. House Homeland Security Committee (the “Committee”) held a hearing on “Examining Physical Security and Cybersecurity at Our Nation’s Ports” that sought to identify and understand cyber threats posed by vulnerabilities at seaports, and explore potential mitigation strategies to protect industries and individuals at the nation’s borders. The hearing came on the heels of a new bill proposed by the House of Representatives and passed by the Committee on October 4, entitled the Border Security for America Act (the “Act”), that could implicate privacy concerns and data-sharing obligations of these same individuals and businesses. Among other heightened data collection efforts, the Act seeks to establish a biometric exit data system to collect and verify information on the movement of persons (e.g., passengers, longshoremen, crew members, and others) entering U.S. ports while having ”the least possible disruption” on the movement of cargo.
In advance of the cybersecurity hearing last week, the Electronic Privacy Information Center (“EPIC”), a leading public interest research center in the field, submitted a statement for the record to the Committee raising concerns about the Act. EPIC noted that “there are a lack of well-defined federal regulations controlling the collection, use, dissemination, and retention of biometric identifiers,” and highlighted the potential risks of combining biometric data with other Federal databases, which the Department of Homeland Security would be able to do under the Act’s exemption from existing government restrictions on personal data collection.