Download: docx | pdf

Privacy Impact Assessment Update
for the

Electronic System for Travel Authorization (ESTA)

DHS/CBP/PIA – 007(d)

September 11, 2014

Contact Point
Suzanne Shepherd
Director -ESTA
U.S. Customs and Border Protection
(202) 344-3710

Reviewing Official
Karen L. Neuman
Chief Privacy Officer
Department of Homeland Security
(202) 343-1717

Abstract

The Electronic System for Travel Authorization (ESTA) is a web-based application and screening system used to determine whether certain foreign nationals are eligible to travel to the United States under the Visa Waiver Program. The U.S. Department of Homeland Security, U.S. Customs and Border Protection is publishing this update to the Privacy Impact Assessment for ESTA, last updated on June 5, 2013, to provide notice of language changes and new data collections associated with the ESTA application.

Overview

The Electronic System for Travel Authorization (ESTA) is a web-based system that the Department of Homeland Security (DHS)/U.S. Customs and Border Protection (CBP) developed in 2008 to determine the eligibility of foreign nationals to travel by air or sea to the United States under the Visa Waiver Program (VWP) pursuant to Section 711 of the Implementing Recommendations of the 9/11 Commission Act of 2007, Pub. L. 110-53, codified at 8 U.S.C. § 1187(a)(11), (h)(3). This eligibility determination was is made prior to a foreign traveler boarding a carrier en route to the United States, and includesd making a determination as to whether the foreign national’s travel posesd a law enforcement or security risk. Applicants submit their biographical information and answer eligibility questions using the ESTA website. This allowsed CBP to make a determination about the applicant’s eligibility to travel to the United States under the VWP after vetting the information against selected security and law enforcement databases, using TECS (not an acronym)¹ and the Automated Targeting System (ATS)². ATS also retains a copy of ESTA application data to identify potential high-risk ESTA applicants.

DHS/CBP is now amending the ESTA application to include additional data fields for any new applicant who seeks a valid ESTA. This expanded data collection aligns with CBP’s missions to promote border security and legitimate travel to the United States. DHS/CBP is also revising the eligibility questions on the ESTA application to simplify and clarify the questions and to remove the technical terms that are not easily understood by foreign nationals.

Reason for the PIA Update

DHS/CBP is updating the existing DHS/CBP/PIA – 007 ESTA, first published on June 2, 2008 and updated subsequently on July 18, 2011, July 18, 2012, and June 5, 2103, to provide notice of additional Personally Identifiable Information (PII) collected from the public and new categories of individuals affected by new data elements added to the ESTA application.

Additional Data Elements on the ESTA Application and I-94W

The ESTA application is being amended to include additional data elements that improve DHS/CBP’s ability to identify intending travelers who may pose a risk to U.S. security. The revised ESTA application now requires all applicants to complete data fields for other names or aliases if applicable, other countries of citizenship including any corresponding passport numbers, a national identification number if applicable, city of birth, home address, telephone number, contact information in the event of an emergency, U.S. point of contact information, father and mother’s name, and current job title. ESTA applicants will also be prompted for current or previous employer information including name, address, and telephone number, however providing this information is optional. at the discretion of the applicant.

The addition of this information on the ESTA application will enhance DHS/CBP’s ability to identify the applicant create a more robust targeting environment while simultaneously decreasing the number of inconclusive matches to derogatory records, providing benefits to both the Department DHS/CBP and the traveler. Enhanced vetting capability allows the DepartmentDHS/CBP to mitigate existing security gaps that may arise due to the omission of these data elements from the current ESTA application process. The expansion of collected information on the ESTA application to support enhanced vetting efforts aligns with the original intent of ESTA, to mitigate the risk of individuals using the VWP to circumvent the visa security process. As a result, this PIA is being updated to provide notice to the public of a new information collection on the ESTA application.

Revised Eligibility Questions on the ESTA Application and I-94W

This PIA is also being updated to reflect the revised eligibility questions that new applicants must complete on the ESTA application. While the substance of the revised eligibility questions remain similar to the previous questions, a number of the questions have been reworded with “plain English” vernacular to make the questions easier to understand by the general public. For example, previous questions asking whether an applicant has been arrested or convicted of a moral turpitude crime or has been involved in Nazi activity have been reworded to more general questions regarding criminal or terrorist history. CBP has removed confusing and archaic language to promote readability and make the ESTA application online more user-friendly.

Systems of Record Notice Update

The System of Records Notice (SORN) for ESTA, last published on July 30, 2012, is being updated to reflect the changes to the ESTA program discussed in this PIA. Introducing additional data fields on the ESTA application requires a new collection of PII from the public, thus the ESTA SORN is being amended to include the revised eligibility questions and additional data elements on the ESTA application. Additionally, the ESTA SORN’s categories of individuals is being amended to provide notice that PII from U.S. citizens and lawful permanent residents may be collected as a result of the new ESTA application data fields requiring U.S. point of contact information.

Privacy Impact Analysis

Authorities and Other Requirements

The authority to collect information required in an ESTA application may be found in Title IV of the Homeland Security Act of 2002, 6 U.S.C. § 201, et seq.; the Immigration and Nationality Act (INA), as amended, including 8 U.S.C. § 1187 (h)(3), which authorizes the Secretary of Homeland Security, in consultation with the Secretary of State, to “develop and implement a fully automated electronic travel authorization system to collect such biographical and other information as the Secretary of Homeland Security determines necessary to determine, in advance of travel, the eligibility of, and whether there exists a law enforcement or security risk in permitting, the alien to travel to the United States.” Implementing regulations for ESTA are contained in Part 217, title 8, Code of Federal Regulations. CBP collects a fee per travel authorization pursuant to section 217 (h)(3)(B) of the INA (U.S.C. 8 § 1187 (h)(3)(B)) and provides part of the fee to the Corporation for Travel Promotion pursuant to the Travel Promotion Act of 2009, Pub. L. 111-145, 22 U.S.C. § 2131(d).

Characterization of the Information

Pursuant to regulation, the information collected by ESTA is necessary to issue a travel authorization, as reflected on the Form I-94W.³ Currently in the air and sea environments, a VWP nonimmigrant traveler arriving at a U.S. air or sea port of entry must obtain an approved travel authorization via the ESTA website prior to boarding a carrier bound for the United States. The development of the ESTA program has allowed the Department to eliminate the requirement that VWP travelers complete a Form I-94W prior to being admitted to the United States at an air or sea port of entry because the ESTA application electronically captures duplicate biographical and travel data elements collected on the paper Form I-94W. With the publication of this PIA, DHS/CBP is alerting the public of thirteen new data elements added to the ESTA application and to the Form I-94W.

CBP will continue to use the information included in the traveler’s ESTA application to determine the eligibility of the foreign national to travel to the United States and whether the visitor poses a law enforcement or security risk.⁴ Once the application is submitted, CBP vets the information provided by the traveler against all appropriate databases. The mandatory data elements that an applicant must complete are indicated by a red asterisk on the ESTA website and includeincluding:

• Family name;

• First (given) name;

• Other names or aliases;

• Birth date (day, month, and year);

• Country of birth;

• City of birth;

• Other citizenship (country, passport number);

• National identification number

• Telephone number (home, mobile, work, or other);

• Sex (male or female);

• Country where you live;

• Passport number;

• Passport issuing country;

• Passport issuance date (day, month, and year);

• Passport expiration date (day, month, and year);

• Emergency point of contact information (name, phone number, email address);

• U.S. point of contact information (name, address, phone number); and

• Father and mother’s name.

This PIA is also being updated to provide notice of revised and additional eligibility questions that ESTA applicants must now complete via the ESTA website. CBP has simplified and reformatted the eligibility questions to promote readability and understanding by the public. While some of the language has changed, the scope and substance of the eligibility questions remain the same. CBP has eliminated ambiguous legal and medical terms of art and other confusing language that may not be easily understood by foreign nationals. Furthermore, CBP has removed a question entirely concerning withholding custody of a child from a U.S. citizen because the question affected a miniscule percentage of ESTA applicants and thus represented an overreaching data collection. The only substantive addition to the eligibility questions is whether an applicant has overstayed their admission period in the United States? This question assists identifying foreign nationals who have unlawfully overstayedted their previous period of admission.

CBP continues to use the questions to determine whether a VWP traveler is eligible to travel to the United States. The eight eligibility questions ESTA applicants must now answer to complete their application includes:

• Do you currently have any of the following diseases (communicable diseases are specified pursuant to section 361(b) of the Public Health Service Act):

  • Cholera

  • Diptheria

  • Tuberculosis, infectious

  • Plague

  • Smallpox

  • Yellow Fever

  • Viral Hemorrhagic Fevers, including Ebola, Lassa, Marburg, Crimean-Congo

  • Severe acute respiratory illnesses capable of transmission to other persons and likely to cause mortality.

• Have you ever been arrested or convicted for a crime that resulted in serious damage to property, or serious harm to another person or government authority;

• Have you ever violated any law related to possessing, using, or distributing illegal drugs;

• Do you seek to engage in or have you ever engaged in terrorist activities;

• Have you ever committed fraud or misrepresented yourself or others to obtain, or assist others to obtain, a visa or entry into the United States;

• Are you currently seeking employment in the United States or you were you previously employed in the United States without prior permission from the U.S. government;

• Have you ever been denied a U.S. visa you applied for with your current or previous passport, or have you ever been refused admission to the United States or withdrawn your application for admission at a U.S. port of entry (If yes, when and where); and

• Have you ever stayed in the United States longer than the admission period granted to you by the U.S. government?

In addition to the mandatory information and eligibility questions listed above, applicants have the option of providing additional data elements to complete their application. These additional data elements include:

• Email address;

• City where you are boarding;

• Carrier information (carrier name and flight or vessel number);

• Address while in the United States (address line 1 and 2, city, and state);

• Current job title;

• Current or previous employer name;

• Current or previous employer street address;

• Current or previous employer telephone number.

Uses of the System and the Information

In the wake of the tragedy of September 11, 2001, Congress enacted the implementing Recommendations of the 9/11 Commission Act of 2007, Pub. L. No. 110-53 to address the security vulnerabilities associated with VWP travelers not being subject to the same degree of screening as other international visitors. As a result, section 711 of the Implementing Recommendations of the 9/11 Commission Act of 2007, was enacted requiring DHS to develop and implement a fully automated electronic travel authorization system to collect biographical and other information necessary to evaluate the security risks and eligibility of an applicant to travel to the United States under the VWP⁵. Aligning with the 9/11 Commission’s recommendation to address the vulnerabilities associated with less stringent screening of VWP travelers, CBP has added the following data elements to the ESTA application to make the screening of VWP travelers more robust:

• Other names or aliases – applicants must now document other names or aliases. Previously only an applicant’s family and first name were required;

• Other citizenship– applicants are now required to provide whether they have dual citizenship and will record all additional countries of citizenship including any additional passports and passport numbers that may apply. Previously, only one country of citizenship was required;

• National identification number – applicants are required to provide their national identification number if their country of citizenship confers a national identification number to its citizens;

• Home address – applicants must now provide home address information including street address, city, and state or region;

• Telephone number – applicants are now required to provide at least one telephone number (home, mobile, work, other). Previously, the telephone number data field was discretionary;

• Emergency point of contact information – applicants must now provide a name, phone number, and email address for a point of contact in the event of an emergency;

• U.S. point of contact information – applicants are required to provide a name, address, and phone number for a U.S. point of contact;

• Fathers and mother’s name – applicants are required to include their father and mother’s complete name;

• City of birth data field – applicants must now enter their city of birth. Previously, only the country of birth was required on the ESTA application.

• Current job title – applicants have the option of including their current job title;

• Current or previous employer name – applicants have the option of providing their employer’s name;

• Current or previous employer street address – applicants have the option of providing their employer’s street address; and

• Current of previous employer telephone number – applicants have the option of providing their employer’s telephone number.

The addition of these new data elements provides additional security in the ESTA application process by providing more information about ESTA applicants. With this information, the Department is better equipped to identify travelers of interest and distinguish them from legitimate travelers, facilitating the entry of lawful visitors. The collection of additional name, dual citizenship, city of birth, home address, telephone number, father and mother names, and national identification number data enhances ESTA vetting capability and reduces the likelihood that an applicant with derogatory holdings will be automatically approved for a travel authorization. The inclusion of these data elements on the ESTA application allows DHS/CBP to more readily verify travelers’ identities to distinguish between persons of interest in various targeting and law enforcement databases. Moreover, all of the requested employer data is used to identify ESTA applicants who associate with persons of interest to law enforcement.

The new data elements also provide benefits in reducing the number of inconclusive matches to derogatory records during the vetting process. When an ESTA application is submitted, CBP examines the application by screening the applicant’s data through ATS (to screen for terrorists or threats to aviation and border security) and TECS (for matches to persons identified to be of law enforcement interest). Inconclusive matches ultimately result in a denial of the ESTA application and the applicant is directed to a U.S. embassy or consulate to apply for a visa. Therefore, by requiring additional information from ESTA applicants and thereby reducing the number of inconclusive matches to derogatory records, CBP has alleviated the time and monetary burdens to the traveler who would otherwise have to apply for a visa in person at a U.S. embassy or consulate.

In addition to improved vetting capability, some of the new data elements added to the ESTA application will be used as point of contact information. Home address and emergency point of contact information may be used to notify designated individuals in the event of a catastrophic event such as the destruction or loss of an aircraft. Similarly, U.S. point of contact information is used to notify a visitor of an event that may interfere with safe travel while in the United States. The Department recognizes that VWP travelers may not have close U.S. ties or may be staying in multiple hotels while visiting the United States. As such, an ESTA applicant may provide the name of a first night hotel, friend, family member, or colleague in the United States to satisfy the U.S. point of contact requirement.

CBP continues to collect the remaining mandatory information and eligibility questions included on the ESTA application to determine eligibility to travel to the United States under the VWP and whether the visitor poses a law enforcement or security risk. The ESTA application vetting process remains the same for all VWP travelers despite the additional data collections and is addressed in greater detail in previous PIAs.⁶

Privacy Impact Analysis: Related to Uses of the System and the Information

Privacy Risk: Additional information collected on the ESTA application increases the likelihood that the information may be misused.

Mitigation: With any collection of PII, there is a degree of risk that the information may be misused. To mitigate this risk, access to data in ESTA is controlled through passwords and restrictive access controls. Internal users are limited to the roles that define authorized use of the system. In order to become an authorized internal user, personnel must successfully complete privacy training and hold a favorably adjudicated background investigation. An internal user must also have a “need-to-know” specific information. Lastly, users receive general training and are aware of the CBP Code of Conduct and the possibility of discipline for misuse or abuse of system access. The CBP Table of Offenses outlines consequences ranging from verbal reprimands to dismissal from the federal service for determinations of violations.

Because ESTA will use some aspects of the Advanced Passenger Information System (APIS), which resides on the TECS IT platform, all internal users of the ESTA system are required to complete and pass an the annual TECS Privacy Act Awareness Course (TPAAC) to maintain their access to the system. The TPAAC presents Privacy Act responsibilities and agency policy with regard to the security, sharing, use, and safeguarding of both official information and PII. The course also provides a number of sharing, use, and access scenarios to test the internal user’s understanding of appropriate controls put in place to protect privacy as they are presented. An internal user must pass the test scenarios to retain access to TECS and more specifically, ESTA. This training is regularly updated.

Retention

The DHS retention period for ESTA has not changed. CBP retains ESTA application data for no more than three years in an active database (one year beyond the ESTA authorization expiration date) and twelve years in archive status.

Internal Sharing and Disclosure

No changes have been made to internal sharing and disclosure.

External Sharing and Disclosure

No changes have been made to external sharing.

Notice

The ESTA SORN was last published in the Federal Register on July 30, 2012, 77 FR 44642. CBP is publishing a newly updated SORN in the Federal Register to provide notice of revised categories of records and categories of individuals covered by the ESTA system to account for the revised eligibility questions and additional data elements collected on the ESTA application.

Privacy Impact Analysis: Related to Notice

Privacy Risk: Individuals may not be aware that their information may be recorded in ESTA.

Mitigation: Whenever a PII collection is expanded, there is a risk that affected individuals may not know that additional PII will be collected and used in the manner described in this PIA.

As such, CBP has published an updated ESTA SORN and this updated ESTA PIA to increase transparency of its operations.

Individual Access, Redress, and Correction

No changes have been made to access, redress, and correction of PII in ESTA. However, CBP is updating the address to which individuals should submit their requests for access, redress, and correction.

Under the Privacy Act and Freedom of Information Act (FOIA) individuals may request access to the information they provide which is maintained in the applicable CBP system of record. Proper written requests under the Privacy Act and FOIA should be addressed to:

CBP FOIA Headquarters Office

U.S. Customs and Border Protection

FOIA Division

90 K Street NE, 9th Floor

Washington, DC 20002

Requests for access should conform to the requirements of 6 CFR Part 5, which provides the rules for requesting access to Privacy Act records maintained by DHS. The envelope and letter should be clearly marked “Privacy Act Access Request.” The request should include a general description of the records sought and must include the requester’s full name, current address, and date and place of birth. The request must be signed and either notarized or submitted under penalty of perjury.

Applicants denied a travel authorization to the United States via ESTA may apply for a visa from the U.S. Department of State. General complaints about treatment or requests for redress can be made to the DHS Traveler Redress Inquiry Program (TRIP), 601 South 12th Street, TSA- 901, Arlington, VA 22202-4220 or online at www.dhs.gov/trip. Generally, if a traveler believes that CBP actions are the result of incorrect or inaccurate information, then inquiries should be directed to:

CBP INFO Center

OPA - CSC - Rosslyn

U.S. Customs and Border Protection

1300 Pennsylvania Ave, NW

Washington, DC 20229

Technical Access and Security

No changes have been made to technical access or security.

Technology

No changes have been made to the existing technology.

Responsible Officials

Suzanne Shepard, Director ESTA

U.S. Customs and Border Protection

Department of Homeland Security

John Connoers, CBP Privacy Oofficer

U.S. Customs and Border Protection

Department of Homeland Security

Approval Signature

________________________________

Karen L. Neuman

Chief Privacy Officer
Department of Homeland Security

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Title	Department of Homeland Security Privacy Impact Assessement Update
Subject	Department of Homeland Security Privacy Impact Assessement Update
Author	Authorized User
File Modified	0000-00-00
File Created	2021-01-26