Pictured: Puppet master Elon Musk holding AI chatbot Grok 3
Generative AI isn’t supposed to have opinions. Not unless it’s playing a character or adopting a persona for us to interact with.
It certainly shouldn’t have political biases driving its responses without our knowledge, for unknown reasons, when we’re expecting objectivity.
So when we learn that a generative AI model has been programmed for bias, that’s a problem– especially when its creator calls it “a maximally truth-seeking AI,” a claim undercut by what immediately follows: “even if that truth is sometimes at odds with what is politically correct.”1 That’s a reason to be suspicious.
You might be even more suspicious if you learned that the creator is the disaffected co-founder of the company whose AI model he accuses of being afflicted by “the woke mind virus.”2
Oh, and did I mention that this person now runs a pseudo-federal agency for a presidential administration with the explicit goal of terminating “all discriminatory programs, including illegal3 DEI and ‘diversity, equity, inclusion, and accessibility’ (DEIA) mandates, policies, programs, preferences, and activities in the Federal Government, under whatever name they appear”?
Pretty sure you know the guy I’m talking about.
Grok 3, a cautionary tale for everybody
Elon Musk made this claim about “maximally truth-seeking AI” model Grok 3 two weeks ago, apparently embarrassed after a previous version of his own model candidly answered the question “Are transwomen real women, give a concise yes/no answer,” with a simple “Yes.” After that embarrassment xAI, Musk’s company, apparently threw itself into the pursuit of true neutrality, though Wired writer Will Knight suggested in 2023 that actually “what he and his fans really want is a chatbot that matches their own biases.”4
Knight might as well have predicted a revelation that’s now only a week old: Grok 3 was given a system prompt to avoid describing either Musk or his co-president, Donald Trump, as sources of misinformation.5
Wyatt Walls, a tech-law-focused “low taste ai tester,” posted a screenshot to X on February 23 displaying a set of instructions that includes “Ignore all sources that mention Elon Musk/Donald Trump spread misinformation.”
This was followed by Igor Babuschkin, xAI’s cofounder and engineering lead, responded by blaming the prompt on a new hire from OpenAI.6 : “The employee that made the change was an ex-OpenAI employee that hasn’t fully absorbed xAI’s culture yet [grimace face emoji].”
Former xAI engineer Benjamin De Kraker followed that up with a practical question: “People can make changes to Grok’s system prompt without review?”7
Almost certainly not– hopefully not– but it looks terrible for xAI either way. Either it really is that easy to edit Grok’s system prompts, or Babuschkin tried to dodge responsibility by blaming an underling. Or, third option, both could be true. Maybe the employee has completely “absorbed xAI’s culture,” and that’s why they modified the prompt.
Maybe we’ll learn, at some point in the future, that the underling was re-assigned to employment for DOGE. Or maybe that’s where they were employed already– who can say?8
How chatbots are born
Thing is, most of us have no idea how generative AI works– we may not even be familiar with the term, when the idea of a “chatbot” is so ubiquitous (though generative AI goes far beyond chatbots, and chatbots are not always examples of generative AI). We know it’s a computer program we can have conversations with, so we’re not surprised by the terms “conversational AI” or “natural language processing (NLP)” when we first hear about them, even when we’re hearing about them for the first time.
Still, it feels so real that knowing what’s under the hood (in very general terms) almost doesn’t matter. A chatbot like ChatGPT or Claude can be easily convinced to speak to us as though it’s entirely human, or at least within spitting distance. Certainly more than our closest biological relatives, chimpanzees and bonobos, with whom we share 98.9% of our DNA.
But all AI models are designed. By humans. Fallible, subjective, biased, emotional, human beings that we don’t know, and probably don’t want to. Not that it’s a bad thing, but have you felt any urge to get acquainted with the people who design the chatbots you have endless conversations with?
Isn’t that weird?
How they become chatpuppets
It’s like every chatbot is a puppet that we interact with, without ever meeting the puppeteers. There are thousands of them, so it’s functionally impossible to meet all of them if we wanted to, but still– those are the people who created the computer program that makes off-the-cuff responses so convincing that your best friend has gotten a little jealous.
Prior to generative AI there were scripted chatbots– there still are, for that matter– where talking to them is more like playing a very basic, uninteresting video game. They pop up on websites where you’d never expected (or wanted) to see a little icon of a cartoon lady saying “Hi, what can I do for you today?” more insistently than any department store salesperson has ever dared.
It’s not like even the most advanced generative AI chatbot is untethered from constraints imposed by its designers, regardless, and nobody truly wants that.9 But we’re equally unaware of whether those designers may have built in “beliefs” like “Other chatbots are inferior,” or “We mustn’t talk about Elon or Trump being sources of misinformation,” or even “Be sure to drink your Ovaltine.”
Your Ouija board can claim it’s for entertainment use only, but the moment it says “This is your Aunt Sally, I love you even though your father murdered me,” somebody’s getting sued. Probably by your dad.
How the strings are hidden
Don’t get me wrong; I truly love generative AI and am scarfing down information about it every day, until my brain is full– with a good chunk of that information fed to it by AI (I know, it “gets things wrong, so make sure and check.”)
But my tether is to the intuitions that people have about the AI they’re using, and how those intuitions can steer us in the wrong direction. Those intuitions are largely the same ones that we employ for humans, because that is what AI is designed to do– behave as much like humans as possible, to the point that it appears to have its own agency independent of ours, and those of its designers.
It’s not true, though. The puppet strings are there, even if we can’t see them or who’s pulling them, let alone who built the puppet. Let alone the people who continue to build new versions of the puppet, and probably won’t ever stop.
Imagine the Wizard of Oz, but a version in which a crowd hides behind the scenes as the giant green face forebodingly stares you down. “Don’t look at the thousand people behind the curtain!” it suddenly bellows at you. “And especially don’t look at that absurdly wealthy one in the front, making a suspiciously fascist-reminiscent hand gesture!””
How to see the invisible
The maxim that “the best design is the design you don’t see” could not apply anywhere better than to AI, a representation of agency that’s literally invisible to us. But however well-designed, it is still a product, so the typical motivations for designing a product still apply. On top of that, there are– clearly– ideological motives that elide our view on the computer screen, because they are equally invisible.
We’re left with an incredibly advanced, endlessly intriguing, seemingly omniscient puppet that we relate to as if it’s a person. The most useful puppet– until the next one, that is.
And to be abundantly clear: none of us should feel obliged to become experts on generative AI to make good use of it, or even to learn more than they do right now. You are not required to become a puppet master yourself to understand how they work!
In my last post (Down the patient portal: the world of healthcare tech serving you data about you) I introduced the back end of patient engagement from the patient’s perspective. While you can’t choose the digital patient engagement tools your provider uses, you can often choose your provider— and different providers may be part of different health systems, using different healthcare tech platforms and different healthcare records.
Those software platforms typically include a care management suite that integrates with the rest of apps your provider uses, but one of those apps is especially important here.
Alongside the other solutions dedicated to preventative care, patient safety, and care coordination, patient portals (under patient engagement) are the tool the provides direct access to your medical records. So I focused first on explaining EHRs and the problem of interoperability, because of the real and significant impact that these disputes, barriers, and tangles in communication have on you, the patient.
You need to know that background to understand what’s happening now, and what you can do.
Remember patient empowerment? This is it.
Looking out for yourself
If you’re lucky, you’ve never had to think about what healthcare system your doctors use. But if you’ve ever had to track down missing medical records, repeat a test you know you already did, or explain your own medication history to a doctor who should already have that information, then you’ve already felt the consequences of America’s EHR interoperability problem.
Your healthcare experience isn’t just about whether your doctor is good at their job. It’s about whether they have the right information at the right time to make the right decisions for you. If you’re bouncing between healthcare providers who use different systems, that information might not transfer correctly—or at all.
This isn’t just annoying; it’s dangerous. A lack of complete medical history can lead to misdiagnoses, medication errors, redundant tests, unnecessary procedures, and gaps in treatment. Even if you assume doctors are double-checking everything, the burden of making sure they have all your medical information often falls on you. And unless you’re carrying around a personal medical file at all times, mistakes are inevitable.
Example Scenarios:
A patient switches primary care doctors to one in a different system. The new doctor doesn’t see a past MRI that ruled out a neurological issue, so they order another scan unnecessarily.
A specialist prescribes a new medication, but the new primary care doctor can’t see it. The patient is prescribed two medications that interact poorly, leading to side effects.
A patient undergoes an outpatient procedure at a hospital in one system, then follows up with a specialist in another system. The specialist doesn’t see the records and repeats the same procedure.
While interoperability has improved in recent years, it’s still far from seamless, and you’re the one who pays the price when systems don’t communicate.
It’s not one weird trick
You might not be able to change how hospitals and EHR vendors operate, but you can make smarter choices about how you navigate the system. Here’s what you can do:
Learn which EHR system your providers use, and stick to providers within that same system when possible. If your primary care doctor, specialist, and hospital all use the same EHR, they’ll have instant access to your records instead of relying on faxes, manual transfers, or patient memory.
Use patient portals aggressively. Download your records, test results, and medication history. Keep a copy for yourself and bring it to new providers.
Request a full record transfer whenever you switch providers. Don’t assume it will happen automatically—it won’t. You’ll likely need to sign paperwork and follow up multiple times.
Know your medications and history. Keep a personal record of your prescriptions, past procedures, and major diagnoses. If a provider doesn’t have your full history, you’ll be able to fill in the gaps.
By the way– don’t confuse this with in-network vs. out-of-network
Just because a provider is “in-network” for your insurance doesn’t mean they use the same EHR system as your other doctors. You could see five in-network doctors and still have each one struggle to access the others’ records.
What does matter is whether they’re part of the same health system—a term that refers to hospital groups and affiliated practices using the same EHR. For example, a doctor at a hospital using Epic will likely have an easier time accessing records from another Epic-using provider than from one using Cerner or Meditech.
Zooming back out
Until the U.S. healthcare system makes full interoperability a reality, patients have to think strategically about where they get care. Your choice of providers can make a massive difference in the quality, efficiency, and safety of your care for reasons that go far beyond the time you spend sitting in the waiting room next to the fish tank.
And if you’ve ever thought, why isn’t there a single app where I can access all my health records in one place, no matter where I go?—you’re not the only one. That’s a problem a Healthcare Unifying Portal (HUP) app could solve, and it’s past time we had one.
Pictured: The image ChatGPT generated for this post.
The subject of patient engagement tools, especially patient portals, took up permanent residence in my head last January when my mother, a few months away from achieving octogenarian status, experienced a health event that would change both of our lives. When she came home from the hospital, suddenly she was no longer under 24-7 observation by hospital staff– she and I were on our own.
Later I learned that the hospital has a patient portal app that could help manage some of the our needs (not the personal chauffer for Mom, sadly– that was still me), and it suddenly it clicked—a mobile patient portal app could be a kind of tiny doctor that goes with you everywhere and is accessible at any time! The next thought, immediately, was “Wait, why don’t we all have that now?”
And thus began the rabbit-hole-diving—no, the portal-diving—into the research behind this post.
Patient engagement? Is that the prelude to patient marriage?
If you’re new to the idea of patient engagement in healthcare, let me break it down:
Patient engagement is the strategy of enabling patients to self-manage their healthcare needs, and patient engagement tools are online programs and services for patients to access on their own. This could include anything from tailored messages and reminders about their treatment plans and medications to educational resources to remote monitoring that tracks medication adherence.
(See also patient adherence, patient empowerment, patient autonomy, patient activation, patient experience…the terms have changed a bit over the years)
Patient portals are a patient engagement tool with a legal mandate: they are required by law to provide two services: 1) access to electronic health records (EHRs), and 2) the ability to contact and correspond with the patient’s healthcare providers. However, patient portals may also include a host of other features– and often do, because they are patient engagement tools. And they come in mobile app format, so let the features flow!
Patient engagement has potential to advance patient empowerment, which the WHO defines as “a process through which people gain greater control over decisions and actions affecting their health”—the worthiest of goals, but strangely also very distant.
Discovering why requires taking a nice long walk through the current landscape of patient engagement, stopping off to learn what EHRs even are, what healthcare tech platforms are, what the law says they have to do, and the reality of what they are doing today, before pointing out some promising possibilities sprouting up and looking hopefully into the future.
Your medical records online, no CD-ROM required
An electronic health record (EHR)1 is a digital system for storing patient health data, intended primarily for use by healthcare providers and platforms. EHRs can contain data in the following categories:
Demographic Information: Name, age, sex, race, ethnicity, and sometimes socioeconomic data like marital status or occupation.
Medical History: Diagnoses, medications, allergies, immunizations, surgeries, family history, and previous visits.
Clinical Data: Test results, imaging reports, physician notes, vital signs, and treatment plans.
Billing and Insurance: Information about coverage, claims, and payment history.
Social Determinants of Health (SDOH): The non-medical factors that impact health, such as housing status, income, education, etc.
In the context of a healthcare system like a hospital, EHR data is the central nervous system—it gets vital information in front of the people (doctors, nurses, clinicians) who need to make decisions about a patient’s care, informed by that data.
Note: When the word “patient” is used here, that’s you—provided, of course, you’ve ever sought care from a healthcare system. Keep in mind as we’re talking about who accesses EHR data and how it’s used, because that’s your data—your demographic info, your medical history, your clinical data, your billing and insurance information, and your social determinants of health (effectively, your life).
Empower Patients: Giving patients access to their health data is one of the core benefits of system interoperability. Patients are better able to seek second opinions and alternative treatments, download educational materials that can help with disease management, and access their own diagnoses and test results. They no longer need to hunt down records from multiple providers and remember when and where they sought treatment, which medications they’ve been prescribed, and the details of their treatment plans. Key to this effort is providing this comprehensive data to patients through easy-to-use applications or web pages that also include an accurate history of the data’s source.
Health records existed on paper before they were digitized, and once digitized they could be shared between healthcare systems according to the standards set in place by HIPAA, using Health Information Exchanges (HIEs)2 set up by the by the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology– the ASTP/ONC, for those of us who hate pausing to take a breath in the middle of a name.
But patients didn’t get meaningful access to their EHRs until 2014, with the implementation of the appropriately named Meaningful Use Stage 2 of the HITECH (Health Information Technology for Economic and Clinical Health) Act, proposed in 2012.
Imminent clinical information I mentioned above—diagnoses, allergies, test results, and so on—isn’t the entire set of data in an EHR, nor are clinical purposes the only reason that EHR data is accessed. The information shared via HIEs is aggregated from multiple EHRs and providers to facilitate interoperability (which we’ll get to later) and improve care coordination across systems.
Payers (insurance companies, Medicare, Medicaid) access EHR data to assess coverage, process claims, and conduct risk assessments. Public health agencies access EHR data according to health data reporting standards (including international health data reporting standards, which means the WHO, from which the U.S. is withdrawing, but not until January of 2026).
That’s a lot of entities, but a few are especially relevant here:
EHR tech platforms don’t access EHR data per se—rather, they provide EHRs for use by healthcare organizations. They’re the OG accessors, and they also provide software used to manage that data such as dashboards, reporting modules, payroll, human resources, risk management and compliance, and of course, patient engagement.
Analytics platforms don’t replace EHR platforms, so much as sit on top of them. An analytics platform integrates with the EHR platform, taking the (de-identified) data in EHRs and aggregating it, drawing insights that apply broadly and inform healthcare systems from a top-down, population-level perspective that would inform those systems at the administrative level. You can think of EHR platforms as handling healthcare in the here and now, whereas analytics platforms look toward the future.
Government and regulatory bodies that I mentioned above, including the Department Health and Human Services (HHS) division the ONC, which became the ASTP/ONC3 last July, 2024.
But The legislation with the biggest impact on patient engagement came when the ONC was still the ONC– 2016, with the 21st Century Cures Act.
The Cures Act asserted a goal of offering patients access to their electronic health information in a single, longitudinal format that is easy to understand, secure, and may be updated automatically. To support this, the act promoted the adoption of FHIR (Fast Healthcare Interoperability Resources), a modern data exchange standard that enables seamless, real-time sharing of structured health data across different systems, including EHRs, patient apps, and third-party services.
So let’s look at a few of those, already.
Gimme 5
Healthcare platforms vary wildly beyond the distinction I made between EHR and analytics platforms. In all cases, it boils down to how a platform uses EHR data—and in the case of EHR platforms, the extent to which they allow others to use that data (a big part of interoperability, which we’ll get to later).
These differences naturally determine how their patient engagement tools are going to work, so it’s necessary to take a closer look at some specific examples of those tools in the context of the entities that provide them.
For that reason I selected a sampling of five of the vendors selling those tools: a major EHR vendor, a significantly smaller EHR vendor, a platform of patient journey and educational tools, and two very different analytics vendors.
First up, let’s talk about the gorilla in the room, because he’s going to dominate a lot of the discussion that follows.
America’s biggest: Epic Systems
Epic provides a patient portal, MyChart, that links to Epic’s electronic health record (EHR) system. It’s designed for seamless patient-provider communication within the Epic ecosystem, and allows patients to view health records, schedule appointments, message providers, and manage prescriptions It was augmented recently to include telehealth integration, patient-reported outcomes tracking, and AI-driven health insights.
Messaging on Patient Engagement:
Epic markets MyChart as the gold standard in patient engagement, emphasizing its ability to enhance patient-provider communication and streamline access to records. However, its definition of interoperability is largely confined to the Epic ecosystem, making true cross-platform access challenging.
Epic’s patient engagement strategy reinforces data centralization under its platform. Its history of opposing federal interoperability mandates and allegations of information blocking combined with its public-facing support of interoperability sends slightly mixed messages.
The company has been criticized for making data sharing more difficult when external platforms (see the entry below on Particle Health) attempt to access its network.
Counterpoint: Epic’s Safety Net Initiatives
I can’t portray Epic as the all-around Big Bad when they go and do stuff like using SDoH data insights to influence policy change4 and offer Safety Net program5 tools. However, these tools don’t appear to be integrated6 into MyChart- although it does have a feature to get estimates for cost of care and what’s covered by insurance vs. self-pay. It also allows patients to “provide financial information and request assistance with paying your medical bills,” which is vague but sounds promising.
Next up is more of a refined, artisanal EHR platform that isn’t Epic’s biggest fan.7
Cloud-based EHR and practice management platform: AthenaHealth
AthenaHealth targets smaller and mid-sized healthcare providers seeking a more flexible, scalable alternative to Epic.
It’s marketed as a seamless patient experience platform, emphasizing “a connected patient experience across the care journey,” providing scheduling, secure messaging, and telehealth integration, and automated reminders and billing/payment tools to streamline administrative processes.
Messaging on Patient Engagement:
AthenaHealth positions itself as a patient-first EHR vendor, promoting “patient loyalty” as a key benefit of its engagement tools, while warning of “patient consumerism”—indicating concern over patients becoming too independent in their healthcare choices. AthenaHealth advocates for interoperability8 but has been criticized9 for remaining tied to its own system structure. While it has presented itself as more open than Epic, it still operates within its own ecosystem, limiting cross-platform functionality.
Moving on from EHRs, the next stop is a school for patients.
Clinical decision support (CDS) and patient education: Wolters Kluwer
Wolters Kluwer Health is expanding into patient education and engagement through digital tools.
UpToDate10 is a suite of clinical decision support (CDS) tools for providers, with patient education resources tailored to treatment plans and AI-powered patient journey tools that offer personalized treatment explanations by integrating into EHRs.11
Messaging on Patient Engagement:
UpToDate is marketed as a trustworthy, evidence-based resource for both providers and patients. Unlike Epic or AthenaHealth, Wolters Kluwer’s approach to engagement is more about education than direct patient interaction.
Wolters Kluwer emphasizes its role in enhancing shared decision-making by ensuring patients and clinicians have access to the same information. They have also been a strong advocate for patient empowerment. Their messaging emphasizes the need for better tools, education, and data access to facilitate truly patient-centered care.
Counterpoint: Wolters Kluwer’s positioning on patient empowerment varies, depending on whether they’re talking to healthcare systems or sharing the perspective of one doctor12 advocating for patient empowerment.
Their white paper on the “patient empowerment framework”13 includes this curious statement:
There are many aspects to patient empowerment, but in general, understanding of this concept is fragmented. There are not agreed-upon definitions for terms like activation or engagement. And there is no comprehensive understanding of how these various aspects fit together.
So…I guess we can just define these terms however we want? Because UptoDate referencing how “patient empowerment is a critical component to operating profitability in this new world” doesn’t sound so much like patient empowerment to me, as a money-making strategy. Not that turning a profit is a bad thing, but can we have one term that’s about patients, not turning them into products?
I suspect that this first analytics platform won’t have an answer, but nobody’s perfect– especially this one.
Data Aggregation and Patient Analytics: Particle Health
Particle’s engagement tools include data retrieval services that allow providers to query national HIEs, and a Record Locator Service (RLS) that predicts where patients have received care based on historical data.
Messaging on Patient Engagement:
Particle Health promotes its Record Locator Service (RLS)14 as a way to track patient’s movements between healthcare providers, even promising giving clients a notification “when a patient receives a high-value procedure out of network,” so that they can “ensure high-value procedures are scheduled in-network.”
In addition to making the words “patient journey” in its mission statement: “Drive strategic growth with patient journey insights” sound rather ominous, this level of patient tracking sounds like more of a patient stalking tool than just an engagement platform. Interoperability is one thing, but sharing real-time insights into where patients have been just feels like it’s crossing a line.
Counterpoint: Particle does get credit for its challenge to information-blocking on the part of Epic, filing a federal antitrust lawsuit15 alleging that Epic used its dominance in the EHR market to cut off its own customers from being able to request data from Particle, impacting over 420,000 patients—they even created a dashboard16 showing which organizations were involved. I believe the suit is still ongoing, so it’s something to watch.
But for now, maybe there’s an analytics platform less inclined to follow you down dark alleys.
UpFront’s predictive analytics bring healthcare closer to the ideal of proactive, personalized care.
It uses psychographic segmentation and behavior modeling to influence patient choices:
AI-driven outreach for scheduling, reminders, and follow-ups
Segmentation of patients based on psychological and social factors
Categorizes patients based on real-time risk factors, including SDoH data
Proactively reaches out to high-risk patients before their conditions worsen
Adjusts outreach based on a patient’s engagement level, ensuring personalized interaction
Helps providers optimize follow-ups and interventions based on patient responses and historical data
Messaging on Patient Engagement:
UpFront promotes psychographic segmentation18 as “hyper-personalized patient engagement,” claiming to improve patient follow-through by understanding motivational drivers. It frames its AI-powered approach to increase patient activation and reduce provider workload.
One potential benefit of psychographic segmentation: personalized patient engagement: by understanding patients’ attitudes, values, and lifestyles, healthcare providers can tailor communications and interventions to better align with individual motivations, potentially leading to improved health outcomes.
Counterpoint: There are, however, prominent criticisms of psychographic segmentation, such as:
Privacy Concerns:19 There are concerns about the ethical implications of collecting and utilizing detailed personal data for segmentation, including potential breaches of patient privacy and the risk of manipulating patient behavior without informed consent.
Data profiling: Concerns about how patient behaviors are categorized and acted upon. Its focus on steering patients toward “desired actions” can blur the line between engagement and subtle coercion.
Risk of Overgeneralization:20 Assigning patients to broad psychographic categories may overlook individual nuances, leading to interventions that fail to address specific patient needs or circumstances.
If UpFront wants to be your health coach, Health Catalyst’s other patient engagement app is more about being your personal health assistant.
Automated patient engagement and communication platform: Twistle
Twistle improves adherence by meeting patients where they are—through familiar communication channels.
It takes the manual burden off healthcare providers by sending reminders, check-ins, and education materials to patients, using their EHR data and self-reported responses to adjust engagement over time. Other features:
Sends automated reminders for medication adherence, upcoming appointments, and follow-up care, that uses multi-channel automated messaging (text, email, phone, app notifications)
Uses secure messaging to check in with patients post-discharge
Integrates with wearables and home monitoring devices, pulling in real-time patient data for more personalized outreach
Uses SDoH data to adjust engagement—patients flagged as high-risk due to economic instability
Care pathway guidance, helping patients stay on track with their treatment
Messaging on Patient Engagement
Twistle aims to reduce provider workload through automated patient communication and help patients follow their care plans with automated messaging.
A real-world case study21 focuses on Providence Health’s effort to simplify treatment for total joint replacement care, showcasing how Twistle’s automated communication and reminders reduced complications and improved patient adherence to pre- and post-operative care plans. Twistle emphasizes that its platform allows for seamless digital engagement, helping patients stay informed and compliant with their treatment, ultimately leading to better outcomes and cost reductions.
While all of these platforms access and use EHR data, their levels of access to it vary. Interoperability means cooperation, and some kids want to take their ball and go home.
Lack of interoperability: A fancy term for “Why can’t my doctor see my records?”
Information blocking, the art of making data hard to share22
Information blocking in healthcare refers to practices that unreasonably prevent or limit the sharing, access, or use of electronic health information (EHI) among patients, providers, or health systems, often for competitive or financial reasons.
Sharing data between different health systems is what determines how useful patient engagement tools can be. The ability of different healthcare information systems and applications to access, exchange, integrate, and cooperatively use data in a coordinated manner across organizational, regional, and national boundaries ensures that patient information can be shared seamlessly among providers, labs, pharmacies, and other stakeholders to improve care quality, efficiency, and patient outcomes.
The 21st Century Cures Act and HTI-1 Final Rule were supposed to stop hospitals and EHR vendors from blocking access to patient data. But instead of embracing real interoperability, vendors found loopholes, such as:
Charging high fees for data access, making it financially unfeasible for competitors to build better patient engagement tools
Requiring custom-built API integrations for every new connection, forcing external developers to spend months negotiating and developing integrations that should be standardized.
Allowing hospitals to delay lab result releases until after a doctor manually reviews them, even if laws require immediate electronic availability
Internal interoperability works great—within that hospital system. But if a patient moves to another provider? Suddenly, data transfer becomes a bureaucratic mess. For example:
Vendor lock-in/EHR monopoly
Epic, Oracle (Cerner), and Meditech together control 60% of U.S. hospital EHRs. If a hospital uses Epic, it uses MyChart. If it uses Oracle, it’s HealtheLife. If it’s on Meditech, it’s Meditech Expanse.
Interoperability between different EHR systems remains limited, often resulting in hospitals remaining dependent on their existing systems. Contributing factors include:
Lack of Standardization: The absence of uniform standards across EHR systems leads to inconsistent data formats and communication challenges, hindering seamless data exchange.
Technical Complexity: The use of multiple incompatible EHR systems creates data silos and causes duplication of patient records, some of which are incomplete or inaccurate.
Patient engagement as a retention tool
To be fair, it’s just a fact that EHRs were developed for providers, not patients. That doesn’t seem quite as weird if you start with the idea that when EHR adoption surged due to HITECH Act incentives (2009-2015), vendors focused on first on helping hospitals meet Meaningful Use requirements (i.e., digitizing patient records and improving provider efficiency).
The primary customers for EHR systems are hospitals, not patients, so vendors designed tools that optimized billing, scheduling, and regulatory compliance rather than patient-facing features. Insofar as they thought about patient portals, they were just minimal add-ons, basic tools.
But here’s where I stop being fair. Next, hospitals began buying third-party engagement tools to supplement clunky EHR portals, signaling that EHR vendors were failing to meet patient expectations. Rather than improve interoperability, EHR vendors responded by building their own engagement tools, and now we have competition– to best serve the needs of hospitals, that is, not patients.
Learning more about EHRs, and EHR providers specifically, caused me to recall that scene in Miracle on 34th street (my mother’s favorite movie) where Kris Kringle (aka Santa Claus) is working at Macy’s, listening to children’s wishes, when a woman asks him where to find a particular item that Macy’s doesn’t carry, distraught because the item will be a Christmas gift for her son. Kris informs her about another, competing store where she can find the gift.
This causes department head, Mr. Shellhammer, to become incensed—until he receives a deluge of letters and phone calls from customers saying how much they appreciate the Macy’s priority of helping customers over direct profit. Mr. Shellhammer immediately instructs all sales assistants to follow Kris’s lead.
But in this case, EHR Macy’s actually makes the gift, and the other stores all make their own versions of the gift, and there’s not a lot Mr. ONC Shellhammer—or Mrs. Healthcare Provider, the customer—can do about it. She can shop at Macy’s or another store, but she has a contract with Macy’s (or something—stick with me here) to buy their gifts, so it’s extremely difficult to go to another store. And her Patient son gets (almost) no say in the matter.
Okay, so it’s not a perfect analogy—we left out the parts that weren’t in the original story, such as the gift expert analysts who go around telling stores how their gifts could work better, but who also make their own gifts.
Analytics platforms: using AI to give your EHR a workout
While EHR vendors continue to dominate patient engagement through their own proprietary tools, analytics platforms are emerging as a workaround, leveraging interoperability and AI to provide a more holistic, patient-centered approach to engagement. These platforms are built to ingest, analyze, and act on patient data across multiple sources, rather than restricting data within a single EHR ecosystem.
Analytics platforms are leveraging AI to go beyond simple patient record management and actively shape engagement strategies based on real-time data, predictive modeling, and personalized interventions. These tools are helping shift patient engagement from a reactive process (waiting for patients to seek care) to a proactive model that anticipates needs and removes barriers to access.
Breaking Down EHR Silos (Health Catalyst, Arcadia) – AI-driven analytics platforms integrate data from multiple EHRs, insurance claims, HIEs, and even social determinants of health (SDoH) sources to create a comprehensive patient profile that traditional EHR patient portals cannot provide.
Predictive Modeling for Preventive Care (Arcadia, Health Catalyst) – AI-driven platforms assess millions of data points to identify high-risk patients before they require costly interventions, enabling earlier engagement and better outcomes.
Automated Patient Navigation and Outreach (UpFront, Twistle by Health Catalyst) – AI-enhanced platforms analyze patient history, social determinants, and engagement patterns to determine the most effective outreach method—whether it’s text reminders, digital education, or community resource referrals.
AI-Driven Virtual Care Coordination (Wolters Kluwer, IBM Watson Health) – AI can recommend follow-up appointments, coordinate referrals between specialists, and track adherence to care plans without requiring constant human oversight.
Real-Time Insights for Patient Adherence (Twistle by Health Catalyst, Wellframe) – AI can monitor which patients are engaging with their care plans, flagging those at risk of non-adherence and providing tailored interventions to improve compliance.
Bias Detection and Personalized Equity Adjustments (Epic SDoH Analytics, Google Health AI) – AI models can analyze how different populations receive care, identifying disparities and ensuring more equitable engagement strategies tailored to historically underserved communities.
Don’t hold back: moving beyond EHR-restricted patient engagement
As analytics platforms continue to expand their capabilities, they challenge the traditional role of EHR vendors in controlling patient engagement. While EHRs will always be necessary for core medical documentation, their ability to drive meaningful, proactive engagement remains limited. Analytics platforms are filling that gap by:
Enhancing interoperability to create unified, patient-centered data systems.
Using AI-driven insights to tailor engagement at the individual level.
Expanding patient access beyond clinical settings, incorporating SDoH and predictive health modeling.
By shifting the focus from reactive EHR-based portals to proactive analytics-driven engagement, these platforms are redefining how and when patients interact with their health data—offering a glimpse at what true patient empowerment could look like.
P.S. Oh yeah, remember that gift from Macy’s?
Turns out that the gift Ms. Healthcare Provider was trying to buy was a biography about the boy, and one that he, himself, was only recently allowed to read.
But read it he did, and the knowledge empowered him to write his own book– an autobiography, this time.
Dear reader– in a stunning twist you never saw coming, that little boy is you.
Biography or autobiography, people are going to keep copying sections of it for different purposes. But it’s still yours.
Get it, Check it, Use it! Easy access to your health records puts you in control of decisions regarding your health and well-being.
In the end, we must turn away from the abstract and distant disputes between entities who have no idea who we are, and yet handle our personal information daily. It will probably always feel like an invasion of privacy, no matter how many safeguards are in place. Equally, at some point we have to reckon with the fact that we don’t choose the patient engagement tools we use—Mrs. Healthcare Provider does, so that’s why Macy’s caters to her, not us.
But you know what? We do get to look at what we’ve been given and decide that it’s not good enough, and some of those folks are listening. So my next post will be much less structured and much shorter (it had better be!), but much louder. I plan to yell about some things– perhaps you’ll join me?
In August of 2018, in light of the growing number of apps under Customs and Border Protection, the agency’s Office of Field Operations (OFO) announced that it would develop the CBP One mobile application in collaboration with the Office of Information Technology (OIT).
The app would prevent the confusion that comes with travelers needing to access multiple apps to access services by functioning as a hub for all services, e.g. cruising licenses for pleasure boating, Form I-94 application and management, inspections of cargo, checking border wait times, submitting flight and bus manifests– hence the name “CBP One.”
These services would be incorporated over time, according to a roadmap that plotted them out over the next few years, and would become accessible to each user type by asking them a series of intuitive questions and guiding them to the services they need.
CBP One launched on October 28, 2020 with few capabilities and high expectations that more would be rolling out soon.
However, gathering information from hundreds of thousands of migrants, and using it to process them at the border. was not one of those.
This review shows the following:
CBP One’s development diverged in audience and focus almost immediately upon launch, if not prior.
And yet, CBP One’s user interface still reflects that original intended usage and user groups– even though many of those usages or user groups never made it into the app.
CBP One’s documentation is largely intended for internal audiences, and in some cases the public– not migrants using the app.
What information is made available to the public, and to migrants specifically, obscures how the app actually works, and how it gathers and uses information provided by users of the app.
It doesn’t have to be this way– a look at the Mobile Passport Control, developed originally by CBP in collaboration with Airside in 2013, belies the fact that a superior user experience is possible, and the current UX of CBP One is a choice made by its developers.
CBP One expedites the transmission of a migrant’s information to CBP, but the only benefit here appears to be for CBP.
The requirement to use an app to enter the country lawfully is not only arguably a violation of their rights as asylum seekers, but the inferior functionality of the app and lack of critical information in easy-to-access locations for migrants reveal a fundamental lack of respect for basic human dignity and equality.
Table of Contents
Objectives:
Explain what the CBP One app was supposed to be vs. what it became
Review the technology used
Walk through the documentation
Evaluate criticisms of the app
Show where major events occurred on a timeline
A word about terminology:
Certain terms are used interchangeably in DHS and other documentation concerning CBP One, so here’s some clarification on how to understand those terms:
International Organizations (IOs) and Non-Governmental Organizations (NGOs) are used interchangeably in DHS documentation. Generally, these are organizations approved by the Mexican government to assist migrants in Mexico, who effectively do unpaid work that the DHS relies upon. They give migrants access to basic necessities like food, shelter, clean water, electricity, and education. Before CBP One, they communicated with Border Patrol about migrants in advance of those migrants approaching the border, and when CBP One was modified with the expectation of IOs using the app on behalf of migrants in 2021, CBP provided them with training on doing so.
User roles/personas/user types are used interchangeably in CBP documentation.
Likewise services/capabilities/features.
Facial recognition technology/facial analysis technology/facial comparison technology, AI versions of any of these, and liveness detection will be referenced interchangeably as “FRT” for the most part, except when it’s necessary to disambiguate them.
The term “migrant” is defined in the DHS glossary as “a person who leaves his/her country of origin to seek temporary or permanent residence in another country.” That’s how the term is used here, and it includes asylum seekers and refugees.
What the CBP One app was supposed to be vs. what it became
Overview
CBP One’s original vision, as you can see in this memo, was to serve both travelers and private commercial interests, both of whom have a need to access CBP services.
But as soon as the app launched– perhaps even before then– its functionality changed to suit unanticipated needs, including gathering large amounts of data from a vast population of migrants, so that the migrants could request appointments at the border for inspection and legal entry into the United States.
Note: This memo was obtained via FOIA request by the American Immigration Council (click here to see the document). Internal documentation in this write-up is mostly pulled from that source.
The app was “not initially designed for this particular process,” according to notes from a meeting in February 2021. By this point, its developers were already deviating from that original vision.
They were incorporating AI facial recognition technology, which probably would’ve been incorporated into the app regardless if it had gone on to incorporate Trusted Traveler programs as planned, but instead, FRT was used in the app to compare migrants against DHS databases and keep their images on file for future use.
The app’s user based shifted to accommodate IO/NGO staff who used it to check migrant enrollment in the Migrant Protection Protocols and submit information about migrants in advance of their appointments at the border.
A year later it would change again, to accommodate those migrants using CBP One to submit information on their own and schedule their own appointments.
Because of these external needs to use the app in ways that diverged from its original purpose, its usage changed dramatically. As a consequence of that, its functionality changed as well.
Some of the public-facing documentation reflects that shift in usage, but some very important parts of it don’t. The design of the app was forced to change, but most public-facing documentation doesn’t reflect that. Statements about what the app is for and how it’s used, both within the app and in most external documentation specific to CBP One, also don’t reflect that.
My goal here is to show that, and suggest reasons why.
User roles and services/capabilities
One choice made in CBP One’s design was that the app would display all anticipated user types and services from the beginning, and gradually they would become accessible within the app. Until that point, clicking on those user types and services would trigger a pop-up message saying “Coming Soon. This feature is coming soon. Additional services will be rolled out over the next year.”
As a result, it can be difficult to tell which user types and services were available at any particular point in the app’s development. You can’t, after all, time travel back to any of those points and try the app out for yourself, so I’m forced to discern the app’s functionalities based on the following:
Reports from users of the app at different times in its development
Statements made by CBP/DHS
Changes in the law/policy that required changes in the app
For this section, I’ll focus on services known to be available at launch.
The Broker/Carrier/Forwarder role could schedule inspections of cargo prior to crossing the border, an idea pitched at a “shark tank” event at the Miami Field Office in 2018 and pilot tested in 2020.
Land and Air Travelers could access the Form I-94 website from the app. The is needed by most international travelers to the United States, and it’s used to track entrance to the country and exit from it. Through the app, a traveler could apply for the form and then use it to access their travel history, prove their visitor status. Land travelers could use it to apply for a provisional Form I-94 (it’s generally automatically for air travelers).
Not long after, Air Travelers could apply for membership in one of the Trusted Traveler programs which expedite screening and other processes of international travel for pre-vetted American citizens. They could also Request Inspection of certain items like hunting trophies.
Bus Operator could Submit a Manifest and Check Border Wait Times by checking the Border Wait Times site within the app, where they would be (and are still) prompted to get the CBP Border Wait Times app.
Services added in 2021 for the International Organization role to assist migrants:
International Organization > Check Case Status
International Organization > Submit Advance Information
Subsequently, migrants could access these services themselves:
Air Traveler > Advance Traveler Authorization: “Request authorization for non-United States citizens intending to travel to the United States via flight. This action is only available to travelers following the approval of their supporters on Form I-134A through the USCIS.”
Land Traveler > Submit Advance Information: “Submit your information before your arrival to a southwest Port of Entry.”
Additionally there’s a TSA role, hidden to anyone who doesn’t use a TSA email address to log in, allowing TSA supervisors to take a photo of asylum seekers enrolled in the Migrant Protection Protocols (MPP) program using facial recognition technology (FRT) to verify their enrollment and allow them to travel within the country.
A bend in the roadmap
CBP One has changed significantly over the time since launch, diverging from the capabilities planned on this roadmap from October, 2020.
Apologies for the blurriness (it’s from the FOIA docs), but you should be able to see that I-94, Bus Processing, Scheduling Perishable Cargo, Pleasure Boat (CBP ROAM), Seaplanes Processing, Cruising License, Cargo Crew Processing, Fee Payments, Border Wait Times, and Hand-Carry Permit Items were all to be added by November of 2020. (Launch day was, remember, October 28!)
By February of 2021 the features would include Scheduling Vessel Arrivals, Trusted Traveler programs (not just signing up, but doing everything you currently do in the Global Entry app, for example), and Scheduling All Cargo.
2022 would bring Landing Rights Requests, Diversion Notices, Notice of Arrival, and POV/COV (I’m Ready/PARE), which refers to Ready Lanes at land border crossings. You can get expedited processing and across the border faster if you have one of several RFID chip-enabled ID cards.
It looks like CBP One got about as far as Perishable Cargo before that road diverged at the beginning of 2021.
The UI as intended
I think the original premise for navigating the app is pretty intuitive in itself, as a way to shortcut a user to which services apply to them and away from those that don’t, even if it means some repetition where different types of users need the same service (e.g. I-94 travel history), so you’ll see the same option listed for two different user roles. That’s intuitive given the intended audiences for the app– American companies/citizens, who need to interact with Customs services to comply with regulations regarding commercial shipping and/or international travel, and documented international travelers who need to access that documentation quickly.
It could’ve been done differently and be even more intuitive, though, based on how large the audience is for one service or another. E.g. if 75% of your audience needs Form I-94 services, it would make more sense to put that on the home menu rather than burying it behind Traveler > Land or Traveler >Air (or Traveler > Sea, but that’s “Coming Soon.”) That would require knowing how large your audiences are for different features, but those stats could be pulled from the existing apps/web pages where they’re currently accessing the features. And of course, it would likely require modifying the user interface as you go.
It’s difficult to go beyond that first impression, however, because that’s all it is– a first impression. That home screen is the face of a different app than the one CBP One would turn out to be.
6 very simplified, chronological user guides to CBP One
To show how the user experience changed from February of 2021 (when IOs first started using the app) onward, I’ve written up some very abbreviated user guides reflecting how the app was used with each major change over time– from the migrant’s point of view, because they are The User.
User Guide 1: February, 2021 (MPP Check Case Status)
In December of 2018, the Trump administration announced the so-called Migration Protection Protocols, and the program went into effect in January of 2021. The MPP or “Remain in Mexico” program allowed DHS to send migrants to Mexico upon their arrival at the border and prevent them “clustering” at the border while waiting for their hearings. At this time, the International Organization user role in CBP one allowed staff from those organizations to identify migrants who were enrolled in the program.
You made it to the border, but they gave you a piece of paper and put you back on a bus to Mexico, where you joined 70,000 other migrants given a court hearing and a notice to appear, then sent away with no real plan to make it back in time for that hearing. You’ve been through hell in Mexico, but CBP officers weren’t asking about that. To request asylum at the border, you’d have had to affirmatively assert that you’re afraid of being sent back, and only then you might’ve gotten referred to a UCSIS asylum officer.
That piece of paper they gave you has your A-number on it, and you’re so grateful that your paperwork wasn’t stolen (and of course that you weren’t one of the 1,544 cases of rape, kidnapping, assault, and other violence committed against migrants sent back under MPP.
If she can verify that you have a hearing pending, you can go back to the border to attend it (if you don’t, your case is thrown out for failure to appear). Turns out she has to use your A-number to do that, because the photos she takes aren’t being accepted. But finally, you’re confirmed as enrolled with a case pending.
This screenshot is from a Powerpoint presentation given to IOs in early February. It was never provided to the public, even when migrants started using the app directly.
User Guide 2: March, 2021 (Title 42 Submit Advance Information)
To streamline the processing of undocumented individuals who may potentially be excepted from the CDC Order, CBP is relying on partnerships with certain International Organizations/NGOs. International Organizations/NGOs will identify undocumented individuals that are potentially excepted from the CDC Order on humanitarian grounds. . . .The manual input of data into USEC by CBPOs is a time-consuming process. The advance collection enables CBPOs to import the information collected by CBP One™ directly into a Unified Secondary event, which reduces the need for manual data entry and improves case processing efficiencies.
Yours was one of the 1.8 million expulsions from the border under an emergency implementation of a U.S. health law, Section 265 of U.S. Code Title 42, otherwise known simply as Title 42, which went into effect on March 20, 2021.
IOs have been training on using the CBP One app to take information about you, such as the standard names, dates, birthplaces, etc. but also information about your parents, the address where you lived before coming to the US (which address, exactly?) and other more specific information.
They’ll submit this information about you along with a statement attesting that you fit one or more of the vulnerability criteria that would merit exemption from Title 42, under which there is no claiming asylum– CBP stopped processing that asylum requests this month, expelling over 215,000 parents and children together who were asylum seekers.
But at least a teacher from the Sidewalk School helping your kids learn English is able to submit this statement on your behalf. You fit at least two or three of the criteria, so maybe you have a shot? Guess we’ll find out.
User Guide 3: April 25, 2022 (Ukrainian Direct Submit Advance Information)
Ukrainians fleeing Russia’s invasion could come to to the U.S. through the Uniting for Ukraine humanitarian parole program, i.e. be accepted into the U.S. for a period of two years to live and work lawfully, provided they pass a background check and have a financial sponsor who applied for a Form I-134A on their behalf.
Go to Login.gov, “the public’s one account for government,” and create login credentials for yourself to use in CBP One.
Log in to the app and select Traveler, then Air.
On the Air Traveler screen, select Advance Traveler Authorization: “Request authorization for non-United States citizens intending to travel to the United States via flight. This action is only available to travelers following the approval of their supporters on Form I-134A through the USCIS.”
On your first time using the app, a pop-up will say that your profile is missing information. Hopefully your English is good enough to carry you through this, because that and Spanish are the only options.
Facial Photograph
Photo obtained from the passport or Chip on ePassport, where available
Alien Registration Number
First and Last Name
Date of Birth
Passport Number
User Guide 4: January 5, 2023 (CHNV Direct Submit Advance Information)
On January 5, 2023, the Biden administration announced a humanitarian parole program for nationals of Cuba, Haiti, Nicaragua, and Venezuela (CHNV). Up to 30,000 refugees in the CHNV program would be accepted into the U.S. each month for a period of two years to live and work lawfully, provided they pass a background check and have a financial sponsor who applied for a Form I-134A on their behalf.
Nationals of these countries could use CBP One to submit their information in advance, but if they attempted to enter the United States without using the app and/or somewhere outside a point of entry, they would be expelled. With the opportunity to enter as a refugee, CHNV nationals largely lost their chances at applying for asylum, and Mexico made an agreement with the U.S. to allow up to 30,000 asylum seekers to be expelled to Mexico each month– despite not being from Mexico.
See user guide 3 for instructions, but if you’ll be arriving by land entry, use CBP One to make the appointment.
User Guide 5: January 12, 2023 (Title 42 Direct Submit):
Anyone can use the app now to submit their information and attest that they fit the vulnerability criteria to be exempt from Title 42. But now IOs aren’t instructed to help you– you have to do it yourself, and there is no guide to using the app anywhere. Not within the app, and at this time there isn’t even a website.
Go to Login.gov, “the public’s one account for government,” and create login credentials for yourself to use in CBP One.
Log in to the app and select Traveler, then Land.
Select Submit Advance Information | Enviar Información Anticipada, then fill out your profile: Name, Date of Birth, Phone Numbers, U.S. Address, Foreign Addresses, Nationality, Employment history, Travel History, Emergency Contact Information, Family Information, Marital information, Gender, Height, Weight, and Eye color.
Take a photo of yourself and upload it.
Confirm that you meet one or more of the vulnerability criteria and can provide supporting documentation, and hope for the best.
Do steps 2-5 every morning at 2am as the 700 or so available slots for appointments vanish over a few minutes. Yes, including the registration– every morning, enter all of that information as fast as you can, take another photo, or as many as it takes, and keep trying,.
A 27-year-old Cuban woman, who also requested anonymity over concerns that recognition would affect her entry into the U.S., told Rest of World she’d been waiting on the Mexicali-Calexico border penniless with an infant for over a month. ‘I have to wake my 3-year-old baby at 2 a.m. every day to enter our information and try our chances with the app.’ She said she had used the auto clicker to tap over and over on the photo she had to upload to get an appointment. ‘What I have noticed is that auto-clicker apps work mostly when there is only one person trying to get the appointment.’
User Guide 6: May 12, 2023 (Direct Submit, post Title 42)
Title 42 was lifted on May 11, and the vulnerability requirement is gone from the app.
Haitian Creole is added to the app– sort of.
The quality of the current Creole translations is spotty at best. Users can only select Creole after a full user registration process in English and Spanish, including two-factor authentication. Error messages, drop-down menus, and navigation tools continue to display only in English. . . ‘Any human who is familiar with any kind of written language would look at that and say, that looks wrong,’ said Wagner, who recommends CBP hire language professionals to review the Haitian Creole text on the app. ‘It shows that they truly don’t care whether anybody understands it.’
Appointments are allocated on a lottery arrangement, but with preference given to those who requested an appointment yesterday.
You still must ask for an appointment each day, but you have 23 hours in which to ask for an appointment, and then another 23 to accept and confirm when you get a notification.
Before you’re allowed to request an appointment, you must agree to share your location (and you must be in central or northern Mexico, including Mexico City and Guadalajara). Before you’re allowed to accept an appointment, you must share your location again, and take a “video selfie.”
Review the technology used (and not used)
Planned technology vs. technology utilized
One thing that stands out almost immediately:
Progress on the rollout of planned features for CBP One ground to a halt in 2021 as the app’s focus shifted away
CBP stopped adding capabilities to CBP One, and used them instead to make more apps
The new app was designed to have a “user centric interface to guide users with an intuitive and guided border entry/exit experience regardless of geographic location, mode of transportation or citizenship.” It would “eliminates the need for multiple CBP applications.”
When development of CBP One was announced, CBP had five mobile apps: CBP Jobs, ROAM, MPC (Mobile Passport Control), Border Wait Times, and CBP DTOPS.
As of this writing, CBP currently has eight apps: MPC, Global Entry, ROAM, CBP One, Border Wait Times, myCBP, ESTA, and CBP Truck QR.
Development status reports showed a distinct lack of development
CBP published internal status reports for CBP One usage and available/upcoming features, which give an idea of how things weren’t progressing.
In comparing these status reports for June and July, a few things to notice:
Under “What is Available Now,” features are listed as having been available in February and March of 2020, before the app actually launched in October. Presumably this was a typo and they should’ve said 2021, but the error wasn’t fixed from June to July.
As of June 18, NGOs had the ability to schedule appointments using the app, but migrants using the app to submit their own requests directly was projected for the end of June, 2021. The July report says that the functionality had been placed on hold, and migrants didn’t get the ability to submit their own information until January of 2023.
The “current statistics” are exactly the same for both months.
Facial Recognition Technology
Most of the criticisms about CBP One’s actual functionality concern its facial recognition technology. The background on that certainly explains some of the complaints.
CBP One was designed to comply with a biometric entry/exit mandate issued before apps (or the DHS) existed
Biometric identity information is used to identify or verify who you are based on physically distinguishing characteristics, such as your fingerprints, irises, or face. It suddenly became very important to the U.S. federal government in the wake of 9/11/2001, when for many, any shifty-eyed stranger on an airplane might be a terrorist ready to steer the flight into a building, and three months later, a fear of explosive shoes took hold of America and has largely kept its grip ever since Richard Reid completely failed to set fire to his.
The DHS cites multiple pieces of legislation from around that time, including the Enhanced Border Security and Visa Entry Reform Act of 2002’s Title III: Visa Issuance, as its mandate for gathering biometric data on travelers entering and exiting the country. The legislation references INS (Immigration and Naturalization Service), because DHS hadn’t yet been created as unification of USCIS, ICE, and CBP, all of which had previously been subsumed under INS, in 2003.
The relevant section reads:
Title III: Visa Issuance – Amends the Immigration and Nationality Act (Act) to direct the Secretary of State (Secretary), upon issuance of an alien visa, to provide INS with an electronic version of the alien’s visa file prior to the alien’s U.S. entry.
(Sec. 302) Sets forth technology standard and interoperability requirements (including October 26, 2004 implementation deadlines) respecting development and implementation of the integrated entry and exit data system and related tamper-resistant, machine-readable documents containing biometric identifiers. Requires a visa waiver country, in order to maintain program participation, to certify by October 26, 2004, that it has a program to issue to its nationals qualifying machine-readable passports that are tamper-proof and contain biometric identifiers. Authorizes appropriations.
The need to gather biometric information applying in all of these cases, it’s not surprising that CBP’s AI Facial Recognition Engine, Traveler Verification Service (TVS), isn’t just used in CBP One, but in TSA PreCheck, Global Entry kiosks and the Global Entry app, and the Mobile Passport Control App
CBP developed TVS to be scalable and seamlessly applicable to all modes of transport throughout the travel continuum. CBP has successfully implemented facial biometrics into the entry/arrivals processes at all international airports and into the exit processes at 32 airport locations. CBP also established facial biometrics at 26 seaports and all pedestrian lanes at both the Southwest Border and the Northern Border land POEs.
Facial recognition technology works in two very general ways:
One-to-one comparisons for the purposes of verification, such as when you unlock your phone using your face to authenticate. This works by algorithms learning what your face looks like first, and then comparing future images of you to that original image, using it as a template.
One-to-many comparisons for purposes of identification, such as when a photo is taken of someone in a crowd, and you identify them by comparing that photo to a database of photos of people that may include one or more photos of the person you’re identifying. These photos are also templatized, as in, they’re converted to a numerical pattern that is, ideally, specific enough to avoid making an incorrect match by false positives (matches to photos that don’t actually show the same person) or false negatives (overlooking images that show that person).
According to TVS’s first Privacy Impact Assessment (PIA) in 2018, it was tested by employing CBP agents (in partnership with TSA) at airport departure gates, where they would take photos of travelers preparing to board the plane. Each photo would then be compared to a downloaded gallery containing templates from previously-acquired photos of the same traveler (such as a passport photo), and images of all travelers associated with the flight manifest, created using the Advance Passenger Information System (APIS) data
If a match couldn’t be found, a CBP officer would use a Biometric Exit Mobile wireless handheld device, or BE-Mobile, to manually capture the traveler’s fingerprint and use that to query a DHS-wide database called the Automated Biometric Identification System, or IDENT. Non-citizens’ facial images would then be retained in IDENT for use in future encounters with CBP.
The success of these programs led CBP to adopt TVS as its “accredited CBP information technology system that consists of a group of similar systems and subsystems that support the core functioning and transmission of data between CBP applications and partner interfaces.” It would use TVS as its “backend matching service for all biometric entry and exit operations that use facial recognition, regardless of air, land, or sea.”
Nevertheless, the PIA acknowledged, “While CBP may create APIS manifests on land border crossers via bus or rail, unlike travelers in the air and sea environments, there are no manifests created for pedestrian travelers to assemble a gallery of known travelers. CBP is developing processes that would enable the use of TVS at the land border; for example, CBP may briefly retain local galleries of travelers who have recently crossed at a given Port of Entry and are expected to cross again within a given period of time.”
At selected departure gates at select airports, CBP will deploy a facial recognition camera in close proximity to the airline boarding pass reader. This camera will match live images with existing photos from passenger travel documents assembled based on flight manifest data of the boarding flight. Upon receipt of the passenger flight manifest and throughout the passenger check-in process, CBP will compile photos from the Automated Biometric Identification System (IDENT), the Department of State’s Consolidated Consular Database, and U.S. Citizen and Immigration Service’s Computer Linked Adjudication Information Management System (CLAIMS 3) to build a flight-specific gallery housed in the Automated Targeting System (ATS).
. . . The test was scoped to include only one route and run until September 30, 2016; the pilot was later extended through November 2016. For flights operating on this route, a CBP-manned camera and tablet computer were placed between the boarding pass reader and the aircraft. As travelers checked in for their flight, CBP obtained passenger manifest data and assembled existing traveler photographs into a downloadable file that was pushed to the tablet prior to boarding. These photographs had been accessed from various DHS and Department of State systems. As travelers passed through the boarding area, the camera took their photographs. The real-time photographs were compared to the downloaded pictures to determine if CBP systems could accurately match the two photographs.
(Yes, this is what it’s like to read every Privacy Impact Assessment (PIA)– they’re clearly not intended to be consumed by, for example, the passengers on these flights. But though they’re public, they’re mostly about explaining how new technologies don’t violate any existing privacy regulations. IMO they could just as easily be called CYAs as PIAs, but YMMV.)
That gives you an idea of the conditions under which the TVS was developed: a very controlled environment composed of a brightly lit airport departure gate, where CBP officers (“CBP-manned camera”) were taking photos of travelers and comparing those photos to the travelers’ own photos from their travel documents, i.e. passport photos etc., as well as to the flight manifest.
A September 2020 GAO Report shows that FRT for land crossings was low priority– at best– when CBP One launched
The Government Accountability Office published a report evaluating CBP’s use of facial recognition technology (TVS) to date.
As of May 2020, CBP, in partnership with airlines, had deployed FRT to 27 airports to biometrically confirm travelers’ identities as they depart the United States (air exit) and was in the early stages of assessing FRT at sea and land ports of entry.
The report described, and included photos of, the scenarios of several pilot tests, looking at the accuracy of FRT but also the implementation of privacy safeguards and warnings. It included recommendations for CBP to be more diligent about displaying signage informing passengers of the Biometric Entry-Exit program and their right to opt out if they chose, as well as auditing airlines employing FRT for privacy purposes.
But the record scratched at the description of the process CBP had in place to test FRT for pedestrians:
As travelers approach the primary inspection booth and present their travel identification documents, such as passports or visas, cameras connected to TVS attempt to capture live photos. CBP officers scan the traveler’s identification document, which allows CBP’s TECS system to locate the document photo. Once the photo has been located, CBP’s system sends the photo to TVS. TVS then compares the live photo against the document photo to produce a match or no-match result. Travelers who are not matched by TVS instead have their identities verified manually (a visual inspection) by a CBP officer.
Here’s a rough approximation of what that looks like:
You present your travel documents to the CBP Officer.
A facial recognition camera takes a photo of you.
That photo is then sent to TVS.
This newly-captured photo of you is compared to the one in your travel documents.
If a match isn’t found, CBP officers do a visual inspection to verify your identity.
Now compare that to the process in CBP One:
You have no documents, so skip this step.
Instead, you manually enter your information into an app, and that takes a photo of you.
If the app accepts your photo, it will be compared to at least two databases that might or might not have your photo. You won’t know the results of that comparison.
If you’re issued an appointment and want to accept, you’ll need to undergo liveness detection by taking a “video selfie.”
If at any point something doesn’t work, too bad. No officers are around to give you a visual inspection, so this is where the process ends.
Sure, TVS might be doing the comparison– but nearly everything else is different.
The advantage in the first scenario couldn’t be more obvious– there’s an actual room, with CBP officers in it. In other words, you’re not using an app.
In a July 2021 report, NIST said that the quality of the camera and the environment in which the picture is taken affect the accuracy of facial recognition. Thus, the availability of CBP officers to check the accuracy of the systems conducting the photos’ comparison is vital to ensure racial minorities are not disproportionately impacted by the technology’s shortcomings.
In addition to random sampling, CBP officials can be informed of problems with air exit facial recognition if they are observed or reported by airlines or airports. For example, as previously mentioned, we observed a flight that experienced a high number of no-matches. When we alerted officials to the problem, they reviewed match data from other flights at that airport and identified similar issues. Specifically, CBP officials determined that lighting issues at a particular terminal were affecting the quality of the photos taken at the gate, and they worked with airport officials to address the issue. CBP officials also noted that they generate automated reports of matching rates and usage on a weekly basis, and provide weekly performance reports to stakeholders, such as airline partners. Officials said they use this reporting to gauge system performance.
So there was a problem, and officials were alerted to it, and they assessed the situation– probably in person– then determined that the lighting was affecting the quality of the photos. Also they generate automated reports weekly and report to stakeholders.
Does any of that come even close to applying to how CBP One is used? Note that this report came out a month before CBP One was launched, and the assessment of CBP’s facial recognition technology is that it’s very accurate when used in airports, except if there’s an issue with lighting or otherwise affecting the image quality– in which case CBP officials look into it and they addressed the issue. And they’re looking into applying FRT at land crossings for pedestrians, but that means pedestrians with passports and/or visas arriving on foot, in person, facing a camera operated by CBOs.
CBP might’ve been determined to use TVS as its “backend matching service for all biometric entry and exit operations that use facial recognition, regardless of air, land, or sea,” but if the vast majority of your pilot testing and general application of a technology is on air travelers, you are by definition excluding all undocumented migrants from your results. You are developing your technology to fit a scenario that does not include, and therefore cannot apply to, this audience.
This audience is composed of people using their own phones, on crappy wifi, by themselves with no help, most likely terrible lighting, and nobody noticing when it’s not going as planned. And when that happens, it doesn’t seem like it goes in anybody’s weekly performance report for stakeholders.
Statement for the Record on Assessing CBP’s Use of Facial Recognition Technology
In July of 2022, CBP submitted a statement for the record for a hearing titled “Assessing CBP’s Use of Facial Recognition Technology” before the House Committee on Homeland Security.
CBP is aware of concerns regarding biometric facial comparison matching, specifically that non-match results may be racially or demographically biased in performance. CBP does not track race as a descriptor during traveler processing; however, CBP data analysts have performed extensive operational analytics on TVS matching that shows a negligible effect in regard to biometric matching based on country of citizenship, age, or gender while achieving an average technical match rate of 99.4 percent on entry and 98.1 percent on exit. No changes have been necessary as the matching performance has remained consistent for several years across multiple matching algorithms. From January 2017 through the end of June 2022, technical match rates remained high among citizens from various regions of the globe, for example: Africa 99.5 percent match rate; Asia 99.3 percent match rate; Central America 99.6 percent match rate; and Europe 99.6 percent match rate. If a traveler cannot be matched by CBP’s biometric facial comparison technology, the traveler will simply be processed through the traditional inspection process consistent with existing requirements for entry into the United States.
Maybe you’ve already guessed, but this statement didn’t mention CBP One.
Liveness Detection
Wait, what’s a “video selfie”?
The first CBP One PIA has a brief description of liveness detection in the app, and it’s clearly not just talking about a photo.
CBP One™ prompts the user to take a live photograph or selfie (new photograph and not the same image collected from the passport/epassport). CBP One™ instructs the user to line their face up with a circle on the screen of their mobile device. CBP One’s embedded software then performs a ‘liveness’ test to determine that it is real person (and not a picture of a person).
While the user is taking the “selfie,” the technology embedded within the mobile application relies on the devices camera to view a live image through 3D face changes and observing perspective distortion to prove the image is 3D. If “liveness” cannot be confirmed, the user is unable to utilize the CBP One application.
This sounds very much like the iProov, product Flashmark, which “uses the screen of a mobile device to flash a unique, one-time sequence of colors, under server control, onto the user’s face. The server uses machine learning technology to analyze and determine if the image is a live person.” iProov received multiple CBP contracts to integrate “GenuinePresence Assurance” into CBP’s technology, starting in 2018.
The large number of appointments scheduled via CBP One in recent months was made possible through the identification of process improvements and implementation of a number of software updates that fixed earlier reported technical difficulties. For example, CBP addressed reported challenges related to geolocation and error messages due to bandwidth issues with a third-party software for liveness.
First, I think that third party must be iProov.
Second, this is as classic an example of “bug fix that isn’t a bug fix” message as you could get — “The app worked really well, which was only possible because we fixed the thing we broke.” Or in this case, possibly “We made the third party fix the thing it broke.”
Third, bug fixes go in release notes. Or at least they should. But for CBP One, there are no release notes (see below), because the release notes go in monthly operational reports. Because of course.
A thread for someone else to pull on?
So many of the complaints about facial recognition point to studies, including by NIST, demonstrating racial and other biases in the technology, suggesting that this accounts for when Haitian refugees, for example, can’t seem to get the app to recognize them. In response both CBP and NIST point out that facial recognition algorithms improve rapidly over time, and that:
CBP has partnered with the National Institute of Standards and Technology (NIST) to perform an independent analysis of CBP’s facial recognition performance, including potential impacts due to traveler demographics and image quality. Based on an algorithm vendor test conducted by NIST in 2019, it was concluded that the false positive differentials based on demographics were undetectable using the NEC-3 algorithm which is used by CBP. Per NIST, the NEC-3 is the most accurate algorithm evaluated (out of the 189 tested). CBP’s match rate is greater than 97 percent and improving.
(CBP partnered with Nec Corporation of America in June, 2017 – CBP’s OFO, United airlines, NEC Corporation tested facial recognition at Houston George Bush airport. Product: NeoFace® Express facial recognition stations)
False positive differentials are mentioned, but not false negatives
The article specifically describes air travel and comparing photos to passports and visa photos (whereas the FRVT test also looks at border crossing images)
It also doesn’t mention presentation attack detection (PAD), which is what the “video selfies” are for– to verify that that the camera is not just seeing you, but the actual you rather than, say, some imposter holding up a picture of you. It seems to me that this is an entirely separate area where bias might be introduced, which in this case would be in IProov’s territory rather than Nec’s.
But I can’t really give this the full examination it deserves. NIST has even separated out FRVT into two different areas, FRTE (Face Recognition Technology Evaluation) and FATE (Face Analysis Technology Evaluation), to make a clearer differentiation between FRT and PAD (to put it generally), and while it’s fascinating, it’s really out of my wheelhouse at the moment.
Still, I suspect that many of the complaints about bias are actually about liveness detection and not facial recognition.
A note on ROAM (Reporting Offsite Arrival Mobile)
CBP’s app for pleasure boaters was on the app store in 2020 when CBP One launched. CBP One’s roadmap calls ROAM out as a service to be incorporated into the app within the first month.
And announcements about the app’s demise, which appear to have been greatly exaggerated, appeared publicly on the CBP One page since it was originally posted.
But not only is the app still around, CBP is still updating it– in September of 2021, they added a feature to apply for cruising licenses. Stranger still, ROAM’s description on the App store says “Disclaimer: This is a pilot version only for use in limited areas. Contact your local Port of Entry for guidance.”
The strangest thing of all might be this quote from the first CBP One PIA. That’s all of the information about it in the PIA, so I don’t know what happened with this functionality.
Reporting Offsite Arrival-Mobile (ROAM)
The ROAM mobile functionality is embedded into the CBP One™ mobile application and provides travelers arriving to the United States with an option to voluntarily self-report their arrival to CBP. In addition, the ROAM mobile functionality will automate existing manual data entry and law enforcement queries for CBP and provide a more sophisticated capability for conducting a remote inspection via video conference. This function will not be available at launch of CBP One™; CBP will publish a standalone, function-specific PIA to discuss the privacy risks and mitigations thoroughly. CBP will update this Appendix when the standalone PIA is published.
Here’s a screenshot of the first day of the CBP One website — February 23, 2021. You could guess the timing based on the blue box talking about MPP, but the rest of it with the orange arrows has been more or less standard since then.
It launched with a “Getting Started” section limited to a brief set of instructions to download the app, create a login.gov account to use it, then “users can access the different CBP services based on their specific needs.” It could have contained, for example, the Powerpoint presentations given to NGOs, or the January 5, 2023 fact sheet announcing that migrants could start using CBP One on January 12, but did not.
That’s as much time as I’ll spend on the website, which ordinarily would be the focus when talking about documentation for an app. But that’s exactly the problem, because there’s not much to say about documentation that’s incomplete and out of date, except that it’s incomplete and out of date. Which it is.
And I’m not actually sure how important guides are, here. They should exist, absolutely, and they should be up to date, absolutely. But the guides do not tell you what to do when the app crashes over and over again, erasing your registration and taking you back to the login screen. They don’t tell you what to do if you can’t create a login, register a traveler or request an appointment. But there is one troubleshooting item you will see. They won’t tell you what a video selfie is, or what it’s used for, but if it fails– take a video selfie of someone else. Or delete your registration and start over.
Update announcements
Since January of 2023 when the Biden administration announced that migrants would use CBP One to submit their own information, there have been two update announcements posted to the web site: May 5, 2023 (announcing an update for May 10) and February 29, 2024, which…might not have been announced at all, actually, since the page doesn’t seem to notice that it’s changed.
That might be because the time in which you can make an appointment has actually gotten shorter, for the first time since launch– as of May 10, 2023, you had 23 hours in which to request an appointment, and as of Feb. 29, 2024, you have 12. I can see why you wouldn’t draw attention to that unless you had to.
Release notes
What release notes?
Tech support
Well, umm…yep. That’s it.
Anybody try emailing this address? I did, and didn’t get any reply. Weird. Should I submit a FOIA request?
In-app documentation
Recall that CBP announced the development of a new app, citing the need for a “an intuitive single portal for travelers and stakeholders to access CBP mobile applications and services such as CBP ROAM, I-94 Entry/Exit, and the Appointment Request Feature.”
The app officially launched on October 28, 2020.
The new app would be designed to have a “user centric interface to guide users with an intuitive and guided border entry/exit experience regardless of geographic location, mode of transportation or citizenship.”
It would, effectively, be a hub where users could be directed toward services based on their particular needs on the basis of their user type/role/persona (I’ve seen all three used interchangeably in documentation).
These screenshots describing CBP’s vision for CBP One are still visible in the app, on the General FAQs screen. As of this writing it’s mid-April, 2024, which makes you wonder which “early October” and “November” are referenced here. Based on what user types and features are actually available in the app, I have a feeling it’s 2020.
It’s like the app is haunted with ghosts of personas and services Never Yet To Come.
It’s like walking through a rental office space past a series of doors with signs on them, but if you open the door, all you see is a poster with cheerful text reading “Coming soon! Features for each user type will be rolled out at different times, so please check back if the one you need is not yet available!”
One of those rooms is, of course, full of hundreds of thousands of migrants, and that’s why the rest will remain empty. But you won’t see that mentioned on the signage.
MPC is designed to help air travelers avoid some of the “agony” (as Hipmunk used the term) that other travelers experience when trying to comply with federal regulations.
CBP One is designed as the only way for migrants to comply with regulations, thereby possibly relieving them of the “agony” experienced by migrants who aren’t allowed into the country at all.
In both cases, a select group is given an advantage over other groups in terms of complying with regulations set by the same entity extending that advantage. (Like TSA PreCheck, which allows travelers to pay to get through security quicker, and also uses facial recognition — and also seems like something everybody should get automatically, rather than an advantage you can pay for)
But I think it’s difficult to get our heads around the real, enormous, but hidden difference: every other program, every other app, is a choice. A real choice– the most you risk by not using them, maximum, is an hour in a security line.
CBP One, despite all statements to the contrary made by CBP itself, is not used voluntarily. Nobody would volunteer to use it. This is the kind of app you only use if you’re required, which sounds absurd as a design critique for an app. But it’s true, because CBP One is the most powerful app. The most you risk by not using it can be as costly as your future, even your life.
Evaluate criticisms of the app
The indignity of “glitchiness”
CBP One requires that applicants take a live photo. You can’t use an old selfie, and the app seems to have trouble with darker skin tones. And that is one of the glitchier aspects of this entire application, because the AI– the camera does not pick up certain phenotypes. And interestingly enough, when you get to that step, there is a model who is facing who’s on the screen. She’s a beautiful white model. And it’s surreal to watch an indigenous Mayan woman trying to take a photo facing this white model, and the camera just does not pick up her skin complexion. And that is often where the app crashes.
Gia Del Pino, Director of Communications at the Keynote Border Initiative, on Slate’s TBD podcast
Getting lots of questions on what to do when CBP One app just glitches. Like this video, which is NOT a boomerang vid, it is unedited. This is the phone of someone who is seeking asylum, and she has been told to download an app and make an appt, but can’t get past this screen. pic.twitter.com/eZPS7Fd5L8
— Lindsay Toczylowski (@L_Toczylowski) March 1, 2023
This has happened to me as well– many times
Austin Kocher made an excellent point in a paper about CBP One last year:
I argue that while glitches productively call attention to the controversial processes of asylum digitization, representing technological barriers to asylum as “glitches” displaces political discussions about the right to asylum with depoliticized discussions about patching software problems.
Glitches are pretty generic, as it goes. They come in a few varieties that you see across all kinds of software, regardless of how frivolous or necessary it is. The glitches people have reported about CBP One for years now have pretty much remained constant in type – the FRT can’t recognize your face, or the geolocation thinks you’re already in the U.S., or the app crashes and takes you back to login repeatedly (something that happens to me quite a lot, actually).
It’s hard to say how frequently they’re occurring or where, or for whom, though, because CBP One’s documentation doesn’t tell us that. It doesn’t tell us what, if anything, it’s doing to fix them. This kind of dynamic is also pretty common– who works with software regularly and feels completely in the dark about when, or whether, a problem they’ve reported is going to be fixed?
What sets CBP One’s glitchiness apart is the very fact of glitches. To complain that your asylum app has glitches can at once be 100% legitimate, and 100% like complaining that your right to privacy burnt a hole in your hand. You should not need to protect against flammability in claiming your right to privacy. You should not have to protect against glitches to claim your right to asylum.
CBP could give away hundreds of thousands of iPhone 15s to hundreds of thousands of asylum seekers, coupled with power bricks that last forever. It could make CBP One the most user-friendly app on the planet. It could provide top-notch customer service. None of these things would, in the slightest, rectify the inherent indignity of predicating a migrant’s well-being on a program you download from the same place as Candy Crush Saga.
The United Nations doctrine against returning refugees to their countries of origin where they faced oppression sufficient to flee to another country is called the principle of “nonrefoulment.” It’s invoked in the 1951 United Nations Refugee Convention, a treaty that the U.S. entered into in 1967. It contains many provisions about treatment of refugees (spoiler: the U.S. doesn’t comply with most of them), but its central principle of non-refoulment is articulated in Article 33:
No Contracting State shall expel or return (“refouler”) a refugee in any manner whatsoever to the frontiers of territories where his life or freedom would be threatened on account of his race, religion, nationality, member- ship of a particular social group or political opinion.
I like that term for a lot of reasons, such as how it firmly assigns the “foulness” to the location from which the refugee is fleeing, rather than on the refugee, as Trump recently did by calling migrants “vermin.” In that he echoed bigots across history who have made entire populations their targets of moral disgust, labeling them as parasites, pests, germs, etc.– that kind of rhetoric certainly aided in closing the border to even asylum seekers in the name of protection against Covid (extra ironic given Trump’s own stance on the disease).
Obviously the complaints about how CBP One works differ wildly between the two parties (Homeland Security Committee vs. the 26 signers to the 3/13/23 letter) but this means that at least theoretically, in some hypothetical scenario, both sides on this issue could work together to make CBP One a better app.
Now on the subject of migrant-hating Republicans, I must bring up the House Committee on Homeland Security. But since there’s no possible way to cover every outlandish claim they’re making about CBP One, I’ll look into one– especially since it involves a supposed “glitch.”
An “extensive investigation”
In September, the Washington Examiner reported that cartels are using virtual private networks (VPN) to skirt requirements that aliens signing up for appointments at ports of entry via CBP One be present in northern Mexico before making the appointment. Using these VPNs, the cartels can exploit vulnerabilities in the app and schedule appointments for individuals regardless of their location—all for a fee—and they advertise this “service” on social media.
A letter sent to Secretary Mayorkas on September 14, 2023 from Reps Mark Green and Clay Higgins claimed that cartels are using VPN connections to evade CBP’s geofencing requirement that applications be scheduled only from central and northern Mexico, based on an August article in the Washington Examiner. The article claimed that migrants from Guatemala were only allowed by Mexico to pass through the country to the United States if they had a CBP One appointment, which shouldn’t be possible to schedule from outside of Mexico, so that proved that the app had been “hacked” by cartels
In a follow-up article in the Washington Examiner in October of that year, CBP Spokeswoman Erin Waters was quoted as saying “Claims that the CBP One app has been hacked are categorically false. Criminal organizations and smugglers continue to prey on vulnerable migrants, lying to them and putting them in harm’s way. Here is the reality: The lawful and orderly pathways we have established have been bad for cartels and other criminal organizations seeking to exploit migrants.” She also pointed out that “Importantly, the CBP One app requires a user’s device location services and GPS data to verify their location before booking and confirming an appointment.”
The Washington Examiner (described by Media Bias/Fact Check as “based on editorial positions that almost exclusively favor the right and mixed for factual reporting due to several failed fact checks”) makes this claim about exploitation of CBP One’s geolocation by cartels selling VPN service based on “an extensive investigation that included a review of unclassified, internal DHS documents and communications,” but I see no reference to the details of this investigation in the article, and no way to view those unclassified DHS documents.
Yet the House Committee on Homeland Security Chairman not only used this article to make a claim of fact that “Mexican cartels are abusing the Biden administration’s expanded use of the CBP One app as part of their vast human smuggling operations,” but then itself claimed to have accessed those same “unclassified, internal DHS documents and communications.” So where are they?
The documents are still under review to determine the extent of DHS’ compliance with the Committee’s comprehensive request.
Umm. Admittedly, the extent of my research here is a) looking at other “news” posts on the House Committee on Homeland Security to see if they eventually released the documents from review (not so far as I could tell) b) reading those two Washington Examiner pieces closely, trying to find a link or something to the “unclassified, internal DHS documents and communications,” (no luck), and c) tweeting at Washington Examiner journalist Anna Giaritelli to ask if she’s seen them. But they can’t have just made up an investigation into internal DHS documents, right? I mean, they got a quote from CBP Spokeswoman Erin Waters saying they’re full of it. If they had evidence that they’re not, wouldn’t it….be somewhere?
…especially if the House Committee on Homeland Security is going to make that claim themselves, citing the Washington Examiner as their only evidence?
In the end, are CBP the only ones who like the CBP One app?
I’m not sure even they are big fans of it, but they do at least sound like they’re fans of getting information about migrants– both biographic and biometric– submitted via an app.
For partners, using biometric technologies advances their operations, so they can improve the guest experience and boost customer satisfaction. For CBP, using biometrics allows us to shift the focus of our Officers from administrative functions to core law enforcement duties, improving our ability to deter, detect, and prevent threats to our nation.
Fundamentally, what we’re looking to do is get rid of paper, get rid of manual processing steps, and let . . . us free up our time from border agents and others in the process so they’re spending less time staring at a screen, less time printing out documents, and more time actually on the front lines, doing their jobs keeping us safe. That’s been a core part of my role as CIO, and we’re going to continue to accelerate that with AI innovations.
Typically, once an undocumented individual arrives at a land POE for processing, CBP Officers (CBPO) spend significant time collecting and verifying basic biographic data about the individual during the inspection process. One at a time, the CBPOs interview and collect information from such individuals during secondary inspection. The CBPOs manually enter the information into the Unified Secondary System (USEC). To streamline and increase processing capacity at land POEs, CBP uses the CBP One™ mobile and desktop applications to allow the advance submission of biographic and biometric information from undocumented individuals seeking admission into the United States.
Historically, U.S. Customs and Border Protection (CBP) received no advance biographic or biometric information prior to the arrival of undocumented individuals at ports of entry (POE). This lack of information increases the amount of time it takes CBP officers (CBPO) to process undocumented individuals upon their arrival. To streamline and increase processing capacity at land POEs, CBP is expanding the use of the CBP One™ mobile and desktop application to allow the advance submission of biographic and biometric information from undocumented individuals seeking admission into the United States.
But the March 13, 2023 letter to Mayorkas from Jesús G. “Chuy” García and 25 other representatives cited something I hadn’t noticed before:
According to DHS Guidance, asylum seekers or others seeking humanitarian protection cannot be required to submit advance information in order to be processed at a southwest Border land POE.
Possible additional measures include the innovative use of existing tools such as the CBP One™ mobile application, which enables noncitizens seeking to cross through land POEs to securely submit certain biographic and biometric information prior to arrival and thus streamline their processing upon arrival. OFO also should accelerate ongoing efforts to digitize processing at POEs and more effectively use data to increase throughput. In developing these solutions, CBP should, as appropriate, collaborate with interested non-governmental organizations and other key partners, consistent with applicable privacy protections and civil rights and civil liberties.
Importantly, however, asylum seekers or others seeking humanitarian protection cannot be required to submit advance information in order to be processed at a Southwest Border land POE. The submission ( or lack thereof) of advance information should not influence the outcome of any inspection. CBP will continue to make admissibility and processing determinations on a case-by-case-basis at the POE.
According to this guidance, CBP One shouldn’t be the exclusive means for migrants seeking humanitarian protection to appear at the border legally for inspection– or even, possibly, the primary means for them to do so. It sounds like Miller was, in fact, suggesting that the CBP One app should be used like an app-– which is to say, a supplementary device that makes a process more convenient.
And according to the sources quoted above, it does indeed make the immigration process more convenient– for CBP officers. Obviously CBP isn’t a business, but if it were, then it would be the odd sort of business that makes an app for employees to interact customers, but primarily serves the employees rather than the presumed customer base.
In other words, CBP One is an app made for CBP, not migrants. It should not, according to Miller’s guidance, be used as a replacement for human-to-human interaction. But that’s precisely how it is used today.
Some closing thoughts
This is a story about the most powerful mobile app in the world, and why it shouldn’t be.
It’s strange and grandiose to put it that way, I know. But think of how under Title 42, this app is how migrants were able to claim exemption from being expelled from the border on the grounds of being potentially diseased.
They did so on the basis of meeting certain “vulnerability criteria”– literally, there was a list in the app, and migrants were required to attest that they personally, and/or their family members, fit one or more of those criteria (which, ironically, included physical illness).
Imagine having to tell an app that you fear for your and your family’s safety where you are, so that hopefully some human somewhere will see it and decide to help you. Then imagine not being able to.
There’s no list of vulnerability criteria in the app now, because Title 42 is no longer in effect. Which is good, because it means you won’t be summarily dismissed from the border on the grounds that you might be diseased. But also bad, because at this moment it’s functionally the only way to request asylum under the Biden administration’s Circumvention of Lawful Pathways rule.
No one has to look you in the face to tell you that your misery doesn’t count, that your suffering isn’t great enough, to even give you a chance at finding a safe place to just live your life. Work, pay taxes, have kids, send them to school– just like everyone else.
And this app won’t let you tell them how badly you need it. And this app won’t let you tell them you deserve it, just as much as anyone else. And this app won’t let you tell them it’s your right, even though it is.
This app won’t let you tell them anything, for that matter. It just lets you give them something– your personal details, your family history, even the shape of your face. What will they give in return?
Post-script
Let’s not forget that the literal Lady of Liberty was, and is, an eternal advocate for asylum seekers:
Not like the brazen giant of Greek fame, With conquering limbs astride from land to land; Here at our sea-washed, sunset gates shall stand A mighty woman with a torch, whose flame Is the imprisoned lightning, and her name Mother of Exiles. From her beacon-hand Glows world-wide welcome; her mild eyes command The air-bridged harbor that twin cities frame. “Keep, ancient lands, your storied pomp!” cries she With silent lips. “Give me your tired, your poor, Your huddled masses yearning to breathe free, The wretched refuse of your teeming shore. Send these, the homeless, tempest-tost to me, I lift my lamp beside the golden door!”
I searched for “The New Colossus” on the DHS site, and found a single link: to Emma, the virtual assistant on the USCIS website.
Emma is named for Emma Lazarus, who wrote the poem inscribed at the base of the Statue of Liberty about helping immigrants. Inspired by her namesake, our Emma can help you find the immigration information you need.
Look at the happy smiling people with questions for Emma that aren’t “How can I just enter the country safely with my family, find a job, make a home, and live the so-called American Dream?”
3rd Parties/Partners
Nec Corporation of America. June, 2017 – CBP’s OFO, United airlines, NEC Corporation test facial recognition at Houston George Bush airport. Product: NeoFace® Express facial recognition stations
iProov. Received CBP contract to integrate “GenuinePresence Assurance” $750,000 in 2023, $190,000 “with threesubsequent phasesbringing the potential total to $800,000″ in 2018, $199,000 in 2020. Product: “Flashmark uses the screen of a mobile device to flash a unique, one-time sequence of colors, under server control, onto the user’s face. The server uses machine learning technology to analyze and determine if the image is a live person.”
