DHS seeks a single platform to search multiple biometric types

A procurement push inside the Department of Homeland Security aims to link separate biometric systems into a unified search capability. The agency wants a backend matcher that accepts different biometric inputs and lets users run either rapid identity checks or broader investigative queries.

Documents and recent disclosures show the ambition extends beyond theory: a field biometric app called Mobile Fortify — supplied under contract by NEC — has been connected into federal matching pipelines, with Customs and Border Protection marking the tool operational in early May 2024 and Immigration and Customs Enforcement gaining access on May 20, 2025. The deployed architecture centralizes scoring inside CBP systems rather than having ICE host models locally, concentrating operational control and audit responsibility at CBP.

The design task is ambitious: disparate systems purchased over many years encode biometric measurements in incompatible ways. Converting or translating those legacy records to a common format will be necessary, and at the scale DHS contemplates — potentially billions of entries and an added commercial image pool valued at roughly $1.2 billion — even small mismatches could cascade into performance and accuracy problems.

Mobile Fortify collects facial photos, contactless fingerprint captures and images of identity documents in the field, then forwards those elements into the centralized matching pipeline. Disclosures indicate that datasets tied to Trusted Traveler programs were used in model work, though agencies have not clarified whether those records were used for training, fine-tuning or evaluation — a distinction with real legal and consent implications.

Operationally, the platform would serve multiple missions — from verifying identities at checkpoints to producing ranked candidate lists for investigators — and the department intends to tune match strictness by use case. That means one search may return a simple yes/no, while another produces a ranked roster of similar-looking candidates that requires human review.

Technical tradeoffs are front and center: bridging formats or reprocessing old templates will consume time and funds and can alter matching behaviour. At the projected scale — potentially billions of entries and frequent updates if commercial image pools are used — small efficiency losses multiply into heavy compute and storage demands and make error attribution (capture vs. model vs. vendor metadata) more difficult.

Governance gaps are evident in the disclosures. Although both CBP and ICE classify some uses as high-impact, mandated AI impact assessments for Mobile Fortify appear to have been performed after deployment, and monitoring protocols are incomplete or under development. Coupling field-collected biometrics and third-party image datasets transfers significant provenance and labeling responsibilities outside traditional federal chains of custody, complicating oversight and redress.

The procurement package also gestures at expanding modalities: face and fingerprint matching are primary, iris scans are included, and a placeholder for voiceprints appears in the paperwork though collection and governance details are missing. How voice data would be gathered and queried is not defined.

Several enforcement components are explicitly named as targets for linkage; the shared capability would be used for watchlisting, detention, and removal operations as well as investigative work. Those downstream actions raise oversight and legal questions that extend beyond engineering and are amplified when third-party datasets and retroactive assessments are involved.

Practical rollout will likely require either wholesale reformatting of historical templates, algorithmic reprocessing, or translation layers that map one vendor’s outputs to another’s inputs — each option affects latency and error rates in different ways. Vendors that supply large image pools could see increased demand but would also assume heightened reputational and contractual risk if provenance or collection practices conflict with law or policy.

In short: DHS is centralizing biometric search capability across many offices, and recent operational links between field apps, centralized CBP matching, and commercial image sources sharpen the technical, governance and civil‑liberties risks while creating a single point where audit, accountability and legal exposure converge.

• Agencies targeted: Customs and Border Protection, Immigration and Customs Enforcement, Transportation Security Administration, US Citizenship and Immigration Services, the Secret Service, and DHS headquarters.
• Modalities requested: facial images, fingerprints, iris data, with voiceprint noted as a future add.
• Primary uses: identity verification, investigative candidate ranking, and support for enforcement actions.
• Noted deployments and vendors: Mobile Fortify (field app) connected into CBP matching; NEC identified as a contracted vendor; CBP centralized scoring and ICE access date noted.
• Data provenance concern: linkage to a commercial image repository (reported value ~$1.2B) and use of Trusted Traveler datasets for model work raise consent, provenance and oversight questions.