DHS facial recognition app scans citizens without consent, lacks identity verification capability

The Department of Homeland Security's Mobile Fortify app, now used by immigration agents across the U.S., cannot reliably verify identities despite being marketed as an identification tool. Records reviewed by WIRED show the app was deployed in spring 2025 without the privacy scrutiny typically required for biometric systems.

What Mobile Fortify actually does

The app, powered by NEC's NeoFace AI, allows ICE and CBP agents to capture faces, fingerprints, and documents from anyone they encounter in the field. It queries DHS databases containing 1.2 billion face images, including CBP's Traveler Verification Service and OBIM's Automated Biometric Identification System. Data is retained for 15 years.

But here's the problem: facial recognition technology generates leads, not positive identifications. "Every manufacturer of this technology, every police department with a policy makes very clear that face recognition technology is not capable of providing a positive identification," says Nathan Wessler of the ACLU.

Court testimony illustrates this in practice. An Oregon agent scanned a handcuffed woman twice with the app, repositioning her head between photos. The first scan returned a "maybe" match to someone named Maria. The second scan produced a different "possible" result. The agent testified he "didn't know" which was correct. The woman was detained anyway based on speaking Spanish, being with suspected noncitizens, and the "possible match."

Deployment and scope

According to a federal lawsuit filed by Illinois and Chicago this month, Mobile Fortify has been used "over 100,000 times" since launch. Agents have scanned not just targeted individuals, but U.S. citizens later confirmed as such, plus protesters and observers of enforcement operations.

Reporting documents agents telling citizens their faces would be added to databases without consent. DHS's own Privacy Office acknowledges the app captures biometrics from people who are "conceivably" U.S. citizens or lawful permanent residents.

DHS approved Mobile Fortify in May 2025 by dismantling centralized privacy reviews and removing department-wide facial recognition limits. The changes were overseen by a former Heritage Foundation lawyer and Project 2025 contributor now in a senior DHS privacy role.

The privacy math

DHS lists Mobile Fortify among 38 biometric AI use cases, with 66% deployed by ICE and CBP. Notably, ICE does not own, train, or evaluate the AI models powering the system. NIST research shows facial recognition has higher error rates for women and people of color, particularly in uncontrolled field environments.

A coalition led by EPIC has urged DHS to halt Mobile Fortify over privacy risks and misidentification concerns. Senators have called for suspending the rollout pending privacy and accuracy assessments. DHS counters that it's a field identity tool within existing biometric ecosystems, designed for narrow mission use cases.

The real question: if the technology can't verify identity, what exactly are agents verifying?