Exclusive: U.S. Immigration’s Mass-Deployed Facial Recognition App Mobile Fortify Was Never Built For Reliable Street ID, Rolled Out Without Privacy Scrutiny, Records Show
A facial recognition tool now used by U.S. immigration agents in cities and towns across the United States was never engineered to reliably identify people in public street settings, and was deployed without the rigorous oversight that has historically regulated privacy-impacting new technologies, according to internal government records reviewed by WIRED.
The U.S. Department of Homeland Security (DHS) launched Mobile Fortify in spring 2025 to “determine or verify” the identities of individuals stopped or detained by DHS officers during federal enforcement operations, records confirm. The rollout was explicitly tied to an executive order signed by President Donald Trump on his first day in office, which ordered a “total and efficient” crackdown on undocumented immigration via tactics including expedited removals, expanded detention capacity, and funding pressure on state governments.
Despite DHS repeatedly framing Mobile Fortify as a facial recognition-powered identity verification tool, the app cannot actually confirm the identity of people stopped by federal agents—a well-documented limitation of the technology that is baked directly into Mobile Fortify’s design and deployment model.
“Every manufacturer of this technology, every police department with a clear public policy, makes very clear that face recognition cannot produce a definitive positive identification, that it makes mistakes, and that it is only useful for generating investigative leads,” says Nathan Wessler, deputy director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project.
Records reviewed by WIRED also show DHS’s rushed approval of Mobile Fortify last May was enabled by eliminating centralized privacy reviews and quietly rolling back department-wide restrictions on facial recognition use. These changes were overseen by a former Heritage Foundation lawyer and Project 2025 contributor who now holds a senior privacy leadership role at DHS.
DHS has repeatedly declined to detail how agents use the tool, despite repeated requests from congressional oversight officials and nonprofit privacy watchdogs. The agency has already used Mobile Fortify to scan the faces of not only targeted individuals, but also people later confirmed to be U.S. citizens and bystanders who were only observing or protesting enforcement activity.
Past reporting has documented federal agents telling U.S. citizens they were being scanned with facial recognition and their facial data would be added to a government database without consent. Other accounts describe agents using accent, perceived ethnicity, or skin color as justification to escalate a routine interaction, then turning to facial scanning once the stop is underway. Taken together, these cases reveal a broader shift in DHS enforcement toward low-level street encounters followed by biometric capture like face scans, with almost no public transparency around how the tool operates or is used.
Mobile Fortify enables facial capture hundreds of miles from the U.S. border, allowing DHS to collect nonconsensual faceprints from people who DHS’s own Privacy Office acknowledges “it is conceivable” are “U.S. citizens or lawful permanent residents.” Like most details of its deployment to CBP and ICE agents, public information about the app’s functionality comes almost entirely from court filings and sworn agent testimony.
In a federal lawsuit filed this month, attorneys for the State of Illinois and the City of Chicago state the app has already been used “in the field over 100,000 times” since its launch.
In sworn testimony given in Oregon last year, one agent described how two photos of a woman in custody taken with the facial recognition app returned two completely different identities. The agent explained the woman was handcuffed and looking downward, so he physically repositioned her to capture the first image. The movement caused her to yelp in pain, he testified. The app returned a match to a woman named Maria, a result the agent rated only “a maybe.”
Agents called out “Maria, Maria” to gauge her reaction. When she did not respond, they took a second photo. The second result was only “possible,” the agent testified, adding, “I don’t know” what the match actually meant. When asked what justified probable cause for detention, the agent cited the woman speaking Spanish, her presence with others agents believed to be noncitizens, and the “possible match” from facial recognition. The agent also confirmed the app does not display a confidence score for any match: “It’s just an image, your honor. You have to look at the eyes and the nose and the mouth and the lips.”
Agents identified the Oregon operation as part of “Operation Fortify the Border,” and specifically referred to internal enforcement in the Pacific Northwest as “Operation Blackrose.”
“Facial recognition can be wrong, and it has been wrong in the past,” says Mario Trujillo, a senior staff attorney at digital rights nonprofit Electronic Frontier Foundation. “Here, the basic safeguards you’d expect—confidence scores, clear match thresholds, multiple candidate photos—don’t appear to exist at all.”
The appearance of multiple conflicting identities is not a bug, but a core feature of how Mobile Fortify operates in the field: No matter how agents use it, the system is built to generate candidate matches, not definitive identity confirmations. Rather than exhaustively searching large biometric databases, Mobile Fortify converts a captured photo into a mathematical template and only returns entries that score high enough to qualify as possible matches. This threshold can be set manually or adjusted dynamically to meet response time requirements and adapt to current system load.
When photos are captured in uncontrolled outdoor settings, even small differences—head tilt, uneven lighting, shadows, cropping, poor focus, or changing expression—can alter the template and completely reshuffle the pool of candidates. Faster response times also require smaller candidate pools, creating a significant tradeoff for demands of real-time on-street results. If a poorly framed street photo causes the actual subject to be filtered out by the system early in the process, it is a mathematical guarantee that any match returned will be incorrect.
Mobile Fortify’s core function is to expand the volume of biometric data (including fingerprints and face scans) that DHS collects, shifting collection from official ports of entry to routine ICE encounters occurring hundreds of miles from the U.S. border. All data collected through the app is stored in databases connected to a centralized DHS platform called the Automated Targeting System (ATS). CBP says data is retained for up to 15 years, but may persist longer if shared with other agencies outside of CBP’s control.
ATS connects to a range of other biometric systems, including the Traveler Verification System (TVS), which CBP uses for facial comparison at ports of entry, pre-arrival vetting, and other border crossing-related screenings. Under CBP policy, photos and biometric data of U.S. citizens who opt out of biometric identification are supposed to be deleted from TVS within 24 hours.
| Have a confidential tip for WIRED? |
|---|
| Are you a current or former government employee with insight into U.S. immigration enforcement? We want to hear from you. Using a non-work phone or computer, contact reporters securely via Signal at
dell.3030ormvarner.01. |Internal records show data collected through Mobile Fortify may also be stored in the Seizure and Apprehension Workflow (SAW), described as a “biometric gallery of individuals for whom CBP maintains derogatory information.” Unlike TVS, SAW is used for intelligence gathering and lead generation. A “derogatory hit” in SAW does not indicate undocumented status, criminal conduct, or probable cause for arrest. U.S. citizens are not explicitly excluded from the system, and all records are retained for up to 15 years.
Court records show ICE agents are instructed to photograph subjects for facial recognition before collecting their fingerprints—even though fingerprints are a far more reliable biometric for confirming identity, and fingerprint processing is done in-office rather than on the street. This sequence prioritizes speed and ease of collection over definitive identification. When fingerprints are collected, they are routed through ATS to the IDENT database and retained for a minimum of 75 years.
Records also confirm the existence of another derogatory watchlist controlled by CBP and fed by Mobile Fortify data, called the Fortify the Border Hotlist. The list is only mentioned in one publicly released document, and was first revealed by 404 Media last year. The public record does not outline the criteria for placement on the watchlist, nor does it mention any process for removal or appeal. It is also unclear whether U.S. citizens are included on the list. DHS did not respond to questions about the watchlist’s governing criteria, whether U.S. citizens are added, or whether a redress process exists for people mistakenly included.
A letter released this week by U.S. Senator Ed Markey warns that DHS officials have floated plans to build a dedicated database to catalog people who protest or observe immigration enforcement. The letter cites public statements and internal directives instructing agents to collect images and personal information from protesters and bystanders. Markey said in a Wednesday statement that DHS has deployed an “arsenal of surveillance technologies” that it uses to monitor “both citizens and noncitizens alike,” calling the current setup “the stuff of nightmares.”
“There’s a cascading set of problems with this app and what ICE and CBP are doing,” says Trujillo. “Field facial-recognition scans in the interior are incredibly invasive. You’re taking a measurement of a person’s face and comparing it against millions of photos in a database. It gives a veneer of certainty when there isn’t certainty behind the scenes.” Trujillo also notes that “there’s a straightforward argument that DHS and its components are exceeding their legal authority here.”
Mobile Fortify relies specifically on matching algorithms developed by NEC Corporation of America, the U.S. subsidiary of Tokyo-based Japanese multinational NEC, as WIRED first reported last month. Testing by federal scientists at the National Institute of Standards and Technology (NIST), conducted in partnership with DHS and CBP, shows facial recognition accuracy drops sharply when images are captured in uncontrolled settings—even for top-performing NEC models. The tests distinguish between “high quality visa-like photos” taken in controlled immigration office settings and “wild” images captured in real-world conditions like travel lanes or registered traveler kiosks.
At ports of entry, CBP uses tightly controlled photos for matching: fixed cameras, cooperative subjects, neutral expressions, plain backgrounds, and uniform lighting. Images are automatically rejected if a subject’s head falls outside a narrow size range. Even highly accurate systems struggle with poor framing or head tilt, NIST found. Street photos taken on cell phones lack all these controls. Lighting varies, camera angles shift, and motion blur is common in field use, shaped by both environment and the steadiness of the agent holding the phone. High resolution alone cannot correct for these constraints.
A WIRED review of recent facial recognition patents assigned to NEC shows the company’s technology is designed less to conclusively verify identity than to operate at scale under imperfect conditions. The patents describe systems that convert face images into biometric templates and compare them against stored records using similarity scores and adjustable thresholds, with the explicit goal of maintaining capacity when image quality varies.
The patents also explicitly acknowledge the core speed-accuracy tradeoff. NEC describes tuning match thresholds and system behavior to balance speed, scale, and accuracy: lowering thresholds reduces delays and failed searches while increasing the risk of false positives, and tightening thresholds produces the opposite effect. Thresholds may be adjusted dynamically based on operational factors such as system load, frequency of use, or required response speed. To support real-time use, the patents describe systems configured to stop searching after a short, fixed time window—on the order of seconds—if no match is found. In those cases, the system may still surface the highest-scoring candidate for human review, even though the score was insufficient for an automated match. Those limits reduce computing demands and enable rapid responses, but they also constrain how thoroughly large databases are searched, producing results that are suggestive rather than definitive.
NEC did not respond to questions about its licensing of facial recognition technology to U.S. immigration agencies, including questions of how its systems are designed to perform in uncontrolled field conditions, what safeguards or usage constraints it provides to government customers, and whether it evaluates civil-liberties or human-rights implications prior to licensing its products.
Emily Peterson-Cassin, policy director of the pro-privacy nonprofit Demand Progress Education Fund, warned that unchecked facial recognition threatens free expression and civil liberties. “Privacy safeguards are essential to stopping wrongful targeting by unvetted tools such as Mobile Fortify,” she says, “and are the minimum protection needed to prevent this technology from becoming a choke hold on our most basic freedoms.”
In the weeks after the start of Trump’s second term, DHS officials began dismantling existing policies and oversight checks that had constrained facial recognition use, including rules enforcing congressionally mandated privacy protections. If DHS has an enterprise-wide policy today that governs when, how, and under what safeguards facial recognition can be used, it has not been made public.
Online archives show the last such public directive, implemented in 2023, disappeared from DHS’s website three weeks after Trump’s inauguration. Among other constraints, Directive 026-11 stated that facial recognition should not be used as the sole basis for law or civil enforcement actions and that U.S. citizens should have the right to opt out of collection when it is not for a law enforcement purpose. The directive also prohibited “systemic, indiscriminate, or wide-scale monitoring, surveillance or tracking” of the public. It banned using facial recognition to “profile, target, or discriminate against individuals for exercising their constitutional rights.” It forbade the use of tools that claim to analyze people’s faces to infer personal traits and characteristics (with a narrow exception for age estimation). It also tied any use of facial recognition by ICE and CBP to a headquarters-level review and authorization process, carried out by DHS’s chief privacy and information officers, respectively.
Mobile Fortify was fast-tracked for approval less than two months after Directive 026-11 was removed, in May 2025. CBP and ICE privacy officials alone ruled that no new privacy assessment was required under federal law—an authority they did not previously hold. Records show that historically, these determinations rested with DHS’s senior director of privacy compliance, a headquarters official acting on behalf of the department’s chief privacy officer and independent of operational agencies. A disclaimer in records first revealed by 404 Media documents this transfer of authority: CBP states that it “assumed responsibility for the review and adjudication” of privacy reviews on March 3, 2025, citing internal policy guidance issued by an office led by Roman Jankowski, who was appointed DHS’s chief privacy officer the day Trump was inaugurated.
Federal guidelines typically require a full privacy assessment when an agency deploys a new technology that collects identifiable public information or materially changes how, where, or from whom that data is collected. They also flag “new uses of an existing IT system” that introduce “new privacy risks,” including changes that open new avenues for data exposure. Prior to joining the administration, Jankowski worked for the Heritage Foundation and its Oversight Project, where he contributed to the group’s Project 2025 blueprint for Trump’s second term. The document recommends merging ICE and CBP; weakening the department’s centralized oversight; and transferring civil rights and privacy review functions from DHS to the agencies it is meant to police.
“This cavalier approach to the use of facial recognition has real-world consequences to our privacy, civil liberties, and civil rights that are exacerbated by the undermining of what little oversight is in place,” says Jeramie Scott, senior counsel for the nonprofit Electronic Privacy Information Center and director of its surveillance oversight program. “The result, as we see with Mobile Fortify, is a failure to meaningfully scrutinize the technology.”
Senator Markey and colleagues this week introduced legislation aimed at prohibiting ICE and CBP from using this class of facial-recognition and biometric surveillance tools, arguing the agencies have built a sweeping surveillance apparatus that is being used far from the border to scan people without consent, accountability, or clear legal limits. The full text of the bill, short-titled the ICE Out of Our Faces Act, was unavailable at the time of writing.
“Facial recognition technology sits at the center of a digital dragnet that has been created in our nation over the past year,” Markey said during a press conference on Wednesday. “It's dangerous, it's authoritarian, and it's unconstitutional.”
Additional reporting by Matt Giles.
