Overview
The foundation of modern immigration surveillance is the centralized collection, storage, and cross-referencing of biometric data. DHS is executing a massive migration from legacy systems to cloud-based, multi-modal biometric repositories.
The IDENT-to-HART Transition
Legacy IDENT System
The Automated Biometric Identification System (IDENT) was developed in 1994 by the legacy Immigration and Naturalization Service (INS).
- Originally designed for fingerprint data
- Expanded under US-VISIT program (2003)
- Suffered from capacity constraints
- Could not process multi-modal biometrics
- Lacked interoperability with partner agencies
HART Architecture
The Homeland Advanced Recognition Technology (HART) system, initiated in 2016 by the Office of Biometric Identity Management (OBIM), replaces IDENT.
Technical Infrastructure
| Component | Specification |
|---|---|
| Hosting | AWS GovCloud (FedRAMP High Impact) |
| Architecture | Cloud-based identity service provider |
| Deployment | Increment 1 + Future Capabilities |
Population Coverage
HART stores records for:
- U.S. citizens
- Lawful Permanent Residents (LPRs)
- Foreign nationals
- Immigration benefit applicants
- Public trust background check subjects
- Refugees
- Border apprehension subjects
Biometric Modalities
Comparison Table
| Capability | IDENT (Legacy) | HART Increment 1 | HART Future |
|---|---|---|---|
| Fingerprints | Digital | Digital + Latent | + Palm prints |
| Facial | Photographs | Photo + Video | Enhanced |
| Iris | No | Yes | Yes |
| Voice | No | No | Planned |
| DNA | No | No | Planned |
| Matching | Hard-coded algorithms | Modular subsystems | Multi-modal fusion |
| Hosting | Localized servers | AWS GovCloud | Expanded cloud |
Program Management Failures
GAO Findings (GAO-23-105959)
The Government Accountability Office classified HART as a severe programmatic failure:
| Metric | Original Plan | After Rebaseline |
|---|---|---|
| Completion | December 2020 | September 2023+ |
| Delay | — | +33 months |
| Cost increase | — | +$354 million |
| Schedule breaches | — | 2 (2019, 2020) |
| Cost breaches | — | 1 (2020) |
Key Issues Identified
- Software defects discovered during parallel testing
- Security vulnerabilities
- Performance issues
- No planned completion date for full program
- Cost/schedule estimates "fundamentally unreliable"
Third Rebaseline (2023)
By April 2023, DHS indicated a third schedule rebaseline would be required.
Privacy Oversight Deficiencies
GAO Privacy Findings
DHS fully implemented only 5 of 12 mandated OMB privacy requirements.
Documentation Failures
| Deficiency | Impact |
|---|---|
| PIAs failed to identify data populations | Unknown who is tracked |
| Sharing partners not comprehensively listed | Unknown data recipients |
| No assurance of partner data disposal | Unauthorized retention risk |
OIG Findings (OIG-23-53)
The DHS Office of Inspector General found:
- HART operates under Privacy Act of 1974 (not 28 CFR Part 23)
- 2 of 22 feeder systems lacked current PIAs
- Outdated Information Sharing and Access Agreements (ISAAs)
- Missing conditions on authorized use and mandatory disposal
Domestic Interoperability
FBI Next Generation Identification (NGI)
HART interfaces directly with FBI's NGI database via:
- interim Data Sharing Model (iDSM)
- Shared Data Component
This enables automated sharing of:
- Biometric data
- Biographic information
- Criminal history
- Immigration records
Department of Defense ABIS
HART connects to DoD's Automated Biometric Identification System (ABIS):
- Tracks individuals encountered by military abroad
- Cross-references with subsequent U.S. entry attempts
International Data Sharing
Migration 5 (M5) / Five Eyes
Biometric sharing with:
- United States
- United Kingdom
- Australia
- Canada
- New Zealand
High Value Data Sharing Protocol
| Feature | Specification |
|---|---|
| Platform | Secure Real-Time Platform (SRTP) |
| Response time | Minutes to 24 hours |
| Original cap | 3,000 queries/year |
| Current authorization | 400,000 checks/country pair |
| Potential annual volume | Up to 8 million |
UK Automation Timeline
| Date | Milestone |
|---|---|
| November 2022 | Automated checks for UK asylum claimants |
| June 2024 | Expanded to all nationality applications |
Data Retention Concerns
- Original M5 agreement: 10-year retention limit
- U.S. practice: Up to 75 years
BITMAP Program
The Biometric Identification Transnational Migration Alert Program provides:
- Equipment and training to foreign partners
- Collection of biometrics within foreign borders
- Direct feed into DHS databases
- Pre-border tracking of migrants
Participating countries include Chile and Mexico.
Records Volume
Estimated HART Capacity
- Hundreds of millions of individual records
- Multi-modal biometric profiles
- Associated biographic data
- Cross-referenced across agencies and nations
Implications
For Individuals
Understanding biometric collection helps:
- Know when biometrics may be collected
- Understand retention periods (up to 75 years)
- Recognize international sharing scope
- Assess privacy risks of interactions with DHS
For Advocates
Documentation supports:
- Policy advocacy for privacy protections
- Litigation challenging collection practices
- FOIA requests for system documentation
- Congressional oversight engagement
Related Resources
- Facial Recognition - How biometrics are matched
- Data Access - Who accesses biometric databases
- Legal Framework - Privacy law analysis
- Policy Analysis - Broader enforcement context