404 Media

2025-11-04 17:43:04

DHS Gives Local Cops a Facial Recognition App To Find Immigrants

Customs and Border Protection (CBP) has publicly released an app that Sheriff Offices, police departments, and other local or regional law enforcement can use to scan someone’s face as part of immigration enforcement, 404 Media has learned.

The news follows Immigration and Customs Enforcement’s (ICE) use of another internal Department of Homeland Security (DHS) app called Mobile Fortify that uses facial recognition to nearly instantly bring up someone’s name, date of birth, alien number, and whether they’ve been given an order of deportation. The new local law enforcement-focused app, called Mobile Identify, crystallizes one of the exact criticisms of DHS’s facial recognition app from privacy and surveillance experts: that this sort of powerful technology would trickle down to local enforcement, some of which have a history of making anti-immigrant comments or supporting inhumane treatment of detainees.

Handing “this powerful tech to police is like asking a 16-year old who just failed their drivers exams to pick a dozen classmates to hand car keys to,” Jake Laperruque, deputy director of the Center for Democracy & Technology's Security and Surveillance Project, told 404 Media. “These careless and cavalier uses of facial recognition are going to lead to U.S. citizens and lawful residents being grabbed off the street and placed in ICE detention.”

💡
Do you know anything else about this app or others that CBP and ICE are using? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

Mobile Identify is designed “to identify and process individuals who may be in the country unlawfully,” according to its respective page on the Google Play Store. The app was published on Monday.

A source with knowledge of the app told 404 Media the app doesn’t return names after a face search. Instead it tells users to contact ICE and provides a reference number, or to not detain the person depending on the result. 404 Media granted the person anonymity because they weren’t permitted to speak to the press.

404 Media downloaded a copy of the app and decompiled its code, a common practice among security researchers and technology journalists. Although the Play Store page does not mention facial recognition, multiple parts of the app’s code make clear references to scanning faces. One package is called “facescanner.” Other parts mention “FacePresence” and “No facial image found.”
A screenshot from the app's Google Play Store page.
Screenshots of the app on the Play Store page show the app requires users to login with their Login.gov account, and that the app “requires camera access to take photos of subjects.” At the time of writing the app has “1+” downloads, according to the Play Store page.

The Play Store page does not say exactly how the app processes scanned faces, such as what images it compares them to, or what data the app returns upon a hit. In statements to 404 Media, DHS and CBP did not provide any specifics.

The app is for agencies that are part of the 287(g) program, the Play Store page says. This program lets ICE delegate certain immigration-related authorities and powers to local and state agencies. Members of the 287(g) Task Force Model (TFM), for instance, are allowed to enforce certain immigration authorities during their police duties, ICE’s website explains. At the time of writing, 555 agencies in 34 states are part of the TFM program, according to data published by ICE.

The American Civil Liberties Union (ACLU) has criticized the 287(g) program because a large number of participating sheriffs have made anti-immigrant statements, supported inhumane immigration and border enforcement policies, and have a pattern of racial profiling and other civil rights violations.

Cooper Quintin, senior staff technologist at the Electronic Frontier Foundation (EFF), told 404 Media “Face surveillance in general, and this tool specifically, was already a dangerous infringement of civil liberties when in the hands of ICE agents. Putting a powerful surveillance tool like this in the hands of state and local law enforcement officials around the country will only further erode peoples’ Fourth Amendment rights, for citizens and non-citizens alike. This will further erode due process, and subject even more Americans to omnipresent surveillance and unjust detainment.”

Screenshots from the app's Google Play Store page.

Mobile Fortify—the facial recognition app used by ICE which 404 Media first revealed in June—uses the CBP Traveler Verification Service (TVS) ordinarily designed for when people enter the U.S. The app took those systems and an unprecedented collection of U.S. government databases and turned them inwards, letting officers in the field reveal a person’s identity and immigration status. The app also uses data from the State Department, FBI, and state databases, and uses a bank of 200 million images.

404 Media reported in October that multiple social media videos show Border Patrol and ICE officers scanning peoples’ faces on the street.

“I’m an American citizen so leave me alone,” a person stopped by ICE says in one video.

“Alright, we just got to verify that,” one of the officers replies.

404 Media also obtained an internal DHS document which says ICE does not let people decline or consent to being scanned by the app. The document, called a Privacy Threshold Analysis, said photos taken by the app will be stored for 15 years, including those of U.S. citizens.

Ranking member of the House Homeland Security Committee Bennie G. Thompson previously told 404 Media in a statement that ICE will prioritize the results of the Mobile Fortify app over birth certificates. “ICE officials have told us that an apparent biometric match by Mobile Fortify is a ‘definitive’ determination of a person’s status and that an ICE officer may ignore evidence of American citizenship—including a birth certificate—if the app says the person is an alien,” he said. “ICE using a mobile biometrics app in ways its developers at CBP never intended or tested is a frightening, repugnant, and unconstitutional attack on Americans’ rights and freedoms.”

In response to questions about the new app for Sheriff Offices and other local law enforcement, a DHS spokesperson told 404 Media in an email “While the Department does not discuss specific vendors or operational tools, any technology used by DHS Components must comply with the requirements and oversight framework.”

CBP responded with a statement primarily discussing Mobile Fortify. “Biometric data used to identify individuals through TVS are collected by government authorities consistent with the law, including issuing documents or processing illegal aliens. The Mobile Fortify Application provides a mobile capability that uses facial comparison as well as fingerprint matching to verify the identity of individuals against specific immigration related holdings,” the statement said. CBP added it built the Mobile Fortify application to support ICE, and confirmed ICE has used the app in its operations around the U.S.

Google did not respond to a request for comment.

Inside ICE’s Supercharged Facial Recognition App of 200 Million Images

404 Media has seen user manuals for Mobile Fortify, ICE’s new facial recognition app which allows officers to instantly look up DHS, State Department, and state law enforcement databases by just pointing a phone at someone’s face.

^{Joseph Cox (404 Media)}

404 Media

2025-11-04 14:02:17

How to Opt-Out of Airlines Selling Your Travel Data to the Government

Most people probably have no idea that when you book a flight through major travel websites, a data broker owned by U.S. airlines then sells details about your flight, including your name, credit card used, and where you’re flying to the government. The data broker has compiled billions of ticketing records the government can search without a warrant or court order. The data broker is called the Airlines Reporting Corporation (ARC), and, as 404 Media has shown, it sells flight data to multiple parts of the Department of Homeland Security (DHS) and a host of other government agencies, while contractually demanding those agencies not reveal where the data came from.

It turns out, it is possible to opt-out of this data selling, including to government agencies. At least, that’s what I found when I ran through the steps to tell ARC to stop selling my personal data. Here’s how I did that:

1. I emailed privacy@arccorp.com and, not yet knowing the details of the process, simply said I wish to delete my personal data held by ARC.
2. A few hours later the company replied with some information and what I needed to do. ARC said it needed my full name (including middle name if applicable), the last four digits of the credit card number used to purchase air travel, and my residential address.
3. I provided that information. The following month, ARC said it was unable to delete my data because “we and our service providers require it for legitimate business purposes.” The company did say it would not sell my data to any third parties, though. “However, even though we cannot delete your data, we can confirm that we will not sell your personal data to any third party for any reason, including, but not limited to, for profiling, direct marketing, statistical, scientific, or historical research purposes,” ARC said in an email.
4. I then followed up with ARC to ask specifically whether this included selling my travel data to the government. “Does the not selling of my data include not selling to government agencies as part of ARC’s Travel Intelligence Program or any other forms?” I wrote. The Travel Intelligence Program, or TIP, is the program ARC launched to sell data to the government. ARC updates it every day with the previous day’s ticket sales and it can show a person’s paid intent to travel.
5. A few days later, ARC replied. “Yes, we can confirm that not selling your data includes not selling to any third party, including, but not limited to, any government agency as part of ARC’s Travel Intelligence Program,” the company said.

💡
Do you know anything else about ARC or other data being sold to government agencies? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

Honestly, I was quite surprised at how smooth and clear this process was. ARC only registered as a data broker with the state of California—a legal requirement—in June, despite selling data for years.

What I did was not a formal request under a specific piece of privacy legislation, such as the European Union’s General Data Privacy Regulation (GDPR) or the California Consumer Privacy Act (CCPA). Maybe a request to delete information under the CCPA would have more success; that law says California residents have the legal right to ask to have their personal data deleted “subject to certain exceptions (such as if the business is legally required to keep the information),” according to the California Department of Justice’s website.

ARC is owned and operated by at least eight major U.S. airlines, according to publicly released documents. Its board includes representatives from Delta, United, American Airlines, JetBlue, Alaska Airlines, Canada’s Air Canada, and European airlines Air France and Lufthansa.

Public procurement records show agencies such as ICE, CBP, ATF, TSA, the SEC, the Secret Service, the State Department, the U.S. Marshals, and the IRS have purchased ARC data. Agencies have given no indication they use a search warrant or other legal mechanism to search the data. In response to inquiries from 404 Media, ATF said it follows “DOJ policy and appropriate legal processes” and the Secret Service declined to answer.

An ARC spokesperson previously told 404 Media in an email that TIP “was established by ARC after the September 11, 2001, terrorist attacks and has since been used by the U.S. intelligence and law enforcement community to support national security and prevent criminal activity with bipartisan support. Over the years, TIP has likely contributed to the prevention and apprehension of criminals involved in human trafficking, drug trafficking, money laundering, sex trafficking, national security threats, terrorism and other imminent threats of harm to the United States.” At the time, the spokesperson added “Pursuant to ARC’s privacy policy, consumers may ask ARC to refrain from selling their personal data.”

Airlines Are Collecting Your Data And Selling It To ICE

An aviation industry clearinghouse is collecting passenger information from billions of past and future flights and selling it to Trump’s immigration enforcers.

^{The Lever}