How do federal agencies share biometric data to identify undocumented immigrants?
Executive summary
The Department of Homeland Security (DHS) is finalizing a comprehensive biometric entry‑exit regime that will require facial photos—and potentially fingerprints, iris scans and DNA in some cases—of non‑U.S. citizens at U.S. ports of entry and exit effective Dec. 26, 2025 [1] [2]. DHS and its component agencies (CBP, USCIS, OBIM) will reuse and share collected biometrics across federal, state and local law enforcement and the intelligence community, and DHS has proposed expanding routine biometric collection and storage across the immigration lifecycle [3] [4] [5].
1. What the new rules require and when they kick in
DHS published a final rule advancing a biometric entry/exit program that makes facial recognition mandatory for non‑citizens at air, sea and land ports and sets a Dec. 26, 2025 effective date for that regulation; agencies describe a phased national rollout to follow [1] [2] [6]. Separate USCIS rulemaking would broaden when biometrics are required for immigration benefits and codify reuse of biometrics across adjudications, vetting and lifecycle recordkeeping [4].
2. Which agencies hold and match the data
Customs and Border Protection (CBP) captures entry/exit facial images and matches them against immigration and passport records in near real‑time; DHS’s Office of Biometric Identity Management (OBIM) supports facial comparison and other centralized biometric services [1] [5]. USCIS maintains applicant biometrics in person‑centric repositories (Customer Profile Management/System and A‑files) that DHS publications and reporting show can be joined with other DHS datasets [4] [7].
3. How agencies share biometrics — stated policy and practice
The proposed USCIS rule and recent DHS statements explicitly allow reuse and sharing of collected biometrics with “other federal, state and local law enforcement agencies, with the intelligence community and others,” meaning DHS anticipates cross‑agency access to the same enrollment and verification records [3] [4]. CBP’s final rule and DHS materials indicate integrated automatic matching across entry/exit and existing travel and visa records [1] [6].
4. Types of biometrics and expansion beyond photos
While facial recognition is the primary biometric for entry/exit, DHS has signaled authority to collect fingerprints, iris scans, voice prints and to expand DNA collection “in limited circumstances,” and USCIS proposals would broaden the list of situations that trigger mandatory collection [2] [8] [9]. DHS estimated substantial cost implications for program expansion, including DNA collection, in rule preambles [9].
5. Uses claimed by DHS versus civil‑liberties concerns
DHS frames the program as closing gaps that enable visa overstays and identity fraud by enabling identity verification, continuous vetting, and production of secure documents [4] [5]. Civil‑rights and privacy advocates warn this creates a durable surveillance architecture—storing biometrics “throughout a person’s ‘lifecycle’ in the immigration system,” and potentially linking biometric repositories to other databases for geolocation or enforcement—raising concerns about misidentification, data retention and secondary uses [9] [7].
6. Independent reporting on data aggregation risks
Investigations have reported DHS projects and internal systems that knit biometric repositories with other government data (e.g., USCIS biometric profile systems joined with voter or other datasets in reporting), fueling expert warnings that aggregated datasets could be used to locate or target immigrants beyond standard immigration enforcement [7]. Wired and other outlets describe efforts to interconnect DHS datasets with IRS, SSA and other holdings—reporting that sources said such joins were taking place, though agencies contest some characterizations [7].
7. Legal authority, rulemaking and public comment windows
DHS and CBP published Federal Register notices and proposed rulemakings for both entry/exit collection and USCIS collection/use of biometrics; the records show open comment periods and cite prior rule efforts dating to 2020, meaning the expansion rests on aggregate regulatory authority long in development rather than a single sudden change [1] [4] [10].
8. What the sources don’t say or cannot confirm
Available sources do not mention exact operational limits on how long non‑citizen biometric matches are retained before deletion beyond program descriptions, nor do they provide exhaustive technical details on cross‑system access controls or audit logs for state/local/international sharing—those specifics are not found in current reporting (not found in current reporting). Sources also differ on whether DNA collection will be routine or narrowly reserved; DHS language says “limited circumstances” while several outlets report DHS seeking broader authority to administer DNA testing [9] [8].
9. Bottom line for readers and stakeholders
The federal government is moving to centralize and reuse biometric identifiers to identify and track non‑citizen travelers and applicants, with DHS documents and media reporting showing explicit cross‑agency sharing and an expansion in types of biometrics collected [3] [1] [4]. Supporters say this modernizes border security and closes enforcement gaps; critics warn it erects a durable surveillance infrastructure with significant privacy and civil‑liberties implications [5] [9] [7].