What internal policies govern ICE’s use of Mobile Fortify and similar biometric apps?

1. What ICE and DHS say the policies are

DHS’s public AI and use‑case inventory for ICE describes discrete use cases — for example, biometric check‑in for Alternatives to Detention programs and facial template capture for verification — and states that photos taken for facial templates are immediately deleted from the device and used only for verification, not shared with other entities or databases, while facial recognition systems are tested prior to use and at least every three years under S&T and NIST guidance ^[1].

2. Internal operational rules ICE relies on in practice

ICE officials and agency messaging assert that mobile apps like Mobile Fortify operate under existing legal authorities and privacy safeguards, that agents receive compliance training, and that access controls and encryption govern personal data access ^[6]. Internal ICE guidance circulations and agency statements emphasize integration with federal biometric systems and control mechanisms tied to agency case management processes ^{[7] [6]}.

3. Where internal policy and real‑world practice appear to diverge

Reporting based on leaked internal documents indicates ICE does not provide individuals the option to decline or consent to biometric collection in many encounters, and that some internal materials show images or matches may be retained and reused — with at least one document reported to state images could be stored for years — raising questions about how the agency’s stated deletion and non‑sharing rules function in practice ^{[3] [2] [7]}. Journalistic accounts also describe agents using Mobile Fortify in domestic encounters and characterize app match results as treated by some officers as definitive, sometimes even over traditional identity documents ^{[4] [6]}.

4. Oversight, testing and accountability structures claimed versus criticized

DHS claims periodic testing and S&T/NIST oversight for face recognition technologies ^[1], but privacy and oversight advocates, and several reporters, argue the compliance framework deployed by ICE is thin relative to the app’s capabilities and the long‑lived biometric records such tools can create; they predict that GAO, PCLOB, or court inquiries would likely focus on whether Privacy Act obligations, auditing, retention policies, and statutory guardrails have been triggered or bypassed ^{[8] [9]}. Legislators have questioned the legal basis and asked for disclosures about development, accuracy testing, data sources, and retention — and bills have been introduced aiming to limit deployment while lawsuits challenge domestic use ^{[5] [10]}.

5. Civil‑liberties and technical critiques built into the policy debate

Civil‑liberties groups and some lawmakers frame the internal policy posture as insufficient because biometric systems are prone to bias, can misidentify people of color, and are being used without notice or consent, which they say undermines privacy, free‑speech, and due‑process protections ^{[11] [9]}. Advocacy groups and reporters also flag ICE contracts across the biometric ecosystem — including links to third‑party vendors used to populate match databases — as a policy concern that isn’t fully reconciled in ICE’s internal guidance ^{[12] [13]}.

6. What concrete internal policies are documented, and what remains opaque

Public DHS materials document some controls (device deletion, limited purpose statements, scheduled testing) but do not publish a comprehensive, independently verifiable ICE policy manual describing retention timelines, audit logs, redress mechanisms, or the precise legal authorities for domestic scans ^[1]. Independent reporting, leaked materials, lawsuits, and congressional inquiries reveal practices and internal claims (no‑consent, broad deployment, lengthy retention) that contradict or complicate the official summaries — and those disclosures, not a single published ICE internal policy document in the materials provided here, drive most of the current oversight debate ^{[2] [3] [4] [10]}.