How have civil‑liberties groups and Congress responded legally to DHS’s biometric retention policy since 2025?

1. Legal assaults and class actions from privacy advocates

Civil‑liberties organizations moved quickly to turn alarm into action: groups including the League of Women Voters and the Electronic Privacy Information Center are named plaintiffs in litigation challenging DHS’s broader data aggregation and biometric practices, framing the expansion as an overbroad surveillance program that lacks meaningful guardrails on security and retention ^[1]. Privacy advocates have publicly signaled that the rule’s long retention windows—DHS and partners cite retention up to 75 years for non‑citizen records—make litigation likely and that existing redress mechanisms (DHS TRIP, Privacy Act requests) are insufficient to address systemic risk ^{[4] [2]}.

2. Congressional pushback through letters, comments and committee pressure

A bloc of House Democrats led by Rep. Yvette Clarke organized a high‑profile public comment letter signed by dozens of members urging DHS to rethink the rule and demanding details on cybersecurity protections, access controls, retention limits and independent auditing, explicitly warning of recent biometric breaches as evidence the agency has not justified the risk ^{[3] [1]}. Additional congressional scrutiny has manifested as committee‑level inquiries and letters — for example, House Homeland Security members pressed private tech firms about risks to DHS deployments — signaling that lawmakers intend oversight, not merely rhetorical opposition ^[1].

3. Oversight evidence: GAO review and heightened transparency demands

Federal oversight bodies have taken note: the Government Accountability Office reviewed the final rule and documented that DHS’s regulation authorizes photographing all aliens on entry or exit and removes prior pilot and port limitations, a factual baseline Congress and advocates cite in calls for tighter controls ^[6]. Lawmakers and privacy organizations have leveraged GAO findings and DHS’s Federal Register publication to demand accountability mechanisms beyond DHS’s own Privacy Impact Assessments, arguing independent auditing and statutory limits should accompany the rule ^{[6] [5] [1]}.

4. DHS and allied voices defending the rule and its safeguards

DHS and CBP defend the expansion as necessary to close security gaps, improve overstay tracking, and verify identities rapidly, and point to multiple privacy impact assessments and statutory mandates stretching back to post‑9/11 directives as justification for nationwide biometric entry‑exit ^{[5] [7]}. Supportive policy voices such as the Center for Immigration Studies have publicly praised the alignment of the regulation with congressional mandates and recommended continued or expanded biometric practices, illustrating the policy split between security proponents and civil‑liberties critics ^[8].

5. Where this legal fight stands and what to watch next

As the rule took effect December 26, 2025 and implementation began, civil‑liberties groups continued preparing litigation and class actions while Congress amplified oversight through public comment coordination and committee pressure, focusing on retention, sharing across DHS components, and private‑sector involvement—issues DHS has been asked to clarify but has defended with privacy assessments and operational necessity claims ^{[2] [1] [5]}. This leaves the controversy poised between litigation challenging data‑aggregation and retention practices, congressional demands for statutory or oversight remedies, and DHS’s assertion that the rule is lawful and vital for national security; reporting to date does not yet show final court rulings or specific new statutory limits enacted in response ^{[1] [6]}.