DHS pushes on centralizing access to biometric data

Despite rising controversies around its use, the Department of Homeland Security is looking to expand data analysis capabilities for its biometric and facial recognition capabilities.

According to a June 17 request for information, the Office of Biometric Identity Management at DHS is looking for contractors to help develop, integrate and implement capabilities for a host of software systems, including its legacy biometric identification system, IDENT, and its replacement, the Homeland Advanced Recognition Technology System. HART will be moved to an Amazon Web Services cloud certified by the Federal Risk and Authorization Management Program, according to the document.

HART is not yet operational, but its planned new capabilities include examination tools that can analyze matched faces, fingerprints and irises. DHS wants to eventually do the same for other biometric markers like DNA, palm prints, scars, tattoos and voices. The systems "will generate large quantities of data," and the office wants new tools that can process and analyze large datasets in an Amazon cloud environment.

DHS shares biometric data with a number of other federal agencies, and its systems are able to link up with companion systems at the Departments of Defense and Justice. The department also has information sharing agreements in place with the Department of State as well as state, local, tribal and territorial law enforcement agencies.

The agency also works hand in hand with foreign governments like Mexico to capture biometric data for tens of thousands of Central American migrants arrested by Mexican authorities. One of the systems in DHS' portfolio marked for enhanced analysis capabilities in the RFI is the Automated Real-Time Identity Exchange System (ARIES), described as "an information exchange architecture within AWS" that supports biometric exchanges between DHS and the Mexican government.

Nextgov first reported on the RFI.

The RFI comes at a time when some lawmakers are asking DHS to put the brakes on the use of facial recognition technologies and questioning the legal underpinnings of many biometric programs throughout government. Earlier this month, DHS announced that hackers compromised the IT systems of one of its contractors, stealing tens of thousands of photos of travelers entering and exiting the border that were used in facial recognition programs.

While the systems at Customs and Border Protection weren't directly compromised, the incident raised concerns in the cybersecurity community about whether the government could be trusted to secure massive troves of biometric data.

An internal privacy threshold analysis of HART obtained last year through a Freedom of Information Act Request submitted by the Electronic Privacy Information Center found that DHS had not conducted a Privacy Impact Assessment for the system. A PIA is a public document that identifies privacy risks for government information systems throughout their lifecycle.

The document said DHS communicated plans to complete a PIA for HART by January 2019. However, Travis Edwards, public affairs officer for the Office of Biometric Identity Management, told FCW that DHS "is currently working to finalize the HART PIA."

The "minibus" appropriations bill working its way through Congress includes $266 million in new funding for CBP to acquire border security technology and assets. A Democratic staffer on the committee told FCW that the legislation gives CBP flexibility to use the money for any tool or technology that it believes would help secure the border, including enhanced biometric and facial recognition capabilities.