DHS Biometric Shift Raises Oversight Worries

Published Date : 8/14/2025 

The Department of Homeland Security (DHS) is realigning authority over its largest biometric database, placing it under the Chief Information Officer's control. This move, orchestrated by the Stephen Miller-led Homeland Security Council, has raised concerns among national security, civil liberties, and technology oversight circles. 

The Department of Homeland Security (DHS) is undergoing a significant realignment of authority over the federal government’s largest biometric database, a move that places Chief Information Officer Antoine McCord in direct control of the Office of Biometric Identity Management (OBIM). This structural shift, quietly orchestrated by the Stephen Miller-led Homeland Security Council, has sparked debate within national security, civil liberties, and technology oversight circles.

Miller, who serves as Deputy Chief of Staff for Policy in the White House, has long been one of the administration’s most influential architects of immigration policy, known for shaping measures such as the travel bans, family separation, and refugee admission reductions. “The DHS Chief Information Officer has been in close contact with the Homeland Security Council regarding the future of biometrics technology and will continue working closely with them to ensure DHS meets its goals in alignment with the President’s agenda,” a DHS spokesperson said. “Transitioning oversight of the DHS Office of Biometric and Identity Management to the DHS CIO creates a unique opportunity to align biometrics technology investments across the Department.”

Muddying the waters is the White House’s weighing of a related and more controversial restructuring that would put OBIM under the authority of U.S. Customs and Border Protection (CBP). Biometric Update reported in June that such a move would mark a fundamental shift in OBIM’s role from a neutral biometric service provider supporting more than 40 federal and foreign stakeholders to a tactical arm of one of the government’s most aggressive enforcement agencies. Critics warn that such a change would undermine interagency trust, jeopardize international data-sharing agreements, and concentrate control over the nation’s largest biometric repository in the hands of a single enforcement entity.

Those concerns are not hypothetical. Government Accountability Office (GAO) audits have repeatedly flagged CBP’s shortcomings in adhering to privacy safeguards, particularly in programs involving biometric data collection. A 2020 GAO review found that CBP failed to consistently complete required privacy impact assessments for its Traveler Verification Service, a facial recognition program deployed at airports and land ports of entry. The same report documented that CBP did not always provide travelers with clear opt-out procedures, and in some cases, U.S. citizens were scanned without the agency following its own policy requirements. In another audit, GAO noted that CBP’s retention of U.S. citizen photos sometimes exceeded stated limits, raising the risk of unauthorized use or disclosure.

These lapses occurred despite explicit DHS and Office of Management and Budget guidance requiring such protections, and GAO having found that the agency’s enforcement posture often outweighed its privacy compliance obligations. Placing OBIM under CBP’s direct authority would greatly expand the scope of these risks. If CBP were to import its existing enforcement-first culture into OBIM’s operations, biometric data collected for neutral identity verification could be more readily used for surveillance and interdiction. Given CBP’s past record of incomplete privacy assessments, insufficient public notice, and policy noncompliance, the result could be the erosion of key safeguards that underpin domestic and international trust in U.S. biometric systems.

OBIM manages the Automated Biometric Identification System (IDENT), a repository containing more than 300 million biometric profiles that are used by DHS components such as CBP and Immigration and Customs Enforcement (ICE), as well as dozens of other federal and foreign partners. IDENT is in the process of being replaced by the Homeland Advanced Recognition Technology (HART) system, a multi-billion-dollar upgrade that has faced repeated delays, cost overruns, and privacy concerns. According to GAO, HART is central to DHS’s ability to process nearly half a million biometric queries per day, but the program’s execution has been plagued by incomplete cost and schedule estimates, outdated privacy impact assessments, and gaps in data-sharing governance.

The decision to consolidate OBIM under the CIO’s purview is being framed by the White House as a modernization and efficiency initiative. Administration officials say it will align biometric technology investments across DHS, accelerate HART’s delivery, and create a “unified biometric experience” for the department. But internal sources and oversight bodies warn that the timing – amid ongoing technical remediation efforts – risks destabilizing a mission-critical system at a moment when stability and cross-agency coordination are paramount. A July GAO letter to McCord underscores the stakes. It lists 43 open recommendations for DHS that require the CIO’s attention, seven of which are designated as “priority” due to their potential to significantly improve government operations if implemented.

Several of these recommendations directly touch on OBIM’s operations, including calls to revise HART’s cost and schedule estimates using best-practice methodologies, update its privacy documentation to reflect the full scope of data categories and sharing partners, correct identified privacy deficiencies, and maintain a reliable inventory of information-sharing agreements. GAO also urges DHS to ensure that partners using HART can properly dispose of personally identifiable information in line with federal retention schedules. McCord, a former Marine and intelligence veteran, assumed the DHS CIO role in March after directing operations for defense technology firms. His new mandate comes with wide-reaching responsibility over IT strategy, investment management, and information security across the department.

But the GAO findings paint a picture of systemic challenges. DHS has yet to fully implement federal event logging requirements, consistently authorize cloud services under the Federal Risk and Authorization Management Program, or complete annual IT portfolio reviews as required by the Federal Information Technology Acquisition Reform Act. In the biometric area, GAO has repeatedly pressed DHS to align its modernization plans with both privacy law and operational best practices. Compounding the governance concerns is the reported involvement of the Department of Government Efficiency (DOGE), a controversial entity originally overseen by Elon Musk. DOGE personnel have embedded within OBIM and, according to internal memos, have been granted access to sensitive systems operated by U.S. Citizenship and Immigration Services (USCIS).

This access, which includes repositories such as USCIS’s Data Business Intelligence Services, has raised alarms over potential unauthorized influence or policy manipulation. Some of the DOGE staffers given such access have checkered histories, including links to past cybercrime activity, heightening unease among privacy and security advocates. Supporters of closer CBP alignment argue that it could streamline operational workflows, shorten the time from biometric capture to enforcement action, and consolidate budgetary control. They frame the move as part of a broader DHS effort to eliminate silos, standardize technology stacks, and respond to what they describe as rapidly evolving border threats.

GAO’s recommendations point to a middle ground. It has emphasized the need for disciplined program management, rigorous privacy safeguards, and interagency coordination, regardless of where OBIM ultimately sits in the DHS hierarchy. For HART, in particular, GAO advises establishing clear timelines for privacy compliance reviews, correcting deficiencies before full deployment, and ensuring that all information-sharing agreements are current and enforceable. These steps, GAO contends, are prerequisites for a functional and trustworthy biometric system capable of supporting both enforcement and non-enforcement missions.

The convergence of the dynamics of technical debt, political maneuvering, external oversight pressure, and internal reorganization means DHS’s biometric modernization is unfolding under intense scrutiny. If McCord can implement GAO’s cybersecurity, acquisition, and management recommendations while navigating the political currents around OBIM’s future, he could stabilize and even strengthen the department’s biometric enterprise. If not, the risk is a fragmentation of capability, loss of partner confidence, and erosion of public trust in how the U.S. government collects, stores, and uses immutable personal identifiers. For Congress, which relies on GAO’s work to exercise oversight, the situation presents a test of its willingness to assert authority over the trajectory of federal biometric governance. Lawmakers could mandate safeguards that preserve OBIM’s neutrality, require transparent reporting on HART’s progress, and tie funding to the implementation of GAO’s priority recommendations. But without such guardrails, the consolidation now underway could cement a shift from balanced, multi-stakeholder identity management to an enforcement-driven model with fewer checks on its reach. 

Frequently Asked Questions (FAQS): 

Q: What is the Office of Biometric Identity Management (OBIM)?

A: OBIM is a component of the Department of Homeland Security (DHS) responsible for managing the largest biometric database in the federal government, which supports over 40 federal and foreign stakeholders.

Q: Why is the realignment of OBIM's authority controversial?

A: The realignment of OBIM's authority is controversial because it places the office under the control of U.S. Customs and Border Protection (CBP), which could undermine interagency trust and jeopardize international data-sharing agreements.

Q: What are the main concerns raised by the Government Accountability Office (GAO)?

A: The GAO has raised concerns about CBP's shortcomings in adhering to privacy safeguards, including incomplete privacy impact assessments and insufficient public notice for biometric data collection.

Q: What is the Homeland Advanced Recognition Technology (HART) system?

A: HART is a multi-billion-dollar upgrade to the Automated Biometric Identification System (IDENT) managed by OBIM. It is designed to process nearly half a million biometric queries per day and faces challenges including delays and privacy concerns.

Q: What role does the Chief Information Officer (CIO) play in this realignment?

A: The CIO, Antoine McCord, is now in direct control of OBIM. His role includes aligning biometric technology investments across DHS, accelerating the delivery of HART, and ensuring rigorous privacy safeguards and program management. 

More Related Topics :