A surveillance camera mounted to a wall against a clear sky

TL;DR:

  • ICE's Mobile Fortify app has been used in the field over 100,000 times since launch, and was originally restricted to ports of entry. Now agents use it on streets, in protests, and at job sites.
  • It searches 200 million government photos in seconds, drawing on DHS IDENT/HART (270M biometric records), FBI NCIC, state DMVs, and Traveler Verification Service databases.
  • Built by NEC Corporation, confirmed via DHS's January 2026 AI Use Case Inventory. The vendor wasn't public until then.
  • Illinois and the City of Chicago sued ICE in January 2026, calling Mobile Fortify a Fourth Amendment violation and a breach of Illinois's biometric privacy law.
  • Photos are stored for 15 years, including non-matches of U.S. citizens. ICE has stated individuals cannot decline scanning.
  • A bill to ban it (the ICE Out of Our Faces Act) was introduced February 5, 2026, by Markey, Jayapal, Merkley, and Wyden. It hasn't moved.

The App That Turned Every Phone Into a Spy Camera

Until 2025, federal facial recognition was something that happened to you at the airport. You stood at a kiosk. A camera scanned your face. You moved on.

Now it happens on the sidewalk. At a protest. Outside a courthouse. At the loading dock where you work.

ICE agents are carrying it in their pockets. The app is called Mobile Fortify. It runs on a standard government-issued smartphone. An agent points it at someone in public, taps a button, and within seconds the app returns a name, a date of birth, and pointers to every government file connected to that person [1].

According to a lawsuit filed by the State of Illinois and the City of Chicago in January 2026, ICE has used Mobile Fortify in the field more than 100,000 times since it launched [2]. That's not a pilot. That's a deployment at scale: quietly, with no Congressional authorization, no public notice, and no opportunity for anyone scanned to decline.

What Mobile Fortify Can See

The numbers are the point.

Mobile Fortify queries a constellation of federal databases, including [1][3]:

  • IDENT/HART: DHS's biometric database, containing face prints, fingerprints, iris scans, and DNA for over 270 million people. Most of them have never been charged with a crime.
  • Traveler Verification Service: every entry and exit photo CBP has captured at U.S. borders, plus TSA PreCheck facial scans.
  • FBI National Crime Information Center (NCIC): criminal records, gang allegations, and outstanding warrants.
  • State driver's license databases (via Nlets): every DMV photo from participating states.
  • State Department visa and passport photos.
  • TECS and ATS: travel history, banking metadata, social media, license plate reader hits, immigration application data.

That's the 200 million photo number you'll see in coverage. It's a floor, not a ceiling.

The vendor is NEC Corporation, the Japanese biometrics giant. DHS confirmed it in its 2025 AI Use Case Inventory, released in January 2026 [4]. Before that, the public didn't know who built the thing or where the data was going.

From Ports of Entry to the Street

The timeline matters because it shows the bait-and-switch.

Federal facial recognition was sold to the public as a border tool. Limited to ports of entry. Limited to investigations of serious crimes like child sexual exploitation. That was the deal.

Mobile Fortify broke that deal [2].

The app first surfaced publicly in June 2025, when 404 Media obtained leaked emails and an internal user manual revealing its existence [4]. By the time the public found out, agents were already carrying it. In September 2025, ICE expanded its surveillance contracts further by subscribing to Penlink, a commercial location-data platform that lets the agency buy phone location histories without a warrant [3].

By January 2026, Illinois and Chicago had documented enough field deployments to sue. The complaint alleges over 100,000 uses, not at the border, not at airports, but on American streets [2].

It Gets Citizens Wrong

If the system worked, it would still be a Fourth Amendment problem. It doesn't even work.

On January 19, 2026, an individual identified in court filings as "MJMA" was scanned by ICE agents twice. The app returned two completely different names in the same interaction. Both were wrong, according to documentation filed by Innovation Law Lab [4].

ICE has already mistakenly detained a U.S. citizen based on a Mobile Fortify match, then defended the detention by claiming the person "could be deported based on biometric confirmation" [4]. The biometric confirmation was wrong. The agency did not appear to care.

This isn't surprising. NIST has documented for years that facial recognition algorithms perform worse on Black faces, on women's faces, and on faces captured under non-ideal lighting and angles, which describes virtually every street-level scan an agent would take [1]. ICE has reportedly trained agents to treat Mobile Fortify matches as definitive, even when contradicted by other documentation like birth certificates or driver's licenses.

A 15-year retention policy means a wrong match in your file can follow you for a decade and a half. Including if you're a U.S. citizen [4].

The Illinois Lawsuit

On January 2026, the office of Illinois Attorney General Kwame Raoul, together with the City of Chicago, filed Illinois v. U.S. Department of Homeland Security in the Northern District of Illinois [3].

The complaint makes three main claims:

  • Fourth Amendment violations: biometric scans without a warrant constitute unreasonable search and seizure.
  • Illinois Biometric Information Privacy Act (BIPA) violations: Illinois has the strongest biometric privacy law in the country, requiring informed consent before face data is collected.
  • Exceeding statutory authority: ICE has no Congressional mandate to deploy facial recognition outside immigration ports of entry.

The case is one of the first major legal challenges to field-deployed federal facial recognition in the U.S. Win or lose, it will set the precedent for whether the Fourth Amendment applies when the search happens through a phone camera instead of a courtroom-issued warrant.

The Bill to Ban It

On February 5, 2026, Senators Ed Markey (D-MA), Jeff Merkley (D-OR), and Ron Wyden (D-OR), together with Representative Pramila Jayapal (D-WA), introduced the ICE Out of Our Faces Act. The bill would ban ICE and CBP from acquiring or using facial recognition technology and other biometric identification systems entirely [5].

Key provisions:

  • Mandatory deletion of all biometric data already collected by ICE and CBP for facial recognition purposes.
  • A private right of action: individuals and state attorneys general can sue for civil penalties when violations occur.
  • Co-sponsored by Senators Angela Alsobrooks (D-MD) and Bernie Sanders (I-VT).
  • Endorsed by EFF, EPIC, ACLU, Fight for the Future, Free Press Action, Access Now, and Human Rights First.

The bill has been introduced. That's all. It has not received a committee hearing. It has not been marked up. In a divided Congress, the realistic ceiling is that it stays alive as a marker for the next administration. The realistic floor is that it dies in committee and is never heard from again.

While Congress dithers, the scans continue.

Eight Senators Asked Questions. ICE Didn't Answer.

In June 2025, eight senators (Booker, Van Hollen, Markey, Sanders, Schiff, Smith, Warren, and Wyden) sent an open letter to ICE acting director Todd Lyons demanding transparency about Mobile Fortify [4]. They wanted to know what databases it accessed, what training agents received, what retention policies applied, and what oversight existed.

ICE missed the October 2 response deadline. The senators sent a follow-up on November 3, 2025. ICE still hadn't responded by the time the Illinois lawsuit was filed in January 2026 [4].

This is the standard playbook now: deploy the surveillance tool first, fight the lawsuits later, and never answer Congressional letters in between.

What You Can Do

  • Know your rights at a stop. You are not required to consent to being photographed by federal agents, even if ICE has stated otherwise internally. You also don't have to answer questions about your immigration status. The ACLU's "Know Your Rights" guides are state-specific. Look up your state.
  • Push your state to pass BIPA-style laws. Illinois's biometric privacy law is the reason the Mobile Fortify lawsuit has teeth. Texas, Washington, and a handful of others have weaker versions. Most states have nothing.
  • Demand local sanctuary policies that exclude facial recognition cooperation. 287(g) agreements between ICE and local police can give Mobile Fortify access to municipal databases. Push your city council to refuse these agreements.
  • Support the ICE Out of Our Faces Act. Call your senators and representative. The bill is S.3779 / H.R. equivalent. Even if it doesn't pass, hearings force ICE to answer questions on the record.
  • Read the primary sources. Just Futures Law has published a detailed brief on Mobile Fortify. The Vanderbilt Law analysis covers the constitutional issues. The ACLU's overview connects the dots.
  • If you suspect you've been scanned, file a Privacy Act request with DHS. You're entitled to know what's in your file, including biometric records collected by ICE.

The Bottom Line

Every agent's phone is now a federal database query terminal. Every public encounter is a potential biometric record. Every wrong match is a 15-year file note that can show up next time you cross a border, apply for a job that requires a background check, or get pulled over.

This wasn't supposed to happen. Facial recognition was supposed to be limited to airports. Then it was supposed to be limited to serious investigations. Then it was supposed to be limited to ports of entry.

Now it's been used 100,000 times in the field. The vendor is a Japanese biometrics company most Americans have never heard of. The bill to ban it is stalled. The lawsuit to stop it is just getting started.

If you live in the United States, ICE's facial recognition system has a profile on you. The only question is what they decide to do with it.

Sources

  1. ACLU: "Face Recognition and the 'Trump Terror': A Marriage Made in Hell"
  2. ACLU of Wisconsin: "Mobile Fortify: ICE's Dystopic Facial Recognition App"
  3. Vanderbilt Law: "Eyes Everywhere: ICE's Expanded Use of Surveillance Technologies"
  4. Wikipedia: "Mobile Fortify" (citing 404 Media, Innovation Law Lab, DHS AI Use Case Inventory)
  5. Senator Markey: "Markey, Merkley, Wyden, Jayapal Introduce Bill to Ban ICE and CBP Use of Facial Recognition Technology" (February 5, 2026)