ICE’s Mobile Fortify app turns facial recognition into a street-level surveillance tool aimed at non-citizens and citizens alike.
In October of 2020, during the latter part of the first Trump administration, the Department of Homeland Security— specifically, Customs and Border Protection (CBP) released a smartphone app with AI facial recognition capability. CBP claims that close to a million individuals have downloaded the app and used it successfully
How come most people haven’t heard of this app? Probably because in each of those cases, the user was an immigrant. But that isn’t the case with its successor, which treats citizenship as almost beside the point.
With CBP One, immigrants were trying to use the app’s AI facial recognition feature to verify their identity and thereby secure an appointment for a hearing at the border, so they could enter the country legally. That was, effectively, the only way to enter the country legally for most of them.
Let me quote from a recent statement issued by CBP about the app:
The CBP One™ mobile application is a key scheduling tool and part of DHS’s efforts to incentivize noncitizens to use lawful, safe, humane, and orderly pathways and processes.
Use of the CBP One™ app to schedule appointments at ports of entry has significantly increased CBP’s capacity to process migrants in a more efficient and orderly manner while cutting out unscrupulous smugglers who endanger and profit from vulnerable migrants.
Since the appointment scheduling function in CBP One™ was introduced in January 2023 through the end of December 2024, more than 936,500 individuals have successfully scheduled appointments to present at ports of entry instead of risking their lives in the hands of smugglers.
When was this statement issued? On January 14, 2025.
Less than the week later, Donald Trump canceled the app on his inauguration day, as one provision in an order that declared:
One of my most important obligations is to protect the American people from the disastrous effects of unlawful mass migration and resettlement.
My Administration will marshal all available resources and authorities to stop this unprecedented flood of illegal aliens into the United States.
The following April, those migrants that CBP had celebrated for using the “lawful, safe, humane, and orderly pathway” to enter the United States…were told to leave immediately, or else face prosecution.
To recap, it went like this:
1. CBP proudly announces that people chose to enter the country lawfully using its app.
2. Trump cancels the app less than a week later, citing unlawful migration.
3. Trump kicks out all of the people who used CBP’s app to enter lawfully.
The Trump administration later raised CBP One from the dead, and dubbed its reanimated form CBP Home. A cheerful-sounding name for an app that uses facial recognition to help immigrants “voluntarily self-deport.”
DHS is now proclaiming that “tens of thousands” of immigrants have done so, out of a total of 2.2 million illegal aliens who have self-deported, generally. Where they’d get that number, I have no idea. But it’s interesting that so many have apparently opted not to use the app, when DHS is offering them $2,600 and a free trip home.
But this post is not really about CBP One.1
It’s about how ICE is using an app that utilizes the same facial recognition technology as CBP One in an app called Mobile Fortify. Like CBP Home, its stated purpose is to identify immigrants in the country unlawfully.
But they won’t get $2,600 and a free flight home. They won’t even get asked permission. Oh, and they may not be immigrants at all.
CBP confirmed that Mobile Fortify is still being used by ICE, along with “a variety of technological capabilities” that supposedly “enhance the effectiveness of agents on the ground.”
For people identifying as US citizens during stops, there does not appear to be much choice but to allow agents to conduct face scans, even if an ID is supplied. In a second video flagged by 404 Media, a man tells masked agents, “I’m an American citizen, so leave me alone,” while claiming to have already shown his ID. One agent confirms that they’re “going to verify that,” followed by another who instructs the man to take off his hat, claiming, “it will be a lot quicker.”
“This is not a big deal,” the agent tells the man, who repeatedly tells agents he is on his way to work. “Relax.”
Remember, this is the same agency that refuses to “relax” when it’s merely suggested that they shouldn’t wear masks completely obscuring their faces, on the grounds that doing so would allow them to be “doxxed.” A scary-sounding word, but what does it actually mean? Making someone’s identifying details known without their permission.
Mobile Fortify’s Privacy Threshold Analysis, or PTA, was accessed via FOIA request by investigative journalism site 404 Media.
According to the PTA:
CBP and ICE Privacy are jointly submitting this new mobile app PTA for the ICE Mobile Fortify Mobile App (Mobile Fortify app), a mobile application developed by CBP and made accessible to ICE agents and officers operating in the field. ICE agents and officers will use the Mobile Fortify app to verify [redacted] identity through facial recognition or contactless fingerprint matching during ICE enforcement operations. [redacted].
How are they going to do that?
ICE agents will use the Mobile Fortify app for biographic and biometric2 checks. When ICE agents or officers encounter an individual or associates of that individual, they will use the Mobile Fortify app installed on their government-issued device to take a photograph. The photograph is then sent by the application to CBP’s Traveler Verification Service, in ATS,3 [redacted] as well as the Seizure and Apprehension Workflow that contains the biometric gallery of individuals for whom CBP maintains derogatory information.
The TVS was developed by CBP, and it’s the facial recognition engine of CBP One. And now, therefore, CBP Home. Also the Mobile Passport and Global Entry mobile apps. Which makes it unsurprising, but no less disturbingly dystopian, that a Minnesota resident found Global Entry and TSA PreCheck privileges revoked days after an immigration agent told her that he used facial recognition technology to identify her.
And she’s not likely to get those back any time soon if the agent did use Mobile Fortify, because the app’s PTA says it retains new photographs and fingerprints for 15 years.
Other fun facts about Mobile Fortify, based on its PTA:
- The app also collects geolocation data: “When that photograph and/or fingerprint is taken, geolocation data is tagged to that biometric so ICE can identify where the encounter took place.”
- They don’t have to get your consent to do it: “Does the mobile application provide ‘just-in-time’ disclosures to obtain user’s [sic] affirmative express consent before a DHS mobile app accesses sensitive content or other tools and applications for the first time (e.g., location services)? “No.”
- They don’t even have to tell you beforehand: “Are individuals provided a Privacy Act Statement, Privacy Notice, or some, other type of notice at the time of collection by DHS?” “No.”
- The app hasn’t been cleared by their own internal development service that provides a build environment, application lifecycle management, and tests on source code: “Has this mobile application been through the DHS AppVet process?”4 “No.”
And then the document just lays it out:
Although the intended purpose of the Mobile Fortify Application is to identify aliens who are removable from the United States, users may use Mobile Fortify to collect information in identifiable form about individuals regardless of citizenship or immigration status. It is conceivable that a photo taken by an agent using the Mobile Portily mobile application could be that of someone other than an alien, including US. citizens or lawful permanent residents.
ICE agents do not know an individual’s citizenship at the time of initial encounter and will use the Mobile Fortify mobile application to determine or verify the individual’s identity, and confirm that they are a match to the Fortify the Border Hotlist.
What the hell is the “Fortify the Border Hotlist”?, you may ask. Answer: Who knows? Not Wired, anyway:
Records also indicate the existence of another derogatory watch list controlled by CBP and fed by Fortify, known as the Fortify the Border Hotlist. The list is mentioned in only a single publicly released document and was first revealed by 404 Media last year. The record does not describe the criteria for placement on the watch list nor any removal or appeals process. It is unclear whether US citizens are included.
Greeeeeaaaaat.
To sum up:
- The so-called Department of Homeland Security developed an app using technology previously used to vet nearly a million immigrants seeking to enter the U.S. in the lawful way, but were forced back out of the country as soon as Trump took office, on the pretense that despite all of this, their presence in the country is in fact unlawful.5
- Customs and Border Protection developed the previous app (CBP One/Home) as well as this one (Mobile Fortify), but the purpose of the second one is for ICE to use “in the field” to identify non-citizens who may be in the country illegally. This new app was released despite knowingly violating DHS’s own privacy standards.
- This app can be used on non-citizens and citizens alike, doesn’t require consent, and is held to be more reliable than a birth certificate. It’s matched with geolocation data to allow ICE to track where these encounters take place.
- The app checks whether the subjects of these facial recognition scans are on a mysterious list (the “Fortify the Border Hotlist”) that we only know about because it was mentioned, in passing, in a FOIA-requested document.
- Coincidentally, the attorney general recently ordered the FBI to “compile a list of groups or entities engaged in acts that may constitute domestic terrorism as defined by 18 U.S.C. § 2331(5) and provide that list to the Deputy Attorney General.”
And this is all completely legitimate, and in fact necessary. Not remotely an indicator that we live in a tech-enabled surveillance state, designed to suppress dissent in any form.
Nothing like that.
1 If you want to read its grisly history in detail, you can do so on my blog.
2 Biometric data is data of physically distinguishing characteristics, like your fingerprints, irises, and of course your face.
4 “This is a requirement of DHS Directive 047-01-003: Privacy Policy for DHS Mobile Applications, available at https://www.dhs. gov/publication/privacy-policy-dhs-mobile-applications”
5 Which, it just occurred to me, amounts to Trump contradicting DHS. Oh well, that happens all of the time!