Print Report
A large and ominous machine, reminiscent of a rusty industrial grade boiler, out of which pipes, ducts and vent systems emerge. Drones and surveillance devices hover above the machine. Beneath the machine, there is a twisted system of pipes and and wires. People are dismantling these pipes and wires. At the bottom of the image, a giant protest crowd emerges from below the machine holding signs which read 'Defund Surveillance' and 'Abolition Now'.

From Data Criminalization
to Prison Abolition

Community Justice Exchange, 2022

Introduction

“To make a thief, make an owner; to create crime, create laws.” — Ursula K. Le Guin

The following is a report about surveillance and social control of migrants and criminalized peoples, written from a prison-industrial-complex abolitionist perspective. 

Here, we describe practices that we term “data criminalization:” the creation, archiving, theft, resale and analysis of datasets that mark certain people as threats and risks, based on data culled about them from state and commercial sources. Data analysis and prediction may seem modern, scientific or objective, boasting cutting-edge biometric identification and AI-powered tools — but here they operate as part of a longstanding historical process of racial and national profiling, management and control in the US.

In this report, we examine and deconstruct some key practices in the surveillance of migrants as conducted by government agencies and private companies that work together to create and manage vulnerability and exclusion. We wrote this report and created a web-based interactive tool for prison abolitionists, migrant justice organizers, scholars, anti-surveillance activists and everyone else who is working to oppose interlocking systems of incarceration, criminalization, and social control. We hope that this report provides a framework to reject and denaturalize criminal legal procedures and categories, border control and securitization, identity capture and registration regimes, and “data-driven” predictive and sorting practices used to justify punishment and social exclusion.

Overview: The invisible machinery of data criminalization

In this section, we offer an analysis of data criminalization: digitized, automated surveillance that is used formally and extra-legally as tools of social control. 

Travel Related Data Collection, Ice Raids and Arrests, Active Police Harrassment, Policing and Surveillance of Anyone Born Outside the U.S., Customs and Border Patrol Stolen Data from Confiscated Devices, FBI Terrorist Screening Database, Federal State, Local, and Other Law Enforcement, Map of Connections, Commercial Data Aggregators, (ACRONYM LIST: EDDIE, FALCON, EAGLE, NGI, EID, EOIR, EARM, NLETS, NCIC, ISAPIII, CIS, IDENT/HART, ESTA, APIS, ATS, SECURE FLIGHT, PNR, ADIS, TECS/ICM, CCD, CLAIMS 4, PCQS, SEVIS, ACRIME, CLAIMS 3

For many of us today, “surveillance” may seem baked into our daily lives. It may seem impossible, in the post-9/11 world, to stay unwatched, or leave no trace. Whether it is through video cameras mounted in public places, or our use of cell phones and Internet searches, it seems like almost everything we do can be tracked by anyone with the right tools.Footnote 1 To attempt to resist surveillance may seem anachronistic at best, and futile and paranoid at worst. 

“Data” and “data collection” in today’s world may seem to be a given. Many of us believe in the inherent validity of data collection and analysis as features of our modern reality that can improve our lives. We may associate “data” with things that are scientific, measurable, and objective. 

But data collection methodologies and categories as they exist today inherit and wield the weight of centuries of state strategies and justification for identifying, managing and controlling populations that could threaten ruling class interests. There is nothing neutral about data, and nothing passive about surveillance. Surveillance uses data to sort us categorically and, in the words of theorist Simone Browne, “weigh some of us down” by differentially exposing some of us to state violence, even as it disguises and naturalizes the process of doing so.Footnote 2  

There is nothing neutral about data, and nothing passive about surveillance.

Migrants are especially weighed down. Migrants exist precariously in the modern nation-state and globalized neoliberal economy, often producing wealth for multiple countries while being denied legal rights and subjected to continuous, enhanced scrutiny, dislocation and punishment. While many of the systems that mark and maintain migrant vulnerability are not visible, by examining technical processes that target and “vet” migrants we can identify a key feature of law enforcement-oriented “data-driven technologies” today: They are engineered to guarantee that a person who was criminalized in the past or present will, by design, continue to be criminalized in the future, whether or not they break any laws. Since a key feature of our legal structure is to separate out and exclude people, law enforcement oriented data-driven technologies are designed to ensure that targeted people fit into criminalized categories that justify exclusion under and beyond the law. For instance, migrant surveillance is automated so that any person who was born outside the US always remains suspicious.

 Since a key feature of our legal structure is to separate out and exclude people, law enforcement oriented data-driven technologies are designed to ensure that targeted people fit into criminalized categories that justify exclusion under and beyond the law.

Therefore, exemption from enforcement (arrest, incarceration and/ or deportation) is conferred only temporarily, moment-by-moment, as a person’s extra-legal “permanent record” (which includes arrest data that did not result in conviction, freehand observational notes from border crossings, past travel itineraries collected by commercial airlines, and unproven accusations by police and travel authorities of membership in gangs or terrorist groups) is cross-referenced against dozens of (often inaccurate and outdated) government- and privately-run criminal legal and commercial datasets and “risk” prediction software.

 Criminalization is the process and practice that justifies such cataloguing and control of targeted populations, individually and categorically.

Criminalization is the process and practice that justifies such cataloguing and control of targeted populations, individually and categorically. Through criminalization, migrants are weighed down unevenly by what sociologist Ana Muñiz calls “securitized immigration control,” which characterizes and punishes Muslims and Middle Eastern migrants as terrorists, and Central American and Mexican migrants as gang members, criminals and drug traffickers.Footnote 3  

The criminalization of migrants, using data, is the focus of our project. 

Criminalization legitimates the formal exclusion of a person from full legal rights, and exposure to premature death and foreshortened life chances. The state uses legal doctrine and pseudoscientific criminological concepts to create and marshal supposedly objective data to prove a person’s criminality and argue for intervention and correction, often in the forms of diminished legal status and punishment. Criminalizing data is often created by surveillance. We define surveillance as the non-consensual observation of individuals and communities by state, corporate or academic entities who have power to make meaning from, exert control over, exploit or otherwise profit from an observed population. Surveillance is active intervention in the form of behavior prediction for modification; it is real-time social control. 

 Surveillance is active intervention in the form of behavior prediction for modification; it is real-time social control. 

For too long, we have characterized the expansive nature of information-sharing, biometric collection, technologies used by law enforcement, and commercial partnerships with law enforcement as a problem of individual tech vendors driven by profit-seeking. Within the migrant justice movement, we have focused on individual kinds of technologies, programs and companies without contesting the fact that the very grounds on which these practices are premised are illegitimate and derive from centuries-old racist justifications for land theft and trans-Atlantic enslavement. Instead, we have often uncritically adopted corrective solutions for modern-day surveillance that come from pro-Constitutional “privacy” rights perspectives, which fixate on procedural protections, oversight of new technologies, the theatrics of “consent,” and are grounded in a conceptual and legal framework derived from white property rights that fail to protect those of us who are criminalized, non-citizens or otherwise excluded from legal privileges. 

Today, collectively, many of us are turning a corner. As concepts like surveillance capitalism begin to permeate the mainstream and news articles reveal how smartphone apps and utility providers sell our personal info to commercial data brokers and ICE, we can tap into a growing collective disgust of data theft. 

The time is ripe for a new mass movement to dismantle criminalization on the road to abolition.

 

Surveillance Capitalism, Surveillance Carceralism

Visible Surveillance, The Invisible Machinery of Data Criminalization

Generally, the surveillance that we can see make up the tip of an iceberg: 

  • You receive a Facebook message from a stranger whose account has a profile photo of a dog. The writer says that they want to meet up and buy a piñata that you’re selling. An ICE officer greets you in the parking lot.Footnote 4  
  • The salesperson at the car lot refuses to sell you a car after running a credit check and finding that TransUnion, a credit reporting agency, flagged your name as a “potential match” for one on the Treasury Department’s watch list for “terrorists, drug traffickers and other criminals.”Footnote 5
  • The highway patrol officer who just ran your license decides to detain you, based on the automated alert that he received that alleges that you were previously deported.Footnote 6  
  • ICE agents arrive at the airport gate before you catch an international flight.Footnote 7 A computer system identified you as a risk for having overstayed a visa.Footnote 8  
  • ICE shows up at your non-immigration-related court appointment.Footnote 9  
  • A detainer and an administrative warrant are served to a jail, asking the Sheriff to notify ICE when you’ll be released.Footnote 10  
  • You receive an order of removal.Footnote 11  

For every one of those encounters there is much unseen: troves of data sorted and choices made by algorithms, dozens of analysts and agents, billions of dollars in contract vendors, a daisy-chain of computers and communications systems and interoperable software programs, mirrored datasets and cloud servers, a miasma of agencies and interfaces. 

Today’s sprawling surveillance machinery of immigrant criminalization was built over decades, drawing from centuries of racialized capitalism and social control, anti-blackness, settler-colonial expansionism, and US imperialism. 

Through evolving surveillance practices of data criminalization, the US government creates and uses data as both justification for and a means to criminalize US non-citizens. The term “crimmigration” refers to the intersection of criminal and immigration laws in the US, especially since the 1990s, to punish non-citizens in the US differently and more harshly.Footnote 12 Crimmigration developed alongside and as part of mass incarceration. The artifacts and outcomes of that “crimmigration” history is preserved in numerous people’s “permanent records” in legacy and cutting-edge government databases, and in data-sharing protocols built into law enforcement technology and communication tools.Footnote 13  

These databases are not just an archive; they are an arsenal.

These databases are not just an archive; they are an arsenal. New prediction and profiling technologies contracted by DHS grow the agency’s migrant surveillance dragnet by dredging up decades-old, often forgotten data (including data not originally intended to criminalize, such as naturalization and passport application records) and gives that data new life to criminalize by matching them with previously unlinked criminal records and newer forms of invasive biometric identification and location-tracking databanks. But a “match” to criminal records, flagged by an event such as international travel, or getting stopped by a cop, is no longer the only path to immigrant criminalization. 

...a “match” to criminal records, flagged by an event such as international travel, or getting stopped by a cop, is no longer the only path to immigrant criminalization.

In DHS’ newer data-sorting mechanisms, artificial intelligence (AI) tools are capable of scanning millions of database entries, collecting new data, creating “profiles” of individuals, linking them to others, and using so-called predictive analysis to sort people categorically for ICE to monitor and revisit based on assigned levels of “risk.”Footnote 14 And, for as many dollars as have been invested into databases, analysts, and prediction, there are even more errors and omissions. Records are flush with name misspellings, outdated naturalization records and incomplete adjudication records. ICE has stated that there are a few million people who "derived' citizenship (people who were not born in the US but became citizens at birth, or at some point while still a minor, because of their parents' status), whom DHS databases would flag as non-citizens based only on their birth abroad.Footnote 15 Police are able to include in gang databases anyone that they want. Gang databases list deceased people and infants as members.Footnote 16 Data analyses are often incorrect, relying on outdated or inaccurate data, and they have outsized impact. Each past “encounter” that a person has had with a customs agent, immigration officer, or cop creates lasting vulnerability and exposure that can be reactivated if a person falls into a category (for instance, naturalized citizens, current visa holders, non-citizens, or people who are “removable” by ICE) that are flagged for increased scrutiny by DHS. Categorically targeted people are added to various databases who will be automatically and constantly tracked, profiled and evaluated for deportability — as well as disciplined by being denied public benefits, workplace protections and other access to rights.

FBI & DHS Data-Sharing, Constant Surveillance and Prediction, Location Tracking, Biometric Data, "Constant Vetting", Traveler and Border Surveillance

We are at a crossroads

In the following sections, we examine how key law enforcement databases have been connected and updated for decades, noting potential targets in these automated, linked systems. We describe the significance of DHS’ move from a suspect-based “watchlist” model to a big data model, monitoring massive numbers of individuals in real time and circumventing legal and all other oversight by buying GPS and cell phone location data, utility bills, DMV records, Internet search history,Footnote 14 change-of-address records, social media interactions, and other personal information that is routinely sold to government agencies by commercial vendors. We name some common points of data extraction, old and new. We also provide an overview of traveler and US border surveillance since the late 1990s, because monitoring techniques for international travel have been at the forefront of data criminalization and surveillance and may foretell the next decade of immigration and criminal punishment enforcement technologies. 

DHS's digital surveillance system is still in its infancy, and thus seemingly inefficient.Footnote 17 Despite the vast amount of resources that DHS receives, since its inception the agency has been plagued by rivalries, bureaucracy, high turnover and lack of consistent leadership due to changes in US presidential administrations.Footnote 18 One former management-level DHS employee noted that at the time of its creation, “DHS wasn’t even a loose confederation of agencies, back then it was more like rogue nations that happen to find themselves on the same continent.”Footnote 19 Conflicts between sub-agencies (“DHS Components”) have prevented seamless database merging.Footnote 20 And logistical problems persist. ICE needs to physically locate a person in order to arrest and potentially deport them. Deportation can be a time-intensive process. ICE officers have large caseloads and need to work with embassies and consulates to obtain travel identification documents, such as birth certificates and passports, which permit ICE to deport a person.Footnote 21 Despite the billions of dollars ICE spends on sophisticated spying, data visualization, indexing and prediction tools, the process of deporting people from inside of the US can still require accessing standardized criminalization data and engaging in a bureaucratic legal process. 

Court records show that one of DHS’ major criminalization hubs, the Pacific Enforcement Response Center (PERC) — which hires analysts to work 24/7 and use top-of-the-line data-scraping and social-mapping tools to find people who might be deportable — issued nearly 50,000 detainers in FY 2019.Footnote 22 Yet, “trial evidence nevertheless indicated that ICE does not take into custody up to 80 percent of the individuals for whom PERC issues immigration detainers.” Recent data collected by Syracuse University’s Transactional Records Access Clearinghouse (TRAC) confirm the pattern.Footnote 23

What happens in those 80 percent of cases, and why?

We posit four theories:

  1. By trawling so wide, ICE’s automated data criminalization process is creating more work for deportation officers than is possible for them to do, creating opportunities for DHS to justify its continuous expansion
  2. The legacy criminal legal, visa and naturalization data that ICE requires to prove deportability has not yet been updated and fully integrated into the new systems of data criminalization
  3. It is possible that DHS’ goal is not only mass deportation, but also the indexing and management of a permanent subclass of migrant workers who are systematically excluded from rights and will be findable whenever deportations are deemed politically necessary
  4. Migrants are being used to test techniques and set precedents that will eventually be used for continuous monitoring and control of everyone in the US, including US citizens.

DHS has long been moving toward centralizing and linking information from all its and other government databases, and automating the process that predicts, biometrically identifies, profiles and tracks in real time the location of any foreign-born individual who has come to the US. As part of an ever-expanding, lucrative data market, hundreds of legacy war profiteers and start-ups are available to help develop the next generation of tech tools to do this targeting for the US government. 

Ankle monitors, SmartLINK, and beyond: Case study of an iceberg

In this section, we look at ISAP, ICE’s “alternative to detention” (ATD) program which functions as a surveillance tech and social control program. As a movement, we have spent much of our energy fighting the requirement that ISAP “participants” wear GPS-enabled ankle devices. However, ankle monitor technology is falling out of favor within ISAP — and our years-long focus on them has deflected attention away from other forms of location-tracking and data criminalization practices that may be more insidious than shackles. Finally, as we will see, programs like ISAP show that while triangulation by the criminal punishment apparatus and the immigration system is still the most comprehensive way to enforce migrant exclusion, government programs that index “vulnerability” and dispense “services” are often conscripted to spy on and police its “clientele.” 

As a movement, for years we have sought to understand, expose, and seek legislative containment or abandonment of individual technologies and programs that make up the iceberg tips in the surveillance landscape. We are coming to realize that mechanisms for tracking and control are networked to and siphon from millions of other data points, which are analyzed by multiple connected systems. Targeting a specific program or technology may not have much impact on the functioning of the larger apparatus — and this is especially true as commercial technologies normalize surveilling all of us, not just migrants, or people in the criminal legal system. 

 Targeting a specific program or technology may not have much impact on the functioning of the larger apparatus — and this is especially true as commercial technologies normalize surveilling all of us, not just migrants, or people in the criminal legal system.

For example, in recent years, many migrant justice organizers noticed an uptick in migrants — especially asylum seekers — being made by ICE or immigration judges to wear location-tracking ankle monitors, which use either radio frequency or GPS technology. 

These devices are part of ICE ERO’s “Alternatives to Detention” (ATD) program, ISAP (Intensive Supervision Appearance Program), which began in 2004. ISAP has mostly been contracted out by ICE to a private company, Behavioral Interventions (B.I.) — a subsidiary of the private prison corporation, GEO Group. People enrolled in ISAP may be monitored for ICE by technologies including: telephonic reporting that uses voice recognition software, location tracking via ankle shackles, or a smartphone app (SmartLINK) that uses face and voice recognition to confirm identity as well as location via GPS monitoring.Footnote 22 For most ISAP “participants,” the “case worker” or "probation officer" they must report to is a B.I. employee. 

ISAP was once a conditional release program that gave people with criminal records a way to bond out from immigrant jail.Footnote 24 But by 2015, the government had implemented a policy of categorically enrolling asylum-seekers in ISAP — these were mostly families from Central America who passed “credible fear” screenings, and are in deportation proceedings but on the “non-detained docket.”Footnote 25 For its part, DHS is clear that ISAP, its main ATD program, “is not a substitute for detention, but allows ICE to exercise increased supervision over a portion of those who are not detained.”Footnote 26 ISAP “uses technology and other tools to manage alien compliance.”Footnote 27 In other words, ISAP is a surveillance tech and social control program, and net-widener. ISAP grew throughout the years, and at this point, there are far more immigrants in ISAP than there are detained in immigration jails.Footnote 28 Based on the most recently available data, ICE has at least 3.3 million people on its non-detained docket.Footnote 29 Of those, roughly 118,000 are subject to e-carceration.Footnote 30 An additional 26,000 are incarcerated in ICE jails.Footnote 31

The ankle devices use two main technologies. Some rely on radio frequency (not GPS) to monitor a person on house arrest, and require the wearer to have a landline telephone. Other ankle shackles use GPS monitoring to track a person’s movements, which have to be pre-approved by the B.I. “case worker.” 

There are many reasons to be alarmed by the location-tracking capabilities of these shackles. In August 2019, ICE used geolocation data from ankle monitors to obtain a warrant for and plan a mass deportation from two towns in Mississippi.Footnote 32 The result was the largest single-state worksite raid in US history. It is very possible that data recorded by geolocating devices will again be used to collectively punish families and entire communities. 

 But onerous and dehumanizing as they are, ankle monitors make up a shrinking proportion of ISAP, and of migrant surveillance overall.

But onerous and dehumanizing as they are, ankle monitors make up a shrinking proportion of ISAP, and of migrant surveillance overall.Footnote 33 Technologies are always being upgraded. ATD statistics bear out the trend: one city at a time, the numbers in the category “SmartLINK” are overtaking those in “GPS.” The category names are misleading, since the SmartLINK cell phone app has provided a platform for much more expansive forms of data theft than ankle monitors allowed for — using GPS tracking as well as face and voice recognition technologies to surveil those who, as part of enrollment in ISAP, are forced to use the app. 

Due to the hidden way that cell phone apps track people, this real-time location and biometric data theft does not generate the outrage that it should.

Source Footnote 33

ATD by Technology, Monitored through ICE's ATD Programs, Telephonic Reporting, SmartLINK, GPS

ISAP numbers reveal a larger story of data criminalization: While there is continuing and growing interest within the migrant justice movement in ankle shackles and the ISAP program, new forms of surveillance could make ankle monitors obsolete. They are replaced by other methods of location data gathering and data scraping which are more seamless and can be easily merged with legacy criminalization tools and processes. 

And although ICE’s ATD program has grown (from 83,186 people enrolled in 2019, to 85,415 in 2020, and 136,026 in October 2021), the information collected by ISAP may also become irrelevant as DHS refines and expands its surveillance and social control systems to ensnarl more people in less formal, less visible and more frictionless ways. The story of ISAP III within immigration surveillance is cautionary on multiple fronts: Although immigration activists and advocates have long fought against ICE’s use of ankle monitors, cell phone tracking is far more onerous and invasive than ankle monitors. 

 The story of ISAP III within immigration surveillance is cautionary on multiple fronts: Although immigration activists and advocates have long fought against ICE’s use of ankle monitors, cell phone tracking is far more onerous and invasive than ankle monitors.

DHS continues to pilot new technological surveillance devices, such as one to track people in real time while they are still incarcerated.Footnote 34 Border Patrol is currently testing the “Subject  Identification Tracking Devices (SID):” “tamper-resistant barcode wristbands for tracking and identifying subjects.”Footnote 35 Another smartphone app, CBP One, was tested in late 2020 and is expected to become a main platform for travelers entering the US to submit geo-tagged photographs to CBP for real-time “vetting.”Footnote 36 There is no end to pilot programs and contract vendors, and as long as we focus exclusively on the latest iterations of these, we may miss the bigger picture.

There is no end to pilot programs and contract vendors, and as long as we focus exclusively on the latest iterations of these, we may miss the bigger picture.

A constantly expanding net

There are an estimated 11 million undocumented migrants living in the US today. While I-9 work visa “no-matches” and data provided to ICE by government agencies like state Departments of  Motor Vehicles and the US Postal Service flag some individuals for ICE scrutiny, it is generally entanglement with the criminal legal system, triggered by police harassment and arrest, that creates vulnerability for ICE arrest. While the 3 million undocumented people on the “non-detained docket” named above are especially vulnerable to ICE arrest and deportation if they have an encounter with a cop or miss a court date, ICE and DHS are constantly creating new ways to formally exclude migrants from rights and scale up monitoring, controlling, punishing, and potentially deporting all 11 million. In addition to undocumented migrants—who are constantly targeted by ICE—data criminalization also targets the approximately 13.6 million people who are here green card holders (“permanent residents”).Footnote 37 A final group likewise targeted through data criminalization is the more than 80 million temporary visitors who enter the US on tourist, student, or temporary work visas each year.Footnote 38  

 While the 3 million undocumented people on the “non-detained docket” named above are especially vulnerable to ICE arrest and deportation if they have an encounter with a cop or miss a court date, ICE and DHS are constantly creating new ways to formally exclude migrants from rights and scale up monitoring, controlling, punishing, and potentially deporting all 11 million. In addition to undocumented migrants—who are constantly targeted by ICE—data criminalization also targets the approximately 13.6 million people who are here green card holders (“permanent residents”). A final group likewise targeted through data criminalization is the more than 80 million temporary visitors who enter the US on tourist, student, or temporary work visas each year.

In the past few decades, the “crimmigration” system has expanded categories of deportable offenses and increased penalties for — while stripping protections from — migrants and non-citizens. DHS is constantly expanding the number of data sources it can use to create and maintain profiles of as many people as possible, so that it can automate and continuously identify people for arrest and deportation, or for other purposes such as criminalization in the name of anti-terrorism. At this point, newer immigration enforcement technologies operate largely in a world of speculative big-data prediction — which, coupled with unchecked, ubiquitous data-collection in everyday life, has the potential to vastly expand the pools of people whom are constantly “vetted” by ICE from a few million migrants who are already on ICE’s radar, to potentially all foreign-born people in the US, including those who have mostly flown under the radar because they haven’t gotten stopped or arrested by police. Whether or not deportation is actually DHS’ end goal, through criminalization and surveillance, people within this pool are systematically made vulnerable to exploitation in almost every meaningful way.

 At this point, newer immigration enforcement technologies operate largely in a world of speculative big-data prediction — which, coupled with unchecked, ubiquitous data-collection in everyday life, has the potential to vastly expand the pools of people whom are constantly “vetted” by ICE from a few million migrants who are already on ICE’s radar, to potentially all foreign-born people in the US, including those who have mostly flown under the radar because they haven’t gotten stopped or arrested by police.

Beneath the surface

The technologies that surveil all of us enact disproportionate violence and harm on some of us more than others. Footnote 39

Most of us are aware that our cell phones and apps record our biometrics, track our movements, and private companies sell our location, biometric and behavioral data to marketers and data aggregators, who in turn sell to various government agencies.Footnote 40 Many of us seem willing to believe the industry claim that these data are anonymized — they’re not — and trade some amount of privacy for technologies that promise us new experiences, access to information and connections with others.Footnote 41 A 2019 Pew Research Center survey found that six out of ten people polled said that they did not think it is possible to go through daily life without having data collected about them by companies or the government.Footnote 42 Although 79% of respondents reported being concerned about the way their data is being used by companies, 81% also said that the potential risks they face because of data collection by companies outweigh the benefits, and 66% said the same about government data collection.

The issue isn’t that we’re being watched without our consent, or that things are aggressively being sold to us, says social scientist and scholar, Shoshana Zuboff. She argues in her book, Surveillance Capitalism, that our collective dispossession and overwhelm is due to the fact that this growing economic and technological regime is so encompassing and unprecedented that we are unable to understand its true dangers and implications. Instead, as a society, we lean on old tools, such as privacy and antitrust laws, which fail to comprehend the scope and nature of the problem.Footnote 43  

Surveillance capitalism, Zuboff argues, describes how our daily lives are being mined as data for behavioral prediction and control. What its outcomes can look like, Zuboff wrote, is when your car shuts off if it detects alcohol on your breath.Footnote 44 Other real-world examples abound, she explained in a NY Magazine interview: “[I]n the insurance industry, in the health-care industry, insurance companies are using telematics so they know how you’re driving in real time, and can reward and punish you with higher and lower premiums in real time for whether or not your driving costs them more or less money, or whether or not your eating costs them more or less money, or whether or not your exercise patterns cost them more or less money.”Footnote 45

Zuboff makes the point that when executives at Google and Facebook claim that surveillance and tracking are part and parcel of their technologies and can’t be disabled, they are lying. But it is also true that the Internet itself was developed by profit-seeking contractors hired by the US military to not only communicate after a nuclear blast, but also to subordinate rebels abroad and at home in the fight against the perceived global spread of communism.

Zuboff makes the point that when executives at Google and Facebook claim that surveillance and tracking are part and parcel of their technologies and can’t be disabled, they are lying. But it is also true that the Internet itself was developed by profit-seeking contractors hired by the US military to not only communicate after a nuclear blast, but also to subordinate rebels abroad and at home in the fight against the perceived global spread of communism. As Yasha Levine wrote in his book, Surveillance Valley, 

The Internet came out of this effort: an attempt to build computer systems that could collect and share intelligence, watch the world in real time, and study and analyze people and political movements with the ultimate goal of predicting and preventing social upheaval. Some even dreamed of creating a sort of early warning radar for human societies: a networked computer system that watched for social and political threats and intercepted them in much the same way that traditional radar did for hostile aircraft. In other words, the Internet was hardwired to be a surveillance tool from the start.Footnote 46  

Then and now, many police departments have been eager to test militarized prediction technologies on civilian populations, seeking to aggregate as much data as possible and making special use of seemingly besides-the-point information gleaned from “field interviews” (police stops of non-suspects meant to mine individuals for information) in order to map and archive for future analysis any patterns or potential relationships between individuals (including those without criminal records), locations, and cars, for instance.Footnote 47  

Gotham, one such data organization and predictive computer system, was created by the Silicon Valley company, Palantir, and used by the Los Angeles Police Department (LAPD). (Palantir has also created tools especially for DHS, which are detailed later.) Gotham is supplemented with what sociologist Sarah Brayne calls the secondary surveillance network: the web of who is related to, friends with, or sleeping with whom.Footnote 48 In her book, Predict and Surveil, Brayne describes how one woman listed in Palantir’s system wasn’t suspected of committing any crime, but was included because several of her boyfriends were considered by LAPD to be within the same network of associates. Brayne, who spent more than two years embedded with the LAPD, noted that in order to expand its datasets, the LAPD also explored purchasing private data, including social media, foreclosure, toll road information, camera feeds from hospitals, parking lots, and universities, and delivery information from Papa John’s International Inc. and Pizza Hut LLC.

This is the context in which ICE data-stalks immigrants today.

What’s old is made new again

Nearly each month a new headline seems to reveal another invasive way that DHS tracks immigrants, often by using data created by spying on people during their mundane and seemingly private moments. ICE collects cell phone location history;Footnote 49 ICE analyzes family photos posted to social media, records location “check-ins” to places like Home Depot, siphons personal information like Social Security numbers and home addresses from credit agencies (who receive this data from banksFootnote 50 and before October 2021, utility companies);Footnote 51 and follows a person’s commute in real-time as automated license plate readers locate their car via surveillance cameras installed in public space and on private properties.Footnote 52 These data points are among billions archived in public and private sources, alongside lawsuits, credit scores, bankruptcy records, medical records, and purchase history. This personal data is mined by third-party vendors and data resellers, then aggregated and analyzed by data brokers who in turn look for buyers of its troves of profiles. This is the nuts-and-bolts of Zuboff’s surveillance capitalism machinery. 

Migrants are subject to additional layers of surveillance, which converts into cumulative opportunities for criminalization. Simply being Black or Latinx creates risk for a police encounter.Footnote 53 The police stop itself leads to active, present-tense criminalization — an arrest, booking, jail custody, possibly a criminal case. A police encounter as well as incarceration have profound immediate consequences that increase a person’s risk of death.Footnote 54 They also create the material for ongoing data criminalization, which is future-oriented and compounding.

Data criminalization uses records that police and courts generate about you (your “criminal history”) to prove that you are a present or future “risk.” Community organizers working to end pretrial detention are intimately familiar with how a self-perpetuating feedback loop of data criminalization is created in the pretrial system by “risk assessment tools,” or RATs.Footnote 55 Pretrial RATs range from simple checklists to secret and complex prediction algorithms that calculate “risk” by using extra-legal data — such as so-called “failures-to-appear” in court, not having a cell phone number, and having been arrested at a young age — as derogatory variables that will automatically lead an assessment to recommend detention, a higher bail, or harsher conditions of supervised release. Using the technocratic assumptions of criminology and paternalistic language of social work, RATs use old criminal history and extra-legal data to punish and evaluate people accused of crimes. Old arrest data that didn’t lead to convictions are weaponized by RATs to predict not only a person’s “risk” of not showing up in court, but of generalized “violence.” These "violence"  or "public safety risk" measurements are often conflated with generalized risk of arrest for any offense. RATs allow for allegations of missing a court-mandated therapist appointment, or an uncorrectable clerical error on a person’s “permanent record” to be dredged up again and again, enacting cumulative violence and reinforcing the narrative of a person being a “risk.” These pseudoscientific “risk assessments” provide the veneer of being objective and “data-driven,” all the while the slipperiness and undefinability of “risk” allows for and recommends extra-legal punishments and weaponizes datasets that are deeply flawed. Besides criminal legal data being inherently biased due to racist policing practices, what counts as “failure to appear,” for instance, is inconsistently calculated and ranges across jurisdictions; most criminal legal datasets generally are incomplete, outdated or inaccurate, and it may be difficult or impossible to challenge historical derogatory data.Footnote 56

Using the technocratic assumptions of criminology and paternalistic language of social work, RATs use old criminal history and extra-legal data to punish and evaluate people accused of crimes.

Data criminalization and automated processes make up the backbone of immigration enforcement today.

Neverending Loop of... Surveillance and Social Control, "Real Life" Events: Arrest, Deportation, Detentions/Punishment, "Predictive Policing": Immigration/Deportation Records, Biometric Theft, "Potential Criminals" Lists

For those of us who are immigrants, an expanding assortment of AI tools for data scraping and “continuous vetting” profile and identify us individually, and sort us categorically. Instead of relying on historical triggers, like entry into the US, or an arrest, the new systems not only make us visible to ICE at moments when we are most vulnerable — booked in jail, crossing a national border, or when a visa expires — but all the time. This method of surveillance aims to know not just those things about you that are conventionally thought of as potentially criminalizing (such as previous charges, convictions, migration and court records) — but everything about you: who your family, friends and community are, what you buy, where you buy it from, who you live with, where the car registered to your name is parked, what seat you chose on your last flight, your sleep patterns, how many hours a day you scroll through Instagram, what your utility bills are, and what you think (based on status updates, eye movements and heart rate).

Instead of relying on historical triggers, like entry into the US, or an arrest, the new systems not only make us visible to ICE at moments when we are most vulnerable — booked in jail, crossing a national border, or when a visa expires — but all the time.

But as sophisticated and automated as surveillance techniques may be, in order for ICE to deport a person, ICE still requires the bread-and-butter criminalization data generated from police encounters, and to match a person to official records in order to verify identification.

This means that immigration data criminalization siphons from two simultaneously operating systems: One system features privately-owned and contracted vendors that provide new, state-of-the-art, cloud-based data visualization, AI tools and interfaces that seamlessly integrate with other commercial datasets to make sense of the massive, constantly-expanding data pool of location and behavioral data collected by private aggregators and public records. The other is a system of government records, spread across multiple agencies, often duplicated or unmerged, unevenly maintained, sometimes sparse, outdated, and accessible primarily via legacy computer and Intranet-type systems that require multiple log-ins and restrict users or network sharing in order to meet legal privacy restrictions. Both systems are largely automated and rife with inaccuracies. While DHS, with the help of a rotating cast of contractors, is attempting to fine-tune and merge both kinds of systems, it has not yet succeeded.

Constantly Expanding "Data Pool", Government Records

We propose that before this window closes further, it is both necessary and possible to dismantle data criminalization as a key step toward migrant justice and prison abolition. First, we must understand criminal legal and DHS databases.

In the following sections, we introduce a couple dozen major databases and data systems out of the more than 900 used by the Department of Homeland Security. We zoom in on two key processes that illustrate data criminalization in action: police encounters and travel surveillance. We look beyond DHS’ sub-agency, Immigration and Customs Enforcement (ICE), because Border Patrol and bureaucracies like the State Department and Citizenship and Immigration Services that regulate and administrate identity, state-sanctioned travel, work and school visas as well as naturalization play key roles in border securitization and racial ordering. We name the historical antecedents of today’s commercial data market — trans-Atlantic slavery, imperialism and settler-colonial theft — in order to understand how state violence imbues all existing technologies of biometric identification, location-stalking and behavior prediction. Finally, we propose that paths to abolition will necessarily oppose both the free market as well as state power, rethink strategies that valorize recognition or legitimacy conferred by the law, and jettison demands for individual redress on the grounds of private ownership to instead assert collective self-determination and self-governance of one’s own data, and a communization of knowledge and free exchange of information for all.

Our methods

A note on data and databases

DHS’ databases — what information they contain, how they sort information or share, how they operate — are shrouded in secrecy. ln recent years there has been increased scrutiny and exposure of the most powerful and harmful contractors that power many of DHS’ newest tech systems and databases. Palantir, Northrop Grumman, and Amazon are among this list. In this report, we will focus less on the role of individual corporations and their specific tech contributions (knowing that crucial work is happening), and more on data criminalization as a violent legacy technical process with information bottlenecks and weak links.

It is easy to get deep in the weeds when trying to understand a database or technological feature. It is more challenging still to piece together how these work when one is unable to see an interface or use a technology. Most law enforcement and DHS databases are connected to each other in multiple ways, and different iterations of the same system of records may be connected to dozens of contract vendors, some of which come and go. Old “legacy” data systems sometimes change names or functions, or gain “components” as technologies advance. A “System of Records” may actually include records stored in multiple databases, while a single database may include data classified for Privacy Act purposes as part of several “Systems of Records.” While there are a couple dozen databases and analytic systems that DHS clearly relies on, the agency owns more than 900 databases.Footnote 57

Our sources

The processes we detail are based on government reports and audits, publicly available FOIA-requested material of internal documents and correspondence, court testimonies, old user manuals, Privacy Impact Assessments (PIAs) and descriptions from law enforcement websites. Information about law enforcement technology that is publicly available tends to be old, and many of the descriptions and screen captures date back to 2011 or earlier. Federal agency self-descriptions are not always accurate or complete. When it is possible, we cite sources that are more complete (even if they are older) over those that are newer but sparse on details and references. Based on the limited amount of sources on these systems, it is not always clear (or perhaps knowable) exactly which parts of the automated data criminalization process are strictly machine-to-machine, when human intervention is required due to technological need or bureaucratic requirement, when it is merely a formality or rubber-stamp approval of de facto automated decisions, and when it is optional. We include descriptions nonetheless because although some elements are clearly outdated, we think that there is value in understanding how these automated systems between agencies were built to function in the data criminalization feedback loop. 

Often, the main sources of information about government criminalizing databases are government-written Privacy Impact Assessments (PIAs) and System of Record Notices (SORNs). We cite them but also take them with a grain of salt. 

PIAs are supposed to be conducted before a government agency develops or procures IT systems or projects that collect, disseminate, maintain, or dispose of personally identifying information (PII) about members of the public, in order to assess the associated privacy risks.Footnote 2 They are written by the “Project Manager/System Owner,” “in consultation with the department’s Chief Privacy Officer.”Footnote 58 Because the objective of PIAs is to fulfill the 2002 eGovernment Act requiring all federal agencies to provide “sufficient protections for privacy of personal information,” they are not a flawless source for our purposes.Footnote 59 PIAs are legally required to comply with current privacy law and “provide basic documentation on the flow of personal information” within IT systems across government staff and contractors, but they do not require detailed description of database sharing. Additionally, technologies, databases and systems are often so interlinked and enmeshed that when PIAs break them down into separate reports, inaccuracies and misunderstandings from the arbitrary separation may be introduced. There is no evidence to indicate that a penalty is imposed on an agency or its staff for failure to issue a PIA, or for issuing an incomplete or inaccurate PIA. 

SORNs are legally binding public notifications that identify and document the purpose for a “system of records,” the individuals profiled in the system, the types of records in the system, and how the information is shared. They are required by the Privacy Act of 1974 and are published in the Federal Register for public comment.Footnote 60 SORNs are supposed to explain how information is used, retained, and may be accessed or corrected, and whether certain portions of the system are subject to Privacy Act exemptions. Like PIAs, SORNs are written by the program manager, who works with a Component Privacy Office and their legal counsel for submission to the DHS Privacy Office for review and approval by the Chief Privacy Officer. Operating a “system of records” without first publishing a SORN in the Federal Register is a criminal offense on the part of the responsible agency officials, but this criminal law is never enforced.



Generally, the requirements to conduct PIAs are broader than for SORNs, because PIAs are required when a system collects any PII. SORNs, on the other hand, are triggered only when the PII is “retrieved by a personal identifier” — which might be a person’s name, address, phone number, or biometric data.Footnote 61

Government statistics

Furthermore, the way that DHS parses its data can be misleading. DHS and the government are infamous for concealing and misrepresenting data. For example, in 2019, then-Vice President Mike Pence asserted on CNN that over 90% of migrants don’t show up in immigration court. The Washington Post fact checked this statement, and determined that: 

  1. Pence was referencing a statistic describing the results of the controversial “rocket docket” pilot program, which fast-tracked 7,000 cases through immigration courts in ten cities; 
  2. the Justice Department’s number for how many migrants did not show up in court for that period was 44 percent (half of Pence’s 90 percent) — but that number was based only counting final decisions, not pending cases; 
  3. when pending cases as well as final decisions were counted by Syracuse University’s Transactional Records Access Clearinghouse (TRAC), TRAC calculated that 81 percent of migrant families actually attended all their court hearings during the period in question.Footnote 7
  4. finally, the number of no-shows was artificially inflated because of Trump-era policies such as Remain in Mexico that made it effectively impossible for many people to attend court when scheduled.Footnote 62

TRAC files FOIAs and follows them up with lawsuits in order to receive individual case data of every removal from the Executive Office for Immigration Review (EOIR) — and using the government’s own records, TRAC has debunked some of the agency’s claims. TRAC is currently suing DHS for withholding, since 2017, information previously published: whether deportations actually result from its use of detainers under the program Secure Communities, how and when ICE took individuals into custody, and the full details for any criminal history for those who were deported.Footnote 63  

For this report, we lean heavily on TRAC’s work but also cite government data where it exists, noting its limits here.

A note on language

In general, we use the words “deportable” and “deportation” rather than the euphemistic terms “removable” and “removal,” but we do use “removal” when the term refers to a specific legal or technical meaning. We also want to note that we use both the term “migrant” and “immigrant" throughout the report. This is because US laws generally refer to “aliens” and “immigrants,” but the term “migrant” better describes the hegemonic oppression that forces the displacement of people across the world.

Likewise, we use the word “train” to describe the technical process of “teaching” machines to discern useful information, identify patterns, and make predictions — even though we resist conferring legitimacy onto the process, which is very much shaped and developed by humans and human biases.

Feedback Loops of Endless Criminalization

FBI & DHS Data Sharing, S-Comm, 287(g), CAP, Police and ICE

In the following sections, we examine how data criminalization operates within:

  1. Police encounters and profiling
  2. Automated data-sharing systems used by law enforcement agencies
  3. Surveillance capitalism: the expanding market of data brokers, cell phone apps, social media and digital stalking
  4. Biometric technologies and covert identification practices
  5. Traveler surveillance and securitization 
  6. Bureaucratic pathways to visas and naturalization

For this report, we do not aim to provide a complete taxonomy of all government and commercial databases used to criminalize, but instead ask how the tangled and blurry morass that we can discern might indicate how a larger machinery operates. 

Constructing crimmigration

Collaborations and data-sharing between law enforcement and ICE have been the most efficient way to criminalize and deport record numbers of immigrants from the US. The majority of ICE arrests are based on hand-offs from jails and prisons directly to ICE. A 2020 DHS Office of the General Inspector audit analyzed Enforcement and Removal Operations (ERO) data from 2013-2019 and found that “516,900, or 79 percent of its 651,000 total arrests, were based on in-custody transfers from the criminal-justice system.”Footnote 64  

 

Image Source Footnote 2

Enforcement and Removal Operations 2013-2019, Total Number of Arrests 651,000, Arrests based on in-custody transfers from the criminal punishment system totaled 516,900 or 79%

Digitization and centralization of government databases began as early as 1967 with FBI records.Footnote 3 However, the digitization of migrant records came much later. It was not until 2008 that fingerprints accompanying applications for immigration “benefits” like travel visas and naturalization were uploaded, and 2010 when ICE investigators began consistently uploading fingerprints taken from people during law enforcement encounters.Footnote 65



The legal architecture of modern US immigrant criminalization is less than forty years old.

Many key laws have roots as recent as the 1980s, when the Cold War and the racialized War on Drugs collided. In 1986, the Immigration Reform and Control Act (IRCA) criminalized hiring undocumented workers for the first time in US history, and increased resources for the INS to patrol the border.Footnote 66 IRCA also mandated the US Attorney General to deport noncitizens convicted of “removable offenses” as quickly as possible. This began the practice of targeting immigrants convicted of crimes and expanded the mechanisms for policing immigrants.

Source Footnote 6

Modern Legal Architecture of Migrant Criminalization. 1986: Anti-Drug Abuse Act: Set the groundwork for use of detainers. Immigration Reform and Contral Act: Criminalized hiring undocumented workers, More funding for border enforcement. 1988: Anti-Drug Abuse Act: Introduced the aggravated felony concept, denied judicial discrection for release. If Aggravated Felony, Mandatory Detention. 1990: Immigraton Act of 1990: Expanded grounds for removal making it easier to target people for state drug convictions. 1994: Violent Crime Control and Law Enforcement Act: Creates the state criminal aliens assistance program which reimburses local governments for arresting and detaining undocumented immigrants.1996: Anti-Terrorism and Effective Death Penalty Act: Expanded mandatory detention including LPRs, Illegal Immigration Reform and Immigrant Responsibility Act, More people subject to Mandatory Detention, 287(g) Agreements Created.

The Clinton administration continued and expanded those practices, passing the Antiterrorism and Effective Death Penalty Act of 1996, or AEDPA, which created and expanded the grounds for mandatory immigrant detention and deportation, including for long-term legal residents. It was the first US law to formally authorize fast-track deportation procedures, a modified form of which is widely used today.Footnote 7

Additionally, the Clinton administration passed the Illegal Immigration Reform and Immigration Responsibility Act (IIRIRA) in 1996, which conflated immigration and criminality.Footnote 67 IIRIRA is a keystone of our current immigration policy. It:

  1. enabled the creation of the 287(g) program, which allowed DHS to enter into agreements with local law enforcement to perform certain functions of immigration agents;
  2. expanded the list of convictions that trigger “mandatory” detention; and
  3. increased the number of convictions that trigger deportation by further expanding a category applicable only to immigrants that was created by the Anti-Drug Abuse Act of 1988: “aggravated felonies.”Footnote 68

Congress determines which offenses qualify as aggravated felonies (not all aggravated felonies are felonies), and an aggravated felony conviction precludes access to relief like asylum and increases vulnerability to deportation.

Police + ICE collaboration

In the following section, we look at three notable police-ICE partnerships that institutionalized data criminalization of migrants and non-citizens within non-immigration law enforcement protocols.Footnote 10 As we will see, systemic information-sharing at the data network level nullifies many of the sanctuary agreements that are in place today.

Formal FBI and DHS database integration is even newer than the crimmigration laws named above, dating back to around 1998. It accelerated following the 2001 Patriot Act, when Congress mandated the creation of an electronic system to share law enforcement and intelligence information to confirm the identities of people applying for United States visas.Footnote 69 At the same time, Congress restructured federal law enforcement laws to conflate “national security,” “crime control,” and “immigration control.”Footnote 70 Just one year later, in 2002, Congress created DHS and granted it immediate access to information in federal law enforcement agencies’ databases, sealing the deal for an interlocking web of automated database sharing.

Various programs since the 1980s had already given immigration authorities access to police data, jails and prisons. These programs often do not have clear beginning and end dates. There are implementation differences based on region, and there are overlaps and inconsistencies. Furthermore, in response to public pressure opposing formal law enforcement collaborations with ICE, the agency continued its information-sharing collaborations with local and state law enforcement — but often under the radar. Today, much data-sharing and immigration status-querying is built into the computer systems used by law enforcement to perform routine functions (like uploading someone’s fingerprints). Under the current automated systems, every single person who was born outside of the US — or whose birthplace is unknown to US government databases — is automatically scrutinized for deportation if they are arrested and booked for anything, regardless of the charge and whether it is ultimately dismissed.Footnote 71

S-COMM, Cops Let ICE in jails and CAP and Prisons, Cops are Deputized 287(g), Local Cops can hold a person for ICE and/or Notify ICE

Criminal Alien Program

The Criminal Alien Program (CAP) has been around in one form or another since a 1986 law decreed that people convicted of certain crimes should be an enforcement priority. CAP has been more aggressive in some states than others. “The unevenness in the program certainly implies that the preferences of state and local law enforcement officers (as well as the preferences of ICE agents in one region or another) played a role,” a Vox article stated.Footnote 14 Today, CAP is an umbrella program that includes a variety of local law enforcement and ICE partnerships with names like VCAS, LEAR, REPAT, DEPORT, JCART, which use tactics ranging from in-person “jail checks” to automated biometric database-sharing.Footnote 72  

CAP began as mostly low-tech, voluntary collaborations between local law enforcement and immigration enforcement. Under CAP, jails and prisons often shared booking records with immigration agents and/or allowed immigration agents in-person access to interrogate incarcerated people ICE suspected it could deport — regardless of whether the booked person could eventually be charged or convicted.Footnote 73 CAP allows local cops to funnel people directly into ICE’s custody, and allows ICE to use the criminalization process as a tool to facilitate mass deportations. CAP absolutely is premised on racial and national origin profiling and targeting: If you are a “suspected noncitizen,” that is enough to qualify you for a CAP screening and ICE interrogation in jail or prison.Footnote 74 A 2013 American Immigration Council report found that CAP screens “all self-proclaimed foreign-born nationals found within Bureau of Prisons (BOP) facilities and all state correctional institutions.”Footnote 75  

Despite its name, CAP programs were used to deport more than 22,000 immigrants without criminal records between FY 2013 and FY 2016.Footnote 76  

CAP was in place long before S-Comm was piloted in 2008 (more on S-Comm below). It operates out of all ICE field offices, in all state and federal prisons, and many local jails.Footnote 77 It has blended seamlessly with S-Comm machinery and processes, as ICE makes use of many of the same automated database checks set in motion by law enforcement booking and heavily relies on cooperation from jails and prisons to honor detainers and requests for notification of release. During the Obama era, CAP was the primary mechanism through which ICE deported people from the US interior.Footnote 78 Vox reported that CAP was responsible for between two-thirds and three-quarters of deportations during the Obama era of the early 2010s.Footnote 79 TRAC at Syracuse University concluded similarly for FY 2016, based on analysis of case-by-case records on both apprehensions and removals data obtained from ICE in response to hundreds of Freedom of Information Act requests, appeals, and a successful lawsuit.Footnote 80

Source Footnote 24

Weekly Number of Ice Apprehensions FY 2016, Fugitive Operations, Alternatives to Incarceration, Non-Detained Docket Control, Other (Criminal Alien Program)

Although CAP is still known by many as a “jail status screening” program, both CAP and S-Comm use automated systems (detailed below) that attempt to match to FBI files and immigration records biographical and biometric information taken from a person by a cop during booking. Historically, “biometrics” has generally meant fingerprints; today, ICE and the FBI are outfitted with facial recognition software and readily available photo data from state driver’s licenses, visa and naturalization records as well as photos scraped from the Internet and social media.

287(g) agreements

Section 287(g) of the Immigration and Nationality Act (INA) allows DHS to deputize state and local police to carry out federal immigration enforcement through interrogations and arrests, or following resolution of local, state, or federal charges. These partnerships today take two main forms: the “jail enforcement model,” which authorizes local police to issue immigration detainers, or the “warrant service officer model,” which ask jails or prisons to notify ICE, or hold a person for ICE, if a person is suspected of being deportable.Footnote 25 287(g) partnerships are voluntary and formalized through MOU agreements made between state or local law enforcement with federal immigration authorities.Footnote 81  

The Trump administration dramatically increased the number of 287(g) agreements — from 34 at the end of 2016 to 151 as of November 2020. However, despite the increase in 287(g) agreements, it is difficult to calculate if deportations increased as a result. ICE claims that it does not break out 287(g) data to count deportations, and instead issues monthly reports of “encounters” that only include “a sampling” of people identified under the 287(g) program.Footnote 82

Secure Communities (S-Comm)

S-Comm was piloted by DHS in 2008. It formalized the now-ubiquitous automated process of forwarding fingerprints collected during law enforcement booking to check against immigration and travel databases for potential deportability. 

Automating database checks had immediate and dramatic consequences. One product of ICE automation is the detainer (detailed below) — which has taken either the form of ICE requesting that a jail or prison “hold” a person who could be released, or a request from ICE for “notification of release” of a person whom ICE thinks might be deportable. In FY 2005, ICE issued roughly 600 detainers based on automated fingerprint matches per month — but by the end of FY 2011, monthly detainers exceeded 26,000. Although S-Comm was voluntary at first, following opposition from advocates and community members in New York, Massachusetts, and Illinois, the federal government mandated the program.Footnote 28 By January 22, 2013, S-Comm database sharing had been fully implemented in all 3,181 jurisdictions within 50 states, the District of Columbia, and five US territories.

Average Number of Detainers by Month, Fiscal Year

S-Comm generated much public backlash, and various communities have pressured their jurisdictions and Sheriffs to refuse to cooperate with ICE detainers. TRAC reported that “law enforcement agencies with the most recent recorded refusals were concentrated in New York and California,” and two out of three detainer requests addressed to Queens and Brooklyn Central Booking were recorded as refused.Footnote 30 Santa Clara County in California refused to honor detainers over 90 percent of the time. 

S-COMM, CAP, 287g, WHAT SANCTUARY POLICIES USUALLY TARGET: Cops may deny access to jail/prison rosters or in-person interrogations, Local jails might deny ICE detainers to hold a person for ICE, Local cops might not directly share info with ICE, including release info

WHAT SANCTUARY LAWS DONT TARGET: AUTOMATED CROSS CHECKING BETWEEN... State ID Bureaus, FBI, DHS, NLETS, NCIC, ACRIMe, ICE, LESC, PERC, NGI, IDENT, EID, CBP, TSA, TECS/ICM, FUSION CENTERS, USCIS, CIS, PCQS; DATA BOUGHT BY BROKERS: DMV, UTILITY COMPANIES, PACERS, U.S. COURTS, USPS; GOV'T CONTRACTORS WHO PROVIDE... Location Tracking, Data Analysis, Biometric ID, Profiling and Prediction Tools, THESE GOV'T CONTRACTORS INCLUDE... PALANTIR, CLEARVIEW AI, VENNTEL, VIGILANT SOLUTIONS, AMAZON, GOOGLE

Laudable though these victories have been for organizers, especially at the local level, it is important to keep in mind that detainers are just the tips of those icebergs — and if a person is not directly transferred to ICE custody from local law enforcement, there are still a number of ways that ICE is able to locate and control a person who is marked by criminalizing databases. 

Automated processes of data criminalization

Constant Surveillance and Prediction, "migrant and traveler stalking," "commercial datasets," "arrest + booking," and "HSI and ICE data centers"

How can we dismantle the entire system of data criminalization, which is fully automated at the database and computer level? Here, we take an in-depth look at two of these processes and data systems.

  1. Arrest and booking: Database cross-checking with some DHS records became standard procedure in daily policing during the era of S-Comm implementation, but things didn’t stop there. Today, criminal punishment data is merged with an expanding array of DHS datasets and commercially sold cell phone app, location and identification data for prediction and profiling purposes. Below, we detail a shortened version of this process, step-by-step.

     
  2. Travel surveillance and criminalization: Well before S-Comm, and even before September 11, 2001, airline surveillance and Internet purchase spying was already a norm. Since 9/11, as we will see, the state has largely replaced its former “blacklist” model with algorithmic continuous trolling, creating and using AI to process massive amounts of data and to selectively target any chosen population. Section 7 describes historical and cutting-edge tools and techniques used to covertly identify people in public spaces as well as carceral ones, and match them to multiple private and public datasets in order to evaluate them for the ambiguous quality of “risk.”

Detainers: criminalizing potential

For those of us who are in contact with the immigration system, a detainerFootnote 31 or immigration hold (a version of Form I-247Footnote 83 ) may be the first artifact we encounter in ICE’s data criminalization process that follows a police stop. Detainers are requests by ICE for law enforcement to hold someone in jail or prison for up to 48 hours past the point when they would be released from custody, or to notify ICE prior to release. Some version of an immigration detainer has been used by the precursor to ICE, the INS, since at least the 1950s.Footnote 84 But it wasn’t until S-Comm’s launch in 2008 that issuance of immigration detainers skyrocketed.Footnote 85 S-Comm automated the process, which, combined with the massive legal machinery of immigrant criminalization and deportation that developed over decades, created the data criminalization dragnet that is in effect today.

Detainers cast a wide net, translating ICE’s internal version of “probable cause” into an arrest and possible deportation by attempting to connect the biometric and data profile of a person to records kept by government agencies and commercial databases that show possibility of a visa overstay, entry without inspection, an open warrant, criminal conviction, previous deportation or any other factor that makes a person vulnerable to ICE arrest.Footnote 86  

For much of the last decade, ICE has relied heavily — ideologically and practically — on the detainer. In turn, the detainer relies on digital automated data cross-referencing. As an October 2020 Congressional Research Service report notes, “most ICE detainers are based on electronic database checks.”Footnote 87  

Using the detainer, ICE converts criminalized data into enforcement potential. By merging criminal and immigrant datasets, detainers purport to make real the longstanding claim that immigration is synonymous with criminality, and therefore, immigration and criminal enforcement are the same. But immigration detainers are not legally enforceable judicial warrants or official court “notices to appear;” they are just (legally questionable) requests from ICE to fellow law enforcement.Footnote 88

Not just deportation, but “interoperability” and constant tracking

Detainers are not an endgame in and of themselves. They are visible iceberg tips that are part of automated processes that come downstream following multiple steps of data criminalization.

If we look at detainers alone, the story seems inconclusive. As noted earlier, in FY 2019 ICE did not take into custody up to 80 percent of the individuals for whom PERC issued immigration detainers.Footnote 38 These folks may still be located by ICE at their homes or upcoming criminal court dates for interrogation and/or arrest, but if they aren’t, they may remain in limbo until a new event or encounter triggers the machinery of data criminalization once again.

Even amid peak deportations during the Obama era in 2013, S-Comm’s fingerprint match-to-deportation ratio was at its highest, yet accounted for only around a quarter (28 percent) of ICE removals from non-border areas of the US, and less than 12 percent of all ICE removals.Footnote 89 Likewise, despite aggressive support for S-Comm by ICE under Trump, between 2016 and July 2017, only 2.5 to 5 percent of S-Comm deportations from the interior US were the result of detainers sent to local law enforcement agencies. TRAC noted: “When compared with ICE removals from all sources” — not just S-Comm fingerprint matches — “this component made up even a smaller proportion — less than 1 percent of all ICE removals.”Footnote 90

Source Footnote 41

ICE DEPORTATIONS FROM INTERIOR AND DETAINER USAGE, NO DETAINER, DETAINER, INTERIOR-NO DETAINER, DETAINER, BORDER, ALL ICE DEPORTATIONS AND DETAINER USAGE

What the data suggest then is that detainers are not particularly effective as direct pipelines for the deportation of individuals, even those made vulnerable by the criminal legal system. It seems rather that the state’s long game has been to establish a well-oiled “interoperable” machinery of databases that ensure that no matter who is in charge formally, a separate system — governed by targeting decisions, algorithms, and operating procedures — is able to expand and toggle between hidden, real-time, long-term tracking of individuals and high-profile, punitive enforcement intended to manage and criminalize communities of people based on the priorities of the moment.

It seems rather that the state’s long game has been to establish a well-oiled “interoperable” machinery of databases that ensure that no matter who is in charge formally, a separate system — governed by targeting decisions, algorithms, and operating procedures — is able to expand and toggle between hidden, real-time, long-term tracking of individuals and high-profile, punitive enforcement intended to manage and criminalize communities of people based on the priorities of the moment.

Undermining sanctuary

There are numerous ways that criminalizing data is passed between local and federal law enforcement agencies. Many of these automated processes negate and circumvent hard-won “sanctuary” policies. These processes fly under the radar, taking the form of short-lived pilot programs and informal agreements that can turn into unnamed and normalized long-term practices that are embedded in technology and may even contradict formal policies.

New York is one case study in confusion. Most people, including some politicians in the state, think that local sanctuary laws prevent police collaboration with immigration enforcement. But since database sharing is automated across all 50 states, there is no true way to opt out of “collaboration.”

As the news site Documented reported, “New York state has a relatively robust sanctuary framework: only a single sheriff participates in the controversial 287(g) federal program, which deputizes local law enforcement officers — typically corrections personnel — to detain immigrants for questioning and arrests.Footnote 42 A New York appellate court ruled that local law enforcement cannot honor ICE detainer requests to hold immigrants in custody for longer than their normal release times.Footnote 91 Former state Governor Andrew Cuomo issued an executive order and amendment restricting state agencies’ cooperation with ICE.Footnote 92  

Yet, like every other US state, New York law enforcement officers and agencies use Nlets and NCIC, which pass on information (biographic or biometric) from everyone arrested for automated DHS database screening. 

Separately, New York’s Division of Criminal Justice Services (part of the State Identification Bureau) also receives booking fingerprints, and they send them to ICE as well. Since 2005, DCJS has specifically notified ICE every time it receives fingerprints of a person who has previously been deported. In fact, according to the state agency’s 2009 annual report, DCJS would forward an electronic notice to LESC and a real-time Blackberry notification to ICE’s New York City fugitive apprehension unit.Footnote 93 While the report and some of the technology described is old, the fundamental data-sharing structure is still in place. It remains DCJS policy to automatically forward a notification to ICE when a fingerprint taken by state authorities brings up a record that includes notice of a previous deportation.Footnote 94  

Similarly, since 2016 DHS’ Law Enforcement Notification System (LENS) program has allowed local law enforcement (including campus safety officers) at agencies nationwide (not just in New York) to subscribe to email alerts that flag when a migrant leaving ICE custody is released in or intends to settle within that law enforcement agency’s jurisdiction.Footnote 95 That is on top of ICE sharing that information directly with State Identification bureaus and fusion centers, who in turn can notify local law enforcement agencies.

How automated criminalization works:

Street-level harassment and arrest by police is disproportionately focused on working-class Black and Latinx people, and therefore tends to screen out non- or less-criminalized populations from immigration records searches, which are initiated after arrest when a person’s fingerprints are booked. Once a person has their fingerprints booked, it is the discovery of any record that indicates foreign birth that triggers the IAQ and IAR process, which directs the weight of DHS inquiry and investigation onto that individual.Footnote 48 By structuring its computer systems in this way, non-immigration law enforcement and DHS have succeeded in procedurally and extra-legally implicating birth abroad, and even international travel, as criminalizing.

Arrest and booking

Two main, known procedural pathways for automated migrant criminalization are dubbed in the parlance of law enforcement’s networked computer system the “Immigrant Alien Query” (IAQ) and “Immigrant Alien Response” (IAR). These are the computerized processes that automatically compare fingerprints collected by non-immigration police against DHS holdings in order to trawl an arrested person’s records for evidence of foreign birth, travel visa applications, historical border-crossings and previous encounters with immigration enforcement. These records, if dredged up, subject an arrested person to new or reinvigorated scrutiny, surveillance, harassment and potential arrest by ICE.

As mentioned above, database cross-checking with some DHS records became standard procedure in daily policing during the era of S-Comm implementation and has grown to encompass many more datasets since. Here, we detail a shortened version of this process, step-by-step. In the appendices, we provide a much longer detailed description of each step of this process and the databases involved.

  1. You get stopped by a cop. Maybe it is the result of a Stop-and-Frisk-type stop, or perhaps you were pulled over while driving a car with a broken taillight. 
  2. The cop who stopped you demands your ID. In some states, refusing to give your name to a law enforcement officer, or not carrying government-issued identification, can itself lead to arrest.Footnote 49

    If you are carrying and hand over a US-issued ID or driver’s license, the cop is likely able, using the information on the ID, to access almost immediately your DMV records that provide biographical details, information about whether your license is valid or suspended, vehicle registration, car insurance information, and home address. 

    They, or a dispatcher, will also conduct a quick search for any open warrants that would show up in local, municipal and state databases. 

  3. The cop may also decide to search your criminal history in additional federal databases. They may be able to conduct this search from their car or via mobile device, or ask a dispatcher to do it for them.

    The databases they likely consult include: National Crime Information Center (NCIC) and Nlets

  4. You are arrested and taken to jail for booking. Your fingerprints are automatically checked against state-level and FBI files. When your information and biometrics are loaded into the computer system, an automatic process is triggered. Your prints, photo, and biographical information are automatically forwarded to the State Identification Bureau (which are like FBIs at the state level that archive fingerprints and criminal history). Your biometrics are checked against FBI holdings, as well as the FBI’s NCIC and Next Generation Identification (NGI) biometric databases.Footnote 96

    Databases implicated: NGI and NCIC

ICE nerve centers: Law Enforcement Support Center and Pacific Enforcement Response Center

The Law Enforcement Support Center (LESC) and Pacific Enforcement Response Center (PERC) are two of a handful of ICE data centers that run 24/7 to follow as many leads as possible generated by the automated data criminalization process following a law enforcement encounter and database match. ICE claims that LESC workers process approximately 1.5 million biometric and biographic (IAQ) queries annually. Following a series of automated searches of at least sixteen visa, citizenship and criminal legal databases, the LESC analyst will recommend to an ICE deportation officer whether or not the person being searched may be removable, and whether a detainer, or immigration hold, could be issued.Footnote 97 LESC works closely with law enforcement and local Field Offices to provide information about people who are held in custody and whom ICE may be able to target. 

  1. Nlets checks your biometrics against DHS’ IDENT/ HART biometric database. If anything indicates that you might be foreign-born, your profile is forwarded on to ICE analysts via a biometric or biographic “Immigrant Alien Query,” or IAQ. 

    If DHS has any biometric record of you in its massive database — which may have come from applications for an immigration “benefit” like a travel visa, naturalization or asylumFootnote 98 — then Nlets automatically creates a biometric “Immigrant Alien Query,” or IAQ, which notifies ICE and law enforcement of the “match.” Alternatively, a biographic IAQ is created if your biometric information cannot be matched to DHS’ holdings, but if you were born outside of the US (or if DHS’ records don’t show where you were born). 

    Both kinds of IAQ trigger a rapid and multi-step process created by ICE to automate the creation of detainers — a notice to law enforcement that ICE is supposedly investigating a person in law enforcement custody for violating immigration laws, and a request to notify ICE if that person is going to be released.

    Databases used: IDENT/ HART

  2. ICE analysts at the Law Enforcement Support Center in Williston, Vermont receive the IAQ from Nlets.Footnote 99 IAQs are placed in a queue. Once an IAQ rises to the top of the queue, a contract analyst for ICE picks it off of the line, conducts cursory initial database queries, and begins working on an Immigrant Alien Response (IAR). The contract analyst uses a computer system, ACRIMe, and oversees the process of checking you against numerous government and private datasets.Footnote 100

    Databases used: Nlets and ACRIMe

  3. ACRIMe automatically searches for name and date of birth matches in various criminal, customs, and immigration databases.Footnote 101

    Databases and systems used and searched can include: ACRIMe, Nlets, CIS (Central Index System)Footnote 102 , CLAIMS 3 and 4, EID (Enforcement Integrated Database), EAGLE (EID Arrest Graphical User Interface for Law Enforcement) , ENFORCE, ENFORCE Alien Removal Module (EARM), Prosecutions Module (PM), OM², Law Enforcement Notification System (LENS), EDDIE, IDENT/ HART, ADIS (Arrival and Departure System), SEVIS (Student and Exchange Visitor Information System), and EOIR (Executive Office for Immigration Review)

    Court documents from 2017 indicated that ICE relies on sixteen databases.Footnote 103 (This statement might downplay the fact that because many databases link to others, making contact with a system like EID may actually provide datasets from a dozen or more discrete databases.)
  4. Based on the above searches, ICE’s data analyst at LESC decides whether ICE has the basis to issue a detainer or arrest you. The ACRIMe user finalizes the Immigration Alien Response (IAR) that recommends to an ICE deportation officer whether you might be removable.Footnote 104 The IAR includes a person’s last known immigration or citizenship status, basic biographical information and criminal history. ACRIMe then electronically returns the IAR to both the requesting agency and the ICE ERO Field Office that is in the region of the requestor. If the analyst decides that a person might be deportable, then an ICE agent or officer can lodge a detainer via the ACRIMe system, and the IAR is routed to the local ICE field office which has jurisdiction.Footnote 105 Whatever the decision, an ICE field office can still carry out its own search, and has unchecked power to decide when the “evidence” it has is enough to justify a detainer or arrest.Footnote 106
  5. The IAR is sent from LESC to an ICE field office, and/or PERC. ACRIMe allows contract analysts at PERC to search multiple criminal legal, DHS and commercial databases to cross-check for any possibility of deportability. ICE field officers can access the analyst’s research via ACRIMe as well, and can also conduct their own research and investigation.

    PERC is a newer center, established in January 2015.Footnote 107 ICE contract analysts at PERC attempt to identify, locate, and build a case against people whom it suspects are deportable. This includes people who have been previously ensnared by the automated data criminalization system, but were released before ICE picked them up. PERC creates detainers all day and night, scraping datasets that collect everything from social media posts to family members’ naturalization records to try to justify “probable cause” for a detainer.

    An ongoing lawsuit, Gonzalez v. ICE, called into question whether issuing detainers based on incomplete and inaccurate databases violates the constitution, and enjoined several states, temporarily preventing them from honoring PERC detainers. A Ninth Circuit ruling in September 2020 overturned the prior injunction, but as of February 2022, ICE agreed to honor the injunction voluntarily for a 6-month period (through August 2022) during settlement negotiations.Footnote 108

    Additional databases consulted by PERC analysts may include: Commercial databases CLEAR and/or LexisNexis
  6. ICE uses ACRIMe to issue a detainer to the jail where you are held. Your fate is in the hands of your jailers. 

    Best case scenario: Even if the cops do not honor ICE’s detainer, and you are released, your “permanent record” is now beefed up and freshly linked to criminalizing data. If you encounter law enforcement or immigration officials in the future, it will only take a quick database check for them to decide that you’re worth detaining and investigating further. Also, ICE could decide at any time to prioritize coming for you. They have very updated information about where to find you.

    Worst case scenario: If the jail decides to hold you or notify ICE about the details of your release, ICE could send over an agent to arrest you.

Anyone can be in a gang database

Allegations of gang membership — which may look like having your name show up in any of the various gang databases across the country — sweep more than a million people nationally into a feedback loop of data criminalization. 

Different agencies define “gang” differently. NCIC defines a "gang" broadly: as “a group of three or more persons with a common interest, bond, or activity characterized by criminal or delinquent conduct.”Footnote 63

Gang databases typify some of data criminalization’s most egregious characteristics. It is possible to be in a gang database and not know about it. Maintained in secret, with entries often based entirely on the subjectivity of a law enforcement officer, these databases track and share extra-legal and unproven information about alleged gang membership, listing the names of individuals convicted of “gang-related” crimes, as well as people who have not been convicted of anything but are alleged to be “associates.” If you are close to people who are alleged to be gang members, or if you simply exist in community with people profiled as gang members, your clothing choices or “frequenting gang areas” (even if these include your own home) are likely to land you in a gang database.Footnote 109 Inclusion in a gang database makes you extra visible to police for harassment — and all police encounters can easily lead to arrest, further criminalization, and possibly deportation. Lack of transparency and procedures to challenge database entries makes it all but impossible to challenge your inclusion, and data sharing across agencies makes eradicating the taint of one-time inclusion nearly impossible.

The modern chapter of using alleged gang affiliation to enhance or multiply punishment dates back to at least the 1980s, when California began establishing gang injunctions — probation-like civil orders that target certain neighborhoods. If you’re hanging out or live in a targeted neighborhood, a gang injunction allows law enforcement to arrest you for standing on the corner with a member of your family or a friend.Footnote 110 Once listed as a “gang member,” you may receive longer sentences if you do get convicted of anything.Footnote 111 Accusations of gang affiliation can determine where you are incarcerated, and heighten your risk of violence in jail or prison, as well as in your country of origin if you are deported.Footnote 112  

Being criminalized as a gang member doesn’t end after your enhanced sentence. In states like California, a person who is convicted with a gang enhancement must register as a gang member for at least five years post-incarceration.Footnote 113 If you are a noncitizen, gang affiliation can make you a DHS priority and ineligible for a green card, DACA, or other benefits, and potentially lead to your deportation. Indeed, it is not uncommon for ICE to continue pursuing someone indefinitely, even after they win their immigration case, based on asserted gang affiliation.Footnote 114

The mid aughts saw the major expansion of gang database creation and sharing across federal agencies. In 2005, Congress established the National Gangs Intelligence Center (NGIC), an interagency network with representatives from the FBI, ICE, and CBP, among others.

Soon after the creation of NGIC, in 2007 Congress authorized the Gang Abatement and Prevention Act.Footnote 71 The national database established pursuant to the 2007 bill became what is now GangNet — database software owned by a federal contractor, General Dynamics, which powers databases that contain personal information about “suspected gang members, including gang allegiance, street address, physical description, identifying marks, tattoos, photographs, and nationality.”Footnote 115 Although GangNet itself has been superseded in importance by a more distributed and decentralized network of local, state, and regional gang information sharing initiatives, this section focuses on GangNet as the turning point in which data criminalization related to gang allegations shifted into a new phase, and in some ways it is emblematic of developments that have followed.

GangNet offers data analysis, facial recognition software, mapping, a field interview form, and a watch list. Using a single command, agencies can simultaneously search their own GangNet system and a network of GangNet systems in other states and federal agencies. ICE and the FBI, among other law enforcement agencies, use GangNet to track and share information across agencies. 

For a short time during the Obama administration, ICE had its own ICEGangs database, based on the GangNet software. Its use was discontinued, and many ICE databases since include fields to input gang information, including EID and Palantir’s ICM. ICE agents can also access the FBI's National Crime Information Center (NCIC) — which has its own gang file connected to NGIC — in several different ways.Footnote 116  

Additionally, ICE’s Homeland Security Investigations (HSI) stores gang investigation information in Palantir’s ICM, which is an upgraded version of CBP’s border entry-exit log database, TECS. The agency uses another Palantir product, FALCON, which accesses, duplicates, and reiterates alleged gang information from other key criminalization databases such as EID.Footnote 117

At the local and state levels there are countless gang databases used and shared, from “in-house” county police departments to statewide databases like CalGang in California, which listed 80,000 people as gang members. A 2015 audit found that law enforcement “could not substantiate “a significant proportion of people in the database,” including dozens of infants tagged with “self-admission of gang membership.”Footnote 113 In 2020, the state Attorney General revoked LAPD’s access to the state gang database due to CalGang’s egregious errors, and facing allegations of racial profiling.Footnote 118 But LAPD continues to operate and update its own citywide gang database.Footnote 119 And the Palantir products listed above allow cops to note and track “gang members” and perform searches — which cross-check local school district records and license plate location history — by entering in an alleged member’s name.Footnote 120

Despite ongoing organizing against them, gang databases continue to be used by both police and ICE as methods and justification for targeting the people profiled in them. Because of database sharing and carve-outs in most legislation, local or state sanctuary laws don’t even attempt to protect people who are alleged to be gang members.

Stalking you now: Data brokers, cell phone apps, social media and GPS tracking

Location Tracking: Data brokers, automated license plate readers, social media and GPS tracking

As long as surveillance capitalists and others are permitted to steal and sell our real-time and historical location data, this information will be available to anyone who can buy it — including DHS and other government agencies.

As long as surveillance capitalists and others are permitted to steal and sell our real-time and historical location data, this information will be available to anyone who can buy it — including DHS and other government agencies.Footnote 79

If you have a cell phone, you are being stalked and your personal data sold by multiple companies whose names you’ve likely never heard.Footnote 121 So-called “third-party vendors” or data brokers like Venntel, Babel Street, Cuebiq, and LocationSmart collect real-time location data via GPS.Footnote 122 They monitor your activities and movements through your phone via benign-seeming apps that use software development kits, or SDKs.Footnote 123 Apps that use SDKs include weather apps, exercise monitoring apps, and video games.Footnote 124 Third-party vendors provide SDKs to app developers for free in exchange for the information they can collect from them, or a cut of the ads they can sell through them. The aggregate information that apps collect can be extremely revealing. 

There are endless examples of app data being used far outside of anyone’s initial understanding. For example, one third-party vendor, Mobilewalla, claimed to be able to track cellphones of protesters, and said it could identify protesters’ age, gender, and race via their cell phone use.Footnote 125 In another case, historical location extracted by a data vendor from the gay hookup app, Grindr, was used by two reporters to “out” a top Catholic Church official.Footnote 126  

Law enforcement agencies regularly purchase criminal history reports, financial data from credit bureaus, and other personal data to profile people.Footnote 127 For example, CBP purchases access to the Venntel global mobile location database via a portal, so that CBP officers can search a Venntel database to look for addresses or cell phones.Footnote 128 DHS can also access cell phone location history from private databases that sell subscriptions or search platforms, such as LexisNexis and TransUnion.Footnote 129  

Some experts have noted that “anonymized” GPS location data is notoriously easy to cross-reference.Footnote 130 A New York Times op-ed posed the question: “Consider your daily commute: Would any other smartphone travel directly between your house and your office every day?” The authors concluded: “In most cases, ascertaining a home location and an office location was enough to identify a person.”Footnote 131 Indeed, cell phone location “pings,” collected by apps and stored under profiles tied to mobile ad IDs that are assigned to smartphones, were sufficient to identify individuals who ransacked the Capitol building in Washington, D.C., on January 6, 2020.Footnote 132 And the prosecutorial use of “geo-fencing,” i.e. obtaining information from private companies about all persons in an area at a given time, has become exponentially more common in recent years.Footnote 133

Biometrics: Cataloguing as control

Biometric Data Collection: "Facial recognition," "Voice prints," "Iris scans," "Fingerprints"

Data criminalization tracks and categorizes you relentlessly — but for that to be meaningful, you must be identifiable.

The origins of using biometric data to criminalize can be traced back to two key Victorian-era sociological practices: anthropometry, the cataloguing of national, metropolitan and colonial subjects based on physical measurements recorded by authorities and used to identify individuals; and eugenic ideas that physical attributes could prove racial inferiority as well as criminality (“mental degeneracy”) — which was thought to be a hereditary trait.Footnote 93 Prisons, asylums, and forced sterilization were institutional responses to these 19th and early 20th century criminological concepts, and are the precursors to many of today’s carceral, “treatment”- and “reform”-based approaches to “criminal justice.”

During the last two decades since 9/11, biometric identification practices have become routine. 

Our fingerprints, palmprints, faces, irises, voices, and gait are increasingly (and often secretly) recorded and used by commercial and government agencies, devices like our iPhones, and are purported to be incontrovertible, objective methods to prove our identities. Biometric identification methods are often trained on biased datasets.Footnote 95 Algorithms can fail to account for changes in bodily appearance, dis/ability and gender, but as the nexus of biometric datasets expands and is able to cross-reference other tracking data, technologies such as facial recognition allow anyone who can access surveillance camera footage the ability to identify and track our movements in the world in real time.Footnote 134

IDENT: DHS’ biometric data vacuum

DHS and CBP have heavily invested in biometric data theft and stalking as a primary method to surveil and criminalize all foreign-born people who enter into the US. Since the 1990s, the government has systematically collected and stored biometrics from immigrants.Footnote 97 In 1994, DHS’ precursor established IDENT, or the Automated Biometric Identity System, to collect biometric data (at the time, fingerprints) from people accused of trying to enter the US without authorization. 

IDENT became the central DHS-wide system for the storage and processing of biometric data, and after 9/11 it began including biometric records from people who have had any contact with DHS, including visa applicants at US embassies and consulates, noncitizens traveling to and from the United States, noncitizens applying for immigration “benefits” including asylum, migrants apprehended by CBP at the border or at sea, suspected immigration law violators encountered or arrested within the US, US citizens approved to participate in DHS's “trusted traveler” programs like Global Entry or TSA PreCheck, and people who have adopted children from abroad. IDENT also grandfathered into its database the fingerprint records for many naturalized US citizens who were fingerprinted before naturalizing, and noncitizens with current visas.

The future of IDENT = HART

HART is a present-day iteration of the anthropometric project which began with mugshots taken and catalogued in 1888.

HART is a present-day iteration of the anthropometric project which began with mugshots taken and catalogued in 1888.Footnote 98

IDENT is expected to be replaced by the Homeland Advanced Recognition Technology (HART) system, a multi-billion dollar upgrade that would exponentially expand the agency’s capacity to collect, share and analyze a scaled-up and expanded range of biometric data, to be stored on Amazon Web Services’ GovCloud.Footnote 135 (In this report, in order to make clear the evolution of this biometric system and reduce the number of acronyms, we refer to “IDENT/HART” when describing planned functionalities for the data system, and “IDENT” for current and previous versions of this data system.)

HART will dramatically expand DHS’ capacity to archive biometric data and search multiple modes simultaneously (face recognition and fingerprints at the same time, for instance). According to comments submitted to DHS’ Privacy Office by the Electronic Freedom Frontier, “DHS also plans to vastly expand the types of records it collects and stores to include at least seven different biometric identifiers, such as face and voice data, DNA, and a blanket category for ‘other modalities.’”Footnote 136 HART allows its users to “ascertain the identity (1) of multiple people; (2) at a distance; (3) in public space; (4) absent notice and consent; and (5) in a continuous and on-going manner.Footnote 137

HART will allow “latent fingerprints” (taken from surfaces, not just during booking) to be uploaded from non-immigration criminal punishment agencies. Latent prints can be archived for future searches.Footnote 138 Like many DHS databases, it allows a user to subscribe to notifications if someone’s profile in HART logs a new “encounter” with DHS, or if other information in their record changes.  

HART will draw directly from records created from travelers to and from the US, employment documents, and applications for other immigration “benefit” applications, as well as the FBI NGI system, which stores biometrics, including photographs, taken from state Department of Motor Vehicles.Footnote 139 Similar to other DHS systems, HART will be used with other databases by DHS to collect and store “records related to the analysis of relationship patterns among individuals,” including “non-obvious relationships.” The data in the system will include records on US citizens and permanent residents as well as other non-citizens.Footnote 140

Additionally, DHS spent hundreds of millions of dollars setting up state and local surveillance systems, including cameras in public places that record the daily routines and travel of millions of people.Footnote 141 There are more than 30 million such surveillance cameras in the US; they are operated by both public agencies and private entities, and integrated with databases including the FBI’s main biometric repository, Next Generation Identification (NGI, formerly IAFIS) — which also feeds into various DHS databases.Footnote 142  

DHS under the Biden administration withdrew a Trump-era proposal that would have required more applicants (including children) for immigrant “benefits” such as asylum and student visas to submit an expanded range of biometric information including eye scans, voiceprints, DNA, and photographs for facial recognition.Footnote 143   However, CBP and ICE continue to collect DNA from persons who are detained, using Buccal Collection Kits provided by the FBI Laboratory. CBP and ICE send the collected DNA samples to the FBI, which in turn process them and store the resulting DNA profile.”Footnote 144  

HART may become the largest biometric database in the US and the second largest in the world, and is eventually expected to store, potentially match and share DNA information.Footnote 145 As a Just Futures Law report on HART notes, the database would “create a massive invasive catalog of the diverse physical characteristics of millions of US residents and people outside the United States.”Footnote 146

Traveler and border surveillance

"Travel and Border Surveillance": Watchlists, Risk Prediction, Visas, "Overstay Leads"

The evolution of traveler surveillance by the US government is a cautionary tale showing how obsessive focus on “identification” technologies and automated “risk” prediction can normalize biometric data theft and the presumption of criminality until it is taken for granted and universally applied.

The evolution of traveler surveillance by the US government is a cautionary tale showing how obsessive focus on “identification” technologies and automated “risk” prediction can normalize biometric data theft and the presumption of criminality until it is taken for granted and universally applied.

There is no law or regulation that requires anyone to show any ID in order to fly domestically in the US.Footnote 111 Yet, for most people, refusing to do so is a sure way to miss a flight, and can lead to arrest after the TSA calls the cops. 

A good two decades before ICE figured out that it could circumvent search warrants by simply buying location and personal data from commercial third-party vendors, DHS’ precursor, the Immigration and Naturalization Service (INS), was by 1998 already digitally stalking airline travelers using records created by online airplane ticket purchases, and profiling them based on their ticket-purchasing habits.Footnote 147 By September 11, 2001, the government was already keeping files in a database that archived not only where you flew and when, but also the special meals you may have requested, the contact numbers you provided, and the itinerary of your journeys that did not involve air travel, such as bus and train rides.Footnote 24  

Before automated profiling became the norm in the criminal legal system to determine the “risk” level of people detained pretrial, and well before “constant vetting” algorithmic tools were used to predict which foreign exchange students may overstay their visas, CBP pioneered threat modeling software at US borders, rating the risk level of trade goods and people entering the country. 

Traveler surveillance and border securitization, especially after 9/11, created a template for automated data criminalization practices that are widespread in criminal punishment and immigrant tracking systems today.

Early DHS digital stalking

Airline reservations have been computerized since the 1980s. As access to the Internet became a reality for more people during the 1990s, online flight reservations and other travel bookings created digital pathways for the federal government to track the movements of both citizens and non-citizens.  

Over the decades, DHS sub-agencies and their predecessors accessed computerized reservation records from which they extracted Advance Passenger Information (API) and later, copies of complete Passenger Name Records (PNR) from airlines or third-party computerized reservations reservation systems.

Advance Passenger Information (API) includes information linked to the machine readable zone of passports and other travel documents, such as full name, date or birth, gender, passport number, country of citizenship, and country of passport issuance. Passenger Name Records (PNR) include the information that API records contain, and may also include a traveler’s home address, travel itineraries, credit card numbers, email addresses, IP addresses and timestamp, telephone numbers, emergency contact information, seat assignment, and other travel details. US Customs Service, a legacy organization of Customs and Border Patrol, began receiving API data voluntarily from air carriers in 1997, and after 9/11 demanded PNR data. This effectively gave DHS complete, aggregated mirror copies of the customer relationship management and transaction databases of the entire airline industry.

DHS also discovered that it could also acquire PNR data from third-party vendors to whom airlines outsourced booking; that arrangement foreshadows today’s warrant-free data-trawling via commercial data brokers. 

By the late 1990s, the US Customs Service was using “computerized tools” to predict whether cargo entering, exiting, and transiting the US might violate US laws.Footnote 114 Initially, risk-prediction tools were only used to screen conveyances and the people whose jobs it was to deliver trade goods. By 1999, all international travelers entering the US were evaluated like objects and profiled for “risk” by the agency’s black box analysis system. PNR data — that hodgepodge commercial airline archive of meal requests, bus trip itineraries, landline contact numbers, and credit card transactions — combined with records of border crossings, interactions with customs officers, and criminal legal data, were used as variables to screen for threats and fodder to train the algorithms. This was a key conceptual and legal shift.

Cashing in on “risk” after 9/11

“For terrorists, travel documents are as important as weapons.” — 9/11 Commission Report

The kind and amount of information collected from airline passengers who take flights within, to and from the US internationally — as well as even just over the US — changed dramatically after 9/11. While travel by non-US citizens had long been treated as inherently suspicious, prior to 9/11, most US citizens were used to traveling without being treated like a potential terrorist. Overnight, that changed. The presumption that a traveler had a legal claim to privacy and free movement, unimpeded by invasive bodily searches and x-ray scans, was replaced by the now-normal protocols that we all routinely endure in order to board a flight. While long lines, pat-downs and shoe removals are annoying for everyone, few of us have realized the ways that we’re surveilled before and after we leave the airport, and how the extent to which we’re constantly evaluated as security threats (in real time, by multiple, interlocking systems) legitimates the ever-expanding surveillance apparatuses of state and social control.

After 9/11, the federal government ramped up its data-collecting, database-sharing, automated predictive threat modeling and terrorist risk profiling. It beefed up its biometric identification technologies and partnerships with commercial entities that secretly collect, retain and sell consumer data for profit. It was a perfect storm: the World Trade Center attacks allowed the government to exceptionalize sites of travel (especially international flights) as deserving of extreme surveillance; meanwhile, big data collection and analysis industries, facilitated by growing Internet and cell phone use, were handed billions of dollars in research and development funds, and enjoyed little to no oversight as they churned out new data-collecting and prediction technologies. The US government spent at least $2.8 trillion on counterterrorism related efforts between 2002 and 2017, granting contracts to old time war profiteers like Boeing, Lockheed Martin, and Northrop Grumman — but also to tech and Silicon Valley giants such as Amazon, Google, and Palantir Technologies.Footnote 115  

Meanwhile, agencies that administratively managed visas for temporary stays, citizenship and naturalization were reorganized into a more bellicose Department of Homeland Security. DHS bulked up its biometric database, IDENT (now in process of upgrading to HART), by requiring biometric data collection at every point along the border and ports of entry—and extending well outwards from the national border line — from all people entering or exiting the country, non-citizens and citizens alike. 

Between 2001 and 2014, IDENT added new categories of people to a list of “national security interest:” people who had any contact with DHS, related agencies, and other governments; visa applicants at US embassies and consulates; noncitizens traveling to and from the United States; noncitizens applying for immigration “benefits” (including asylum and short-term visas); unauthorized migrants apprehended at the border or at sea; suspected immigration law violators encountered or arrested within the US; and even US citizens approved to participate in DHS's “trusted traveler” programs or who adopted children from abroad.

Between 2001 and 2014, IDENT added new categories of people to a list of “national security interest:” people who had any contact with DHS, related agencies, and other governments; visa applicants at US embassies and consulates; noncitizens traveling to and from the United States; noncitizens applying for immigration “benefits” (including asylum and short-term visas); unauthorized migrants apprehended at the border or at sea; suspected immigration law violators encountered or arrested within the US; and even US citizens approved to participate in DHS's “trusted traveler” programs or who adopted children from abroad. IDENT now trolls all migrants who come to the US.

Each time that an individual’s biometric identifier is uploaded to the IDENT database by an agent for ICE, CBP, Citizenship and Immigration Services (CIS), or the Department of State, IDENT would log the data transfer as an “encounter.”Footnote 148 In the circular loop of data criminalization, each of these “encounters” (which really just indicate that a person may be a non-US citizen traveler or migrant) comes up as criminalizing material when in future searches by law enforcement that data automatically flags a person for ICE agents and LESC analysts who are searching for deportability. In this way, “encounters” that fail to prove administrative law-breaking nonetheless confer suspicion on a person, marking them and even their contacts for ongoing surveillance and repeated harassment.

In this way, “encounters” that fail to prove administrative law-breaking nonetheless confer suspicion on a person, marking them and even their contacts for ongoing surveillance and repeated harassment.

CBP’s current surveillance system relies on compelled and often covert biometric identification and constant vetting against criminalizing databases during travel —  using “a traveler’s face as the primary way of identifying the traveler to facilitate entry and exit from the United States” via CBP apps, kiosks for “trusted traveler” programs and security camera live feeds.Footnote 149 The goal, then-CBP Commissioner Kevin McAleenan declared in 2018, is to “confirm the identity of travelers at any point in their travel,” not just at entry to or exit from the United States.Footnote 150  

Soon, if not already, DHS and other law enforcement agencies will be able to access more experimental modes of biometric via cloud-based IDENT/HART, to link fingerprints, palm prints, iris scans, and photographs with biographic information to construct detailed and holistic portraits. This trove of biometric data, in turn, will likely be fodder to develop and train newer technologies as they emerge.

How automated traveler surveillance works

"Risk-o-meter"

Today, all passengers are pre-screened before even stepping into an airport. You are designated “low risk” only if you have already submitted to and passed a “trusted traveler” clearance program. You might be profiled as an “unknown risk” if you did not qualify for “trusted traveler” status, or you might be deemed “high risk” based on the secret and fluctuating rules created by DHS programs like “Silent Partner” and “Quiet Skies.” These programs are mutant descendants from the War on Terror: TSA does not claim that the people who are flagged by the programs are known or suspected terrorists, and claims that being assessed as a risk does not leave a derogatory mark on a person’s record; nonetheless, being flagged by a TSA rule opens up a person’s profile for close scrutiny as the entirety of their digital histories are cross-referenced with criminalizing records — and the designation, whether or not temporary, will be noted for the future. 

Anyone who is crossing a US border or traveling internationally by air, either to, from, within, or over the US is subjected to travel surveillance via:

  • database-matching to watchlists and “derogatory information” stored in criminalizing government databases, updated multiple times from the time of booking until travel ends
  • Internet stalking by commercial ticketing and reservation systems and airlines — all of which share information with DHS
  • Real-time biometric identification and location-tracking during travel by cameras operated or accessed by airlines and CBP
  • In-person interrogations and searches during travel and at border crossings

CBP uses travel industry IT and communications vendors databases and systems to siphon information as well as to control the movements of travelers in real time by denying entry or requiring in-person screening.Footnote 119

“Life cycle” of international travel surveillance

As mentioned above, the process of screening all people who travel to, from, within, or even over the US begins well before anyone steps into an airport. Surveillance, identification, cross-checking and prediction processes may begin with the click of a mouse on someone’s home computer in a country far away. Here, we detail a shortened version of this process, step-by-step. We also have a longer version of this process written-up in more detail as an appendix.

  1. If you are a non-citizen, before you can legally enter the US you must apply for a visa and/or have your passport checked. If you were born in one of the 38 countries that qualify for the US’ visa waiver program, you don’t need a visa for some short-term visits. 

    If you were born in a country that is not eligible for visa waivers, you must obtain authorization, in the form of a non-immigrant or immigrant visa, from the US Department of State (DOS), issued at an US Embassy or Consulate. Visa applications automatically generate multiple biographic and biometric checks against multiple criminalizing and suspected terrorist databases that seek to verify an applicant’s identity and match them to derogatory information.Footnote 120  

    Databases used to approve or “vet” visas: Electronic System for Travel Authorization (ESTA) and Consular Consolidated Database (CCD).

    Additionally, CBP’s National Targeting Center (NTC) “continuously vets” all holders of immigrant and non-immigrant visas of travelers before they board US-bound flights.
  2. As soon as you purchase your airline ticket, your reservation information and itinerary become available to DHS.



    This information is stored and retrievable as the following data: Passenger Name Record (PNR)
  3. Your personal profile and information — your name, ethnicity, national origin, travel itinerary, occupation, personal, political, religious and professional contacts and associations — can be screened by DHS using black-box, rules-based algorithmic predictions as well as matched against various secret watchlists. These secret and changing rules determine whether and how you may be targeted for harassment and arrest once you do show up at the airport.

In November 2001, then-President Bush signed the Aviation and Transportation Security Act into law, creating the Transportation Security Administration (TSA) — a division of DHS that operates a travel-permission system for domestic US flights called “Secure Flight.”  

“Secure Flight” began as a program where aircraft operators screened names from passenger reservations to see if they matched or closely resembled any included on a “No Fly List”Footnote 151 and other federal watchlists of “known or suspected terrorists” created by the FBI. If the aircraft operator suspected a watchlist match, the operators were supposed to notify TSA and send the targeted passenger for enhanced in-person screening. 

Today, “Secure Flight” allows TSA to access CBP’s surveillance dragnet and prediction tool — Automated Targeting System, or ATS, (more on this below) and write rules for the algorithm used by the ATS system to decide who qualifies as a “risk” and will be added to a category of people who will be subject to increased security checks. Targeting rules, and therefore the people targeted, can change day to day.Footnote 152  

According to a 2019 PIA on ATS: “These rules are based on risk factors presented by a given flight and passenger, the level of screening for a passenger that may change from flight to flight. Travelers may match a TSA or CBP-created rule based upon travel patterns matching intelligence regarding terrorist travel; upon submitting passenger information matching the information used by a partially-identified terrorist; or upon submitting passenger information matching the information used by a Known or Suspected Terrorist.”Footnote 153  

Data systems you are screened against and processed by may include:

  • Secure Flight
  • Various FBI “no fly lists,” including “known or suspected terrorists”
  • Automated Targeting System (ATS): more below
  • ICM/ TECS 

Image Source Footnote 124

Passenger, Airline, Secure Flight Screening; Low risk: Match TSA Precheck list, Identified by TSA precheck final assessments; Unknown risk: Passengers do not match high- or low- risk lists or match TSA Precheck Disqualification List, High Risk: Passengers Match, Rules-based lists, Expanded Selectee List, Selectee List, Passengers designated random selectees, Highest Risk: Passengers match, No Fly List, Centers for Disease Control and Prevention Do Not Board List

 

  1. Once you are inside the airport, your face is overtly and covertly captured for facial recognition and real-time tracking.

    CBP uses its own in-house facial recognition matching technology, the Traveler Verification Service (TVS), for identity verification and biometric entry and exit “vetting checks.”Footnote 125  

    When the traveler enters or exits an airport, border crossing, or seaport, they will pass a camera connected to CBP’s cloud-based TVS facial matching service. The camera may be owned by CBP, the air or vessel carrier, another government agency (like TSA), or an international partner.Footnote 154 If the camera is CBP-owned and operated, a CBP officer will be present.

    However, if the camera is airline-operated, it may not necessarily be visible. It may be located on a jetway after a passenger scans their boarding pass, and the passenger might not even know an image of their face is being captured. TVS matches the live image of the traveler on the jetway with existing photos in a “gallery” (maintained in IDENT) that archives photographs from CBP’s ATS-UPAX database that might be from previous exits and entries, US passports and visas, from DHS apprehensions, enforcement actions, or other immigration-related records.



    If your face does not match existing DHS records, you are flagged for scrutiny as well. A CBP website provides the following example: 



    “The biometric system alerted the officers because when preflight information was gathered on the woman, no historical photos to match against her could be found.

    A CBP officer took the woman aside and looked at her passport. No visa was attached and the woman didn’t have a green card to prove she was a lawful permanent resident. Upon further questioning, the woman admitted that four years ago, she had come into the country illegally.

    Using a specially designed, CBP biometric mobile device, the officer took fingerprints of the woman’s two index fingers. ‘This was the first time that we had captured this individual’s biometrics, her unique physical traits,’ said Bianca Frazier, a CBP enforcement officer at the Atlanta Airport. ‘We didn’t have her biometrics because we had never encountered her before.’”Footnote 155
  2. CBP must approve every single passenger before an international flight departs, arrives in, or overflies the US. When you check in for an international flight to, from, or that overflies the US, the Advance Passenger Information System (APIS) transmits your PNR data and itinerary (including flight status updates) to CBP. Before you are permitted to board the plane, your passport or ID is scanned by a CBP officer or TSA agent. The machine readable zone of your document pulls up your full name, date of birth, and citizenship, which can be used to retrieve information about your scheduled flight. This data is sent to CBP via APIS in the form of “passenger manifests” — commercial airline records that are transferred to CBP for vetting in real-time, or 30 minutes prior to boarding.Footnote 156 APIS generates a “Overstay Lead” list that is shared with CBP’s main computer system that assesses “risk,” ATS (more on this below).Footnote 157

Inside DHS’ future-prediction arsenal

Technologies are always upgrading. Here, we examine more closely two data systems that incorporate multiple future-facing elements, including geospatial and relationship-mapping visualizations and “trend detection” in addition to “risk” prediction.

Automated Targeting System (ATS)

As mentioned earlier, Automated Targeting System (ATS) is one of the most important connective databases for current migrant data criminalization processes. CBP uses ATS to assess “risk” and track travelers and import trade goods.Footnote 130 CBP’s National Targeting Center uses ATS to conduct “continuous vetting” of valid US immigrant and nonimmigrant visas, and uses data from immigration, law enforcement, commercial, and open-source databases to predict “risk.”Footnote 158 Continuous vetting occurs in real-time and describes the process by which ATS alerts CBP, for instance, if a traveler’s ID check at a foreign airport brings up biographical or biometric matches to any records in criminalizing databases — including those that track immigration violations, the FBI’s Terrorist Screening Database (TSDB) and outstanding wants and warrants.Footnote 159 All the people who categorically fit CBP’s targeting rules are flagged by ATS, and these individuals are then reviewed by CBP officers. CBP can then issue a “no board” recommendation to prevent someone’s travel to the US, or recommend the State Department revoke a visa. 

ATS’ black-box algorithms are based on criteria and rules developed by CBP, to match people and trade goods against “lookouts” and data-scrape personal information from various linked databases to identify “patterns of suspicious activity” and predict potential terrorists, transnational criminals, people who may be inadmissible to the US under US immigration law, and “persons who pose a higher risk of violating US law.”Footnote 159 ATS has built its dataset over decades, well before 9/11. ATS-Passenger (ATS-P), a legacy subsystem of ATS, has been used to screen international passengers on planes, trains and ships since the 1990s — although data collection for ATS overall was expanded and automated since 2002.Footnote 160 ATS-P is now being upgraded to UPAX, which more seamlessly integrates databases by showing records from multiple systems and incorporating information from third-party databases and the Internet.Footnote 159  

In order to train its risk assessment, ATS uses data including: bills, entries, and entry summaries for cargo imports; shippers’ export declarations and transportation bookings and bills for cargo exports; manifests for arriving and departing passengers and crew; airline reservation data; nonimmigrant entry records; and records from “secondary referrals,” CBP incident logs, suspect and violator indices, state Department of Motor Vehicle Records, and seizure records. 

Every person who leaves or enters through a US border is subject to ATS’ risk assessment, and while different linked databases claim to delete data at different times, much ATS data is kept for decades, whether in ATS’s databases or mirrors and backups in other DHS systems.  

Like other data criminalization tools, ATS draws heavily from NCIC data — but it also surveils people who have never had an encounter with police.Footnote 161 A speaker at a 2004 Customs Budget Authorizations hearingFootnote 162 testified that ATS data scrapes airline passenger information to look for “anomalies and red flags.” Since “red flags” are determined based on rules for ATS that are created by CBP, these rules allow CBP to expand the list of what is considered suspicious activity to encompass any number of legal behaviors.Footnote 163 People who are deemed “high risk” by ATS are flagged for further scrutiny and sent to secondary screening at US border and airport checkpoints. Those encounters lead to the generation of yet more data criminalization records, in the form of risk assessments retained by ATS, which are fed into the targeting algorithm that could alert a TSA or CBP agent the next time the person’s passport is scanned.

Since “red flags” are determined based on rules for ATS that are created by CBP, these rules allow CBP to expand the list of what is considered suspicious activity to encompass any number of legal behaviors.

The evolution of ATS’ targeting rules reveals the trajectory of terrorism and surveillance rhetoric. Mass surveillance that began as exceptional (the post-9/11 period) and provisional (pilot programs at 15 airports) is now routine — and probable cause for law enforcement intervention (which can end in arrest and deportation) includes not only subjective suspicion but fully abstracted prediction mathematics. Today, ATS is utilized by CBP to predict who might violate US immigration (not just anti-terrorism) laws: ATS data is used to generate an “Overstay Hotlist,” which is a list of “overstay leads” derived from information obtained through travel records.Footnote 164 (More on this below.)

Mass surveillance practices in travel have normalized data criminalization entirely, effectively making de facto criminalization the norm, rather than an exception. A 2020 DHS report on data mining explained: “When evaluating risk, ATS is designed to apply the same methodology to all individuals to preclude any possibility of disparate treatment of individuals or groups.”Footnote 165 Literally, what that means is that everyone begins their journey evaluated as a suspect.

Literally, what that means is that everyone begins their journey evaluated as a suspect.

Feeding the beast: Electronic devices searches and ATS

Warrantless searches of electronic devices, such as cell phones and laptops, are currently permitted at US borders and part of the process that accumulates material and trains algorithms for data criminalization.Footnote 141

An ATS Privacy Impact Assessment from May 2020 explains: “Searches can be vital to risk assessments that otherwise may be predicated on limited or no advance information about a given traveler or item, and they can enhance critical information sharing with, and feedback from, elements of the Federal Government responsible for analyzing terrorist threat information. Digital information extracted from electronic devices and saved in ATS may relate both to the owner of the device, as well as his or her contacts.”Footnote 159

DHS can make use of extracted or copied digital data from electronic devices in multiple ways. The ATS-TF (Targeting Framework) module allows users to perform research and analysis by integrating data from multiple sources, including from electronic devices, and to show possible relationships between entities and data elements. CBP can also pass on the information to AFI, a continuous vetting system, designed by Palantir, “to develop leads.” (More on this below.)

LeadTrac, SEVIS, ADIS and ATS

LeadTrac is a HSI database that vets and manages “leads” of people in the US whom a DHS algorithm flagged as being likely to overstay or violate their visas.Footnote 143  

A person who has overstayed their visa is first tracked through CBP’s Arrival and Departure Information System (ADIS), which is used at entry and exit points, and includes photos, biographical and visa information, including the end date for an authorized stay. For people such as students on indefinite visas, ADIS data is supplemented with other systems that perform ongoing tracking such as ICE’s Student and Exchange Visitor Information System (SEVIS). ADIS combines data from multiple sources and sends “leads” to ATS. CBP agents, ICE agents and other law enforcement can also add people directly into the ATS system.Footnote 166 DHS manually processes information from ADIS to trawl for overstays, but ATS conducts its own (black box) algorithmic risk-assessment to generate a list of prioritized targets for LeadTrac.

AFI: CBP’s Extreme Vetting data-mapping system

Analytical Framework for Intelligence (AFI) is another Palantir tool, described as a web-based information technology system. It uses profiling algorithms created for former President Trump’s “Extreme Vetting” initiativeFootnote 145 to “detect trends, patterns, and emerging threats, and identify non-obvious relationships between persons, events, and cargo.”Footnote 167 According to a 2012 PIA on AFI, “data is indexed so that the system may retrieve it by any identifier maintained in the record. As information is retrieved from multiple sources it may be joined to create a more complete representation of an event or concept. For example, a complex event such as a seizure that is represented by multiple records may be composed into a single object, for display, representing that event.”Footnote 168 In this way, AFI offers data visualization, and creates an index. 

Among other data points, AFI uses and stores public records showing who owns land near the US - Mexico border, and ingests records on “individuals not implicated in activities in violation of laws enforced or administered by CBP but with pertinent knowledge of some circumstance of a case or record subject,” as well as those not accused of breaking immigration or other laws but who might have “knowledge of narcotics trafficking or related activities.”Footnote 169 In 2019, AFI made headlines when NBC reported that AFI was being used to mine US citizens’ social media posts on “caravans” and political rallies in order to train its targeting algorithm.Footnote 170

AFI provides tools like geospatial, temporal and statistical analysis, and advanced search capabilities of commercial databases and Internet sources, including social media and traditional news media. Like other DHS systems, AFI automatically collects and stores criminalizing data from travel records in ATS-UPAX, ESTA, ADIS, ICM/ TECS, records from immigration arrests and deportations, and lists of foreign students. AFI also copies volumes of such government data onto its own (Palantir) servers.Footnote 171 AFI uses Apache Hadoop, an open source framework that allows for faster searching across big datasets, which is hosted on the Amazon cloud. Hadoop requires continuous replication of data stored in multiple locations as well.Footnote 172

Bureaucracy and exclusion: Naturalization, asylum and other USCIS “benefits”

Constant Vetting: Visa Application, Social Media Stalking, Background Checks, Relationship Mapping

As noted, simply being foreign-born, being racially and nationally profiled by law enforcement as a potentially deportable immigrant, or having records in immigration or visa files can trigger a chain of events that self-reinforce and lead from inclusion into data criminalization databases to arrest and deportation based on criminalizing data matches.

Unlike the traditional criminalization arms of DHS, USCIS’ stated purpose is to provide “benefits” — whether it’s citizenship, permanent status, temporary status, permission to apply for status, or work and travel authorization. But when USCIS receives an application for most of these benefits, it undertakes an extensive investigation of the person applying — and sometimes of others related to that person — that taps into dozens of databases across many agencies. This can lead directly to data criminalization, and USCIS readily turns information over to ICE for arrests when it sees fit.Footnote 152 Further, ICE can access the systems built to give USCIS information about an app­licant, such as the Person Centric Query Service (PCQS), a key CIS database that ICE uses to surveil, arrest, and deport people. Finally, USCIS undertakes its own investigations, expanding the capacity of the data criminalization apparatus within immigration agencies as a whole.Footnote 173

An application-based dragnet

If you’ve submitted an application for immigration “benefits,” USCIS uses PCQS to pull information from over 20 databases — including DHS databases, other federal agency databases, and private databases — to gather information about you. Many applications to USCIS require appearing at an “application support center” so USCIS can collect biometric information including facial photographs and fingerprinting, which are used to cross-check federal databases.Footnote 154 But even for applications that don’t require biometrics, USCIS cross-checks the information provided through the application forms, including identity documents.

That information can then be used to criminalize or even denaturalize you.Footnote 174 USCIS devised and uses data-mining software called ATLAS (which is part of its Fraud Detection and National Security Data System, or FDNS) to automatically and sometimes continuously screen all applicants and their social networks against the FBI Terrorist Screening Database, NCIC, ATS,Footnote 175 and other DHS databases.Footnote 176 ATLAS searches for the potential for the government to revoke citizenship or legal status from a person by harvesting criminalizing information about them from databases and then visually displaying “linkages or relationships among individuals to assist in identifying non-obvious relationships… with a potential nexus to criminal or terrorist activities.”Footnote 177

As a result, depending on the information and your circumstances, filing an application can trigger an ICE raid at your home if DHS decides they can deport you right away, or USCIS may invite you for an interview only to have ICE arrest you at their office.Footnote 178 Or, if USCIS denies the application, they may refer the matter to ICE and issue a “Notice to Appear” in immigration court to start deportation proceedings.Footnote 179  

People who are filing family- or fear-based applications are particularly vulnerable under the 2011 “referral” guidance that remains in effect today, whereas people who were beneficiaries of employment petitions are far less likely to be referred to ICE upon denial of an application by their employer.Footnote 180  

Even if an application is approved, the risk of data-driven criminalization does not end: recently uncovered FOIA documents and reporting revealed that ICE has access to information about when DACAmented folks’ work authorization periods end at the field office level, which could allow individual field offices to keep tabs on someone and arrest them if their status lapses.Footnote 181 This contradicts promises from the government that DACA information would not be used for enforcement, and USCIS specifically tried to hide this information from Congress.Footnote 182 In some cases, such as with Special Immigrant Juvenile Status applications and some types of sponsorship of unaccompanied children, the surveillance extends beyond the immediate applicants to include others as well—in that case, every adult household member of the guardian/custodian of the applicant must be fingerprinted and subjected to background checks.

At any point, USCIS can refer a case to its own investigators in its Fraud Detection and National Security Directorate (mentioned above). FDNS has extremely broad authority to access records available to DHS from internal or external government databases, and generate its own records by interviewing people, issuing subpoenas, requesting law enforcement assistance, and making site visits or telephone calls.Footnote 183 Notably, FDNS spearheaded DHS’s social media surveillance program dating back to at least 2008.Footnote 184 It continues to rely on social media monitoring, including through the creation of fake accounts, to this day. Starting in 2017, the FDNS announced that it would not only use social media information for individual investigations, but also that it would start including social media information in the “A File” records system as it collected data.Footnote 185 (FDNS also offers freestanding support to other law enforcement agency investigations).Footnote 186

From background checks to continuous criminalization

USCIS applicants are also checked against ATS — CBP’s aggressive “risk assessment” system that claims to predict potential visa overstays and future law violators.Footnote 168 USCIS will use the information provided by ATS and other CBP databases to identify individuals “who may have a connection to potential identity or benefit fraud, national security or public safety concerns, and criminal activity.” The details of their screenings are included in the database for future checks. Through “continuous vetting,” or continuous criminalization, “individuals connected to a USCIS immigration application benefit request” will be subject to security checks upon receipt by USCIS and CBP, and ATS will stop recurrent vetting only when it receives a message from USCIS based on administrative closure from an Immigration Judge’s calendar or from the Board of Immigration Appeal docket, certificate of citizenship issue, denial, failure to pay, or withdrawn adjudication activities. 

In addition to form submission information, USCIS will send to CBP biographic, biometric identifiers, and encounter information from IDENT/HART. ATS is already able to retrieve these data elements through its existing IDENT/HART interface. 

Continuous vetting expands the current background check processes by automating screening and vetting the information against additional CBP databases and establishing recurrent checks against these datasets.

Conclusions

Criminalization, a centuries-old project of white supremacist, capitalist statehood, continues to animate the apparatus of mass incarceration that structures and normalizes US social and economic life in ways that are fundamentally antiblack and xenophobic. In every era, criminalizing discourses have made use of pseudoscientific concepts that are supposedly backed by data in order to justify dehumanization, collective punishment, social control and biometric registration of individuals and groups that are targeted by the state. In this tradition, concepts like “mental degeneracy,” “loose family morals,”Footnote 187 “criminal,” and “high-risk,” are deployed. 

As of January 2022, many of the systems and processes described in this report still rely on real-world occurrences to trigger criminalization — an arrest, a conviction, a border-crossing. In the language of the surveillance state, these are “events.” Processes of criminalization that rely on these occurrences can be described as “event-triggered” data criminalization. 

But event-triggered data criminalization is limiting for authorities. If the underlying real-world occurrences, or “events,” don’t happen — if the person ICE wants to deport isn’t arrested by local cops, for example — then that person may remain under the radar, out of scope at least partially and temporarily from the extensive machinery of migrant data criminalization. 

DHS is actively trying to overcome the limits of event-based criminalization by supplementing it with further-reaching methods. We are now subject to two (sometimes overlapping) types of criminalization: event-triggered data criminalization and automated, continuous data criminalization.

DHS is actively trying to overcome the limits of event-based criminalization by supplementing it with further-reaching methods. We are now subject to two (sometimes overlapping) types of criminalization: event-triggered data criminalization and automated, continuous data criminalization.

Examples of event-triggered data criminalization include:

  • A police officer arrests you for a DUI and books you.
  • ICE raids your workplace, and you get swept up as “collateral.”
  • Border Patrol stops your car at a checkpoint and makes a note in a computer that will stay on your permanent record, which may be retrieved when you apply for a type of status or benefit, or cross the border, in the future.
  • Your passport is scanned at an airport before you board an international flight.
  • Video footage of you walking through an airport is matched, via facial recognition software, to previous travel documents that indicate to DHS that you may have overstayed a visa.

Examples of automated, continuous data criminalization include:

  • A contract analyst for DHS runs an algorithm that determines that you are “high risk” for violating US laws, and makes a notation that ensures that if you ever attempt to enter the US, a CBP officer will put you in secondary inspection to interrogate you and determine whether you can be turned back as “inadmissible” to the US.
  • In conducting (manual or automated) reviews of its own records, the Department of State adds you to a list of politically active Iranians who have come to the US on temporary visas before, for whom it will deny future visa applications based on nationality and political activity.
  • You appear in photos posted on Facebook by other people who are already listed as gang members in a gang database. Facial recognition matches you to a past entry into the US, using databases that store facial scans from entry and exit points. You are flagged as a potential gang member based on the association with suspected gang members, triggering ICE or HSI investigation and possible arrest.
  • The information captured by your smartphone — location data, biometrics, shopping history, Internet searches — is aggregated and resold by data brokers to DHS agencies who run that data through algorithms to determine if you seem likely to be: a terrorist, an absconder, a criminal.

Automated, continuous data criminalization compounds the harms of the event-triggered model, and dramatically expands its reach. Event-triggered data criminalization operate like a series of traps in a field: some are known and squarely located on enemy terrain, such as a police station where we are booked; other traps are hidden in places that seem neutral or even safe: DMVs that allow DHS to digest our photos with its facial recognition software, utility companies that sell our home addresses, or social media venues used by ICE agents to stalk us. 

Automated, continuous data criminalization endeavors to create a regime where every part of the field is surveilled and subject to control at all times, using data from an unknowable number of sources.

Automated, continuous data criminalization endeavors to create a regime where every part of the field is surveilled and subject to control at all times, using data from an unknowable number of sources. In addition to expansion and intensification, another consequence of automated, continuous data criminalization is that the act of real-time, population-level surveillance creates new reasons to justify criminalization by algorithmically determining who is a “risk,” and what technique of criminalization to use in response to that risk. Using this circular logic, insights from the algorithm become the “derogatory” information used to justify arrest, incarceration, banishment, or exclusion. The full repercussions of the move to this model are far from clear from our current vantage point, shrouded as its techniques remain in secrecy.

Data liberation and abolition

Increasingly popular technocratic tools, such as predictive algorithms, relationship-mapping and data-indexing software systems allow for the formal, extra-legal automation of data criminalization. That automation is engineered to determine that a person who was criminalized in the past or present should continue to be criminalized in the future. Since having criminal history data is the material outcome of decades of racist policing and mass incarceration policies, data criminalization risk-prediction allows current and future arrests to resurrect and wield the full weight of that history, all while using abstracted and sanitized data. 

As noted throughout this report, criminal history datasets are riddled with flaws and are incomplete. Many key criminalizing metrics — such as “failure to appear in court” — are themselves arbitrary constructs that reflect power relations (as is all behavior that is deemed criminal), have no common definition, and are at best inconsistently recorded. Yet, prediction processes make use of these data to deny or limit a person’s freedom. That is social control.

As corporations and governments become increasingly enamored with AI prediction tools, and biometric and real-time mass surveillance becomes yet more automated, frictionless and ubiquitous, we expect to see data criminalization strategies currently used for immigrant and traveler surveillance creep further into currently non-criminalized spaces, expanding the pools of whom is subject to surveillance and control. 

We conclude where we began: Surveillance is not passive; it is active intervention in the form of behavior prediction for modification; it is real-time social control. Data criminalization, an expression of surveillance, is created by legal and extra-legal methods that create criminalization and other forms of vulnerability, social exclusion and social death. Currently, as sophisticated as tech tools are, they rely on legacy criminal legal datasets that reveal the illegitimate and racist nature of criminalization. Privacy is an insufficient framework to combat either surveillance capitalism or data criminalization, because surveillance technologies are largely unregulated and misunderstood, corporations are not subject to meaningful privacy laws, and people who are criminalized are dehumanized, often required to “consent” to surveillance in order to access resources for survival, and generally seen as undeserving of privacy under the law. 

Privacy is an insufficient framework to combat either surveillance capitalism or data criminalization, because surveillance technologies are largely unregulated and misunderstood, corporations are not subject to meaningful privacy laws, and people who are criminalized are dehumanized, often required to “consent” to surveillance in order to access resources for survival, and generally seen as undeserving of privacy under the law.

We must be ready to fight data criminalization on our terms. Rather than being drawn into arguments on what constitutes “risk,” whether to limit technologies or improve oversight and the accuracy of datasets, we must understand that these datasets are inherently illegitimate, and creation and use of them should be abolished. We propose the framework offered by “Our Data Bodies” — that in this digital age, data about us, or that is created by us, is us.Footnote 2 Our biometric data is not available for others as raw material to mine, buy, or resell. 

What if we organized our resistance based on that premise? What would it look like to target Nlets, or ACRIMe? What if we demand full expungement of all criminal records in NCIC? What if we demanded all criminal records and travel records be deleted, period? How could we proactively defend ourselves and communities against forced and covert biometric identification? Could a fuller understanding of systems of data criminalization change how we fight for migrant justice alongside prison abolition? 

What if we refuse to be identified, refuse identity itself and identification as presented on the state's terms? Could we take a cue from longtime trans/queer activist and prison abolitionist, Miss Major Griffin-Gracy, who purposefully changed her identification documents in order to mark herself as trans and refuse recognition from the state within its surveillance apparatus?Footnote 188 If we unshackle ourselves from colonial notions of legal redress and state-conferred paths to personhood, what opportunities might emerge? Can data liberation take shape along a horizon of fugitivity that rejects citizenship, inclusion and reform in favor of liberation on wholly different terms? 

New questions could lead to new approaches in forging freedom and solidarity. There is much to explore. The movements for migrant justice and prison abolition must demand data liberation.

Defund Surveillance, Abolition Now

Acknowledgements

Written by: Puck Lo.

Gratitude to: Ana María Rivera-Forastieri for conceptual help and overall support; Nathan Yaffe for writing, research and fact-checking support; RAD (Tim Stallmann, Chris Schweidler and billy dee) for fantastically communicating our research and dreams; Dalia Rubiano Yedida for fact-checking support.

Special thanks for reviewing and providing critical feedback: Pilar Weiss, Rachel Foran, Atara Rich-Shea, Elizabeth Nguyen, César Cuauhtémoc García Hernández, Edward Hasbrouck, Mizue Aizeki, Susan B. Long, Chelsea Barabas, James Kilgore and Julie Mao.

Appendix: Arrest and booking (longer version)

1. You get stopped by a cop.

Maybe it is the result of a Stop-and-Frisk-type stop, or perhaps you were pulled over while driving a car with a broken taillight. 

2. The cop who stopped you demands your ID.

In some states, refusing to give your name to a law enforcement officer, or not carrying government-issued identification, can itself lead to arrest.Footnote 189

If you are carrying and hand over a US-issued ID or driver’s license, the cop is likely able, using the information on the ID, to access almost immediately your DMV records that provide biographical details, information about whether your license is valid or suspended, vehicle registration, car insurance information, and home address.

They, or a dispatcher, will also conduct a quick search for any open warrants that would show up in local, municipal and state databases.

3. The cop may also decide to search your criminal history in additional federal databases.

They may be able to conduct this search from their car or via mobile device, or ask a dispatcher to do it for them.

The databases they likely consult include: NCIC and Nlets

NCIC 

This is the main criminalizing database at the federal level, owned by the FBI’s National Crime Information Center (NCIC) in Clarksburg, West Virginia. NCIC is the centralized national database for tracking “crime-related” information.

The NCIC database is accessible to law enforcement and DHS sub-agencies, directly and via a privately-owned communications system (like an advanced “Intranet”) called Nlets. In addition to listing open warrants and stolen property, NCIC has an “Immigration Violators” designation, which includes names input by ICE analysts alleged to be “deported felons” or “absconders.”

Nlets

Nlets is a communications system that shares information between 45,000 law enforcement organizations nationally and internationally, and checks the fingerprints of anyone booked by police against DHS records.Footnote 2

Like NCIC, Nlets is multiple things, and is worth examining as a target. It is private and self-funded. It is a more than fifty-year-old “partnership” of fifty states, law enforcement agencies and corporate partners.

Nlets allows police, ICE and other users of its system to query information from federal law enforcement and multiple states at once if they have a person’s name and other biographical details. Depending on varying state rules, Nlets might provide SSN and home address, parole, probation, and criminal legal history information that is additional to what can be found in NCIC and other federal and state information-sharing pipelines.

Additionally, Nlets includes and shares driver’s license photosFootnote 190 for facial recognition,Footnote 191 and motor vehicle registration information, as well as information obtained via one of ICE’s main investigative data centers, the Law Enforcement Support Center (LESC).

Nlets shares information with its partner private companies, which in turn develop surveillance technologies for law enforcement. These include an international communications network that has been operational at least since the late 1990s, and a cloud-based network that includes criminal records and personal data. It is a backbone of the data criminalization machinery.Footnote 192

ICE depends on Nlets for its automated migrant-stalking process. According to its 2020 ICE Office of Acquisition Management budget justification document, ICE stated, “Based on Market Research, no other vendor can provide the same unique services that Nlets provides to the LESC.”Footnote 193

As Just Futures Law noted in its 2020 report on Nlets, “It is important to understand that state participation in Nlets, along with many other national or regional data exchanges, is voluntary. States can choose not to share information or limit the type of information shared through Nlets. Some states have already chosen not to share certain information, such as driver’s license photos, through Nlets.”Footnote 194

4. You are arrested and taken to jail for booking.

Your fingerprints are automatically checked against state-level and FBI files.

When your information and biometrics are loaded into the computer system, an automatic process is triggered. Your prints, photo, and biographical information are automatically forwarded to the State Identification Bureau (which are like FBIs at the state level that archive fingerprints and criminal history). Your biometrics are checked against FBI holdings, as well as the FBI’s NCIC and Next Generation Identification (NGI) biometric databases.Footnote 8

Databases implicated: NGI and NCIC

NGI

The FBI’s Next Generation Identification (formerly Department of Justice Criminal Justice Information Services Division Integrated Automated Fingerprint Identification System, or IAFIS) is purportedly the largest electronic repository of biometric information in the world.Footnote 195 While historically, “biometrics” refers to fingerprints, today the category includes experimental modalities including palm prints, voice prints, irises, and facial recognition. NGI includes fingerprints that have been sent to the FBI via the criminal legal system primarily, by states, territories and federal law enforcement agencies. If you’ve ever been arrested before, you would be listed in NGI.

NCIC

Despite technically being a criminal history database, since 2001 NCIC generates a “hit” for an immigration violation if a name or other identifying information entered in an NCIC query matches records flagged by ICE.

Among those NCIC records that Nlets accesses:

  1. persons deported “for drug or firearms trafficking” or “serious violent crimes,”
  2. persons allegedly subject to a final deportation, exclusion, or removal order;
  3. persons who have administrative warrants for failure to comply with national security registration requirements — which may include people listed in a now-defunct “War on Terror” special registry, the National Security Entry‐Exit Registration System (NSEERS), that registered 90,000 Muslims between 2002 and 2011 and was dismantled in 2016; and
  4. the NCIC Gang File.Footnote 196

It is unclear exactly how detailed or accurate the NCIC information in a “hit” may be. A 2005 Migration Policy Institute report looking at police queries from 2002-2004 found that during that time the system generated erroneous immigration hits in almost 9,000 cases.Footnote 197 “The rate of false positives was 42 percent overall, and some individual law enforcement agencies had error rates as high as 90 percent,” the report stated. NCIC continues to be a main database used in automated criminalization.Footnote 198

Law Enforcement Support Center and Pacific Enforcement Response Center (sidebar)

The Law Enforcement Support Center (LESC) and Pacific Enforcement Response Center (PERC) are two of a handful of ICE data centers that run 24/7 to follow as many leads as possible generated by the automated data criminalization process following a law enforcement encounter and database match. ICE claims that LESC workers process approximately 1.5 million biometric and biographic (IAQ) queries annually. Following a series of automated searches of at least sixteen visa, citizenship and criminal legal databases, the LESC analyst will recommend to an ICE deportation officer whether or not the person being searched may be removable, and whether a detainer, or immigration hold, could be issued.Footnote 13 LESC works closely with law enforcement and local Field Offices to provide information about people who are held in custody and who ICE may be able to target.

5. Nlets checks your biometrics against DHS’ IDENT/ HART biometric database, and if anything indicates that you might be foreign-born, your profile is forwarded on to ICE analysts.

If DHS has any biometric record of you in its massive database — which may have come from applications for an immigration “benefit” like a travel visa, naturalization or asylumFootnote 14 — then Nlets automatically creates a biometric “Immigrant Alien Query,” or IAQ, which notifies ICE and law enforcement of the “match.”

Alternatively, if your biometric information cannot be matched to DHS’ holdings, but if you were born outside of the US (or if DHS’ records don’t show where you were born), a biographic IAQ is automatically created.

The IAQ triggers a rapid and multi-step process created by ICE to automate the creation of detainers — a notice to law enforcement that ICE is supposedly investigating a person in law enforcement custody for violating immigration laws, and a request to notify ICE if that person is going to be released.

Database used: IDENT/HART

IDENT/HART

ICE uses IDENT/HART to match biometric information across databases and create person-centric profiles.

Your fingerprints, and possibly your face, are checked against records kept by the Automated Biometric Identification System (IDENT) — which is being replaced by a new system, HART (Homeland Advanced Recognition Technology).Footnote 199 IDENT/ HART records biometric and biographic information of people from “encounters” with police and immigration officers.Footnote 200 It includes photographs and biographical information required from international travelers and visiting foreign nationals who applied for certificates of US citizenship and visas.

(In this report, in order to make clear the evolution of this biometric system and reduce the number of acronyms, we refer to “IDENT/HART” when describing planned functionalities for the data system, and “IDENT” for current and previous versions of this data system.)

IDENT/ HART is on pace to contain over 260 million individual’s information by 2022, and may outpace NGI to become the largest database of biometric and biographic information on citizens and foreigners in the United States. It shares information with federal agencies and state and local law enforcement agencies. HART is expected to store and process digital fingerprints, iris scans, and facial images and DNA information, and when fully implemented will link these biometrics with biographic information.Footnote 201 The main contractor developing IDENT/ HART is the war profiteer, Northrop Grumman.Footnote 202 HART would be hosted in Amazon Web Services’ GovCloud.Footnote 203

6. ICE analysts at the Law Enforcement Support Center (LESC) in Williston, Vermont receive the Immigrant Alien Query (IAQ) from Nlets.

IAQsFootnote 20 are placed in a queue. Once an IAQ rises to the top of the queue, a contract analyst for ICE picks it off of the line, conducts cursory initial database queries, and begins working on an Immigrant Alien Response (IAR). The contract analyst uses a computer system, ACRIMe, and oversees the process of checking you against numerous government and private datasets.Footnote 204

Databases used: Nlets and ACRIMe

Nlets

According to a 2020 ICE Office of Acquisition Management budget justification document,

Without access to Nlets, ICE does not have the ability to query other State and Local Law Enforcement databases for criminal records, DMV records, state court records, and numerous other state databases, and may be forced to remove over 322,000 ICE warrants from the NCIC database.Footnote 205

Furthermore, “It’s been confirmed that no other vendor is connected to Law Enforcement agencies nationwide, and can provide access to NCIC data, and allow Law Enforcement officers nationwide to submit queries, which allows the LESC to respond to the queries in a secure environment.”

ACRIMe

Once the IAQ is created, Nlets drops off.Footnote 206 A different ICE information system, ACRIMe (Alien Criminal Response Information Management System), takes over.Footnote 207 ACRIMe is a web-based, wraparound system within which ICE’s contract analysts and field officers can access some criminal legal and DHS sub-agency files, respond to immigration status queries, or tag targeted individuals in FBI and criminal law enforcement files for future “lookout.”Footnote 208

Source: Nlets Wiki

The full content of this chart can be found under the heading "Legacy (DEPRECATED: Immigration Alien Legacy Specifications" at https://wiki.nlets.org/index.php/Section_19:_Immigration_Alien_Transactions.

Source: Nlets Wiki

The full content of this chart can be found under the heading "Legacy (DEPRECATED: Immigration Alien Legacy Specifications" at https://wiki.nlets.org/index.php/Section_19:_Immigration_Alien_Transactions.

7. ACRIMe automatically searches for name and date of birth matches in various criminal, customs, and immigration databases.

Databases and systems used and searched can include:Footnote 26

  • ACRIMe allows ICE to flag individuals in the NCIC system and/ or mark their record with an outstanding criminal or administrative warrant — so that if the person is arrested in the future, the ICE note will show up.Footnote 209

  • Nlets
  • CIS (Central Index System)Footnote 210 - More detail below
  • CLAIMS 3 and 4
    • CLAIMS 3 allows an ICE officer or analyst to review a person’s applications for, among other things, lawful permanent residency, temporary protected status, and work authorization. CLAIMS 3 collects biographical information, travel and visa data, and also stores social media identifiers (also known as usernames, identifiers, or “handles”) and associated social media platforms used by an applicant during the five years prior to application.Footnote 211 Individuals familiar with CLAIMS 3 consider the database’s error rate to be close to 30 percent.Footnote 212
    • CLAIMS 4 contains information from naturalization applications.Footnote 213
  • EID (Enforcement Integrated Database) - more detail about the EID databases is below
    • EAGLE (EID Arrest Graphical User Interface for Law Enforcement)
    • ENFORCE
      • ENFORCE Alien Removal Module (EARM)
      • Prosecutions Module (PM)
      • OM²: Tracks location via addresses on file with utility providers and USPS

      • Law Enforcement Notification System (LENS)

    • EDDIE

  • IDENT/ HART: archives biometric and biographic information (including experimental modalities such as voice and facial recognition) taken from current and past visa applications, passports, and from during individuals’ encounters with law enforcement and immigration officers.Footnote 214  
  • ADIS (Arrival and Departure System): ICE uses ADIS to predict, using algorithms, which non-immigrant visitors might overstay their visa, based on an individual’s entry and exit data, and their immigration status information.Footnote 215 In 2017, the DHS OIG found that ADIS incorrectly identified visa overstays more than 42 percent of the time.Footnote 216
  • SEVIS (Student and Exchange Visitor Information System): ICE uses SEVIS to track noncitizens who enter the United States as students and exchange visitors, as well as their dependents.Footnote 217
  • EOIR (Executive Office for Immigration Review): This DHS database provides basic information about immigration court proceedings.

The ACRIMe user at LESC can query the above databases, and also choose to manually search other government and commercial databases.Footnote 218

Court documents from 2017 indicated that ICE relies on sixteen databases.Footnote 219 (This statement might downplay the fact that because many databases link to others, making contact with a system like EID may actually provide datasets from a dozen or more discrete databases.)

More detail on some of these databases follows.

CIS (Central Index System)

This USCIS database contains biographical and status information of applicants seeking immigration and non-immigration benefits. Data in CIS is riddled with errors such as name misspellings and incorrect nationalities listed.Footnote 38 DHS acknowledged in a 2012 study that at least 12% of individuals had the wrong “admission field,” which is often caused by an officer failing to update a person’s immigration status when it changes.Footnote 220 The CIS database is the “spine” of USCIS’s functions.Footnote 220

CIS’ main purpose is to provide a searchable central index of A-Files — physical files that contain hard copy documents that detail a person’s current immigration status.Footnote 221 According to DHS, “A-Files document the life of immigrants in the United States. The average A-file includes around 200 pages; the size of A-Files is increasing and varies significantly based on the number of interactions with U.S. officials and the amount of material submitted to the government by the immigrant. While there have been some recent efforts to digitize some of the forms in A-Files, the records are largely paper-based. These records are held and processed at the National Records Center (NRC), a vast cave located in Lee’s Summit, Missouri. DHS uses a cave for NRC operations because the environment is beneficial for paper-based records, and is large enough to accommodate the amount of space needed for storage – the facility has an area of nearly six football fields. A-Files might also be located at one of hundreds of field offices around the country.” USCIS maintains millions of A-Files and has millions more in digitized format.Footnote 222

EID (Enforcement Integrated Database)

EID is a “database repository” that can only be accessed via a suite of applications, EAGLE and ENFORCE. EID is one of ICE’s most vital and generative databases for data criminalization, storing biometric and biographic information of individuals arrested and detained by ICE.

EID “talks to” and connects dozens of federal databases, creating a fractal of criminalization potential.

EID’s sources include: NCIC, suspects, victims, witnesses, and associates interviewed by DHS officers or agents; undercover operations and related surveillance technology; confidential informants; visa and immigration benefits applications, travel documents, and identification documents (i.e. visas, birth certificates); federal, state, local, tribal, international, or foreign governmental organizations; employers, schools, and universities; individuals making bond arrangements; applicants, sponsors, and those representing noncitizens during immigration benefit application processes; publicly and commercially available databases (i.e. newspapers, registries, social media); and other federal databases.Footnote 43

Source: US Immigration and Customs EnforcementFootnote 44

EAGLE (EID Arrest Graphical User Interface for Law Enforcement)

EAGLE is a booking application (a “suite”) used to access data stored in EID.Footnote 45 EAGLE allows multiple law enforcement officers and contractors in different locations (including via mobile devices) to confirm a person’s identity and access the same information simultaneously in order to research and build out a person’s biometric and biographic profile.Footnote 223 EAGLE creates records in EID.

EAGLE also submits biographic information, fingerprints, and arrest information to the FBI’s NGI biometric database (formerly IAFIS) for storage and for fingerprint-based criminal records checks. EAGLE receives the results of the fingerprint check from NGI, including any criminal history information or wants and warrants on the individual. EAGLE also submits biographic information, fingerprints, photographs, and arrest/encounter information to the DHS IDENT/ HART biometric database for enrollment and query. EAGLE will receive the results of the IDENT check, which include any matching biographic information, Fingerprint Identification Number, photographs, and previous encounter information. EAGLE receives and archives, among other things, information about foreign nationals who’ve visited the US — whose fingerprints and photographs from visa applications are stored in IDENT/ HART.Footnote 224

ENFORCE

ENFORCE Alien Removal Module (EARM): Records include: multiple photos to track changes in a migrant detainee’s appearance, details about phone calls made by people being detained — including information about the person who was called, the person’s relationship to the detainee, the date and length of the call, the phone number that was called, whether the call was successful, and any freeform comments made by ICE deportation officers.

EARM also records enrollment details for ICE’s ATD program, ISAP III, including the type of supervision that the individual will receive. (GPS location data collected from ISAP enrollees are stored on the contractor, B.I. Inc.’s databases.)

Prosecutions Module (PM): Tracks criminal cases by data-scraping public court records

DHS does not have one comprehensive system that tracks all criminal cases in real time and simultaneously identifies and locates individuals whose legal status make them deportable. One workaround the agency has created is the Prosecutions Module, or PM, which data scrapes information from the main US Courts online system, Public Access to Court Electronic Records (PACER).Footnote 48 PM siphons data from THE PACER system to access case and docket information online from federal district, magistrate, appellate, and bankruptcy courts.

Accessed through EARM, PM is used as part of ICE Enforcement Removal Office (ERO)’s Criminal Alien Program (CAP) “to track the status of aliens’ criminal cases as they move through the judicial system,” according to DHS’ Privacy Impact Assessment on EID in 2018. Through this method, ICE can identify when someone will have a court date and make an arrest, or wait until the final outcome of a case to determine whether the case makes someone newly vulnerable to arrest and deportation. The focus of CAP and PM is on “identification and arrest of removable aliens who are incarcerated within federal, state and local prisons and jails, as well as at-large criminal aliens that have circumvented identification.”

PM can also access real-time information from the Federal Bureau of Prisons (BOP) inmate information system (SENTRY), which shows where people serving prison sentences are held or moved.

OM²: Tracks location via addresses on file with utility providers and USPS

Operations Management Module is used by ICE ERO officers to locate and track “leads” via addresses linked to them. According to a 2019 DHS Privacy Impact Assessment, OM² performs manual and batch checks against US Postal Service commercially available data sets that update city and state information by zip code. It can cross-reference those data against commercial sources that provide open source data that includes biographical information, criminal history, criminal case history, and vehicle information (including vehicle registration information). It includes “phone numbers of targets associated with the lead.”Footnote 225

Law Enforcement Notification System (LENS): Notifies non-immigration law enforcement when people meeting certain criminalized criteria are released from ICE custody

LENS is a notification and messaging system within EARM that pulls data from EID to automatically screen people scheduled for release from ICE custody for certain “violent or serious crimes.”Footnote 226 People who meet the criteria pre-selected by ICE are targeted for informal criminalization via notifications to non-immigration law enforcement informing them of the pending release.Footnote 227 DHS acknowledged in its 2015 PIA of LENS that ICE officers rely on data from NCIC to determine “whether an alien has a qualifying conviction that triggers a LENS notification,” but alleged that “standard ICE practice” involves “validating the existence of a conviction with the primary source (e.g., the court or other appropriate source, such as a parole officer) while the alien is in ICE custody.”  

According to a 2015 Privacy Impact Assessment evaluating LENS, “Book-out, criminal conviction, and biographic information triggers the creation of a notification message” which is composed by LENS and sent via NLETS “to the law enforcement agency for the state from which the alien is being released as well as the state in which the alien intends to reside (if they are not the same).”Footnote 228

EDDIE

EDDIE is a mobile app that ICE agents use during raids and interrogations to scan and upload fingerprints and photographs of a person to EID (before or without taking anyone into formal custody).Footnote 54

Using EDDIE, an ICE officer in the field can “immediately query other government databases to determine if they contain the same fingerprints as those collected by ICE.”Footnote 229 EDDIE can verify the identity of a subject presumably already known to ICE and is also used to identify a subject who is unknown to ICE by querying other government databases.  

EDDIE can query the FBI’s NGI system for criminal history information and IDENT for a person’s immigration history. In response to the query, NGI and/or IDENT send a response, in less than a minute, to EDDIE indicating whether there is a fingerprint match. A response with a positive “hit” in IDENT includes a “hit level” (based on the presence or absence of derogatory information found in the databases). This information can be manually entered into EID. The NGI response includes a list of potential candidates who may match the prints submitted by EDDIE. NGI also provides the candidate’s Identity History Summary, which was formerly referred to as a “rap sheet.”

Information collected by EDDIE and uploaded to EID is viewable through EAGLE, allowing agents and officers in different locations to collaborate on a case. As a 2019 PIA described, “If an officer in the field enters data in EDDIE, another officer sitting at his or her workstation can view the information in EAGLE and enter additional data if needed. Likewise, an officer at his or her workstation can enter information in EAGLE, and an officer in the field can view it in EDDIE.”Footnote 229

8. Based on the above searches, ICE’s data analyst at LESC decides whether ICE has the basis to issue a detainer or arrest you.

The ACRIMe user prepares an Immigration Alien Response (IAR) that recommends to an ICE deportation officer whether you might be removable.Footnote 57 The IAR includes a person’s last known immigration or citizenship status, basic biographical information and criminal history. ACRIMe then electronically returns the IAR to both the requesting agency and the ICE ERO Field Office that is in the region of the requestor. If the analyst decides that a person might be deportable, then an ICE agent or officer can lodge a detainer via the ACRIMe system, and the IAR is routed to the local ICE field office which has jurisdiction.Footnote 230 Whatever the decision, an ICE field office can still carry out its own search, and has unchecked power to decide when the “evidence” it has is enough to justify a detainer or arrest.Footnote 231

9. The IAR is sent from LESC to an ICE field office, and/or PERC.

ACRIMe allows contract analysts at PERC to search multiple criminal legal, DHS and commercial databases to cross-check for any possibility of deportability. ICE field officers can access the analyst’s research via ACRIMe as well, and can also conduct their own research and investigation.

PERC is a newer center, established in January 2015.Footnote 60 ICE contract analysts at PERC attempt to identify, locate, and build a case against people whom it suspects are deportable. This includes people who have been previously ensnared by the automated data criminalization system, but were released before ICE picked them up. PERC creates detainers all day and night, scraping datasets that collect everything from social media posts to family members’ naturalization records to try to justify “probable cause” for a detainer.

An ongoing lawsuit, Gonzalez v. ICE, called into question whether issuing detainers based on incomplete and inaccurate databases violates the constitution, and enjoined several states, temporarily preventing them from honoring PERC detainers. However, a Ninth Circuit ruling in September 2020 overturned the prior injunction.Footnote 232

Additional databases consulted by PERC analysts may include: CLEAR and/or LexisNexis

CLEAR and/or LexisNexis

Among the other systems listed above, until February 2021, PERC used Thomson Reuters’ CLEAR.Footnote 62 CLEAR includes more than 400 million names, addresses and service records and is updated daily.Footnote 233 CLEAR’s contract expired in February, and it remains unclear if it will be renewed — in part due to pressure from Thomson Reuters shareholders. Unfortunately, there are always contractors waiting in the wings to fill the gaps, and LexisNexis signed a contract in April 2021 to provide similar services for ICE in April, apparently replacing CLEAR.Footnote 234

Data fed into commercial data aggregators come from numerous government and other commercial databases.Footnote 235 These include real-time incarceration records (including booking photos), cell phone location and automated license plate reader data history, utility information from Equifax, and social media accounts. Although PERC agents print detainers, they do not “investigate” beyond database checks.Footnote 236 A 2019 New York Times Magazine article detailed some of the ways that PERC works with ICE agents on the ground to stalk immigrants who are not in custody.Footnote 237

10. ICE uses ACRIMe to issue a detainer to the jail where you are held.

Your fate is in the hands of your jailers.

Best case scenario: Even if the cops do not honor ICE’s detainer, and you are released, your “permanent record” is now beefed up and freshly linked to criminalizing data. If you encounter law enforcement or immigration officials in the future, it will only take a quick database check for them to decide that you’re worth detaining and investigating further. Also, ICE could decide at any time to prioritize coming for you. They have very updated information about where to find you.

Worst case scenario: If the jail decides to hold you or notify ICE about the details of your release, ICE could send over an agent to arrest you. If things go badly, you could be deported within days.

 

Appendix: “Life cycle” of international travel surveillance (longer version)

As mentioned above, the process of screening all people who travel to, from, within, or even over the US begins well before anyone steps into an airport. Surveillance, identification, cross-checking and prediction processes may begin with the click of a mouse on someone’s home computer in a country far away. Here, we detail a longer version of this process than what is included in the report, that includes more extensive descriptions of datasets and systems.

1. If you are a non-citizen, before you can legally enter the US you must apply for a visa and/or have your passport checked.

If you were born in one of the 38 countries that qualify for the US’ visa waiver program, you don’t need a visa for some short-term visits.

If you were born in a country that is not eligible for visa waivers, you must obtain authorization, in the form of a non-immigrant or immigrant visa, from the US Department of State (DOS), issued at an US Embassy or Consulate. Visa applications automatically generate multiple biographic and biometric checks against multiple criminalizing and suspected terrorist databases that seek to verify an applicant’s identity and match them to derogatory information.Footnote 238

Databases used to approve or “vet” visas:

  • Electronic System for Travel Authorization (ESTA)
  • Consular Consolidated Database (CCD)

The DOS uses its Consular Consolidated Database (CCD) to vet visa applications. CCD is a near real-time aggregate that stores current and archived data from all US consulates around the world.Footnote 239 CCD contains information about US citizens as well as legal permanent residents and foreign nationals who apply for nonimmigrant and immigrant visas. Immigrant and non-immigrant visa application details, including rejected applications with vetting comments, are shared between DHS, the FBI, the Department of Defense, and other federal agencies implicated in the visa and passport review and approval process. Applicant photographs stored in CCD include those from previous passports and visas, and are automatically registered for facial recognition. CCD contains financial, medical, educational information, family relations, international adoption information, arrests and conviction data, race, social media accounts, and information from commercial data brokers and public records.Footnote 240

Additionally, CBP’s National Targeting Center (NTC) “continuously vets” all holders of immigrant and non-immigrant visas of travelers before they board US-bound flights.

NTC checks the following:

  • Terrorist Screening Database
  • CCD
  • INTERPOL wants/ warrants
  • US immigration violations

2. As soon as you purchase your airline ticket, your reservation information and itinerary become available to DHS.

This information is stored and retrievable as the following data:

When you buy an airline ticket, a computer reservation system (likely managed by major global distribution systems that handle booking and are contracted by airlines), retains the details of the transaction in the form of a “passenger name record” (PNR, as mentioned above). A PNR number is assigned. This may be called a record locator, booking reference, or reservation code. It is an automatically-generated code with five or six alphanumeric characters. In addition to your full name, timestamped IP address, credit card number, itinerary, and email address, a PNR file may include information about your travel companions.Footnote 4 It could list your emergency contacts, records from transportation other than flights, car rental history, organizational affiliations or employer.Footnote 241 It might archive your hotel reservations (including number of beds requested), records of meal requests, and free-form notes made by officers at national borders.Footnote 242 PNRs are commercial data that are stored in and mined by various DHS tools for patterns to predict “risk” and “identify abnormalities in travel patterns.”Footnote 243

3. Your personal profile and information — your name, ethnicity, national origin, travel itinerary, occupation, personal, political, religious and professional contacts and associations — can be screened by DHS.

Your personal profile and information — your name, ethnicity, national origin, travel itinerary, occupation, personal, political, religious and professional contacts and associations — can be screened by DHS using black-box, rules-based algorithmic predictions as well as matched against various secret watchlists. These secret and changing rules determine whether and how you may be targeted for harassment and arrest once you do show up at the airport.

In November 2001, then-President Bush signed the Aviation and Transportation Security Act into law, creating the Transportation Security Administration (TSA) — a division of DHS that operates a travel-permission system for domestic US flights called “Secure Flight.” 

“Secure Flight” began as a program where aircraft operators screened names from passenger reservations to see if they matched or closely resembled any included on a “No Fly List”Footnote 8 and other federal watchlists of “known or suspected terrorists” created by the FBI. If the aircraft operator suspected a watchlist match, the operators were supposed to notify TSA and send the targeted passenger for enhanced in-person screening.

Today, “Secure Flight” allows TSA to access CBP’s surveillance dragnet and prediction tool — Automated Targeting System, or ATS, (more on this below) and write rules for the algorithm used by the ATS system to decide who qualifies as a “risk” and will be added to a category of people who will be subject to increased security checks. Targeting rules, and therefore the people targeted, can change day to day.Footnote 244

According to a 2019 PIA on ATS: “These rules are based on risk factors presented by a given flight and passenger, the level of screening for a passenger that may change from flight to flight. Travelers may match a TSA or CBP-created rule based upon travel patterns matching intelligence regarding terrorist travel; upon submitting passenger information matching the information used by a partially-identified terrorist; or upon submitting passenger information matching the information used by a Known or Suspected Terrorist.”Footnote 245

Data systems you are screened against and processed by may include:

  • Secure Flight
  • Various FBI “no fly lists,” including “known or suspected terrorists”
  • Automated Targeting System (ATS): more below
  • ICM/ TECS 

TECS, CBP’s international entry/ exit log of crossings of US borders, is now being “modernized” into Palantir’s ICM. As detailed above, ICM is an “intelligence system” that allows users to access different criminalizing databases and biometric databases — both government-owned and private.Footnote 246 Since 1987, TECS has recorded law enforcement “lookouts,” border screening data, and reporting from CBP’s primary and secondary inspection processes. CBP officers have used TECS as their main system at the border and elsewhere to screen arriving travelers and determine their admissibility.

Buying an airline ticket for an international flight creates a flag in the TECS system if you are already being tracked in the database.Footnote 247 ICE analysts can sign up for notification alerts, so if you have a final order of removal, for example, and purchase an international airline ticket in your name, ICE can send agents to meet you at the airport.Footnote 248

TECS:

  • Includes information from the FBI Terrorist Screening Center’s Terrorist Screening DatabaseFootnote 249  
  • Provides access to NCICFootnote 250
  • Connects to NletsFootnote 251
  • Includes free-form notes written by CBP officers and Border Patrol agents about individuals with whom they interact. CBP officers and Border Patrol agents can allege that someone’s behavior might be related to intelligence gathering or preoperational planning related to terrorism, criminal, or other illicit intention; this notation will stay on a person’s permanent record, regardless of the outcome of the encounter.Footnote 252

Source: US Government Accountability Office

This flow chart describes the following risk levels: low risk (match with TSA pre-check list or identified by TSA pre-check risk assessments), unknown risk (passengers who do not match high or low risk lists or match the TSA pre-check disqualification list), high risk (passengers matching the rules-based lists, expanded selectee list, selectee list, or passengers designated as random selectees), and highest risk (passengers matching the no fly list, or the Centers for Disease Control and Prevention Do Not Board List). The graphic indicates that low risk passengers get expedited screening, unknown risk passengers get standard screening, high risk passengers have their luggage searched and receive a physical pat-down, and highest risk passengers are barred from flying.

4. Once you are inside the airport, your face is overtly and covertly captured for facial recognition and real-time tracking.

CBP uses its own in-house facial recognition matching technology, the Traveler Verification Service (TVS), for identity verification and biometric entry and exit “vetting checks.”Footnote 18

When the traveler enters or exits an airport, border crossing, or seaport, they will pass a camera connected to CBP’s cloud-based TVS facial matching service. The camera may be owned by CBP, the air or vessel carrier, another government agency (like TSA), or an international partner.Footnote 253 If the camera is CBP-owned and operated, a CBP officer will be present. However, if the camera is airline-operated, it may not necessarily be visible. It may be located on a jetway after a passenger scans their boarding pass, and the passenger might not even know an image of their face is being captured. TVS matches the live image of the traveler on the jetway with existing photos in a “gallery” (maintained in IDENT) that archives photographs from CBP’s ATS-UPAX database that might be from previous exits and entries, US passports and visas, from DHS apprehensions, enforcement actions, or other immigration-related records.

5. CBP must approve every single passenger before an international flight departs, arrives in, or overflies the US.

When you check in for an international flight to, from, or that overflies the US, the Advance Passenger Information System (APIS) transmits your PNR data and itinerary (including flight status updates) to CBP. Before you are permitted to board the plane, passport or ID is scanned by a CBP officer or TSA agent. The machine readable zone of their document pulls up your full name, date of birth, and citizenship, which can be used to retrieve information about your scheduled flight. This data is sent to CBP via APIS in the form of “passenger manifests” — commercial airline records that are transferred to CBP for vetting in real-time, or 30 minutes prior to boarding.Footnote 20 APIS generates a “Overstay Lead” list that is shared with CBP’s main computer system that assesses “risk,” ATS.Footnote 254