The face-recognition application Mobile Fortify, currently utilized by U.S. immigration enforcement across various locations, has come under scrutiny due to its limitations in accurately identifying individuals in public spaces. Reports from WIRED reveal that this app was deployed without the critical oversight that typically accompanies technologies influencing privacy.
The Department of Homeland Security (DHS) introduced Mobile Fortify in spring 2025, aimed at “determining or verifying” the identities of individuals encountered by DHS agents during federal operations. This deployment was closely associated with a controversial executive order issued by President Donald Trump, which mandated a stringent approach to undocumented immigration, emphasizing expedited removals and increased detention.
Despite DHS branding Mobile Fortify as a facial recognition tool intended for identification purposes, it does not actually “verify” identities, a known limitation of the underlying technology. Nathan Wessler from the American Civil Liberties Union highlights that all manufacturers of facial recognition technology acknowledge their systems’ inaccuracies, stating, “they are not capable of providing a positive identification.”
Documents obtained by WIRED indicate that DHS expedited the approval of Mobile Fortify by dismantling existing privacy review processes and eliminating department-wide restrictions on facial recognition technology. These changes were overseen by a former lawyer affiliated with the Heritage Foundation, who now holds a senior privacy role at DHS.
DHS has avoided disclosing the specific methods its agents utilize while facing increasing demands for transparency from both oversight officials and various privacy advocacy groups. Evidence suggests that Mobile Fortify has been employed to scan not only individuals targeted by ICE but also U.S. citizens and bystanders involved in protests against enforcement actions.
Documentation indicates that federal agents have informed citizens that their faces were being captured for facial recognition purposes and would be added to a database without their consent. Additionally, there have been reports of agents utilizing perceived ethnicity and accent as bases for escalating interactions, subsequently employing facial recognition technology as a further investigative step.
The technology behind Mobile Fortify enables facial data capture well beyond the U.S. border, resulting in the potential for creating nonconsensual face profiles of individuals, including U.S. citizens and lawful residents, according to DHS’s Privacy Office. Current insights into the app’s functionality mainly arise from legal proceedings and testimonies from agents.
Recent developments include a federal lawsuit where Illinois and Chicago officials disclosed that the app had been deployed “in the field over 100,000 times” since its inception. Concerns raised include instances where facial recognition misidentified individuals, as highlighted during an agent’s testimony regarding a woman in custody, where discrepancies arose from varying angles and expressions captured during the scanning process.
The potential security implications of Mobile Fortify are significant, particularly within the context of the MITRE ATT&CK framework. Techniques related to initial access and identification related to identity management are relevant, indicating that adversaries could exploit the system’s weaknesses in maintaining data security and privacy. Overall, as these technologies evolve, so too do the challenges surrounding their ethical use and impact on individual privacy rights.