DHS

Civil and digital rights experts are horrified by a proposed rule change that would allow the Department of Homeland Security to collect a wide range of sensitive biometric data on all immigrants, without age restrictions, and store that data throughout each person’s “lifecycle” in the immigration system.

If adopted, the rule change would allow DHS agencies, including Immigration and Customs Enforcement (ICE), to broadly collect facial imagery, finger and palm prints, iris scans, and voice prints. They may also request DNA, which DHS claimed “would only be collected in limited circumstances,” like to verify family relations. These updates would cost taxpayers $288.7 million annually, DHS estimated, including $57.1 million for DNA collection alone. Annual individual charges to immigrants submitting data will likely be similarly high, estimated at around $231.5 million.

Costs could be higher, DHS admitted, especially if DNA testing is conducted more widely than projected.

“DHS does not know the full costs to the government of expanding biometrics collection in terms of assets, process, storage, labor, and equipment,” DHS’s proposal said, while noting that from 2020 to 2024, the US only processed such data from about 21 percent of immigrants on average.

Alarming critics, the update would allow DHS for the first time to collect biometric data of children under 14, which DHS claimed would help reduce human trafficking and other harms by making it easier to identify kids crossing the border unaccompanied or with a stranger.

Jennifer Lynch, general counsel for a digital rights nonprofit called the Electronic Frontier Foundation, told Ars that EFF joined Democratic senators in opposing a prior attempt by DHS to expand biometric data collection in 2020.

There was so much opposition to that rule change that DHS ultimately withdrew it, Lynch noted, but DHS confirmed in its proposal that the agency expects more support for the much broader initiative under the current Trump administration. Quoting one of Trump’s earliest executive orders in this term, directing DHS to “secure the border,” DHS suggested it was the agency’s duty to use “any available technologies and procedures to determine the validity of any claimed familial relationship between aliens encountered or apprehended by the Department of Homeland Security.”

Lynch warned that DHS’s plan to track immigrants over time, starting as young as possible, would allow DHS “to track people without their knowledge as they go about their lives” and “map families and connections in whole communities over time.”

“This expansion poses grave threats to the privacy, security, and liberty of US citizens and non-citizens,” Lynch told Ars, noting that “the federal government, including DHS, has failed to protect biometric data in the past.”

“Risks from security breaches to children’s biometrics are especially acute,” she said. “Large numbers of children are already victims of identity theft.”

By maintaining a database, the US also risks chilling speech, as immigrants weigh risks of social media comments—which DHS already monitors—possibly triggering removals or arrests.

“People will be less likely to speak out on any issue for fear of being tracked and facing severe reprisals, like detention and deportation, that we’ve already seen from this administration,” Lynch told Ars.

DHS also wants to collect more biometric data on US citizens and permanent residents who sponsor immigrants or have familial ties. Esha Bhandari, director of the ACLU’s speech, privacy, and technology project, told Ars that “we should all be concerned that the Trump administration is potentially building a vast database of people’s sensitive, unchangeable information, as this will have serious privacy consequences for citizens and noncitizens alike.”

“DHS continues to explore disturbing new excuses to collect more DNA and other sensitive biometric information, from the sound of our voice to the unique identifiers in our irises,” Bhandari said.

EFF previously noted that DHS’s biometric database was already the second largest in the world. By expanding it, DHS estimated that the agency would collect “about 1.12 million more biometrics submissions” annually, increasing the current baseline to about 3.19 million.

As the data pool expands, DHS plans to hold onto the data until an immigrant who has requested benefits or otherwise engaged with DHS agencies is either granted citizenship or removed.

Lynch suggested that “DHS cites questionable authority for this massive change to its practices,” which would “exponentially expand the federal government’s ability to collect biometrics from anyone associated with any immigration benefit or request—including US citizens and children of any age.”

“Biometrics are unique to each of us and can’t be changed, so these threats exists as long as the government holds onto our data,” Lynch said.

DHS will collect more data on kids than adults

Not all agencies will require all forms of biometric data to be submitted “instantly” if the rule change goes through, DHS said. Instead, agencies will assess their individual needs, while supposedly avoiding repetitive data collection, so that data won’t be collected every time someone is required to fill out a form.

DHS said it “recognizes” that its sweeping data collection plans that remove age restrictions don’t conform with Department of Justice policies. But the agency claimed there was no conflict since “DHS regulatory provisions control all DHS biometrics collections” and “DHS is not authorized to operate or collect biometrics under DOJ authorities.”

“Using biometrics for identity verification and management” is necessary, DHS claimed, because it “will assist DHS’s efforts to combat trafficking, confirm the results of biographical criminal history checks, and deter fraud.”

Currently, DHS is seeking public comments on the rule change, which can be submitted over the next 60 days ahead of a deadline on January 2, 2026. The agency suggests it “welcomes” comments, particularly on the types of biometric data DHS wants to collect, including concerns about the “reliability of technology.”

If approved, DHS said that kids will likely be subjected to more biometric data collection than adults. Additionally, younger kids will be subjected to processes that DHS formerly limited to only children age 14 and over.

For example, DHS noted that previously, “policies, procedures, and practices in place at that time” restricted DHS from running criminal background checks on children.

However, DHS claims that’s now appropriate, including in cases where children were trafficked or are seeking benefits under the Violence Against Women Act and, therefore, are expected to prove “good moral character.”

“Generally, DHS plans to use the biometric information collected from children for identity management in the immigration lifecycle only, but will retain the authority for other uses in its discretion, such as background checks and for law enforcement purposes,” DHS’s proposal said.

The changes will also help protect kids from removals, DHS claimed, by making it easier for an ICE attorney to complete required “identity, law enforcement, or security investigations or examinations.” As DHS explained:

DHS proposes to collect biometrics at any age to ensure the immigration records created for children can be related to their adult records later, and to help combat child trafficking, smuggling, and labor exploitation by facilitating identity verification, while also confirming the absence of criminal history or associations with terrorist organizations or gang membership.

A top priority appears to be tracking kids’ family relationships.

“DHS’s ability to collect biometrics, including DNA, regardless of a minor’s age, will allow DHS to accurately prove or disprove claimed genetic relationships among apprehended aliens and ensure that unaccompanied alien children (UAC) are properly identified and cared for,” the proposal said.

But DHS acknowledges that biometrics won’t help in some situations, like where kids are adopted. In those cases, DHS will still rely on documentation like birth certificates, medical records, and “affidavits to support claims based on familial relationships.”

It’s possible that some DHS agencies may establish an age threshold for some data collection, the rule change noted.

A day after the rule change was proposed, 42 comments have been submitted. Most were critical, but as Lynch warned, speaking out seemed risky, with many choosing to anonymously criticize the initiative as violating people’s civil rights and making the US appear more authoritarian.

One anonymous user cited guidance from the ACLU and the Electronic Privacy Information Center, while warning that “what starts as a ‘biometrics update’ could turn into widespread privacy erosion for immigrants and citizens alike.”

The commenter called out DHS for seriously “talking about harvesting deeply personal data that could track someone forever” and subjecting “infants and toddlers” to “iris scans or DNA swabs.”

“You pitch it as a tool against child trafficking, which is a real issue, but does swabbing a newborn really help, or does it just create a lifelong digital profile starting at day one?” the commenter asked. “Accuracy for growing kids is questionable, and the [ACLU] has pointed out how this disproportionately burdens families. Imagine the hassle for parents—it’s not protection; it’s preemptively treating every child like a data point in a government file.”