Stop Trump’s Midnight Surveillance Rule

Proposed Rule Would Track and Surveil Immigrants and Impede Access to Immigration Status by Expanding Biometrics Collections


On September 11, 2020, U.S. Citizenship and Immigration Services (USCIS) issued a notice of proposed rulemaking (NPRM) titled “Collection and Use of Biometrics.”[1] The NPRM would permit the U.S. Department of Homeland Security (DHS) to collect a wide range of physical, personal, and behavioral characteristics, including DNA samples, from non–U.S. citizens, citizens, and their families. The proposed regulations would allow DHS to store this sensitive personal information indefinitely in a giant “person centric” database, where it could be searched and shared with other agencies and used to track and surveil citizens and noncitizens.

Despite its attempt to fast-track the proposed rule, the Trump administration did not manage to finalize it before President Biden was inaugurated. The Biden administration should withdraw the rule in its entirety. Here’s why.

The NPRM would give DHS free rein to collect a vast range of personal and intimate physical and behavioral characteristics from citizens and noncitizens

The NPRM creates a sweeping definition of biometrics that includes a wide range of personal and intimate physical and behavioral characteristics that reach far beyond traditional biometrics such as fingerprints, palm prints, photographs, and signatures. Instead, the definition includes data such as “facial images specifically for facial recognition, as well as photographs of physical or anatomical features such as scars, skin marks, and tattoos,” signatures, voice prints; iris images; and DNA test results.[2]

And if DHS decides to expand its biometrics definition in the future, the NPRM allows it to do so with no oversight.[3] This means that DHS could add even more invasive behavioral characteristics, such as gait analysis, heartbeats, or geolocation and navigational patterns.

Collection of sensitive biometrics would be the default setting under the proposed rule

The proposed rule would require biometrics collection from immigrants and citizens. It would “flip the current construct from one where biometrics may be collected based on past practices, regulations, or the form instructions for a particular benefit, to a system under which biometrics are required for any immigration benefit request unless DHS determines that biometrics are unnecessary.”[4] DHS officials’ exercise of this unfettered discretion inevitably will result in arbitrary and inconsistent decisions about whether a person is required to provide biometrics.

Even babies and children would be required to provide biometrics and prove good moral character

Under current rules, DHS does not collect fingerprints and photographs from children under the age of 14,[5] and children are afforded a presumption of good moral character for purposes of immigration adjudications. But the NPRM changes this, allowing DHS to collect the full range of physical and behavioral characteristics regardless of age.[6] And children, regardless of age, will have to prove good moral character to qualify for immigration status as victims of abuse or trafficking.[7]

Biometrics collection and use are part of DHS’s never-ending “enhanced and continuous” surveillance of noncitizens and citizens

The NPRM would expand biometrics collection drastically for certain initial immigration benefits applications. But even more alarmingly, its cradle-to-grave provisions would require noncitizens and citizens to provide biometrics repeatedly.

With DHS’s program of “enhanced and continuous vetting,” people with approved immigration benefits “may be required to submit biometrics unless and until they are granted U.S. citizenship.”[8] In addition, a U.S. citizen or lawful permanent resident “may be required to submit biometrics if he or she filed an application, petition, or request in the past, and it was either reopened or the previous approval is relevant to an application, petition, or benefit request currently pending with USCIS.”[9] And the biometrics for noncitizens and citizens alike would be available to be searched and shared for purposes well beyond applications for immigration benefits, allowing use for “criminal history and national security background checks; identity enrollment, verification, and management; secure document production, and to administer and to enforce immigration and naturalization laws.”[10]

The NPRM recognizes that biometrics collection and retention create risks to individual privacy,[11] and that DNA collection in particular creates “concerns germane to privacy, intrusiveness, and security.”[12] But by deeming the costs of these risks to be “unquantified,”[13] it accepts them, making no attempt to protect the privacy of those whose biometrics are collected and retained.

The NPRM is part of DHS’s under-the-radar creation of the giant “person-centric” database, Homeland Advanced Recognition Technology (HART), that will include physical characteristics, biographic and encounter information, and other personal information about millions of citizens and noncitizens that will be shared with domestic and foreign law enforcement and intelligence agencies

The NPRM’s “person-centric” biometrics collection will contribute to DHS’s surreptitious and piecemeal creation of a vast database called Homeland Advanced Recognition Technology (HART).[14] HART will replace DHS’s current biometrics database, the Automated Biometric Identification System (IDENT), but is mentioned only in passing in one footnote in the NPRM.[15]

HART is not only a biometrics database. Its components also will include identifiers for derogatory information, miscellaneous officer comment information, and encounter data, as well as “records related to the analysis of relationship patterns among individuals and organizations.”[16] Derogatory information and encounter data will include information collected even when there’s no suspicion of a crime or immigration violation, and inclusion of “relationship patterns” will vastly expand the number of people whose information is included. And in addition to data collected from government entities, HART will also be populated using “information from publicly available sources.”[17]

HART will expand DHS’s ability to consolidate and share biometrics and other information. For example, a component of HART will “link individuals with their encounters, biometrics, records, and other data elements” and allow information to be shared with domestic and international agencies.[18] Extending far beyond the NPRM’s broad list of uses for biometrics outlined above, information in HART will be used and shared, domestically and internationally, for the wide-open categories of law enforcement, national security, immigration screening, border enforcement, intelligence, national security, and background investigation purposes.[19] DHS’s claims that it will simply use biometrics for identity management and to prevent human trafficking are disingenuous.[20]

HART presents an upside-down world in which vast amounts of data will be amassed but how that data will ultimately be used remains to be decided and explained only after-the-fact. Biometrics collected under the NPRM would play a critical role in that process.


Collecting massive amounts of intimate physical, behavioral, and genetic data under the NPRM and making that data part of a vast DHS database will radically expand the number of people who are subjected to invasive processes and constant surveillance. The harmful, drastic and ill-considered proposed rule must be withdrawn.

For more information, please contact Sarah Kim Pak at [email protected].


[1] 85 Fed. Reg. 56388–422 (Sep. 11, 2020), (hereinafter “NPRM”).

[2] NPRM at 56341.

[3] NPRM at 56343.

[4] NPRM at 56350–351, emphasis added.

[5] 8 U.S.C. § 1357(f)(1).

[6] NPRM at 56357.

[7] NPRM at 56342.

[8] NPRM at 56352.

[9] NPRM at 56352.

[10] NPRM at 56338.

[11] NPRM at 56343.

[12] NPRM at 56388.

[13] NPRM at 56343.

[14] NPRM at 56340; Privacy Impact Assessment for the Homeland Advanced Recognition Technology System (HART) Increment 1 PIA (Department of Homeland Security, DHS/OBIM/PIA-004, Feb. 24, 2020), (hereinafter “HART PIA”); NPRM at 56349.

[15] NPRM at 56349.

[16] Privacy Act of 1974; System of Records, 83 Fed. Reg. 17829–33 (Apr. 24, 2018),, at 17833.

[17] HART PIA, note 14, above, at 18.

[18] Privacy Act of 1974; System of Records, 85 Fed. Reg. 14955–58 (Mar. 16, 2020),

[19] HART PIA, note 14, above, at 1.

[20] NPRM at 56351-52.