ICE pays $25M for iris scanners in no-bid BI2 contract

ICE finalized a $25.1 million sole-source contract with BI2 Technologies on May 22, 2026, covering 1,570 handheld iris-scanning devices, access to BI2's mobile offender recognition app, and entry into the company's biometric database. The contract runs June 1, 2026 to May 31, 2027. ICE's prior BI2 contract, totaling $4.6 million and signed September 24, 2025, was itself a sole-source award. The new contract is 5.5 times larger and was reached within eight months, marking a sharp acceleration in ICE's iris-recognition investment inside a single fiscal year. ICE's total biometric technology spending, including the Mobile Fortify facial recognition app and Palantir's ELITE targeting system, sits inside an FY2025 enforcement budget of $28.7 billion, nearly triple ICE's FY2024 level.

Federal in immigration enforcement didn't start in 2026. The Immigration and Naturalization Service built the Automated Biometric Identification System (IDENT) in 1994 to fingerprint migrants apprehended at the border, the first centralized biometric database for immigration enforcement. Congress expanded IDENT in 2003 through the US-VISIT program, which extended fingerprint collection to all international travelers at airports. DHS created the Office of Biometric Identity Management (OBIM) in 2007 to centralize collection across all border agencies, and the FBI's Next Generation Identification system added iris and facial recognition to the national fingerprint database in 2014. The Obama administration launched Secure Communities in 2008, which automatically ran fingerprints of anyone arrested by state or local police against federal immigration databases — a program that deported more than 400,000 people before it was briefly halted in 2014 and then fully revived in 2017. In November 2025, DHS published a proposed rule that would extend mandatory biometric collection to U.S. citizens associated with any immigration filing. The 2026 BI2 contract is the latest step in a 30-year buildup of federal biometric infrastructure.

BI2 Technologies was founded in 2006 in Plymouth, Massachusetts, by Sean Mullin, who serves as CEO and President. The company built its iris database through voluntary agreements with local sheriffs, jails, and county detention facilities — not through a federal mandate. Mullin's company is venture capital-backed with funding from TAG Holdings and has grown from serving local jails to holding a national law enforcement network of over 247 contributing agencies. When a jail books a detainee, it scans their iris and shares the record with BI2's Inmate Identification and Recognition System. By May 2026, more than 247 agencies across 47 states had contributed data covering roughly 1.5 million unique individuals, for a total of more than 5.025 million booking records. The handheld devices let agents capture an iris image with a smartphone and query BI2's central repository in real time. DHS claims 99 percent accuracy, but that figure hasn't been independently validated. BI2's system also integrates fingerprint recognition, facial recognition, and driver's license lookup into a single mobile device.

Independent research shows biometric accuracy isn't uniform across demographics. A November 2024 study published at the International Conference on Pattern Recognition found that iris recognition systems perform measurably better on blue irises than on dark irises, with pigmentation-related bias confirmed across multiple devices and machine learning models. NIST's Face Recognition Technology Evaluation separately documented that false positive error rates for facial recognition can be more than 100 times worse for the lowest-accuracy demographic group than for the highest-accuracy one. Black and Latino individuals are disproportionately represented in local jail populations, so BI2's database — built from county booking records — carries that disproportion into every ICE field query. In Chicago, where ICE has conducted helicopter raids targeting Venezuelan, Guatemalan, and Mexican immigrant communities in neighborhoods including Little Village and Logan Square, the stakes of a misidentification aren't theoretical: NPR documented one Venezuelan asylum seeker who was scanned and deported while her case was pending. ICE hasn't released independent validation of BI2's claimed 99 percent accuracy rate broken down by skin tone or iris pigmentation.

DHS justified the no-bid award by arguing that BI2's system is uniquely qualified. Its iris technology has been certified by the FBI and integrates with jail management systems, the Automated Fingerprint Identification System, and sex offender registries. DHS said no other vendor offers a comparable non-federal, national, real-time iris network built for law enforcement. The Competition in Contracting Act of 1984 requires full and open competition unless an agency can document a specific exception under FAR Part 6.302. ICE invoked FAR 6.302-1, the 'only one responsible source' exception, and filed a written Justification and Approval before award as required under FAR 6.303. A disappointed competitor could file a GAO bid protest within 10 days of the required public posting, triggering an automatic stay of contract performance. No protest has been publicly filed.

The contract arrives with a significant security gap. BI2 Technologies has no FedRAMP authorization for its cloud database, the standard federal review that ensures cloud systems meet baseline cybersecurity requirements before handling sensitive government data. DHS acknowledged the gap in SAM.gov procurement documents and required BI2 only to submit a draft security plan outlining work toward FedRAMP certification, not actual certification before deployment. The result is that 1,570 devices will query a privately operated database containing millions of sensitive arrest records without independent security validation for the duration of the contract period. A breach of that database could expose the arrest histories and biometric identifiers of 1.5 million people, with no federal consent or deletion requirement in place.

The iris scanners are already in use inside the country. NPR documented the case of Norelly Mejías Cáceres, a Venezuelan asylum seeker detained during a Black Hawk helicopter raid on her Chicago apartment in early 2026. Officers pointed a smartphone at her face and asked her to open her eyes wide. A law professor who reviewed her case assessed that behavior as consistent with iris capture. Mejías had a pending asylum case and was subsequently deported to Venezuela with her family. ICE's Enforcement and Removal Operations division has used biometric tools during interior enforcement, including apartment raids, street stops, and traffic checkpoints, not only at borders or ports of entry. ProPublica documented more than 170 U.S. citizen ICE detentions in the first nine months of the Trump administration's second term.

The iris-scanning program is part of a much larger technology buildup. Following a July 2025 congressional funding surge, ICE's FY2025 budget reached $28.7 billion, nearly triple its FY2024 level. Beyond detention, that funding covers iris scanners, the AI-powered Mobile Fortify facial recognition app (used more than 100,000 times nationally as of January 2026), Palantir's ELITE targeting system, and cell-site simulators. DHS also requested $7.5 million in its FY2027 budget to develop prototype smart glasses that would give agents real-time biometric identification in public spaces. Senators Ed Markey and Jeff Merkley wrote to DHS Secretary Markwayne Mullin in May 2026 demanding the agency abandon the proposal.

The ACLU, the Electronic Frontier Foundation, and the National Immigration Law Center are among the organizations tracking ICE's biometric expansion. The ACLU documented that ICE policy states it 'does not provide the opportunity for individuals to decline or consent to the collection and use of biometric data,' and that the agency retains all collected identifiers for up to 15 years regardless of enforcement outcome. The EFF endorsed the ICE Out of Our Faces Act, introduced February 5, 2026, by Senators Ed Markey, Jeff Merkley, Ron Wyden, and Representative Pramila Jayapal, which would ban ICE and CBP from acquiring or using biometric surveillance systems and require deletion of all previously collected data. ACLU affiliates in California, Arizona, New Mexico, and Texas sent public records requests to border-county sheriffs demanding records of iris-recognition plans. The bill hasn't advanced in the Republican-controlled Congress.

In January 2026, Illinois Attorney General Kwame Raoul and the City of Chicago filed a 103-page federal lawsuit in the Northern District of Illinois alleging that ICE's biometric collection practices violate the state's Biometric Information Privacy Act. Illinois passed BIPA in 2008, making it the nation's first state biometric privacy law and the only one with a private right of action, giving individuals the ability to sue for $1,000 to $5,000 per violation. The suit alleged DHS launched Mobile Fortify around June 2025 and used it more than 100,000 times nationwide without providing individuals the opportunity to decline capture and without complying with Illinois's consent requirements. No comparable federal biometric privacy statute exists, leaving residents of the other 49 states without equivalent legal tools.

The DHS Office of the Inspector General launched a biometric data audit in February 2026, examining how ICE and the Office of Biometric Identity Management collect, store, and share personal data during enforcement. DHS Inspector General Joseph Cuffari told lawmakers that DHS "has systematically obstructed" his office's work by blocking access to records and systems. Senators Mark Warner and Tim Kaine separately asked the IG to determine whether DHS procurement and data practices violated federal law, privacy safeguards, or the . The White House's proposed FY2027 DHS budget would significantly reduce funding and staff for the Inspector General's office, the main external oversight body for a program that now covers 1,570 devices querying 5 million booking records.

The Fourth Amendment prohibits unreasonable searches and seizures and applies to all persons within U.S. jurisdiction, not only citizens. Courts haven't directly ruled on whether warrantless iris scanning during immigration enforcement constitutes a search under the Fourth Amendment. The Supreme Court's 2018 decision in Carpenter v. United States required warrants for cell-site location data, signaling that digital surveillance carries stronger Fourth Amendment protection than older doctrine allowed. ICE's use of BI2's database introduces a further complexity: the data originates from a private company that collected it voluntarily from local jails. Courts have applied what's called the third-party doctrine to reduce constitutional protection for data shared with private parties, but Carpenter has begun to erode that doctrine for pervasive digital surveillance.