Legacy Systems Held DHS' Biometrics Programs Back. Not Anymore.

The Homeland Security Department is retiring the decades-old system officials use to analyze biometric data, and its replacement is poised to both refine and significantly expand the agency’s application of the controversial technology.

The new cloud-based platform, called the Homeland Advanced Recognition Technology System, or HART, is expected to bring more processing power, new analytics capabilities and increased accuracy to the department’s biometrics operations. It will also allow the agency to look beyond the three types of biometric data it uses today—face, iris and fingerprint—to identify people through a variety of other characteristics, like palm prints, scars, tattoos, physical markings and even their voices.

And by freeing the agency from the limitations of its legacy system, HART could also let officials grow the network of external partners with whom they share biometric data and analytics capabilities, according to Patrick Nemeth, director of identity operations within Homeland Security’s Office of Biometric Identity Management. 

“When we get to HART, we will be better, faster, stronger,” Nemeth said in an interview with Nextgov. “We'll be relieved of a lot of the capacity issues that we have now ... and then going forward from there we'll be able to add [capabilities].”

The agency’s existing platform, the Automated Biometric Identification System, or IDENT, was stood up in 1994 to help federal law enforcement officials collect and process fingerprints, but in recent years officials retrofitted the system with facial and iris recognition tools. Today, IDENT houses identity data on more than 250 million different people, and it serves as the “workhorse” for the department’s expanding biometric identification regime, according to Nemeth.

But as the agency rolls out facial recognition technology across U.S. airports and increases the use of biometrics at the border, officials are finding themselves constrained by their legacy tech. 

“You can only take a 25-year-old system so far,” Nemeth said. “We need to have more throughput capacity, we need more storage, and you can't just keep adding to an old system. It's time to go back and re-architect it from the beginning for all that rapid access.”

Last year, Northrop Grumman won a $95 million contract to develop the first phase of the HART roll out, which, according to Nemeth, essentially amounts to building a leaner version of IDENT that can accept new biometric capabilities down the line. In June, the department released a solicitation for the second phase of the project, which will entail standing up those new capabilities and deploying the system within the department. Phase one is expected to wrap up in 2021.

According to the latest solicitation, HART will be housed in Amazon Web Services’ GovCloud, adding to the companies’ expansive portfolio of high-profile government clients. Homeland Security officials were initially hesitant to migrate such sensitive data to the cloud, Nemeth said, but they ultimately determined AWS would provide the same level of security as any agency data center. Other agency leaders have echoed those claims.

Still, Nemeth was quick to note his office doesn’t want to lock itself in with any particular vendor for either cloud services or biometric identification tools. Officials intentionally divided the HART roll out into two phases to prevent a single provider from monopolizing the department’s biometrics operations, he said. With recognition technology still in its early days, officials want the option to adopt new, better tools as they come to market.

“We're making sure that, given all the different [biometric] modalities and the way things are developing in the IT industry, we have options later on,” he said.

Officials will continue to use IDENT as it stands up HART over the next few years, Nemeth said, and they won’t officially retire the legacy system until its replacement has been tried and tested in the field.

Beyond raw computing power, the HART system also promises to improve the actual application of biometric technology by allowing the agency to check multiple data points, or modalities, at the same time. This “fusion” of different identifiers stands to improve the accuracy of officials’ assessments recognition, Nemeth said.

Today, when an official runs a person’s face, fingerprint or iris scans through IDENT’s massive database, the system doesn’t return a single result. Rather, it assembles a list of dozens of potential candidates with different levels of confidence, which a human analyst must then look through to make a final match. The system can only handle one modality at a time, so if agent is hypothetically trying to identify someone using two different datapoints, they need to assess two lists of candidates to find a single match. This isn’t a problem if the system identifies the same person as the most likely match for both fingerprint and face, for example, but because biometric identification is still an imperfect science, the results are rarely so clear cut.

However, the HART platform can include multiple datapoints in a single query, meaning it will rank potential matches based on all the information that’s available. That will not only make it easier for agents to analyze potential matches, but it will also help the agency overcome data quality issues that often plague biometric scans, Nemeth said. If the face image is pristine but the fingerprint is fuzzy, for example, the system will give the higher-quality datapoint more weight.

“We're very hopeful that it will provide better identification surety than we can provide with any single modality today,” Nemeth said. And palm prints, scars, tattoos and other modalities are added in the years ahead, the system will be able to integrate those into its matching process.

The phase-two solicitation also lists DNA-matching as a potential application of the HART system. While the department doesn’t currently analyze DNA, officials on Wednesday announced they would start adding DNA collected from hundreds of thousands of detained migrants to the FBI’s criminal database. During the interview, Nemeth said the agency is still working through the legal implications of storing and sharing such sensitive data. It’s also unclear whether DNA information would be housed in the HART system or a separate database, he said.

HART will also include a data warehouse and performance testing environment where Nemeth’s team can trial new tools and conduct broader analysis of the agency’s operations. Officials currently need to test tools, troubleshoot field equipment and run experimental queries in IDENT’s production environment, which pulls its limited computing resources away from agents in the field. With the new platform, officials can scale up those efforts without impacting the agency’s day-to-day operations, Nemeth said.

As the department deploys more biometric software in the field, lawmakers and civil liberties advocates have called for more regulations on the government’s use of the tech. Today, there isn’t a single law on the books governing the facial recognition and identification tools that are already widely used by federal law enforcement, and without regulation, many fear those applications could infringe on Americans’ civil liberties and perpetuate discrimination.

Critics have taken particular issue with the government’s tangled web of information sharing agreements, which allow data to spread far beyond the borders of the agency that collected it. The Homeland Security Department currently shares its biometric data and capabilities with numerous groups, including but not limited to the Justice, Defense and State departments. 

In the years ahead, HART promises to strengthen those partnerships and allow others to flourish, according to Nemeth. While today the department limits other agencies’ access to IDENT to ensure they don’t consume too much of its limited computing power, HART will do away with those constraints.

“Currently, we have to be very mindful and use modelling to make sure the quantity, the volume that a new partner might want to use would not adversely affect all of our current stakeholders,” he said. “HART will raise that limit.”

While information sharing agreements themselves aren’t necessarily a bad thing, it all depends on how groups use the data they receive, according to Mana Azarmi, the policy counsel for the Freedom, Security and Technology Project at the Center for Democracy and Technology. A person might give information to a single agency thinking it would be used for one specific purpose, but depending on how that information is shared, they could potentially find themselves subjected to unforeseen negative consequences, Azarmi said in a conversation with Nextgov.

“The government gets a lot of leeway to share information,” she said. “In this age of incredible data collection, I think we need to rethink some of the rules that are in place and some of the practices that we’ve allowed to flourish post-9/11. We may have overcorrected.”