The Office of Biometric Identity Management released a privacy impact assessment as the program begins moving the nation’s biometric database to Amazon’s GovCloud.
The Homeland Security Department is in the midst of migrating its central biometric database—used to store, manage and disseminate biometric data on U.S. citizens and foreign nationals—to the Amazon Web Services GovCloud, the first step in a major overhaul of the decades-old legacy system.
With significant advancements in biometric technologies—like iris and facial scans—and computing technology, DHS decided it was time to upgrade its decades-old Automated Biometric Identification System, known as IDENT, originally developed in 1994. In 2015, the Office of Biometric Identity Management began work on the Homeland Advanced Recognition Technology, or HART, system, which will introduce new capabilities and shift the entire system to the cloud.
OBIM officially began the shift from IDENT to HART this year, including finalizing a privacy impact assessment for the first phase: migrating existing data and functionality to the cloud. The impact statement was finalized and signed in February and subsequently published in May “to align with the completion of other system requirements,” a DHS spokesperson told Nextgov.
The HART system is being rolled out in four phases, or “increments,” each with its own timetable and privacy impact assessment to be published. Increment 1 focuses on the underlying infrastructure development and ensuring the data and applications used in IDENT make a smooth transition to the cloud.
“HART Increment 1 implements a new data architecture, which includes conceptual, logical, and physical data models, a data management plan, and physical storage of records where each associated record may have multiple associated biometric modality images,” the document states. That work is being done through a $95 million contract with Northrop Grumman.
The privacy impact assessment walks through how the system will be used and by which federal agencies and partners, as well as some of the basic underlying biometric technologies, such as the various forms of facial recognition.
Once the cloud migration is complete, HART will officially become the system of record for national security biometric data. The privacy impact assessment—originally finalized in February—stated the program was on track to take over by the end of fiscal 2020. With the COVID-19 pandemic affecting productivity on every level, an OBIM spokesperson told Nextgov that the deadline might be pushed to the end of calendar 2020, if not further. However, the spokesperson said those conversations are ongoing and the revised schedule—if needed—has not been established yet.
By the completion of Increment 1, the new HART system is expected to function the same as the current IDENT system, with the same capabilities, including the ability to match biometric indicators like face, iris and fingerprints to other forms of identity, like Social Security numbers and Alien Numbers. However, with the new cloud-based architecture, the system will be “designed for scalability to address projected growth in identity and image data volumes and to accommodate any needs associated with larger files,” the impact assessment states.
The program office plans to include new capabilities in Increment 2, including “increased interoperability with agency partners and improved reporting features.”
“Increments 3 and 4 will include a web portal and user interface capability, support for additional modalities, and improved reporting tools,” as well as their own privacy impact assessments, the document states.
OBIM has also issued a request for information for services in Increments 3 and 4, though the timeline and full procurement strategy are still being fleshed out.