Palantir, ICE, and the quiet expansion of a biometric dragnet

The collection and analysis of personal data have long been central to the operations of U.S. Immigration and Customs Enforcement (ICE), but newly surfaced Department of Homeland Security (DHS) documents, including emails, training materials, policy directives, and quarterly reports, reveal just how vast and invasive that architecture has become.

The documents show how ICE’s surveillance powers have steadily expanded through contracts with private technology vendors and gaps in federal oversight, and how civil data streams such as visa records and telecommunications information are repeatedly reclassified as investigatory material.

ICE’s surveillance platforms operate not as simple case management tools, but rather as engines of biometric aggregation, connecting student visa monitoring, GPS tracking, travel histories, and multi-database bulk search functions into a system capable of mapping entire populations in ways few Americans realize.

This blending of civil and criminal authority erodes statutory boundaries meant to protect non-criminal immigrants from intrusive surveillance, creating a regime where technological capacity, rather than legal limits, defines what the government can do.

The documents were obtained by Just Futures Law through the Freedom of Information Act. At the heart of these materials lies Palantir’s suite of investigative platforms, particularly FALCON and Investigative Case Management (ICM), systems that fuse government and commercial datasets into a biometric-driven dragnet.

FALCON is Palantir’s investigative analytics platform for ICE’s Homeland Security Investigations (HSI) designed to integrate and search across dozens of government and commercial datasets. It allows advanced and bulk searches, links with forensic phone tools, and has a mobile app that supports GPS tracking, secure messaging, and real-time field interview reporting. Its strength lies in surveillance and data mining, but it raises concerns over dragnet searches, weak account controls, and the blending of civil data (like student visa records) into criminal investigations.

ICM is Palantir’s case management system for ICE built to log and manage criminal and civil investigation files. It structures case workflows, documents investigative activity, and is the official record system for ICE task force work.

While intended for HSI criminal investigations, it also includes ICE Enforcement and Removal Operations (ERO) deportation-related records. ICM is narrower in scope than FALCON but often feeds data into FALCON’s broader analytics environment.

Together, the records expose a surveillance infrastructure that not only captures vast swaths of sensitive personal information but does so with few meaningful safeguards, often blurring the line between national security imperatives and wholesale tracking of ordinary people.

The documents show that ICE’s use of Palantir tools now sweeps in international travel records, student visa data, telecommunications metadata, and GPS-based location information

Analysts can search across these sources simultaneously, conduct batch queries, and integrate findings into case files. What begins as an investigation of suspected immigration violations can easily morph into a biometric and geospatial profile of anyone touched by the system. The effect is a surveillance apparatus that privileges data integration over privacy protections.

The most striking revelations concern the Student and Exchange Visitor Information System (SEVIS) and border travel records. A FALCON Quarterly Report from 2018 confirms that ICE integrated SEVIS data directly into FALCON’s staging and production environments, meaning the personal records of international students – from biometric identifiers to class schedules and financial sponsors – became searchable alongside criminal intelligence databases.

Paired with “federated border crossing data” from PRIME, ICE agents can map travel histories against academic records, potentially flagging thousands of non-citizens for secondary scrutiny. PRIME is a database that houses federated border-crossing records. It contains details about individuals’ entries and exits at U.S. land borders, including travel documents, dates, and crossing history

Other Palantir training materials show ICE has extended its reach into mobile surveillance, linking GPS-derived phone data to investigative workflows. Through FALCON Mobile, agents in the field can query TEC, the principal system used by Custom and Border Protection (CBP) officers at the border to assist with screening and determinations regarding admissibility of arriving persons.

They can also query Enforcement Integrated Database files and Seized Assets and Case Tracking System trade data while simultaneously tracking the real-time locations of fellow agents via blue-force mapping. More troublingly, the same platform allows agents to record field interviews and upload photographs, instantly syncing them with Palantir’s backend.

This is not just a matter of efficiency. It represents the normalization of always-on data capture. Encounters with immigrants – whether at workplaces, homes, or community centers – are immediately transformed into digital records and tagged with biometric and locational metadata.

With secure messaging functions baked into the app, communication itself becomes another layer of stored intelligence, expanding ICE’s archives beyond traditional enforcement actions. The 2016 ICE directive on task force participation, included among the documents, illuminates the bureaucratic logic that enabled such systems to sprawl.

Homeland Security Investigations was granted oversight over ERO officers serving on federal task forces, with all activities funneled into the Investigative Case Management system. Emails from 2019 show internal concern over this access, noting that ICM was originally meant for HSI criminal investigations but had begun to incorporate “certain ERO criminal investigative case files.”

Even ICE staff admitted confusion given that ERO is primarily a deportation arm, not a criminal investigative body, raising questions about why its files would reside in a Palantir-managed system. In practice, this meant deportation officers gained entrée into Palantir’s intelligence environment, erasing the statutory boundary between civil and criminal enforcement.

The effect is a bureaucratic sleight of hand. ERO’s nominally civil operations are reframed as investigatory, thereby justifying their inclusion in the surveillance dragnet. That ERO personnel could access student visa data or travel records through ICM illustrates the consequences of this policy choice.

Perhaps most alarming though are the revelations about user account controls. A 2020 email bluntly admits that FALCON had “no automatic deprovisioning triggers” for user accounts.

Unlike ICM or TECS, which suspended accounts when background checks expired or users left government service, FALCON allowed accounts to persist indefinitely. The result was a system where inactive or departed personnel retained theoretical access to sensitive datasets, including biometric identifiers and travel histories.

ICE officials acknowledged that this was “not entirely within 4300a compliance,” a reference to federal IT security standards, yet the system remained operational for years. From a privacy perspective, this represents a profound lapse. Not only does it increase the risk of insider misuse, but it also undermines auditability. Who accessed what data, and why, becomes harder to determine when inactive accounts linger unmonitored.

In a system as sprawling as FALCON, the implications are staggering. Biometric and locational data could be exposed far beyond the intended investigative scope.

Additional internal correspondence paints a picture of fragile infrastructure underpinning this surveillance web. Emails from ICE engineers reference server configurations for OpenLDAP directories, firewall rules, and encryption keys.

In plain terms, Palantir’s investigative backbone rested on complex, often messy IT environments where sensitive biometric and travel data commingled with mundane server processes. One chain revealed concern over Oracle database vulnerabilities, with ICE lacking extended support contracts to patch them.

Inadequate licensing meant known exploits could remain unaddressed, another unsettling reality given the sensitivity of the data in question. These technical shortcomings underscore a contradiction.

On the one hand, Palantir and ICE boast of advanced capabilities like batch searching, federated data integration, mobile intelligence apps, but on the other, the underlying systems appear riddled with security gaps, raising the possibility that unauthorized access or data breaches could expose millions of personal records.

Taken together, the documents reveal more than just bureaucratic mismanagement. They chart the growth of a surveillance regime that erodes longstanding distinctions between civil and criminal authority, domestic and international data, investigative necessity and speculative profiling.

When student visa records are repurposed as investigative fodder, or when deportation officers access criminal intelligence systems, the effect is to collapse boundaries meant to safeguard civil liberties.

Civil rights advocates have long warned of this trajectory. The integration of commercial data such as telecommunications metadata and GPS phone records into immigration enforcement exacerbates the problem, subjecting lawful residents and citizens to surveillance originally justified in the name of border security.

The absence of rigorous account controls only magnifies these risks, allowing sensitive biometric information to circulate among users with little oversight.

The story is not merely about ICE or Palantir. It is about the broader transformation of American immigration enforcement into a data-driven enterprise where technology dictates practice. The efficiency of systems like FALCON is undeniable.

Agents in the field can, with a few taps on a tablet, cross-reference border crossings, student enrollment, and financial records. And the ease with which such data can be queried invites overreach, encouraging fishing expeditions rather than targeted investigations.

Moreover, the public remains largely unaware of the extent of these integrations. Unlike the FBI’s Next Generation Identification system or the Transportation Security Administration’s facial recognition pilots, ICE’s use of Palantir platforms operates in bureaucratic shadows. The documents show contracts, technical upgrades, and internal debates, but little evidence of external oversight.

Congressional committees have raised occasional concerns, but no comprehensive regulatory framework governs how biometric and travel data may be combined for immigration enforcement.

If nothing else, the documents underscore the urgency of transparency. The fusion of student visa records with law enforcement intelligence, the persistence of FALCON accounts without expiration, and the reliance on vulnerable IT infrastructure are all matters of profound public interest.

Yet, absent investigative reporting and litigation, the details would remain hidden within DHS intranets and Palantir project files. And the stakes are immense. In the name of efficiency, ICE and Palantir have built a system that normalizes the surveillance of immigrants and, by extension, anyone connected to them.

Family members, classmates, and co-workers all risk having their data ingested into a system where the line between suspect and byfstander blurs. Biometric identifiers, once reserved for criminal proceedings, now circulate freely within platforms designed for batch searching and mobile field use.

Article Topics

biometric data  |  biometrics  |  border security  |  DHS  |  ICE  |  Palantir  |  U.S. Government