CBP intelligence platform sits at intersection of border enforcement and domestic surveillance

When a Border Patrol agent photographed a peaceful observer of an immigration enforcement action in Portland, Maine last month, he told the woman, “We have a nice little database. And now you’re considered a domestic terrorist.”

The remark sounded at first like intimidation. But behind the threat sits a real and officially documented intelligence system that is designed to do exactly what the agent described: collect encounter data, associate it with identities and contextual information, and convert it into intelligence products that can be retained and shared across the Department of Homeland Security (DHS).

That system is Customs and Border Protection’s (CBP) Intelligence Reporting System–Next Generation (IRS-NG), a web-based intelligence production platform formally documented by CBP a year ago in a Privacy Impact Assessment and earlier in an internal Privacy Threshold Analysis (PTA).

Built directly on top of CBP’s Automated Targeting System, the sprawling data aggregation and risk analysis backbone used for border and travel screening, IRS-NG serves as the agency’s primary environment for transforming raw law enforcement information into finished intelligence products.

According to CBP’s own description, IRS-NG exists to allow officers, agents, and analysts to collect, amalgamate, analyze, and interpret data from across government systems and public sources, then publish intelligence reports that inform operations and are disseminated through DHS’s Analytical Framework for Intelligence (AFI).

A creation of Palantir Technologies, AFI is used to identify, apprehend, and prosecute individuals posing security risks and enhancing border security by analyzing data patterns. It integrates CBP-owned data, other government records, and commercial data to perform link analysis, geospatial mapping, and risk modeling.

Palantir has enjoyed a long-term relationship with DHS going back to earlier contracts for Immigration and Customs Enforcement’s (ICE) Investigative Case Management system (ICM) which have been renewed and expanded over time, including contracts valued in the tens of millions of dollars that support investigative and analytics operations.

In practical terms, IRS-NG is where information gathered during encounters at the border, in the interior, or during enforcement activity is turned into enduring intelligence records.

Analysts use shared “workspaces” to pull in query results from ATS, manually add notes, photographs and documents, conduct link analysis between people, vehicles, locations, and events, and draft intelligence or informational reports.

Those reports are supposed to be peer reviewed, approved by supervisors, and then published into AFI, where they can be accessed by authorized users across CBP, DHS components, and other government agencies with a demonstrated need to know.

The scope of data accessible through IRS-NG is extensive because it inherits ATS’s federated search architecture. Depending on a user’s permissions, IRS-NG can surface travel records, passenger name records, border crossing histories, visa and immigration data, trade and cargo information, law enforcement records, and pointers to government biometric databases.

It can also incorporate information from commercial data brokers and publicly available sources. CBP’s Privacy Impact Assessment explicitly states that IRS-NG workspaces and intelligence products may include open source information and social media content related to border security, provided the collection is consistent with agency oversight and policy requirements, which appear to have been loosened under Kristi Noem’s tenure as DHS secretary.

Journalist Ken Klippenstein reported last week that DHS intelligence records leaked to him described U.S. protesters opposing immigration enforcement as “domestic terrorists,” with at least one entry explicitly citing IRS-NG as the reporting platform that was used.

Klippenstein’s reporting showed how lawful protest activity was documented inside DHS intelligence systems through narrative threat assessments rather than criminal charges, illustrating how dissent can be absorbed into the federal intelligence apparatus through routine reporting workflows.

While DHS has denied maintaining a formal database labeling protesters as domestic terrorists, the leaked records demonstrate how intelligence reporting tools allow agents and analysts to apply that label within internal products that can be retained and shared across agencies.

This architecture matters because IRS-NG is not limited to suspected criminals or known threats. The system is designed to support broadly defined intelligence analysis, including contextual reporting on events, encounters, and emerging trends.

CBP’s documentation makes clear that individuals can appear in intelligence products not only because they are alleged to have violated the law, but because they were identified in an officer’s narrative as being associated with a person of interest, present at a location of operational relevance, or otherwise connected to a matter CBP deems relevant to its mission.

That mission, in turn, is defined expansively to include border security, immigration enforcement, national security, and public safety.

Within that framework, the line between legitimate intelligence gathering and political surveillance becomes perilously thin. A peaceful protest outside an ICE facility, a legal observer documenting enforcement activity, or a citizen filming federal agents can all be framed as operationally relevant events.

Once that framing occurs, IRS-NG provides a formal pathway for incorporating photographs, names, vehicle information, and open source background information into an intelligence “workspace,” linking those elements to other records and producing a report that may persist for decades.

CBP’s own retention schedules underscores the permanence of this process. Raw intelligence reporting files generated through IRS-NG may be retained for up to 30 years. Finished intelligence products can be retained for 20 years and, in some cases, designated as permanent records transferred to the National Archives.

While CBP emphasizes that not all data pulled during a search is saved and that analysts must manually select what is retained in a workspace, once information is incorporated into an intelligence product and approved, it becomes part of the agency’s formal intelligence record.

The PIA acknowledges several risks inherent in this design. One is that data pulled into an IRS-NG workspace becomes a static snapshot that does not automatically update if underlying source data changes. Another is that intelligence products may incorporate commercial or publicly available information that is incomplete, misleading, or wrong.

CBP has said it relies heavily on training, peer review, supervisory oversight, and auditing to mitigate these risks, rather than technical restrictions that would prevent the inclusion of certain categories of information or subjects.

What the agency does not meaningfully dispute though is that IRS-NG can catalog individuals who have not committed crimes, have not been charged with offenses, and are not the subjects of investigations in the traditional sense.

The system is expressly designed to document encounters, associations, and observations, even when those do not immediately result in enforcement action. CBP argues that this flexibility is necessary for intelligence-driven operations.

Civil liberties advocates argue it is precisely how protest activity and dissent become folded into an intelligence collection system under the guise of situational awareness.

The incident in which a Border Patrol agent told a peaceful observer she was being placed into a database as a “domestic terrorist” crystallizes these concerns because it aligns so closely with IRS-NG’s documented capabilities.

The photographing of an individual, the reference to a database, and the invocation of a terrorism label all map onto established intelligence workflows.

While no public document confirms IRS-NG was the specific system referenced in that encounter, CBP’s own disclosures show IRS-NG is the primary unclassified platform for authoring intelligence reports about people, events, and perceived threats connected to border enforcement.

This concern is amplified by IRS-NG’s integration with facial comparison tools accessed through ATS. Analysts using IRS-NG can manually upload a photograph of a subject of interest and run it against ATS holdings as part of their research.

Although CBP states IRS-NG itself does not conduct predictive analytics or autonomous risk scoring, the ability to resolve identities, link individuals to travel and enforcement records, and visualize associations makes the system a powerful engine for mapping networks of activity, including individuals and protest movements.

CBP stresses that it is not an Intelligence Community element and therefore does not operate under Executive Order 12333 authorities. But the distinction offers limited comfort when intelligence products generated in IRS-NG can be disseminated through AFI to other DHS components and, under routine use provisions, to federal, state, local, tribal, and foreign partners.

Once a protester or observer is documented in an intelligence report, the downstream reach of that information can be difficult to trace or constrain. And IRS-NG documentation makes clear that individuals whose information appears in intelligence products are rarely notified and have no meaningful opportunity to consent or opt out.

CBP argues that providing notice would impede law enforcement and intelligence activities. As a result, people may never know they have been cataloged, associated with others, or labeled in ways that could affect future encounters with the federal government.

Taken together, the system CBP describes on paper closely resembles the “little database” invoked by the Border Patrol agent on the ground in Maine. IRS-NG is not a metaphor. It is a formal intelligence system with defined authorities, retention schedules, and dissemination pathways.

The existence of IRS-NG does not prove CBP is systematically labeling peaceful protesters as domestic terrorists, but it does demonstrate that the technical and bureaucratic infrastructure to do so already exists, is operational, and is largely shielded from public scrutiny.

Last week, Sen. Edward J. Markey wrote to ICE Acting Director Todd Lyons demanding immediate clarification on whether DHS is maintaining a database of individuals protesting ICE operations.

In his letter, Markey said repeated statements by ICE agents and senior Trump administration officials suggest DHS may be cataloging U.S. citizens engaged in peaceful protest and labeling them as “domestic terrorists,” a practice he said would constitute a grave violation of the First Amendment if confirmed.

As immigration enforcement expands and opposition to it becomes more visible, IRS-NG sits at the intersection of border security and domestic intelligence.

Whether it is used narrowly to document legitimate threats or broadly to catalog dissent will depend less on the system’s design than on how the Trump administration defines “relevance” and “threat” in an era when protest itself is increasingly framed as an internal security matter.

Article Topics

biometrics  |  border security  |  CBP  |  data sharing  |  DHS  |  ICE - U.S. Immigration and Customs Enforcement  |  Intelligence Reporting System–Next Generation (IRS-NG)  |  law enforcement  |  Palantir  |  U.S. Government