DHS Initiates HART Program to Replace IDENT: 290M+ Identity Biometric Backbone; GAO Finds Significant Management and Privacy Shortcomings in 2023

confirmed Importance 8/10 ~5 min read 6 sources 1 actor

In 2016, the Department of Homeland Security’s Office of Biometric Identity Management (OBIM) initiated the Homeland Advanced Recognition Technology (HART) program to replace IDENT, the legacy Automated Biometric Identification System operational since 1994. HART is designed to become the federal government’s primary biometric identity platform — a multi-modal database targeting hundreds of millions of identities encompassing fingerprints, facial recognition, iris scans, voice prints, DNA, and signatures. As of April 2023, the legacy IDENT system already stored more than 290 million separate identities. A September 2023 GAO audit (GAO-23-105959) found “significant shortcomings in program management and privacy,” including missing Privacy Impact Assessment data, inadequate controls over partner agencies’ handling of personally identifiable information, and only 5 of 12 OMB privacy requirements fully implemented.

What Happened / Key Facts

Program initiation: DHS initiated HART in 2016 to replace IDENT, which was designed in 1994, implemented in 1995, and had grown to 230 million unique identities by 2018, processing approximately 350,000 fingerprint queries per weekday. Per Biometric Update (September 2018), IDENT was the second-largest biometric system in the world at that time, behind India’s Aadhaar.

Biometric scope: HART is designed for multi-modal collection beyond IDENT’s primarily fingerprint-and-photo architecture. Per the abolishdatacrim.org synthesis (citing DHS PIAs and EFF research), planned modalities include face, fingerprints, iris scans, voice prints, DNA results, and a blanket “other modalities” category. Data is drawn from FBI’s Next Generation Identification (NGI) system, travel documents, employment files, and DMV records — covering U.S. citizens, permanent residents, and non-citizens.

Scale: The legacy IDENT system stored more than 290 million distinct identities as of April 2023, per OBIM officials cited in GAO-23-105959. FedScoop (August 2025) reported the consolidated system (under DHS CIO Antoine McCord) houses more than 300 million profiles from facial recognition, fingerprints, and iris scans.

Primary contract: In February 2018, DHS awarded Northrop Grumman a $95 million contract to develop Increments 1 and 2 of HART — a 42-month systems development and integration effort. Northrop Grumman was subsequently replaced by Peraton (a Veritas Capital subsidiary) after Peraton acquired Northrop Grumman’s federal IT services business in 2020.

Technology platform: Data is stored on Amazon Web Services GovCloud infrastructure.

Schedule and cost overruns documented by GAO:

  • Initial operational capability was pushed from December 2020 to September 2023 — a 33-month slip beyond the 2019 plan per GAO-23-105959
  • A third rebaseline was required in April 2023 due to “higher than expected software defects and performance issues”
  • The 2022 rebaseline added $354 million to estimated program costs
  • Total cost estimate as of GAO-21-386 (2021): $4.3 billion

GAO-23-105959 governance findings (September 2023):

  • Cost and schedule estimates do not adhere to GAO best practices, making them unreliable for leadership decision-making
  • Privacy Impact Assessment contains missing information regarding data subjects and information-sharing partners
  • Insufficient assurances that partner agencies properly retain and dispose of personally identifiable information
  • Only 5 of 12 OMB privacy requirements were fully implemented
  • GAO issued nine recommendations

Why This Event Matters

HART is the intermediate node in the database-consolidation spine connecting the 2007 FBI watchlist error-rate scandal to the 2026 DHS unified biometric matching engine. The GAO-23-105959 governance finding — “significant shortcomings in program management and privacy” — directly echoes the 2007 Inspector General finding of 35% error rates and no formal record-removal processes in the TSDB watchlist. Both findings document the same structural pattern: a massive population-scale database built and expanded before governance frameworks catch up, with the accountability surface thinning as the data scale grows.

The biometric scope of HART marks a qualitative shift from the IDENT model. Where IDENT was primarily a fingerprint and photograph repository for individuals who had crossed DHS’s enforcement perimeter, HART’s planned modalities (voice, DNA, iris, signatures) and data-sharing architecture extend the collection surface to routine civilian encounters — DMV records, employment verification, travel — regardless of any enforcement contact. The system enables identification “absent notice and consent” in public spaces, per advocacy synthesis.

The third-party doctrine cover (United States v. Miller, 1976, authored by Lewis Powell) makes biometric data “voluntarily conveyed” to state and federal agencies — driver’s license photos, border crossing fingerprints, employment verification scans — constitutionally unprotected from database consolidation. HART is the infrastructure that operationalizes that doctrine at 290M+ identity scale.

Broader Context

HART sits between two committed timeline nodes in the database-consolidation lineage:

The consolidation latency continues to collapse: 41 years (1966 HUAC→2007 TSDB) → 9 years (2007→2016 HART initiation) → 10 years (2016→2026 unified engine). Each consolidation event expands the target population (suspects → watchlisted → all border crossers → all government-document holders) while governance mechanisms lag.

ICE operates a parallel 200-million-identity facial recognition database separate from OBIM’s HART, per FedScoop (2025). The August 2025 centralization under DHS CIO McCord (see timeline-write-obim-centralized-under-dhs-cio-mccord-2025-08-14) is the bridge between HART’s development phase and the 2026 unified engine announcement.

Research Gaps

  • Exact month in 2016 when HART program was formally initiated (GAO reports confirm year; specific date not publicly sourced)
  • Whether Palantir Foundry and the HART/IDENT backbone interoperate at the contract/data layer
  • DHS PIA-004 full text (403 Forbidden on direct fetch) — detailed collection categories and data-sharing partner list
  • Smith v. Maryland (1979) as second third-party doctrine pillar — not yet a committed timeline node

Sources & Citations

[6] IDENT/HART entry — From Data Criminalization to Prison Abolition — Abolish Data Criminalization · May 1, 2022 Tier 2
Tiers Tier 1 court records & gov docs · Tier 2 established outlets · Tier 3 regional & specialty press · Tier 4 opinion or single-source. Methodology →
Cite this entry
The Cascade Ledger. “DHS Initiates HART Program to Replace IDENT: 290M+ Identity Biometric Backbone; GAO Finds Significant Management and Privacy Shortcomings in 2023.” The Capture Cascade Timeline, January 1, 2016. https://capturecascade.org/event/2016-01-01--dhs-hart-homeland-advanced-recognition-technology-program-initiated-replacing-ident/