There is an American version of the quiet joining-up — and it is pointed at immigrants. This is what the public record shows about how U.S. Immigration and Customs Enforcement assembles one searchable picture of a person, and then uses it to find them.
Every fact below is drawn from the government's own documents: federal procurement records on USASpending.gov, Department of Homeland Security Privacy Impact Assessments, Government Accountability Office and DHS Inspector General reports, and court opinions. No system was accessed. Nothing here is alleged to be a crime. The argument is about accountability, not criminality — and it is built to be checked.
The engine is built by Palantir. ICE's Homeland Security Investigations runs its cases on a system called Investigative Case Management — ICM — built by Palantir on its Gotham platform. In DHS's own words (Privacy Impact Assessment 045, 2016), ICM lets agents "create an electronic case file that organizes and links all records and documents associated with a particular investigation… and to link records to multiple investigations in order to draw connections between cases." It replaced a case system that dated to 1987.
The contracts are public. The original 2014 build was competitively awarded at about $51.7 million. The current operations contract — PIID 70CTD022FR0000170 — is now sole-source, with a ceiling of $176.5 million, running to May 2026. In April 2025 ICE added a roughly $30 million modification for "ImmigrationOS," an "Immigration Lifecycle Operating System." Across 2008 to 2021, ICE paid Palantir about $186.6 million — making it one of the agency's largest contractors.
ICM has a sibling. FALCON-SA (Privacy Impact Assessment 032) is the analytics layer that, in DHS's description, works "by ingesting and creating an index of data from other existing operational government data systems" and "commercially available databases," in order to "identify relationships" and "discover previously unknown connections." That phrase — commercially available databases — is the on-ramp to everything that follows.
A point of discipline, because it matters: ICM itself does not automatically reach out and buy commercial data. Per its own assessment, "users may not query commercial or public sources from within ICM, and ICM does not ingest data directly from these sources." Commercial data enters ICM by hand; the automated fusion lives in FALCON and in the broker platforms. The architecture is damning enough without overstating any single box in it.
The fuel is bought on the open market. ICE purchases the ability to locate almost anyone. Two contracts, signed in 2021 on consecutive contract numbers, anchor it: LexisNexis Accurint (PIID 70CMSD21C00000001, about $24.5 million, running to August 2026) and Thomson Reuters CLEAR (PIID 70CMSD21C00000002, about $24 million). Between them they deliver addresses, phone records, vehicle and driver data, license-plate scans, relatives and associates, real-time jail bookings — and utility-account records covering some 218 million customers.
There is more. ICE bought app-derived smartphone location data from Venntel. It bought facial recognition from Clearview AI — a confirmed contract, PIID 70CMSD25P00000111, with a $9.2 million ceiling, in 2025. It bought social-media monitoring from Giant Oak and ShadowDragon, and commercial license-plate data from Vigilant. One 2024 demonstration of a location tool tracked a single phone to a reproductive-health clinic.
The spine is biometric. Beneath the case files sits the Department of Homeland Security's biometric system — IDENT, now being replaced by HART. It is run by DHS's Office of Biometric Identity Management, not by ICE; ICE is one of its users. It is a roughly $4.3 billion program, years behind schedule, and the legacy system it is replacing already holds, in the GAO's words, "over 290 million identities." Every criminal fingerprint that local police send to the FBI is, automatically, also checked against it. That automatic check is the wire that the program called Secure Communities rides on.
ICE has also reached into state driver's-license photos. It requested facial-recognition scans of DMV databases in at least 14 states since 2015; its first such contract dates to 2008, in Rhode Island. A newer field application, reported in 2025 and 2026, reaches the license photos of 41 states. (The much larger systematic DMV face-search program belongs to the FBI, not ICE — a distinction worth keeping.)
The reach, in one set of numbers. In 2022 the Georgetown Law Center on Privacy and Technology published "American Dragnet," built from hundreds of public-records requests. It found that ICE has access to the driver's-license data of 74 percent of U.S. adults; has scanned roughly one in three adults' license photos with face recognition; can locate 74 percent of adults through their utility records; and spent about $2.8 billion on surveillance and data between 2008 and 2021. These are separate estimates with different denominators — they should not be stacked into a single figure — but each, on its own, describes a dragnet.
What has actually been adjudicated — and what has not. This is where honesty does the heavy lifting. The single hardest finding is from the DHS Inspector General. In report OIG-23-61 (September 2023), the watchdog found that ICE — together with Customs and Border Protection and the Secret Service — bought and used commercial smartphone-location data without the legally required Privacy Impact Assessment, in violation of DHS policy and the E-Government Act of 2002. When the Inspector General recommended that ICE stop until it complied, ICE did not concur.
That is a real, formal, government finding. But it is a privacy-law finding, not a constitutional one. No court has yet ruled on the deeper question: whether buying this data on the open market lets the government evade the warrant the Supreme Court required for location tracking in Carpenter v. United States (2018). Civil-liberties lawyers call it the "data-broker loophole." It is real, it is contested, and it is untested. A bill to close it — the Fourth Amendment Is Not For Sale Act — passed the House 219 to 199 in April 2024 and then died in the Senate.
So the strength of this case is not a conviction. It is the architecture, documented from the government's own files, and the gap where the oversight should be. That is the same shape the rest of this series has held to. It is more durable, not less, for refusing to claim more than the record proves.
What this is, and is not. It is a transparency record built from public documents. It alleges no illegality. It keeps ICE distinct from CBP, from the FBI, and from the DHS office that owns the biometric system — because the location buys and the face-recognition programs span several agencies and must not be blurred together. Where the record goes quiet, the answer is "unknown, and here is the Freedom of Information request that would settle it" — never a guess. Three tempting statistics were checked and discarded for lack of a real source before this was published.
The machine is lawful, as far as the record shows. That is precisely the point. A government that can find three in four of its people through the data it has quietly bought and joined up does not need to break the law to be worth worrying about. It only needs us not to look.