The ICE Out of Our Faces Act bars U.S. Immigration and Customs Enforcement (ICE), U.S. Customs and Border Protection (CBP), and any 287(g) deputized actors from acquiring, possessing, accessing, or using biometric surveillance systems — defined to include facial recognition, gait analysis, and voice recognition — within the United States. It also requires covered immigration officers to delete biometric data they hold or derived from such systems within 30 days of enactment.
The bill establishes an evidentiary exclusion for improperly obtained biometric information, creates a private right of action and parens patriae standing for state attorneys general to sue the federal government, and exposes individual covered officers to administrative penalties such as retraining, suspension, or termination. For compliance officers and counsel, the bill transforms operational rules for DHS components, triggers immediate data-mapping and deletion obligations, and opens new litigation and policy questions about interagency data sharing and sovereign immunity.
At a Glance
What It Does
The bill makes it unlawful for covered immigration officers to acquire, possess, access, or use biometric surveillance systems or information derived from them, and orders deletion of such information within 30 days. It also limits admissibility of illegally obtained biometric evidence and creates civil enforcement routes against the Federal Government and individual officers.
Who It Affects
Directly affects ICE, CBP, contractors and subcontractors performing immigration enforcement, and individuals deputized under 287(g). Indirectly affects vendors of biometric systems, partner law enforcement agencies that consume DHS biometric data, and entities that host cameras or databases used by biometric tools.
Why It Matters
This is a rare statutory prohibition on government biometric surveillance targeted to immigration enforcement with an affirmative deletion deadline and private-state enforcement tools — meaning agencies will need rapid operational changes and legal teams should prepare for novel constitutional and sovereign-immunity litigation.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill opens by defining the technologies and actors it targets. It defines “biometric surveillance system” as software performing facial or other biometric recognition in real time or on recordings, and it treats facial recognition broadly to include matching and logging facial characteristics and inferring traits or locations. “Other biometric recognition” explicitly covers gait and voice recognition as ascertained from a distance but excludes traditional fingerprints and palm prints taken at close range.
The statute also defines a covered immigration officer to include ICE and CBP personnel, contractors and subcontractors, and individuals acting under 287(g).
Its core operative rule is a categorical domestic ban: covered immigration officers may not acquire, possess, access, or use biometric surveillance systems or information derived from those systems. The ban reaches both technology and the output of that technology, which means data already held by officers that was generated by biometric systems falls within the prohibition.To effectuate the ban, the bill orders deletion of all biometric information collected for or derived from such systems — including material gathered before enactment — within 30 days.
That deletion mandate forces agencies to inventory data holdings, track downstream sharing, and either purge or account for copies held by contractors, partner agencies, or repositories. The statute adds an evidentiary rule: biometric information obtained in violation of the ban is inadmissible in federal investigations or proceedings, except in judicial investigations or proceedings alleging a violation of the statute itself.Enforcement is twofold.
First, the bill creates a private cause of action allowing individuals aggrieved by a violation to sue the Federal Government for actual and punitive damages, attorneys’ fees, and equitable relief. It explicitly grants parens patriae authority to state chief law enforcement officers to bring civil suits on behalf of residents.
Second, the bill authorizes administrative penalties against individual covered immigration officers — retraining, suspension, termination, or other penalties decided in an appropriate tribunal with procedural protections. Finally, a rule of construction states the bill does not preempt other federal, state, or local laws unless there is an actual conflict with this statute’s limitations.
The Five Things You Need to Know
The bill defines ‘‘covered immigration officer’’ to include ICE and CBP officers, their contractors and subcontractors, and individuals authorized under 287(g).
‘‘Biometric surveillance system’’ covers software that does facial recognition in real time or on recordings and explicitly includes tools that log facial, head, or body features to infer emotions, associations, activities, or locations.
The statute requires deletion of all biometric information held for or derived from a biometric surveillance system — including pre-enactment collections — within 30 days after enactment.
Information obtained in violation of the ban is inadmissible by the Federal Government in investigations or proceedings, except in judicial investigations or proceedings alleging a violation of this section.
The bill creates a private right to sue the Federal Government (including parens patriae suits by state attorneys general) and permits courts to award actual and punitive damages, attorneys’ fees, and injunctive relief; it separately exposes covered officers to administrative disciplinary measures.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
Gives the Act its public name, the ICE Out of Our Faces Act. Mechanically small, but signals the bill’s targeted focus on immigration enforcement components of DHS rather than a government-wide biometric restriction.
Technology and personnel definitions that set the statute’s scope
This section is the operational core: it defines the biometric technologies covered (facial recognition, gait, voice) and expressly ties the ban to systems that work in real time or on recordings or photographs. It excludes fingerprints and palm prints taken at close range, which preserves routine fingerprint-based ID processes. By including contractors, subcontractors, and 287(g) designees in the covered-immigration-officer definition, the bill reaches outsourced operations and state or local officers acting under federal deputation, expanding compliance obligations beyond federal employees alone.
Categorical domestic ban on agency use and possession of biometric surveillance and derived data
Subsection (a) makes acquisition, possession, access, or use of biometric surveillance systems or outputs unlawful for covered immigration officers within the United States. Practically, this prohibits purchasing, operating, querying, or otherwise relying on facial and related biometric technologies for immigration enforcement functions and treats derived datasets as subject to the same restriction as the systems themselves.
30-day deletion mandate and a narrow admissibility exception
Subsection (b) commands deletion of all biometric information held for or derived from covered systems within 30 days, including historical data. Subsection (c) imposes an evidentiary exclusion: biometric evidence obtained in violation of the prohibition cannot be used by the Federal Government in criminal, civil, administrative, or other proceedings — except where the judicial investigation or proceeding alleges a violation of the statute. This creates strategic incentives in litigation and raises practical questions about shared data and copies in external repositories.
Private- and state-enforcement plus administrative sanctions for officers
Subsection (c) creates an individual private right of action against the Federal Government and authorizes state attorneys general to sue parens patriae; courts may award actual and punitive damages and equitable relief. Subsection (d) exposes individual covered officers to employment-related penalties — retraining, suspension, termination, or other discipline — adjudicated in an appropriate tribunal with due process protections. The twin tracks place litigation risk on the government while preserving personnel accountability at the officer level.
Non-preemption salvo
This clause states the Act does not preempt other federal, state, or local laws unless there is an actual conflict. For agencies and counsel, that means they must reconcile this statute with other statutory mandates or retention rules where possible, but the Act is intended to stand unless a true legal conflict exists.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Noncitizen and immigrant communities — by removing a targeted surveillance tool from immigration enforcement, the bill reduces a source of automated identification and tracking that critics argue deters access to services and raises civil‑liberties risks.
- Privacy and civil‑rights advocates — the statute enacts an affirmative statutory prohibition and deletion mandate that enforces privacy protections through private and state enforcement rather than relying on agency policy alone.
- Residents in border and transit communities — reduced incorporation of biometric surveillance into routine checkpoints, ports, and public spaces may lower the chances of mistaken automated identification or mass biometric data collection.
Who Bears the Cost
- ICE and CBP operations — losing biometric surveillance tools narrows investigative and identification options at ports of entry, checkpoints, and detention processing, requiring reallocations of staffing and manual verification resources.
- DHS contractors and biometric vendors — companies that develop, sell, host, or maintain biometric systems used by immigration agencies will face contract terminations, accelerated contract compliance audits, and loss of revenue streams tied to DHS business.
- Partner law enforcement agencies and fusion centers — agencies that consumed DHS biometric outputs will need to revisit data-sharing agreements and stop relying on those feeds, which can complicate multi‑agency investigations and interoperability objectives.
Key Issues
The Core Tension
The central tension is between protecting individuals from mass automated biometric surveillance and preserving government capacity to identify, screen, and investigate people at borders and in immigration enforcement: the bill decisively favors civil‑liberties protections and legal accountability at the cost of narrowing investigative tools, while leaving unresolved how to reconcile the deletion mandate and litigation exposure with other statutory duties and national‑security or public‑safety claims.
The bill’s practical implementation raises thorny operational questions. The 30‑day deletion clock requires DHS components to locate all biometric datasets and copies — including those embedded in contractor systems, third‑party vendor clouds, and partner-agency repositories — and purge or reconcile them quickly.
Where DHS has already shared biometric-derived identifiers with state, local, or international partners, undoing that flow will be technically and legally complex and may generate disputes about derivative retention and downstream uses.
The private right to sue the Federal Government and the parens patriae standing for state attorneys general create novel litigation vectors but also intersect with sovereign‑immunity doctrines and standing rules that courts will need to confront. The admissibility carve‑out (allowing evidence in proceedings alleging a violation) may incentivize strategic pleadings and create uncertain boundaries for prosecutors and defense counsel.
Finally, the statute’s non‑preemption language and exclusion of fingerprint/palm identification leave open tensions between this Act and existing retention, national security, or immigration‑control statutes that require recordkeeping or data sharing; reconciling those obligations will fall to agencies and potentially to courts.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.