biometric reader thumb facial recognition
© Reuters / Rodrigo Garrido
The US Department of Homeland Security is upgrading its surveillance database to add DNA profiles and relationships to its massive cache of fingerprints and face scans. And Amazon is to host this trove of sensitive information.

The DHS Office of Biometric Identification Management is replacing its Automated Biometric Identification System (IDENT), which cross-references fingerprints, iris scans, and facial recognition with biographical information, with the even more dystopian Homeland Advanced Recognition Technology System (HART), which adds DNA, palm prints, tattoos, scars, and other physical markings.

The system will also contain data on people's "relationship patterns," possibly gleaned from social media profiles, which DHS has acknowledged will include "non-obvious relationships" - whatever that means - as well as data from "officer encounters," which often take place under dubiously legal circumstances.

While IDENT, which contains information on over 250 million people, has been housed in government-run data centers since it was first developed in 1994, the new HART will live in "the Amazon Web Services FedRAMP certified GovCloud," according to DHS, which has contracted with Northrop Grumman to build the new database. Amazon will control the entire system, from "biometric matching capabilities for fingerprint, iris, and facial matching" to the biometric images themselves. It's not clear whether the facial recognition database is connected to Amazon's Rekognition software, which the company has sold to multiple law enforcement agencies.

The DHS joins the CIA, Pentagon, NASA and other federal agencies in handing over its most sensitive information to Amazon. For those worried about their privacy, a top tech official at the CIA insists the cloud is actually more secure than the government's old systems. After all, the CIA has been trusting Amazon with its data since 2014, and it's never been hacked. Amazon, controlled by the country's wealthiest man, will never use the fact that it holds all the government's sensitive information against it. Presumably.

DHS can also access and share data and tech with the Pentagon and FBI, which has its own treasure trove of 640 million photos for use in facial recognition systems. The agency can also access the State Department's Consular Consolidated Database, home to almost 500 million visa and passport records, and even have access to several foreign governments' databases, as well as the resources of local, state and tribal law enforcement.

Last month, 95 million traveler records, including license plates and photos, were stolen from Customs and Border Protection (CBP) in a breach that targeted agency contractor Perceptics. While CBP scrambled to reassure Americans that their biometric data was safe and blamed Perceptics for not following its security protocols, it was the second major DHS hack this year, raising serious trust issues with an agency that has made itself responsible for the biometric identifiers of millions of law-abiding citizens. In April, the Federal Emergency Management Agency (FEMA) leaked the private data - including bank account numbers - of 2.3 million disaster survivors, leaving some of the country's most vulnerable people open to identity theft on top of their other problems.