US Border Tech Stack Now Decides Who Can Claim Asylum
A Supreme Court ruling and a $69.5 billion surveillance appropriation are fueling a high-tech stack of apps and biometric databases that determines who can ask for protection at the U.S. border.
On June 26, 2026, one day after the Supreme Court ruled that the federal government may turn away asylum seekers before they set foot on U.S. soil, Congress opened a $69.545 billion funding pipeline for border surveillance, biometric collection, and immigration enforcement technology, Biometric Update reported. The appropriation spans Customs and Border Protection, Immigration and Customs Enforcement, Homeland Security Investigations, and two additional DHS accounts. The timing was not coincidental. The legal layer of the asylum-decision stack had just been rewritten, and the technological layer was about to receive its largest infusion of cash in American history.
The Supreme Court ruling, Mullin v. Al Otro Lado, was a 6-3 decision that upheld the Trump administration's authority to systematically turn back asylum seekers at the international boundary before they could apply for protection. The Associated Press reported that the ruling cleared the way for the revival of a policy once used to block migrants from initiating asylum claims. NPR summarized the holding: federal law allows the government to stop asylum seekers from physically setting foot in the United States, effectively keeping them from applying for asylum. The decision did not announce a new technological architecture. It did something more consequential: it made the existing architecture the only pathway that matters.
To understand what the ruling changes, you have to see the asylum-decision stack for what it is: a layered system in which law, software, biometrics, and administrative procedure are fused into a single gatekeeping apparatus. At the outermost layer is geography. The Mullin ruling confirms that a person standing on Mexican soil has no statutory right to request asylum in the United States, even if they are physically present at a port of entry. The next layer is the software: for years, the primary channel through which migrants could schedule an asylum appointment was the CBP One smartphone app, a mobile application that requires facial geometry scans, location data, and a stable internet connection to function. The ruling does not abolish the app. It makes the app, or whatever replaces it, the only door that remains unlocked.
The CBP One app has been a subject of litigation and controversy since its launch. In May 2024, Border Report covered a lawsuit filed by three nonprofits, Al Otro Lado, the Civil Rights Education and Enforcement Center, and a third organization, alleging that the app functioned not as a tool for access but as a barrier to asylum. The complaint argued that the app's facial recognition requirements, its language limitations, and its frequent technical failures made it inaccessible to many of the people who needed it most. In March 2026, a federal judge ordered the Department of Homeland Security to restore legal status for tens of thousands of immigrants who had used the app to enter the country legally during the Biden era, as MSN reported, underscoring how many people's legal fates were already tethered to a single piece of government software.
The biometric layer of the stack runs deeper than any single app. DHS has been building out its capacity to collect, store, and cross-reference biometric identifiers, facial images, fingerprints, iris scans, from migrants at every point of contact with the immigration system. In May 2026, DHS announced a $7.5 million program to develop smart glasses for ICE agents that would integrate real-time facial recognition directly into their line of sight, MSN reported. The program would enable agents in the field to run identity checks against federal databases without returning to a vehicle or a station. For an asylum seeker, that means the first interaction with an American official could be a biometric lookup that instantly links their face to a dossier of prior crossings, foreign criminal records, or social media activity scraped by third-party vendors.
That dossier is not assembled by DHS alone. A report published in June 2026 by the nonprofit Surveillance Technology Oversight Project documented the growing partnership between ICE and the private surveillance industry, Truthout reported. The report detailed how data brokers, cloud service providers, and analytics firms, including companies whose primary business is marketing data, have become integral to immigration enforcement. Phone location data, utility records, vehicle registration databases, and social network graphs are purchased or licensed, fed into algorithmic risk-assessment tools, and used to make decisions about who poses a flight risk, who qualifies for parole, and whose claim of persecution is credible.
By a 6-3 vote, the high court ruled that federal law allows the government to stop asylum seekers from physically setting foot in the United States, effectively keeping them from applying for asylum., NPR, June 25, 2026
The credible fear interview, the screening mechanism that determines whether an asylum seeker has a legitimate claim of persecution, sits at the center of this stack. Conducted by asylum officers, these interviews are the procedural moment where a person's narrative is assessed against legal standards. But the interview does not happen in a vacuum. The officer has access to the biometric file. The officer can see what the databases say about the applicant's country of origin, their travel route, their family members, their prior encounters with U.S. officials. The data shapes the interview before the first question is asked. And now, under the Mullin framework, the government can prevent a person from ever reaching that interview at all, simply by keeping them on the other side of the line.
César Cuauhtémoc García Hernández, writing in an opinion piece for SCOTUSblog on July 2, identified a legal error in the Court's reasoning that may reverberate beyond the border itself. The decision, he argued, misapplied a provision of immigration law in a way that threatens the functioning of immigration courts more broadly. The error concerns the relationship between the statutory right to apply for asylum and the government's authority to regulate entry. If the government can extinguish the right to apply by controlling physical access, then the entire adjudicatory apparatus, the immigration judges, the appeals process, the credible fear screenings, becomes contingent on an administrative decision about who gets to cross the threshold.
The data flows that sustain this system are not transparent to the people whose bodies generate the data. A migrant who submits their face to the CBP One app does not receive a privacy notice explaining where that biometric template will be stored, how long it will be retained, which agencies will have access to it, or whether it will be cross-referenced against commercial databases. The app's terms of service, if they can be called that, are presented in English and Spanish, while many asylum seekers speak Indigenous languages from Guatemala, Honduras, and southern Mexico. Consent, in this architecture, is a legal fiction built on a click-through screen that most users cannot read.
What makes the asylum-decision stack distinctive among government technology systems is the asymmetry of its design. Most government IT systems serve citizens who have rights, remedies, and representatives. The asylum stack serves, or rather, processes, people who have none of those things at the moment of first contact. They cannot sue under the Privacy Act because they are not U.S. persons. They cannot file a FOIA request from a shelter in Tijuana. They cannot opt out of biometric collection without abandoning their claim. The system is architected on the assumption that the user has no leverage, and every layer of the stack reinforces that assumption.
The $69.5 billion appropriation will accelerate this asymmetry. Some of the funds will go to physical infrastructure, sensors, drones, surveillance towers, the hardware of border militarization. But a significant portion is allocated to data systems: cloud storage for biometric databases, machine learning tools for processing identity documents, analytics platforms for assessing risk. The companies that win these contracts will inherit a dataset composed of millions of facial images, fingerprint records, and biographical files, collected from a population that never consented to participate in the building of a surveillance architecture.
It is worth tracing a single data point through the stack to see how the layers connect. A woman fleeing gender-based violence in El Salvador arrives at the border in Tijuana. Before she can speak to an asylum officer, she must use the app, which requires her to photograph her face in specific lighting conditions. That photograph is matched against a database of known or suspected immigration violators, but also against databases maintained by the FBI and the Department of Defense. Simultaneously, her phone's location history may be accessible to ICE through a commercial data broker. If she has family in the United States, their addresses and immigration statuses may already be cross-referenced in the system. By the time she sits down for a credible fear interview, if she ever gets one, the officer is looking at a screen that knows more about her than she has been told. The ruling in Mullin means that none of this may ever reach an immigration judge.
What the ruling does to the immigration courts
García Hernández's SCOTUSblog analysis pointed to a specific doctrinal error that could cascade through the adjudicatory system. The Court's opinion, authored by Justice Samuel Alito, treated the asylum statute as a purely territorial grant, a right that exists only once a person is physically inside the United States. But the statute is structured differently: it creates a right to apply for asylum regardless of whether the applicant entered through a designated port. By collapsing the distinction between the right to apply and the right to be physically present, the decision undermines the premise that immigration courts exist to adjudicate claims, not merely to ratify exclusionary decisions made at the boundary.
This matters for the tech stack because it shifts the decisive moment of the asylum process from the courtroom to the checkpoint. When a judge reviews an asylum claim, there is at least a record: a transcript, a filing, a decision that can be appealed. When the decision is a border agent's determination that someone is standing on the wrong side of an invisible line, there is no record, no appeal, and no data trail that a lawyer can challenge. The system becomes a black box at the most consequential decision point. The rest of the stack, the biometrics, the databases, the risk scores, becomes invisible scaffolding for a decision that is legally unreviewable.
Who builds the black box
The vendor ecosystem that supplies this infrastructure is concentrated among a handful of defense and data-analytics contractors, many of whom also supply local police departments with facial recognition, predictive policing, and gang databases. The contracts are structured through multi-year task orders that are difficult to track without specialized procurement knowledge. Congressional oversight is sporadic. The Government Accountability Office has issued reports warning about DHS's failure to conduct privacy impact assessments for new surveillance technologies before deploying them, but those warnings have not slowed the acquisition tempo. With $69.5 billion now authorized, the procurement pipeline is wider than at any point since the creation of DHS in 2002.
The civil-liberties implications extend beyond the border. Biometric data collected from asylum seekers does not stay in immigration databases. It flows into the FBI's Next Generation Identification system, which is used for criminal investigations nationwide. It is shared with state and local law enforcement through fusion centers. It contributes to training datasets for facial recognition algorithms developed by private companies. The person who gave their face to a border app in 2024 may find that face in a police lineup database in 2030, long after their asylum case was resolved, or long after they were turned away without ever having a case.
The nonprofit organization Al Otro Lado, which was a named party in the Mullin litigation, has been documenting the human cost of this technological gatekeeping for years. Their lawsuit against DHS over the CBP One app was not only about access. It was about transparency: what data the app collects, how it is stored, who sees it, and what happens when the app fails. In field interviews along the border, legal-aid workers have documented cases of asylum seekers whose appointments were cancelled because the facial recognition scan could not match a face that had been altered by sun exposure, malnutrition, or injury. The algorithm does not explain its failures. It simply denies the appointment.
The European Union's General Data Protection Regulation prohibits the use of biometric data for mass surveillance and requires meaningful consent for the processing of sensitive personal data. The United States has no equivalent framework. The Privacy Act of 1974 governs federal agencies' handling of personal information, but its protections do not extend to non-citizens outside the United States. The result is that the most intensively surveilled population at the U.S. border has the fewest legal tools to challenge that surveillance. This gap is not an oversight. It is a design feature.
A federal judge's March 2026 order to restore legal status for CBP One app users who had entered during the Biden administration illustrated the fragility of digital gatekeeping. When the Trump administration rescinded those statuses, it did so through a database update, not through individualized adjudication. Tens of thousands of people discovered their legal status had changed when they logged into an online portal or received an automated email. The restoration order treated the status change as an administrative action subject to judicial review. But for those still on the Mexican side of the border, the Mullin ruling forecloses even that narrow avenue of review.
What to watch for in the coming months: DHS procurement announcements, particularly around cloud services, biometric matching engines, and mobile identity verification tools. The $69.5 billion authorization will begin to translate into specific contracts, and those contracts will specify which companies hold which pieces of the asylum-decision stack. Also watch the immigration courts. If García Hernández's analysis is correct and the Mullin reasoning begins to erode procedural protections in removal proceedings, the consequences will be visible in docketing patterns and appeal rates. And watch the border itself, where the distance between a person and their right to ask for safety is now measured by a line in the sand and the software that decides who gets to cross it.