Project Saltbox surfaced the procurement documents and argues this contract is qualitatively different from typical biometric deals because Bi2 already operates the IRIS database feeding roughly a third of U.S. county sheriffs. Extending that same template store and matching pipeline into federal immigration enforcement creates de facto federation between state booking data and ICE operations — a policy question whose engineering answer is already 'yes.'
Submitted the Project Saltbox piece to Hacker News, where it accumulated 114 points and 32 comments. The submission framing emphasizes the $25M contract size and the Bi2 vendor identity, signaling that the story's significance lies in the scale and the specific infrastructure being procured.
Argues the technical specifics matter: iris templates carry far more entropy than face embeddings, capture works through eyeglasses, and the template is small enough to push over cellular from a handheld. That combination — high-accuracy matching plus mobile field deployment — enables identity verification in seconds against a national gallery, which is a categorically different capability than the facial-recognition deals dominating recent surveillance reporting.
U.S. Immigration and Customs Enforcement has awarded Bi2 Technologies a contract worth roughly $25 million to expand iris-scanning capability across its operations, according to procurement documents surfaced by Project Saltbox. Bi2 is not a household name, but it is not new to this work: the Plymouth, Massachusetts company already operates the Inmate Recognition and Identification System (IRIS), a shared iris database used by sheriff's offices in roughly a third of U.S. counties. The new contract extends that infrastructure — capture devices, matching servers, and the underlying template store — into federal immigration enforcement.
The procurement language is dry. The implication is not. ICE is not piloting iris recognition; it is buying the production system that county jails have been quietly feeding for over a decade. That distinction matters because it collapses two databases — one accumulated under state-level booking authority, one under federal immigration authority — toward the same vendor, the same template format, and the same matching pipeline. Whether they are formally federated is a policy question. Whether they *could be* is an engineering question, and the engineering answer is yes.
Bi2's pitch has always been operational: iris capture is faster than ten-print fingerprinting, works through eyeglasses, and produces a template small enough to push over a cellular link from a handheld. The contract reportedly covers mobile capture hardware as well as backend integration. For ICE's field operations — interior enforcement, transfers, court appearances — that means identity verification in seconds against a national gallery.
There is a tempting frame here that this is just "another biometric contract," interchangeable with the facial-recognition deals that have dominated the last five years of surveillance reporting. It isn't, and the difference is technical.
Iris templates carry roughly 250 bits of usable entropy versus roughly 40-50 for a typical face embedding, which is why iris false-match rates run six to eight orders of magnitude lower than face recognition at comparable thresholds. That accuracy is the selling point — and the problem. Facial recognition's well-documented error profile has been one of the strongest brakes on its deployment: civil liberties groups, courts, and even police departments have pointed to wrongful matches to limit its use. Iris doesn't give critics that lever. A system that almost never false-matches is harder to argue against on accuracy grounds, even when the underlying questions — consent, scope, retention, who gets enrolled — are unchanged.
The second technical fact worth internalizing: irises are stable. A face changes with age, weight, lighting, expression, and adversarial makeup. An iris pattern is essentially fixed from about age two until cataract surgery or trauma. A leaked iris template is a credential you cannot rotate, revoke, or grow out of. Compare that to a password breach, where the remediation is annoying but bounded, or even a fingerprint leak, where you have nine more and can in principle decline to use them. There is no "rotate your iris" story.
The community reaction on Hacker News (114 points at the time of writing) skewed less toward shock than toward weary recognition. Several commenters pointed out that Bi2's sheriff-side IRIS network has been operational since the late 2000s with almost no public scrutiny, in part because county jails are a famously diffuse regulatory target. The federal contract changes the conversation because federal procurement creates a paper trail, a budget line, and a Congressional oversight surface — even if those mechanisms move slowly.
There is also a vendor-concentration story here that deserves attention. Bi2 is small. A $25M federal contract is a significant slice of its revenue, which gives the government an unusual amount of leverage over product direction, retention policy, and integration choices. When a single vendor holds both the state-level and federal-level iris gallery, the technical cost of cross-querying those datasets approaches zero; only policy stands between them. Policy can change in an afternoon.
If you build anything that touches identity — KYC flows, employee onboarding, physical access control, fraud prevention, age verification — the ceiling on what's considered "normal" biometric collection just moved, and your threat model should move with it.
Three concrete implications. First, stop treating biometric templates as you would password hashes. A bcrypt'd password is meaningful protection because the plaintext is not the user's body. An iris template, even hashed, is derived from a stable physical feature; templates from the same eye captured by different devices are designed to match, which is exactly the property that makes "hash and forget" weaker than it sounds. If you must store biometrics, store them in a hardware enclave you do not control the keys to, or don't store them at all and re-capture per session.
Second, audit your data-sharing agreements with the assumption that any biometric you collect can be subpoenaed and joined against a government gallery. "We only use it for our app" is a product claim, not a legal one. If you operate in jurisdictions with biometric privacy statutes — Illinois BIPA, Texas CUBI, Washington's HB 1493 — the liability already exists; the new federal infrastructure just makes joinability cheap.
Third, if you are building consumer biometrics, design for the day a user wants to be forgotten and can prove it cryptographically, not just operationally. Verifiable deletion, client-side template generation, and zero-knowledge matching are no longer academic curiosities. They are the only architectures that survive a regulatory inversion.
The Bi2 contract is not the inflection point — that happened years ago, when sheriff's offices first started enrolling bookings into a shared iris gallery without a federal statute requiring them to. The contract is the moment that infrastructure stops being a curiosity and becomes operational federal capability. Expect the next 12 months to bring (a) FOIA-driven reporting on retention windows and cross-agency access, (b) at least one state-level legal challenge, likely from Illinois, and (c) quiet RFPs from CBP and the Bureau of Prisons for the same stack. If you ship identity software, this is the regulatory and threat-model context you are now shipping into. Plan accordingly.
I really don’t understand how so many people can support this admin. It’s not that I ideologically disagree with them, but they are so corrupt that they appear incompetent. They actually aren’t incompetent, they just don’t care about what is important to almost everyone else. If you, for example, do
I thought Altman's worldcoin was angling for this when they had people take photos of their eyeballs.... getting into the gov't contracting side of things.... surprises me some no-name company got it.
I’ll save you a click: yes, of course it was a no bid contract. And:> The procurement did not require the system to clear FedRAMP, the government’s security review for cloud systems handling sensitive data, before deployment. It described no independent audit, congressional notification or outsid
So the police state has upgraded from papers to eyeballs
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
This is their global headquarters.Yes, that appears to be the whole thing.https://www.google.com/maps/place/488+State+Rd+%231,+Plymout...