Facial Recognition Everywhere. Prove It Works.

Nearly 2,500 files containing identity verification logic — facial recognition checks, watchlist screening, risk scores — were sitting on a U.S. government-authorized Google Cloud endpoint, completely accessible to anyone who looked. No exploit required. No sophisticated attack. Just an open door that nobody bothered to close. That's the Discord-Persona story in a single sentence, and it's also, not coincidentally, a pretty accurate metaphor for the state of facial recognition deployment right now.

The Triple Beat Nobody Wants to Hear

Let's run through what actually happened this week, because the specific details matter more than the general anxiety.

First: Discord. The platform had been using Persona Identities — a verification software partially backed by Peter Thiel's Founders Fund — for age and identity checks. Researchers discovered that Persona's front-end code was accessible on an open U.S. government-authorized endpoint. Not buried. Not encrypted. Just there. According to Fortune, the exposed files revealed that Persona conducts 269 distinct verification checks — including screening for "adverse media" across 14 categories such as terrorism and espionage — and then assigns risk and similarity scores to user information. Researchers on X noted: "We didn't even have to write or perform a single exploit." Persona, for its part, continues to provide age verification services for OpenAI, Lime, and Roblox. Discord has since distanced itself from the software. The exposure, however, already happened.

Second: ICE and CBP. The Department of Homeland Security launched a mobile facial recognition application called Mobile Fortify in spring 2025, explicitly tied to an executive order calling for what the administration described as a "total and efficient" crackdown on undocumented immigrants. The app is being used by immigration agents in towns and cities across the country to, in DHS's own framing, "determine or verify" the identities of individuals stopped or detained during federal operations. Here's the problem, and it's not a small one. This article is part of a series — start with Eu Ai Act Facial Recognition 2026.

"Every manufacturer of this technology, every police department with a policy makes very clear that face recognition technology is not capable of providing a positive [identification]..." — WIRED, reporting on records reviewed from DHS

As WIRED reported based on records it reviewed, Mobile Fortify is not designed to reliably identify people in the field and was deployed without the scrutiny that has historically governed rollouts of technologies with serious privacy implications. Agents are getting outputs. What they're not getting: confidence scores, match thresholds, or audit trails that would allow a result to be challenged, explained, or documented for any formal purpose.

Third: TSA. The agency's biometric identity verification trials are expanding. The second facial recognition proof of concept launched at McCarran International Airport in Las Vegas — the first had been at LAX in 2018 — and the program has grown significantly since. The TSA collects live facial images at checkpoints and compares them against photos from identity documents, with the agency noting in its Privacy Impact Assessment that participation is voluntary. Technically. Though "opt-out" and "voluntary" are doing a lot of heavy lifting when you're standing in a security line with a flight to catch.

The Evidentiary Standard Nobody Is Asking About

Here's what's actually frustrating about all three of these stories. They're not primarily technology failures. They're evidentiary culture failures.

Mobile Fortify is a useful case study. The ACLU has described ICE and CBP as "rogue agencies" in the context of facial recognition deployment, pointing to a history of systematic privacy invasions, inaccurate results, and racial disparities in how the technology performs across different demographic groups — a pattern independently documented through NIST's Face Recognition Vendor Testing program. But the immediate operational problem isn't just that the app might be wrong. It's that when it's wrong, nobody in the field has the information needed to know it's wrong. No confidence score. No threshold documentation. No audit trail. An output arrives, and an agent acts on it.

That is not how any forensic tool should work. Ever. If you can't explain the methodology, document the analysis, and defend the output in a formal setting — a report, a court, an administrative hearing — then what you have isn't evidence. It's a guess with a professional-looking interface attached to it. Previously in this series: Face Scanning Mainstream Investigator Methodology .

The Counterargument — and Why It Doesn't Quite Land

Look, nobody's saying this is simple. The strongest argument for moving fast on facial recognition deployment is genuinely uncomfortable to dismiss: imperfect tools used now can identify trafficking victims, disrupt fraud rings, and block age-restricted content from reaching minors. Waiting for perfect standards means real harm continues in the interim. That's a real tension, and it deserves an honest answer rather than a reflexive privacy objection.

The honest answer is this: a result that can't be explained or defended in a formal report doesn't close cases. It creates liability. A trafficking investigator who builds a file on a match from a system with no documented threshold or audit trail hasn't built a case — they've built a vulnerability. The evidentiary requirement isn't bureaucratic caution. It's what separates actionable intelligence from a dead end that gets thrown out before it reaches anyone who can act on it.

Panasonic Connect and JR East are currently trialing facial recognition ticket gates at Nagaoka Station on the Joetsu Shinkansen — walk-through gates that sync visual and audio effects with face-based authentication, as part of JR East's "Suica Renaissance" initiative. That's a consumer experience story, and in that context, the accuracy bar is genuinely different: if the gate occasionally asks someone to tap their card instead, the cost is a few seconds of inconvenience. Transpose that same reliability standard to an immigration enforcement tool being used to detain people, and the cost calculation changes entirely. Context isn't everything in facial recognition — but it's most things.

"Face recognition is a dragnet surveillance technology and its expansion within law enforcement over the last 20 years has been marred by systematic invasions of privacy, inaccuracies, unreliable results, and racial disparities." — Jay Stanley, Senior Policy Analyst, ACLU Speech, Privacy, and Technology Project, ACLU

What "Responsible" Actually Looks Like

The professionals who get burned by facial recognition aren't the ones ignoring it. They're the ones who adopted it uncritically because an agency or platform said it works — and then found themselves unable to explain their methodology when it mattered. Up next: Facial Recognition Expansion Verification Limits W.

The professional standard for controlled facial comparison is specific: you work from known case images, you document the analytical process, you apply a defined methodology with a defensible threshold, and you produce a report that another qualified analyst could review and challenge. That's not a higher bar than these deployed systems are meeting — it's a completely different category of tool with a completely different purpose. Black-box verification bolted onto boarding gates and chat apps and field enforcement apps isn't the same discipline, and treating it as equivalent because both involve a face and a camera is how evidentiary errors happen at scale.

Over 20 jurisdictions across the U.S. have already banned local police from using facial recognition, per the ACLU's tracking — a reactive policy response to exactly the reliability and accountability gaps on display this week. More bans are a likely outcome if the field can't produce a better answer to the question of how these systems actually work and what their failure modes look like.

So here's the specific question worth sitting with: with Discord's verification logic exposed on a government endpoint, immigration agents running a face app that DHS's own records suggest can't actually verify identities, and TSA expanding opt-out biometric trials to more airports — where exactly do you draw the line between "useful for investigation" and "too opaque to put in a case file"? Because right now, a lot of agencies are drawing that line after deployment, not before. And that ordering problem is the whole story.