Border Security: Security of New Passports and Visas Enhanced,	 
but More Needs to Be Done to Prevent Their Fraudulent Use	 
(31-JUL-07, GAO-07-1006).					 
                                                                 
Travel documents are often used fraudulently in attempts to enter
the United States. The integrity of U.S. passports and visas	 
depends on the combination of well-designed security features and
solid issuance and inspection processes. GAO was asked to examine
(1) the features of U.S. passports and visas and how information 
on the features is shared; (2) the integrity of the issuance	 
process for these documents; and (3) how these documents are	 
inspected at U.S. ports of entry. We reviewed documents such as  
studies, alerts, and training materials. We met with officials	 
from the Departments of State, Homeland Security, and Commerce's 
National Institute of Standards and Technology, and U.S.	 
Government Printing Office, and with officials at seven passport 
offices, nine U.S. ports of entry, two U.S. consulates in Mexico,
and two Border Crossing Card production facilities.		 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-07-1006					        
    ACCNO:   A73687						        
  TITLE:     Border Security: Security of New Passports and Visas     
Enhanced, but More Needs to Be Done to Prevent Their Fraudulent  
Use								 
     DATE:   07/31/2007 
  SUBJECT:   Border security					 
	     Forgery						 
	     Fraud						 
	     Identification cards				 
	     Inspection 					 
	     Internal controls					 
	     International travel				 
	     Passports						 
	     Program evaluation 				 
	     Security threats					 
	     Visas						 
	     Policies and procedures				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-07-1006

   

     * [1]Results in Brief
     * [2]Background

          * [3]Travel Documents Issued by State

               * [4]Passports
               * [5]Visas

          * [6]Passports and Visa Fraud
          * [7]Document Security Features
          * [8]Passport Application and Issuance Process
          * [9]Visa Application and Issuance Process
          * [10]Passport and Visa Inspection Process

     * [11]New Passports and Visas Have Been Enhanced, but Prior Genera

          * [12]New Generations of Passports and Visas Have Enhanced Securit

               * [13]Security Features of Passports
               * [14]Security Features of Visas

          * [15]Although Design Development Requires Years to Complete, Stat

               * [16]Development Process for the E-Passport
               * [17]Development Process for the Lincoln Visa
               * [18]Development of Passport Card
               * [19]State Does Not Have a Structured Process for
                 Periodically Re

          * [20]State Shared Information on Design of Passports and Visas

     * [21]Steps Taken to Secure Passports and Visas in the Issuance Pr

          * [22]GPO Has Undertaken Measures for Ensuring Physical Security a
          * [23]State Has Established Measures for Ensuring Integrity in the
          * [24]Weaknesses Exist in State's Oversight of Passport Acceptance
          * [25]State Continues to Address Vulnerabilities in the Visa Issua

               * [26]Measures for Ensuring the Security and Quality of Visas
                 and
               * [27]State Has Taken Actions to Improve the Integrity of the
                 Visa

     * [28]Limitations in Technology and Training Affect Inspection Off

          * [29]Inspection Officers Rely on Observations of Travelers and Ex
          * [30]Limited Availability and Use of Technology Limit Use of Secu

               * [31]Technology and Equipment to Assist Primary Inspection of
                 U.S
               * [32]Equipment and Technology Available at Secondary
                 Inspections

          * [33]Officers Lack Sufficient Training on the Security Features a

               * [34]Lack of Ongoing Training Impedes Officers' Understanding
                 of

     * [35]Conclusions
     * [36]Recommendations for Executive Action
     * [37]Agency Comments and Our Evaluation
     * [38]Passport Issuance Process
     * [39]Visa Issuance Process
     * [40]GAO Comments
     * [41]GAO Comment
     * [42]GAO Contact
     * [43]Staff Acknowledgments
     * [44]GAO's Mission
     * [45]Obtaining Copies of GAO Reports and Testimony

          * [46]Order by Mail or Phone

     * [47]To Report Fraud, Waste, and Abuse in Federal Programs
     * [48]Congressional Relations
     * [49]Public Affairs

Report to Congressional Requesters

United States Government Accountability Office

GAO

July 2007

BORDER SECURITY

Security of New Passports and Visas Enhanced, but More Needs to Be Done to
Prevent Their Fraudulent Use

GAO-07-1006

Contents

Letter 1

Results in Brief 3
Background 6
New Passports and Visas Have Been Enhanced, but Prior Generations of
Travel Documents Remain More Vulnerable to Fraud, and Document Designs Are
Not Periodically Reassessed 13
Steps Taken to Secure Passports and Visas in the Issuance Process, but
Additional Measures Are Needed to Address Weaknesses in Oversight of
Passport Acceptance Facilities 23
Limitations in Technology and Training Affect Inspection Officers' Ability
to Fully Utilize Security Features in Passports and Visas 32
Conclusions 42
Recommendations for Executive Action 43
Agency Comments and Our Evaluation 44
Appendix I Scope and Methodology 46
Appendix II Types of Passports 49
Appendix III Testing Conducted in Development of E-Passport Design 50
Appendix IV Issuance Process for Passports and Visas 51
Passport Issuance Process 51
Visa Issuance Process 52
Appendix V Primary Inspection Processes at Air, Sea, and Land Ports of
Entry 54
Appendix VI Comments from the Department of State 58
GAO Comments 67
Appendix VII Comments from the Department of Homeland Security 69
GAO Comment 72
Appendix VIII GAO Contact and Staff Acknowledgments 73

Tables

Table 1: Number of Fraudulent U.S. Passports and Visas Detected at U.S.
Ports of Entry, Fiscal Year 2006 10
Table 2: Validity Period and Numbers in Circulation, by Passport 14
Table 3: Validity Period and Numbers in Circulation, by Visa 16

Figures

Figure 1: Key Elements of a Secure Travel Document 8
Figure 2: Timeline for Development of E-Passport 19
Figure 3: Timeline for Development of Lincoln Visa 20
Figure 4: Overview of the Process, Tools, and Technology for Primary
Inspection of Travel Documents at U.S. Air, Sea, and Land Ports of Entry
34
Figure 5: Overview of US-VISIT Procedures at Air, Sea, and Land Ports of
Entry 36
Figure 6: Overview of the Process, Tools, and Technology for Secondary
Inspection of Travel Documents at U.S. Ports of Entry 39
Figure 7: Application and Issuance Process for Passports 52
Figure 8: Application and Issuance Process for Visas 53
Figure 9: Inspection Process for Entry into the United States 55

Abbreviations

APIS Advanced Passenger Information System
BCC border crossing card
CBP U.S. Customs and Border Protection
CCD Consular Consolidated Database
DHS Department of Homeland Security
FDL Forensic Document Laboratory
GPO Government Printing Office
ICAO International Civil Aviation Organization
NIST National Institute of Standards and Technology
PIERS Passport Information Electronic Retrieval System
RFID radio frequency identification
TECS Treasury Enforcement Communications System
US-VISIT U.S. Visitor and Immigrant Status Indicator Technology
USCIS U.S. Citizenship and Immigration Services

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

United States Government Accountability Office
Washington, DC 20548

July 31, 2007

The Honorable Lamar S. Smith
Ranking Member
Committee on the Judiciary
House of Representatives

The Honorable Ileana Ros-Lehtinen
Ranking Member
Committee on Foreign Affairs
House of Representatives

The Honorable Darrell Issa
The Honorable F. James Sensenbrenner Jr.
House of Representatives

U.S. travel documents are often used fraudulently in connection with other
crimes, including narcotics trafficking, alien smuggling, and even
terrorism. In fiscal year 2006, more than 21,000 fraudulent U.S. passports
and U.S. visas^1 were intercepted by U.S. Customs and Border Protection
(CBP) at U.S. ports of entry,^2 and over 3,500 new cases of passport and
visa fraud, including application fraud, were investigated by the State
Department (State) in fiscal year 2005, resulting in the arrests of over
500 people. Preventing, detecting, and responding to the fraudulent use of
passports and visas is essential to protect U.S. citizens and interests at
home and abroad. The integrity of these travel documents is dependent upon
the combination of security features in the document and solid issuance
and inspection processes. State's Bureau of Consular Affairs issues
passports and visas, CBP, in the Department of Homeland Security (DHS),
inspects these documents at ports of entry, and State's Bureau of
Diplomatic Security together with State's Office of the Inspector General
are responsible for investigating passport or visa fraud.

^1In this report, we use "passport" to refer to passports issued to U.S.
citizens and "visa" to refer to immigrant and nonimmigrant visas issued to
foreign nationals seeking to travel to the United States.

^2A port of entry is an officially designated location (airport, seaport,
and land border locations) where CBP officers clear travelers for entry
into the United States. There are 326 ports of entry.

In response to your request, this report focuses on travel documents
issued by State, including passports, passport cards,^3 visas, and border
crossing cards (BCC);^4 it examines (1) fraud prevention features in the
documents, the process for addressing potential risks, and how information
on these features is shared; (2) the integrity of the issuance process;
and (3) how these documents are inspected at U.S. ports of entry. We will
be issuing a separate report on the security of travel documents issued by
DHS in early 2008.

To examine the fraud prevention features in passports and visas, the
process for addressing potential risks, and how information on these
features is shared, we reviewed documentation on passports and visas,
including materials on their security features, available counterfeit
deterrence and durability studies, fraud bulletins and alerts, and
relevant laws and regulations. We interviewed officials at State's Bureau
of Consular Affairs and Diplomatic Security, DHS's Forensic Document
Laboratory (FDL), Department of Commerce's National Institute of Standards
and Technology (NIST), and the U.S. Government Printing Office (GPO). We
also attended the International Civil Aviation Organization (ICAO)
machine-readable travel document symposium in Montreal, Canada. To examine
the integrity of the issuance process for these documents, we reviewed
documentation, including reports and audits of internal controls,
production and issuance procedures, and passport fraud referral
statistics. We also interviewed officials at State's Consular Affairs
Bureau, GPO, and DHS's U.S. Citizenship and Immigration Services (USCIS)
and interviewed officials at seven domestic passport offices, two U.S.
consulates in Mexico, and two USCIS production facilities. To examine how
these documents are inspected at U.S. ports of entry, we reviewed various
documents, including CBP inspections program policies, procedures, and
related memorandums and relevant laws and regulations. We interviewed
officials at CBP, FDL, and the U.S. Visitor and Immigrant Status Indicator
Technology (US-VISIT) program. We also conducted nine site visits to air,
land, and sea ports of entry to interview CBP officials and observe the
inspection process of passports and visas. Appendix I contains additional
details on our scope and methodology. We conducted our review from June
2006 through May 2007 in accordance with generally accepted government
auditing standards.

^3The passport card is currently under development as an alternative
travel document for entry by U.S. citizens into the United States at land
and sea ports of entry.

^4The State Department issues the BCC, which permits limited travel by
Mexican citizens, without additional documentation 25 miles inside the
border of the United States (75 miles if entering through certain ports of
entry in Arizona) for fewer than 30 days.

Results in Brief

State has developed passports and visas that are more secure than older
versions of these documents because they contain a variety of enhanced
security features that, in combination, are intended to deter alteration
or counterfeit attempts. Prior generations of these documents have been
fraudulently used and remain more vulnerable to fraud for the duration of
their life span. For example, the 1994 generation of the passport--issued
until 2001 and valid for travel until 2011--remains vulnerable to
alteration by such means as photo substitution. More than 20 million of
these older passports are in circulation. State has made enhancements to
strengthen new generations of passports and visas, changing the design of
these documents in response, in part, to detected attempts to counterfeit
or alter these documents. Although State has updated or changed the
security features of its travel documents, it does not have a structured
process--such as long-term or "life-span" planning--to periodically
reassess the effectiveness of the documents' security features against
evolving threats and to plan for new generations of travel documents.
Moreover, the process for designing a new document takes several years.
Given the long validity period of these documents and the time it takes to
complete a new document design, a structured process for periodically
reassessing documents currently issued is critical to ensuring the
security of these documents against evolving fraudulent threats.

While State has taken several measures to ensure the security of its
travel documents, additional measures are needed in the passport issuance
process to minimize the risk of fraud. About 8,500 passport acceptance
facilities nationwide serve an important function in establishing the
identity (identifying a match between the individual, identification
document, and submitted application photo) for millions of passport
applicants each year--a vital link in preventing the issuance of genuine
passports to criminals or terrorists under false identities resulting from
the receipt of a fraudulent application. We found that State lacks a
program for oversight of these passport acceptance facilities nationwide.
Although State has taken some steps to address weaknesses identified in
the training of acceptance agents, additional measures are needed to
ensure adequate controls over the application acceptance process. For
example, although State officials told us there have been some cases of
fraud associated with passport acceptance facilities or the individuals
working at these facilities, there is no national system for conducting
routine audits of acceptance facilities' performance and practices.
Oversight of the acceptance facility program is critical to ensure
adequate controls over the application acceptance process and to protect
against vulnerabilities, such as the issuance of passports to criminals or
terrorists under false identities. For visas issued by State to foreigners
seeking to travel to the United States, State has made improvements to the
visa issuance process in the last several years and is working to address
identified weaknesses. For example, State has taken actions to improve
internal controls over visa issuance in response to our and State
Inspector General reviews, and it acknowledges that these actions require
constant vigilance. In addition, to address the high imposter fraud
associated with the BCC, State has recently implemented measures to secure
this travel document.

Officers in primary inspection--the first and most critical opportunity at
U.S. ports of entry to identify individuals seeking to enter the United
States with fraudulent travel documents--are unable to take full advantage
of the security features in passports and visas due to (1) limited
availability or use of technology at primary inspection and (2) lack of
timely and recurring training on the security features and fraudulent
trends for passports and visas. These officers rely on both their
observation of travelers and visual and manual examination of documents to
detect fraudulent passports and visas. However, DHS has not yet provided
most ports of entry with the technology tools that can make use of the
electronic chips in electronic passports.^5 Further, CBP does not have a
process in place for primary inspection officers to utilize the
fingerprint features of visa holders, including BCCs, at all land ports of
entry. For example, although BCC imposter fraud is high, primary officers
at southern land ports of entry are not able to use the available
fingerprint records of BCC holders to confirm the identity of travelers
and do not routinely refer BCC holders to secondary inspection, where
officers do have the capability to utilize fingerprint records. As a
result, the officers must rely on other inspection techniques to detect
BCC imposter fraud. Moreover, training materials provided to officers were
not updated to include exemplars--genuine documents used for training
purposes--of the e-passport and the emergency passport in advance of the
issuance of these documents. As a consequence, inspection officers were
not familiar with the look and feel of security features in these new
documents before inspecting them. Without updated and ongoing training on
fraudulent document detection, officers told us they felt less prepared to
understand the security features and fraud trends associated with all
valid generations of passports and visas. Although CBP faces an extensive
workload at many ports of entry and has resource constraints, there are
opportunities to do more to utilize the security features in passports and
visas during the inspection process to detect their fraudulent use.

^5DHS deployed e-passport readers to meet its legislative requirements
under the Visa Waiver Program. The 33 airports to which the readers were
deployed process the highest volume of travelers from Visa Waiver Program
countries. Citizens of countries participating in the Visa Waiver Program
are not required to obtain a U.S. visa to enter the United States for
business or tourist purposes for 90 or fewer days.

We are making recommendations to the Secretary of State to better plan for
the new generations of travel documents and address vulnerabilities in the
passport application process. We also are making recommendations to the
Secretary of Homeland Security to make better use of the security features
in passports and visas in the inspection process and improve training for
inspection officers on the features and fraud trends for these travel
documents. Specifically, we are recommending that

           o State develop a process and schedule for periodically
           reassessing security features in the design of its travel
           documents;
           o State establish a formal oversight program of passport
           acceptance facilities;
           o DHS develop a deployment schedule for providing e-passport
           readers to U.S. ports of entry;
           o DHS develop a strategy for better utilizing the biometric
           features of the BCCs in the inspection process; and
           o DHS and State identify a process for updating training materials
           for inspection officers that reflect changes in passports and
           visas in advance of issuance, including the provision of exemplars
           of the new documents prior to issuance.

           We provided a draft of this report to the Departments of State and
           Homeland Security, U.S. Government Printing Office, and the
           Department of Commerce's National Institute of Standards and
           Technology. We received written comments from State and DHS, which
           we have reprinted in appendixes VI and VII, respectively. GPO and
           NIST provided technical comments. State and DHS concurred with the
           findings and recommendations of the report. State agreed with our
           recommendations and described the actions it is taking and plans
           to take to implement them. State also provided additional
           information on the Consular Consolidated Database (CCD), recent
           visa fraud cases, and the ways in which State identifies
           fraudulent passports and visas. DHS concurred with all of our
           recommendations and described the actions it is taking and plans
           to take to implement them. DHS believes it has already implemented
           our recommendation that it develop a strategy for better utilizing
           the biometric features of BCCs in the inspection process. We agree
           that DHS's US-VISIT capability enables primary inspectors at air
           and most sea ports of entry to use fingerprint biometrics to
           compare and authenticate the document and holder of visas and
           BCCs. However, at land border ports this capability is not
           available in primary inspection. Travelers with BCCs at southern
           land border ports--the ports where BCC imposter fraud is most
           significant--are not routinely referred to secondary inspection,
           where they do have the capability to utilize the fingerprint
           records for comparison, and all BCCs are not machine-read for
           access to the biographic data during inspection at these ports of
           entry. As a result, inspectors are not making full use of the
           biometric information available for BCCs. To more fully utilize
           the available fingerprint biometric in the BCC and mitigate
           imposter fraud, we are suggesting that DHS develop a strategy to
           better use both the fingerprint biometric of the BCC and increase
           card reads of the BCC in primary inspection at southern land
           border ports of entry. State and DHS also provided technical
           comments, which we incorporated, as appropriate.
			  
			  Background

           Travelers to the United States are generally required to present
           documentation verifying their identity and nationality and, for
           non-U.S. citizens, their eligibility to enter the United States.
           Acceptable travel documents for entry into the United States
           include, among others, passports, visas, and U.S military identity
           cards. In 2004, Congress, in an effort to further secure U.S.
           borders, mandated the development and implementation of a plan
           that requires U.S. citizens to have a passport or other document
           that demonstrates their identity and citizenship when entering the
           United States. State and DHS implemented this requirement for air
           ports of entry on January 23, 2007, and are to implement the
           requirement for land and sea ports before June 1, 2009.^6

           State's Bureau of Consular Affairs is responsible for the design
           and issuance of passports for U.S. citizens and visas for all
           foreign aliens requiring a visa for entry into the United States.
           CBP is responsible for inspecting these documents and permitting
           entry to travelers at designated air, land, and sea U.S. ports of
           entry. In addition, State's Bureau of Diplomatic Security, in
           collaboration with State's Office of Inspector General, DHS and
           other U.S. agencies, and foreign law enforcement entities, is
           responsible for investigating suspected fraud of passports and
           visas.

           The security of passports and visas and the ability to prevent and
           detect their fraudulent use are dependent upon a combination of
           well-designed security features, solid issuance procedures for the
           production of the document and review of the application, and
           solid inspection procedures that utilize available security
           features. Figure 1 below presents the key elements of a secure
           travel document. A well-designed document has limited utility if
           it is not well-produced or inspectors do not utilize the security
           features to verify the authenticity of the document and its
           bearer.
			  
^6On June 8, 2007, State and DHS announced that U.S. citizens traveling to
Canada, Mexico, the Caribbean, and Bermuda who have applied for but not
yet received passports can nevertheless temporarily enter and depart from
the United States by air with a government-issued photo identification and
Department of State official proof of application for a passport through
September 30, 2007. DHS and State have indicated that they will begin to
implement the requirement for land and sea ports in 2008. In commenting on
a draft of this report, State noted that the exact implementation date
will be determined by a number of factors, including the progress of DHS
and State actions to implement the Western Hemisphere Travel Initiative
and the availability of compliant documents on both sides of the border.

           Figure 1: Key Elements of a Secure Travel Document
			  
			  Travel Documents Issued by State

           In fiscal year 2006, about 12 million passports and almost 6
           million visas were issued, according to State. As of April 2007,
           there are 74 million valid passports and almost 34 million visas,
           including 9 million BCCs, in circulation.
			  
			    Passports

           A passport is not only a travel document required of U.S. citizens
           for international travel and re-entry into the United States by
           air, but also an official verification of the bearer's origin,
           identity, and nationality. Under U.S. law, the Secretary of State
           has the authority to issue passports, which may be valid for up to
           10 years. Only U.S. nationals may obtain a U.S. passport, and
           evidence of citizenship or nationality is required with every
           passport application. Federal regulations list those who do not
           qualify for a passport, including those who are subjects of a
           federal felony arrest warrant. See appendix II for additional
           information on the types of U.S. passports.

           In addition, State is currently developing a passport card that
           will serve as an alternative travel document for re-entry into the
           United States by U.S. citizens at land and sea ports of entry.^7
			  
			    Visas

           A visa is a travel document for people seeking to travel to the
           United States for a specific purpose, including to immigrate,
           study, visit, or conduct business; the document allows a person to
           travel to a United States port of entry and ask for permission to
           enter the country. While consular officers within State are
           responsible for determining a person's eligibility to enter the
           United States for a specific purpose, CBP officers have the
           ultimate authority to permit entry into the United States. State
           issues two types of visas: (1) a visa foil attached to the visa
           pages of a foreign passport, for nonimmigrant or immigrant travel
           to the United States; and (2) the BCC for limited travel by
           Mexican citizens within the United States' southern border. Visas
           can be issued for a validity period of up to 10 years.
			  
			  Passports and Visa Fraud

           Threats to the security of travel documents include counterfeiting
           a complete travel document, construction of a fraudulent document,
           photo substitution, deletion or alteration of text, removal and
           substitution of pages, theft of genuine blank documents, and
           assumed identity by imposters. Features of travel documents are
           assessed by their capacity to secure a travel document against the
           following:

           o counterfeiting: unauthorized construction or reproduction of a
           travel document.
           o forgery: fraudulent alteration of a travel document.
           o imposters: use of a legitimate travel document by people falsely
           representing themselves as legitimate document holders.

           Most reported passport and visa fraud is imposter-related fraud.
           In fiscal year 2006, CBP detected 21,292 fraudulent U.S.
           passports, visas, and BCCs presented by travelers attempting to
           enter the United States through a U.S. port of entry. (See table
           1.) Nearly 80 percent of these documents were genuine documents
           presented by imposters. The most frequent fraudulent attempts were
           by imposters attempting to use a legitimate BCC, while the
           fraudulent use of passport and visa more often involved attempts
           to counterfeit or alter the document. The following cases
           illustrate attempts to fraudulently use U.S. travel documents to
           enter the United States:
			  
^7The passport card is being developed as a substitute for a passport and
as a lower-cost means of establishing identity and nationality for
American citizens, as a part of the Western Hemisphere Travel Initiative.
This document is not designed to be a globally interoperable travel
document as defined by ICAO.

           o In November 2005, CBP officers intercepted a Ghanian citizen
           with an altered U.S. visa. The visa photo was manually retouched
           to bear closer resemblance to the photo substituted into the
           biographical page of the passport.
           o In June 2006, a Chinese citizen was found in possession of a
           counterfeit U.S. passport. Printing and other errors on the
           biographic page and another page alerted authorities that the
           passport was counterfeit.
           o In January 2007, a Brazilian citizen, using a genuine U.S. visa,
           attempted to enter the United States as an imposter. CBP officers
           confirmed the traveler was an imposter and was attempting to enter
           the United States to seek employment.

           Table 1: Number of Fraudulent U.S. Passports and Visas Detected at
           U.S. Ports of Entry, Fiscal Year 2006
			  
Travel document             Imposter Counterfeit/altered  Total 
U.S. passport                    971                 458  1,429 
U.S. nonimmigrant visa foil      173               2,865  3,038 
BCC                           15,911                 914 16,825 
Total                         17,055               4,237 21,292 

           Source: GAO analysis of Department of Homeland Security data.

           Note: Data for U.S. immigrant visas not available.

           Applicants commit passport application fraud through various
           means, including submitting false claims of lost, stolen, or
           mutilated passports; child substitution; and counterfeit
           citizenship documents. According to State's Bureau of Diplomatic
           Security investigators, imposters' use of assumed identities,
           supported by genuine but fraudulently obtained identification
           documents, is a common and successful way to fraudulently obtain a
           passport. This method accounted for about 65 percent of 3,703
           total confirmed passport fraud cases investigated by the bureau in
           fiscal year 2006, according to Diplomatic Security documentation.
			  
			  Document Security Features

           To combat document fraud, security features are used in a wide
           variety of documents, including currency, identification
           documents, and bank checks. Security features are used to prevent
           or deter the fraudulent alteration or counterfeiting of such
           documents. In some cases, an altered or counterfeit document can
           be detected because it does not have the look and feel of a
           genuine document. For instance, detailed designs and figures are
           often used on documents with specific fonts and colors. While such
           aspects are not specifically designed to prevent the use of
           altered or counterfeit documents, inspectors can often use them to
           identify nongenuine documents. In some cases, security features
           can be observed with the naked eye. But for others, tools may be
           necessary to verify the existence of a security feature. For
           instance, to read microprinting, it may be necessary to have a
           magnifying glass or a loupe. To see features on pages printed with
           ultraviolet fluorescent ink, it is necessary to have an
           ultraviolet light source. In particular, electronic equipment is
           required to read electronic features such as biometrics or digital
           signatures from the travel document.

           While security features can be assessed by their individual
           ability to help prevent the fraudulent use of the document, it is
           more useful to consider the entire document design and how all of
           the security features help to accomplish this task. Layered
           security features tend to provide better document security by
           minimizing the risk that the compromise of any individual feature
           of the document will allow for the unfettered fraudulent use of
           the document. Individual document security features are known to
           different levels of people. For instance, some security features
           are known only by forensic examiners, while other features are
           more widely known by specialized law enforcement personnel.
			  
			  Passport Application and Issuance Process

           GPO produces and delivers blank passports to the domestic
           passport-issuing offices.^8 State operates 17 domestic
           passport-issuing offices, where most passports are issued each
           year.^9 In addition, in the spring of 2007, State opened a new
           passport production facility for the personalization of passport
           books.^10 The majority of passport applications are submitted by
           mail or in person at one of 8,500 passport application acceptance
           facilities nationwide, which include post offices; federal, state
           and probate courts; public libraries; and county and municipal
           offices.^11 The passport acceptance agents at these facilities are
           responsible for, among other things, verifying whether an
           applicant's identification document, such as a driver's license,
           actually matches the applicant. Then, at the domestic
           passport-issuing offices, passport examiners determine--through a
           process called adjudication--whether they should issue each
           applicant a passport. See appendix IV for an overview of the
           passport issuance process.
			  
^8GPO produces blank passports for State as agreed under a memorandum of
understanding with State.

^9State operates passport-issuing offices in Aurora, Colorado; Boston;
Charleston, South Carolina; Chicago; Honolulu; Houston; Los Angeles;
Miami; New Orleans; New York; Norwalk, Connecticut; Philadelphia;
Portsmouth, New Hampshire; San Francisco; Seattle; and two offices in
Washington, D.C.--a regional passport agency and a special issuance agency
that handles official U.S. government and diplomatic passports.

           Visa Application and Issuance Process

           State manages the visa process, as well as the consular officer
           corps and its functions at 219 visa-issuing posts overseas. The
           process for determining who will be issued or refused a visa
           contains several steps, including documentation reviews, in-person
           interviews, collection of biometrics (facial image and
           fingerprints), and cross-referencing an applicant's name against
           the Consular Lookout and Support System (CLASS)--State's
           name-check database that posts use to access critical information
           for visa adjudication. In some cases, a consular officer may
           determine the need for a Security Advisory Opinion, which is
           information provided from Washington to the post regarding whether
           to issue a visa to the applicant. See appendix IV for an overview
           of the visa issuance process.
			  
			  Passport and Visa Inspection Process

           In general, at ports of entry, travelers seeking admission to the
           United States must present themselves and a valid travel document,
           such as a passport or a U.S. visa,^12 for inspection to a CBP
           officer. The immigration-related portion of the inspections
           process requires the officer to determine--by questioning the
           individual and inspecting the travel documents--if the traveler is
           a U.S. citizen or alien. If the traveler is an alien, CBP officers
           must determine the purpose of the individual's travel and whether
           the alien is entitled to enter the United States. During the
           inspections process, CBP officers must confirm the identity and
           nationality of travelers and determine the validity of their
           passports and visas by using a variety of inspection techniques
           and technology.
			  
^10While the majority of passports are issued by domestic passport
agencies, consular officers in U.S. embassies and consulates also issue
passports in the form of an emergency passport.

^11This number is as of April 2007. State officials noted that this number
changes frequently as new acceptance facilities are added and others are
dropped.

^12Currently, U.S. citizens are not required to present passports if they
re-enter the United States at a land or sea port of entry. In general,
aliens must present their passport and a valid U.S. visa.

           At the first part of the inspection process--primary
           inspection--CBP officers inspect travelers and their travel
           documents to determine if they may be admitted or should be
           referred for further questioning and document examination. If
           additional review is necessary, the traveler is referred to
           secondary inspection--an area away from the primary inspection
           area--where another officer makes a final determination to admit
           the traveler or deny admission for reasons such as the
           presentation of a fraudulent or counterfeit passport or visa. See
           appendix V for an overview of the inspection process at U.S. ports
           of entry.
			  
           New Passports and Visas Have Been Enhanced, but Prior Generations
			  of Travel Documents Remain More Vulnerable to Fraud, and Document
			  Designs Are Not Periodically Reassessed

           State has made enhancements to strengthen new generations of
           passports and visas, which contain a variety of security features
           that, in combination, are intended to deter attempts to alter or
           counterfeit the documents; however, prior generations of these
           documents have been fraudulently used and remain more vulnerable
           to fraudulent attempts for the duration of their life span. While
           the process for designing a new document takes several years to
           complete, State does not periodically reassess the security
           features of the travel documents it currently issues to identify
           their effectiveness against evolving counterfeit and alteration
           threats and to plan for new generations of travel documents. In
           addition, State shares information on the security features of
           passports and visas with domestic and international entities.
			  
			  New Generations of Passports and Visas Have Enhanced Security
			  Features, but Older Versions Are Susceptible to Fraud

           Passports and visas contain a variety of security features that,
           in combination, are intended to deter attempts to alter or
           counterfeit the documents. The design of passports--currently
           there are three generations valid for travel--contain a range of
           security features to protect against their fraudulent use. Visa
           foils--currently there are two generations valid for travel--and
           the BCC also contain a range of security features to protect
           against their fraudulent use. Enhancements have been made to
           strengthen new generations of these documents, but prior
           generations remain more vulnerable to fraudulent attempts during
           their life span. Although none of the passports and visas that are
           currently valid have had all of their security features
           compromised, some methods of alteration or counterfeiting have
           been found to be successful enough to fool an initial inspection.
           In these cases of sophisticated attempts to defeat specific
           security features, only a more detailed examination of the
           document can determine that the document is not authentic.
			  
			    Security Features of Passports

           According to State, over 74 million passports are currently in
           circulation, as of April 2007. Currently, there are three valid
           generations of the passport--the 1994 passport, the 1998
           photo-digitized passport, and the 2006 electronic passport
           (e-passport). See table 2 for validity periods for travel and
           numbers in circulation of current passports.

           Table 2: Validity Period and Numbers in Circulation, by Passport

                         First              Valid for Number in circulation   
U.S. passport        issued  Last issued travel^a  (as of April 2007)      
1994 passport          1994  2001        through   20 million              
                                            2011                              
1998 photo-digitized   1998  2007^b      through   52 million              
passport                                 2017                              
e-passport             2005  Currently   through   2 million               
                                issued      2017 or                           
                                            later                             

           Source: State Department.

           Notes:

           About 140,000 passports were issued to U.S. citizens living
           overseas prior to April 2002 or as an emergency passport prior to
           August 2006. After April 8, 2002, overseas passport issuance for
           U.S. citizens residing or traveling abroad was transferred to the
           National Passport Center in Portsmouth, New Hampshire, and the
           Charleston Passport Center in Charleston, South Carolina, except
           for those requiring urgent travel. All passports issued to U.S.
           citizens living overseas are adjudicated by consular officers at
           U.S. embassies and consulates.

           aOnly for passports issued with a 10-year validity period in the
           last issuance year.

           bState is issuing the 1998 passport until the inventory supply of
           these books is diminished, which State expects will occur in
           August 2007.

           Each generation of the passport has a range of security features
           to provide protection against the threat of fraudulent use. As
           each generation of passports is developed, some security features
           are enhanced, others added, and others dropped from the documents'
           design to protect against counterfeit and alteration threats. For
           example, photo substitution, particularly with the 1994 passport,
           is one technique that has been used to alter passports. State has
           enhanced subsequent generations to combat this threat. In the 1998
           passport, State enhanced the laminate of the passport and
           introduced a photo-digitized passport that prints scanned
           photographs on the biographic page of the passport to eliminate
           the possibility of individuals cutting out and replacing the
           laminated photos. While the vulnerability to photo substitutions
           has been reduced in the 1998 passport, it has not been fully
           eliminated. For the e-passport, although State continues to print
           the photos in the same way as the prior generation, additional
           enhancements have been made to the security of the laminate and a
           proximity radio frequency identification (RFID) chip has been
           added that provides for electronic storage of biographical and
           biometric data.^13 The information stored on the chip is protected
           by a digital signature.^14 This enhancement, which allows for a
           comparison of the photo in the passport with the photo in the
           chip, can provide greater assurance that the photo, as well as the
           biographic data, has not been altered or counterfeited. In cases
           where these enhancements may fail to work correctly, it is
           important to plan for the potential failure of equipment or
           incidents where the verification system does not correctly match
           individuals. In addition, the proposed passport card is expected
           to include laser engraving, tactile features in the photo area and
           an optically variable devise to address photo substitution
           techniques. Additional information on the security features in
           passports and visas issued by the State Department are sensitive
           in nature and have not been provided in this report. We will be
           reporting on the security features in these documents in a
           separate report.
			  
			    Security Features of Visas

           According to State, over 34 million visas are in circulation as of
           April 2007. Currently, there are two valid generations of the visa
           foil--the Teslin and the Lincoln--the foil is attached inside a
           foreign passport using an adhesive.^15 The only currently valid
           generation of the BCC--issued to Mexican citizens--is the laser
           visa, a polycarbonate card with an optical stripe to
           electronically store information about the BCC holder.^16 See
           table 3 for data on validity periods for travel and numbers in
           circulation of current visas.

^13Technologies called biometrics can automate the identification of
individual travelers by one or more of their distinct physical or
behavioral characteristics. For more information on biometrics, see GAO,
Technology Assessment: Using Biometrics for Border Security,
[50]GAO-03-174  (Washington, D.C.: Nov. 14, 2002).

^14A document or file may be protected using a cryptographic process that
effectively generates a "digital signature" stored in the document.
Validating the digital signature not only confirms who generates it, but
also ensures that there have been no alterations to the document since it
was signed. For more information about digital signature technology, see
GAO, Information Security: Advances and Remaining Challenges to Adoption
of Public Key Infrastructure Technology, [51]GAO-01-277 (Washington, D.C.:
Feb. 26, 2001).

^15The Teslin visa used a Teslin synthetic substrate, while the Lincoln
visa, so named because of the image of President Lincoln on the visa, is
made of paper.

           Table 3: Validity Period and Numbers in Circulation, by Visa
			  
                 First              Valid for    Number in circulation(as of  
U.S. visa    issued  Status      travel^a     April 2007)                  
Teslin         1993  Last issued through 2013 11 million                   
visa^b               2003                                                  
Lincoln visa   2002  Currently   through 2017 14 million                   
                        issued      or later                                  
BCC            1998  Currently   through 2017 9 million                    
                        issued      or later                                  

           Source: State Department.

           aOnly for visas issued with a 10-year validity period in the last
           year of issuance.

           bThere are three versions of the Teslin visa--type 1, type 2, and
           the machine-readable visa 2000 (MRV2000).

           As with the passport, when the Lincoln visa was developed, some
           security features were improved over those in the Teslin visa,
           others added, and others dropped. Enhancements to the Lincoln visa
           include more detailed printing features and features such as
           security fibers and biometric information (digital photograph and
           fingerprints). The biometric information is collected overseas
           under State's Biometric Visa Program, to be used by CBP inspectors
           at ports of entry to verify that the original visa applicant is
           the person entering the United States.^17 For the BCC, State
           stored the traveler's biographical and biometric information
           electronically on the optical media of the card.
			  
^16The Illegal Immigration Reform and Immigrant Responsibility Act of 1996
(IIRIRA), as amended, mandated the expiration of previous versions of the
BCC on September 30, 2001.

^17State implemented the Biometric Visa Program in October 2004.

           Although Design Development Requires Years to Complete, State Does
			  Not Periodically Plan for New Generations of Passports and Visas

           State's process for the development and testing of new travel
           documents, to enhance their security and reduce vulnerability to
           sophisticated fraud attempts, varied by document and required
           several years to complete. While State has made adjustments in the
           design of passports and visas, its approach has been largely
           reactive. Despite the length of time required of a document
           redesign, State does not have a structured process to periodically
           reassess the security features in its documents and to plan for
           new generations. The increasing pace of technological change and
           use of electronics makes State's current approach less viable than
           it might have been in the past, and best practices in currency
           design, for example, suggest that periodic evaluation of designs
           and introduction of new security features are more viable
           approaches in the management of counterfeit and alteration
           threats.
			  
			    Development Process for the E-Passport

           The process for developing the new e-passport design took almost 3
           years. State initiated the redesign of the passport in 2003 in
           response to new international specifications for electronic travel
           documents, to meet standards set for nations that participate in
           the United States' Visa Waiver Program, and to address
           sophisticated attempts to compromise the document with additional
           layers and enhancements of security features.^18 In February 2005,
           State presented the proposed design for the new passport, which
           was intended to comply with ICAO standards. From 2005-2006, State,
           together with GPO, utilized government expertise at FDL and the
           NIST to test the durability of the book and certain security
           features of the e-passport and emergency passport. In response to
           security and privacy concerns regarding the inclusion of RFID chip
           technology, NIST was also requested to evaluate the passport's
           skimming vulnerability.^19 Based on the results of NIST's tests,
           material was added to the front cover and spine of the book to
           mitigate the threat of skimming. Separately, durability testing
           conducted at NIST also revealed that some of the security features
           were adversely affected by humidity. State and GPO reviewed the
           results of NIST's tests and determined that the overall integrity
           of the passport remained sufficient and did not make any immediate
           changes to the design, according to State and GPO officials. A
           State official did note that these results would be considered in
           the future. In January 2006, State and DHS conducted pilot tests
           for the new passport, using diplomatic versions of the e-passport.
           See figure 2 for a timeline of the development process for the
           e-passport. Appendix III provides additional information on the
           testing that was conducted in the development of the e-passport
           design.
			  
^18At the same time that the e-passport was under development, the
emergency passport was developed to provide U.S. missions overseas, for
the first time, with a designated passport book for emergency issuance
overseas.

^19Skimming is the unauthorized use of a reader to read the data stored on
the RFID chip without the authorization or knowledge of the owner of the
chip or the individual in possession of the chip.

Figure 2: Timeline for Development of E-Passport

aAccording to State, all passport agencies and centers have fully
converted to e-passport production, but the National Passport Center also
continues to print legacy passport books until the inventory supply of
these books is diminished, which State expects will occur in August 2007.

  Development Process for the Lincoln Visa

The development of the Lincoln visa design took about 4 years. The visa
was developed in response to advanced attempts to counterfeit and alter
the Teslin visa, according to State. To quickly address the sophisticated
alteration attempts to the Teslin visa while the Lincoln visa was under
development, State developed a new version of the Teslin visa--the
MRV-2000--as a short-term solution for addressing the counterfeit threat.
The MRV-2000 was tested in 1999 and issued in 2000. State was able to make
minor changes on short notice, such as additional coding, to distinguish
the MRV-2000 for inspection purposes and provide a short-term solution
during the several years it took for the redesign of the visa to be
completed. From 1998 to 1999, State requested industry experts to help in
the development of the design and conducted studies of available security
papers and ink jet printers. Various paper suppliers and NIST conducted
vulnerability tests, demonstrating the durability of features on available
papers. According to State officials, after identifying currently
advantageous security features, State then moved into the selection of
paper, glue, release liner process offset, and florescent inks. FDL
provided forensic testing, such as chemical sensitivity testing, for the
selected design. See figure 3 for the timeline of development for the
Lincoln visa.

Figure 3: Timeline for Development of Lincoln Visa

  Development of Passport Card

The development of the new passport card is expected to take a little more
than 2 years, according to current State and DHS plans. State, in
consultation with DHS, has been developing a new passport card since early
2006. In January 2006, State and DHS announced the development of the
passport card. On May 25, 2007, the solicitation request for proposal for
the passport card was released. According to State and DHS plans, from
July until December 2007, the proposals will be reviewed and testing will
be conducted, including durability testing. State expects to begin issuing
the new cards in 2008.

  State Does Not Have a Structured Process for Periodically Reassessing and
  Planning for New Generations of Passports and Visas

State updates or changes the security features of its passports and visas
in response, in part, (1) to detected attempts to counterfeit or alter
these documents and (2) to recommended international standards for secure
travel documents. State also made improvements to the passport to match
requirements for enhanced security features in the passports from
countries in Visa Waiver Program.

State obtains information on the detected attempts to counterfeit or alter
passports and visas from a variety of sources in the United States and
other nations, according to State officials. For example, State
occasionally receives information gathered from DHS regarding the seizures
of fraudulent passports and visas. Specifically, FDL provides forensic
analysis of identified alterations and counterfeit attempts and CBP's
Fraudulent Document Analysis Unit provides trend analysis on the types of
fraudulent attempts intercepted at the border. The unit forwards these
seized documents--primarily passports--to State, according to Fraudulent
Document Analysis Unit and State officials. However, the information that
State receives on passport and visa fraud is not centrally collected or
analyzed by State for purposes of planning or reassessing the document's
security. According to State, information received on the fraudulent use
of passports and visas is reviewed largely on a case-specific basis.
Moreover, data on this information are not collected or analyzed by State
in order to identify counterfeit or alteration trends.

U.S. currency faces threats similar to those of passports and visas.
According to the National Academies, life-cycle planning can be an
effective way to reassess document security and plan for new documents by
providing a structured process for re-evaluating the features of the
document against evolving counterfeit and alteration threats.^20 The
National Academies found that, for bank notes, advances in reprographic
technology have made securing currency more challenging, necessitating
regular assessments of technologies and threats. According to the National
Academies, by continuously evaluating currency designs and introducing new
security features, the government does an effective job of staying ahead
of counterfeiting threats. In addition, the U.S. Department of the
Treasury's Bureau of Engraving and Printing has reported that protecting
U.S. currency is an ongoing process. According to the bureau, it plans to
introduce new currency designs every 7 to 10 years.

^20National Academies Press, Is That Real? Identification and Assessment
of the Counterfeiting Threat for U.S. Banknotes, ISBN-0-309-10124-7
(Washington, D.C., 2006).

Although State has recently enhanced some of the security features and
introduced new security features to the passport, State, for the documents
it issues, does not have a policy for reassessing the design's resistance
to evolving counterfeit and alteration threats and planning for new
generations of travel documents. For example, although the BCC has been in
circulation for almost 10 years, State has not had any formal plans to
reassess the current document or develop a new BCC until recently. In
responding to a draft copy of this report, State noted that they are
currently redesigning the next generation of the BCC for deployment in
2008, when the current BCCs begin to expire.

A structured process for periodically reassessing the security features in
documents and planning for new generations should include a policy for
reassessing the ability of the document design to resist compromise and
fraudulent attempts to the documents. For example, to meet acceptable
standards for the use of driver's licenses and identification cards for
official purposes, DHS has proposed establishing a policy for annual
review of the card design of such documents. This proposed review would
address the cards' ability to resist counterfeit and alteration attempts
in several areas, including photo substitution, modification of data,
duplication, and reproduction, among others. Such a review of the security
features in the passport design, such as long-term vulnerability testing
of the chip technology and print durability, could identify potential
vulnerabilities in these features before they could be exploited.

State Shared Information on Design of Passports and Visas

State shares information on the security features and fraud attempts of
passports and visas with U.S. entities, including CBP, FDL, and state and
local law enforcement, as well as with State's overseas counterparts,
according to agency documents and officials. Specifically, State's Fraud
Prevention Program distributes newsletters identifying detected attempts
to counterfeit, alter, or fraudulently obtain visas and related fraud to
DHS entities and U.S. missions overseas. State also bilaterally shares
information on the security features of passports and visas to deter the
fraudulent use of these travel documents overseas. For example, State
conducts fraud prevention training for host government law enforcement and
immigration authorities and also works with host governments on U.S.
passport and visa fraud investigations and prosecutions. In addition,
State participates in the multilateral organization ICAO to promote travel
document security and global interoperability.

While State has shared information on the security features and activities
related to the travel documents it issues, including the e-passport, State
is only beginning to share information that is necessary to verify the
authenticity of the electronic data stored in the chip of the e-passport.
The international community, through ICAO, has established a directory for
international validation of digital signatures of e-passport chips. The
United States is currently taking steps to join the directory and share
its public key.

Steps Taken to Secure Passports and Visas in the Issuance Process, but
Additional Measures Are Needed to Address Weaknesses in Oversight of Passport
Acceptance Facilities

State and GPO have enacted several measures to ensure the security and
physical quality of passports and are working to address weaknesses
identified in the passport issuance process; however, additional measures
are needed to strengthen the process and minimize vulnerabilities.
Specifically, State's lack of an oversight program for about 8,500
passport acceptance facilities nationwide continues to present a
significant fraud vulnerability. State has made recent improvements to the
visa issuance process and is working to address identified weaknesses.

GPO Has Undertaken Measures for Ensuring Physical Security and Quality in
Passport Manufacturing Process

GPO has established measures to safeguard the physical security and
integrity of the passport book and materials and continues to review and
strengthen these measures.^21 In the manufacturing process, GPO has
identified measures to secure production materials and blank passport
books and to ensure the quality of the books. Specifically, GPO has
identified control measures in place for the materials used in the
production of passports, including the paper, ink, design, binding, and
chip and for the blank books. A 2004 GPO Inspector General security review
found vulnerabilities in the physical controls of the blank passport,
including the delivery of blank books to passport agencies. GPO has taken
steps to improve its internal controls for passport production as a result
of this review and other recent GPO Inspector General reviews, according
to GPO Inspector General officials. In addition, GPO has established
quality assurance measures for the production of the 1998 passport and
e-passport to ensure the books are manufactured to proper specifications.
For example, GPO staff inspects the quality of the product at stages
throughout the manufacturing process, including inspections of the supply
materials. GPO has also established procedures to inspect, analyze, and
document metrics associated with quality of the passport. In addition, GPO
is also instituting an independent inspection entity that will be
responsible for conducting unannounced and random inspections at points in
the manufacturing process to verify that quality standards are met.

^21GAO's Standards for Internal Control in the Federal Government
recommends that agencies establish physical controls to secure and
safeguard vulnerable assets.

For the e-passport, GPO has identified procedures for inspecting the
quality of the chip at several steps along the manufacturing process,
while additional measures to further ensure the quality of electronic
technology in the e-passport book are under development. According to GPO
officials, the established automated system for inspecting the quality of
the chip is satisfactory, but the physical quality assurance process is
still being developed. Specifically, GPO officials said they are studying
international technology standards and lessons learned from international
counterparts to develop additional quality assurance procedures for the
e-passport manufacturing process.

State Has Established Measures for Ensuring Integrity in the Passport Issuance
Process

State has taken several steps to ensure the integrity of the passport
throughout the issuance process--including establishing internal control
standards, conducting periodic audits and other internal reviews, and
establishing quality assurance measures for passport processing.^22 For
example, State has identified control measures at its passport offices to
safeguard passport applications, passport books, and other production
supplies. Specifically, State's internal controls handbook for domestic
passport offices provides guidance for ensuring the integrity of passport
operations, including guidance for (1) employee integrity and conduct, (2)
applications receipt, (3) counter applications, (4) cashiering, (5)
adjudication, (6) blank book control, (7) duty officer program, and (8)
protection of the premises and information. According to State officials,
the handbook is currently being updated to further strengthen controls and
address identified weaknesses. The handbook identifies and provides
procedures for areas of identified vulnerability, including the
accountability of passport books, money, and adjudicative decision making,
but it does not include internal controls for the passport-related
functions performed at the acceptance facilities.

^22GAO's Standards for Internal Control in the Federal Government require
that agencies establish internal controls sufficient to ensure that
transactions and other significant events are authorized and executed only
by persons acting within the scope of their authority. The standards also
require that the agencies establish internal controls sufficient to ensure
that access to resources and records is limited to authorized individuals
and that accountability for their custody and use is assigned and
maintained.

To ensure compliance with these measures, State conducts periodic
management assessments and internal control reviews for each domestic
passport office as well as periodic audits and other internal reviews of
its passport issuance process. These reviews cover general management, use
of facilities, adjudication, customer service, fraud prevention, passport
book processing, and internal controls, as well as provide recommendations
for the improvement of operations. In addition, State also conducts
periodic audits and other internal reviews of its passport issuance
process.

           o First, the management at the domestic passport offices conducts
           weekly and biweekly audits of adjudicated applications to review
           compliance with adjudication guidelines.
           o Second, State's passport service management in Washington, D.C.,
           has recently taken steps to conduct periodic validation studies,
           which are large-scale audits of passport applications, at all
           passport offices. According to State officials, a pilot validation
           study was conducted in 2006, reviewing over 20,000 adjudicated
           applications. These officials indicated that they are currently
           developing the methodology and implementation plan for future
           validation studies.
           o Third, another management-led effort took place in the summer of
           2006, when State's Passport Office convened a number of working
           groups in Washington, D.C., to improve passport operations and
           address recommendations raised by prior GAO and State Inspector
           General reports. Specifically, these working groups focused on
           areas such as the national fraud prevention program; internal
           controls; and fraud metrics, statistics, and trend analysis. As a
           result of the recommendations of these working groups, State's
           passport management plans to implement several initiatives in the
           next year to improve overall operations.

           State also has measures in place to ensure the quality and
           accuracy of passports issued to applicants. For example, passports
           are inspected after the applicant's information has been added to
           the blank passport book to verify the information has been
           correctly printed and, for e-passports, stored onto the chip. In
           addition, each e-passport is tested at the issuing passport agency
           to ensure that the personalized chip can be read by an e-passport
           reader.

           In addition to the efforts described above, State occasionally
           modifies the regulations governing passport operations. For
           example, State revised its regulations in 2001 to require that
           both parents consent to the issuance of a passport for children
           under age 14 and, in 2004, further amended the regulation to
           further require that children under age 14 also appear personally
           when applying for a passport. These changes were made, in part, to
           improve State's ability to combat international parental child
           abduction, but the measures have also helped prevent or deter
           identity theft-related fraud in passport applications, according
           to State officials. In commenting on a draft copy of this report,
           State indicated that these changes were also made to comply with
           related statutory requirements.
			  
			  Weaknesses Exist in State's Oversight of Passport Acceptance
			  Facilities

           We previously reported that the acceptance agent program was a
           significant fraud vulnerability.^23 State has addressed some
           weaknesses identified in the training of acceptance agents; the
           agents serve a critical role in establishing identity, which is
           critical to preventing the issuance of genuine passports to
           criminals or terrorists under false identities as a result of
           receipt of a fraudulent application. However, we found that many
           of the problems with the oversight of passport acceptance
           facilities we identified in 2005 persist. Specifically, State
           lacks an internal control plan for its acceptance facilities to
           ensure that effective controls are established and monitored
           regularly.^24 An internal control plan should identify the roles
           and responsibilities of all individuals whose work affects
           internal control; lay out specific control areas; cover risk
           assessment and mitigation planning; and include monitoring and
           remediation procedures. Moreover, ICAO guidance for the issuance
           of travel documents recommends several procedures to combat
           fraudulent applications, including (1) regular training to
           individuals who accept applications to increase their awareness of
           potential fraud risks and (2) processes to ensure random access
           between the acceptance agent and applicant.
			  
^23GAO, State Department: Improvements Needed to Strengthen U.S. Passport
Fraud Detection Efforts, [52]GAO-05-477 (Washington, D.C.: May 20, 2005).

^24GAO guidance on internal controls recommends that internal control
monitoring assess the quality of performance over time and ensure that the
findings of audits and other reviews are promptly resolved.

           Numerous passport officials and Diplomatic Security investigators
           told us that the acceptance agent program remains a significant
           fraud vulnerability. State passport officials told us there have
           been investigated fraud cases associated with passport acceptance
           facilities or the individuals working there; however, they did not
           provide us with additional information on these cases. Examples of
           acceptance agent errors that were brought to our attention include
           important information missing from documentation, such as evidence
           of birth certificates and parents' affidavits concerning
           permission for children to travel, as well as photos that were not
           properly attached to the application. One passport specialist also
           cited a case where the photo submitted with the application did
           not match the identity of the applicant. In another example,
           another passport official told us of a case where an acceptance
           facility had accepted a passport application for an individual
           without the person being present and, therefore, did not verify
           the applicant's identity. In addition, managers at two passport
           offices said their offices often see the same mistakes multiple
           times from the same acceptance facility. These problems are of
           particular concern given the persistent attempts to fraudulently
           obtain legitimate passports using stolen identity documents.

           Although resources and other tools are available to passport
           examiners at domestic passport offices to verify citizenship
           evidence and potentially detect false claims of identity, there
           are a number of indicators in the inspection of applicants that
           enhance the ability to detect efforts to use a false identity to
           obtain a genuine passport. Moreover, passport examiners and other
           officials at passport offices told us it is easier to detect
           application fraud when interviewing applicants directly at the
           passport counter. However, the majority of passport applications
           that passport examiners adjudicate are accepted by individuals at
           passport acceptance facilities.

           State has taken action to address some weaknesses we previously
           identified with the acceptance facility program. These actions
           include the following:

           o In mid-2006, State began to develop a system to track the names
           and signatures of authorized acceptance agents, the training
           status of these agents, and the level of proficiency achieved in
           the training. According to State officials, this system is
           expected to be fully implemented by the end of 2007.
           o In May 2007, State implemented an online training program for
           use by nonpostal passport acceptance agents. This program was
           adapted from a computer-based training program previously
           developed by State and the U.S. Postal Service to train passport
           acceptance agents at postal service facilities.
           o In the spring of 2007, State began to discuss a system for
           tracking accepted passport applications by acceptance facility.

           In addition, State's Bureau of Consular Affairs is proposing to
           update and amend some of its passport regulations. These
           amendments would, among other things, codify the requirement that
           passport acceptance agents be U.S. citizens, permanent employees,
           and 18 years or older, and have successfully completed the
           training as detailed by guidance provided by State. While these
           requirements are already State policy, the proposed changes would
           make them formal regulations. In addition, another change would
           require passport acceptance facilities within the United States to
           maintain a current listing of all passport acceptance agents. If
           enforced, these regulations would strengthen the application
           acceptance process.

           State officials attribute problems with applications received
           through acceptance agents to the limited oversight of acceptance
           agents. For example, accountability for the number of passport
           agents authorized to accept passport applications remains unclear.
           Officials at two passport offices confirmed that their passport
           offices now maintain records of the names of individuals accepting
           passport applications at designated acceptance facilities in their
           region. However, they expressed reservations about relying too
           heavily on the accuracy of this information given the absence of a
           program to audit or verify the performance of acceptance agents.
           In addition, State makes a limited number of oversight visits to
           acceptance facilities. Primarily due to the large number of
           acceptance facilities in each passport office region, these
           offices concentrate their training and oversight visits on
           acceptance facilities geographically close to the passport office
           or those acceptance facilities identified to have problems. In the
           absence of a formal mechanism for monitoring the performance of
           acceptance agents, officials at two of the passport offices we
           visited had developed individual systems for tracking the passport
           acceptance facility or agent with an application detected to be
           fraudulent by passport examiners.
			  
			  State Continues to Address Vulnerabilities in the Visa Issuance Process

           GPO and State have measures for ensuring the quality of visas,
           including BCCs. In recent years, State has taken a number of steps
           to strengthen the visa issuance process, as well as a more recent
           measure to secure BCCs.
			  
			    Measures for Ensuring the Security and Quality of Visas and Border
				 Crossing Cards

           GPO and State have identified measures to ensure the physical
           security and quality of visas. GPO has measures in place to secure
           the production of visa foils manufactured by a vendor. GPO
           approves the vendor's security control plan and conducts, with
           State, an on-site inspection of the vendor's facility prior to the
           award of the contract and sharing of a detailed description of the
           security features in the visa design, according to GPO. State
           receives the blank visa foils directly from the vender using a
           secured carrier.

           For the production of BCCs, DHS's U.S. Citizenship and Immigration
           Service (USCIS) has established a number of automated checks
           within the production system to ensure that the cards are produced
           within specifications. One check is a quality assurance
           examination of the card to ensure that the photo is clear and the
           fingerprint image is complete and clear. USCIS has inventory
           control checks to account for all BCCs and to ensure the
           information printed onto the BCCs corresponds to the data provided
           by State. For example, the check would ensure that a male's
           photograph is matched with the correct gender identification.
           Personalized cards are delivered to the U.S. consulates in Mexico,
           where the cards are checked for accuracy and quality before being
           delivered to the applicants.
			  
			    State Has Taken Actions to Improve the Integrity of the Visa Issuance
				 Process

           State, along with Congress and the Department of Homeland Security
           have initiated new policies and procedures since the September 11
           attacks to strengthen the security of the visa process,
           particularly as an antiterrorism tool. Such changes include the
           following:

           o Beginning in fiscal year 2002, State began a 3-year transition
           to remove visa adjudication functions from consular associates.^25
           All nonimmigrant visas must now be adjudicated by commissioned
           consular officers.^26 
			  
^25Consular associates are U.S. citizens and relatives of U.S. government
direct-hire employees overseas who, following a successful completion of
the required Basic Consular Course, are hired by the consular section at
post. Up until September 30, 2005, consular associates at some posts were
allowed to assist consular officers in adjudicating visas.

^26The Intelligence Reform and Terrorism Prevention Act of 2004 required
that consular officers adjudicate visas. See P.L. 108-458. As defined by
the State Department, consular officers are generally active Foreign
Service officers but may also include commissioned civil service employees
or retirees of the Foreign Service.
			  
           o Personal interviews are now required for most foreign nationals
           seeking nonimmigrant visas.^27 
           o As of October 2004, consular officers are required to scan visa
           applicants' right and left index fingers through the DHS Automated
           Biometric Identification System before an applicant can receive a
           visa.^28

           In 2005 we reported that consular officers are receiving clear
           guidance on the importance of addressing national security
           concerns through the visa process.^29 In addition, we also
           reported that State has established clear procedures on visa
           operations worldwide, as well as management controls to ensure
           that visas are adjudicated in a consistent manner at each post.
           State has also increased hiring of consular officers; increased
           hiring of foreign language proficient Foreign Service officers;
           revamped consular training with a focus on counterterrorism;
           strengthened fraud prevention efforts worldwide; and improved
           consular facilities. In addition, consular officers now have
           access to more information from intelligence and law enforcement
           databases when conducting name checks on visa applicants.

           In addition, in a separate report in 2005, we found that while
           State's Bureau of Consular Affairs has a set of internal controls
           to prevent visa malfeasance, and has taken actions to improve
           them, these internal controls were not being fully and
           consistently implemented.^30 State has a program of internal
           controls for visa issuance detailed in the Foreign Affairs Manual
           and supplemented by standard operating procedures. Examples
           include controls to ensure random access between applicants and
           adjudicators, to minimize the risk of malfeasance; controls for
           its accountable items; and daily supervisory review of all visa
           refusals and a sample of visa issuances. As we reported, State has
           taken a number of steps to strengthen its efforts to protect
           against malfeasance in the issuance process. For example, to
           prevent the issuances of nonimmigrant visas to unqualified
           applicants, Consular Affairs has strengthened its efforts to limit
           employee access to automated systems that issue visas and has
           taken steps to ensure that visa applicants cannot predict which
           officers will interview them. It has also strengthened its
           criteria for applicants referred by post employees for favorable
           consideration in obtaining a visa and expedited processing by
           consular officers. Further, Consular Affairs has increased its
           emphasis on both headquarters and post supervisory
           oversight--particularly by ambassadors, deputy chiefs of mission,
           and principal officers--including by providing training and other
           tools. It also requires posts to certify in writing annually their
           compliance with key internal controls. Consular Affairs has issued
           guidelines on reporting suspicious behavior that may involve
           malfeasance. It has also enhanced its malfeasance prevention
           efforts. However, we found some of these controls were not always
           being followed at the posts we visited in 2005. State officials
           told us they continue to emphasize the importance of full
           compliance with internal controls.

^27Every alien applying for a nonimmigrant visa who is between the ages of
14 and 79 must submit to an in-person interview with a consular officer
unless the interview is waived under certain circumstances by either the
consular officer or the Secretary of State. There are also circumstances
under which the interview cannot be waived.

^28The Automated Biometric Identification System is a DHS database that
includes some 5 million people who may be ineligible to receive a visa.
For example, the Automated Biometric Identification System data include,
among other records, FBI information on all known and suspected
terrorists, selected wanted persons, and previous criminal histories for
individuals from high-risk countries. See GAO, Border Security: State
Department Rollout of Biometric Visas on Schedule, but Guidance Is
Lagging, [53]GAO-04-1001 (Washington, D.C.: Sept. 9, 2004); and
[54]GAO-03-174 .

^29GAO, Border Security: Strengthened Visa Process Would Benefit from
Improvements in Staffing and Information Sharing, [55]GAO-05-859 
(Washington, D.C.: Sept. 13, 2005).

^30GAO, Border Security: More Emphasis on State Consular Safeguards Could
Mitigate Visa Malfeasance Risks, [56]GAO-06-115  (Washington, D.C.: Oct.
6, 2005).

           In addition, State recently took action to secure BCCs in response
           to the high number of BCCs reported by Mexican citizens as lost or
           stolen. State officials felt that the ability to obtain another
           BCC to replace a reportedly lost or stolen BCC was facilitating
           imposter fraud. In January 2007, State implemented a policy
           requiring BCC holders who report their BCC stolen to be issued a
           subsequent BCC in the form of a visa foil inserted in their
           passport. As of April 2007, about 131,000 BCCs have been issued in
           the form of a visa foil, according to State. The visa category is
           marked on the visa foil, indicating the traveler is traveling to
           the United States under the restrictions of the BCC. State
           officials told us that the reports of lost or stolen BCCs dropped
           significantly following the implementation of this initiative.
			  
			  Limitations in Technology and Training Affect Inspection Officers'
			  Ability to Fully Utilize Security Features in Passports and Visas

           The inspection of U.S. passports and visas at ports of entry is a
           key element in ensuring the security of these documents. Officers
           are often faced with limited time to process travelers and rely on
           both the inspection of select features and their interview of the
           traveler to detect fraudulent use of passports and visas.
           Limitations in available technology tools at some ports and a lack
           of timely and continual information on the security features in
           these documents affect the inspection officers' ability to fully
           utilize the security features in passports and visas.
           Specifically, primary inspection officers are unable to utilize
           the chip technology in the e-passport to verify document
           authenticity because e-passport readers are not available at 83
           air ports of entry and are not designated for U.S. citizen
           inspections at 33 other airports of entry. Further, primary
           officers are not able to utilize the available fingerprint records
           of BCC holders to verify the authenticity of the documents and
           travelers at southern land ports of entry, and they also do not
           routinely refer BCC holders to secondary inspection, where they do
           have the capability to utilize the fingerprint records. In
           addition, limited training materials and training opportunities
           also impede officers' ability to learn of the security features
           and fraudulent trends associated with new and older generations of
           passports and visas. For example, in advance of State's issuance
           of the e-passport and the emergency passport, State did not
           provide a sufficient quantity of exemplars and CBP did not update
           its training for all inspection officers to include information on
           the security features of these new travel documents.
			  
			  Inspection Officers Rely on Observations of Travelers and Examinations
			  of Documents to Detect Fraud

           Primary officers are often faced with limited time to process
           travelers--especially at ports that have a continuous high volume
           of traffic--and rely on both the observation of travelers'
           behavior and the examination of travel documents to detect
           fraudulent use of passports and visas. Specifically, southern land
           borders face the largest constraints on inspection time due to the
           high volume of traffic. Many officers at most ports we visited
           told us they have detected imposters by observing travelers'
           demeanor, questioning them regarding their travel, and visually
           comparing the travelers' identities with the biographic data and
           photo on the travel document. These officers told us they make
           limited use of the security features in travel documents because
           of time constraints and often rely on behavioral and other
           indicators to detect fraudulent use of travel documents. For the
           inspection of the travel document itself, many officers at most
           ports we visited told us they generally rely on a few security
           features, such as watermarks and intaglio printing, and will look
           for signs of alteration; compare the photo and traveler; examine
           data on the biographic page, such as the expiration date; and
           examine the look and feel of the document itself to determine
           whether the passport or visa is valid and is not fraudulently used
           by an imposter.

           Primary officers also utilize a variety of tools and technology to
           assist in their inspection of security features in passports and
           visas. These include visual inspection tools, such as ultraviolet
           viewing equipment and handheld magnifying devices, to assist
           primary officers in identifying signs of alteration and
           counterfeiting that would not be detected otherwise. Primary
           officers can also query records of travelers by using the Treasury
           Enforcement Communications System (TECS)--an interagency database
           containing lookout information relating to the fraudulent use of
           travel documents, such as records of U.S. passports reported lost
           or stolen--or by using DHS's U.S. Visitor and Immigrant Status
           Indicator Technology (US-VISIT) system to compare visa holders'
           biometric records at entry with their records collected at
           issuance or prior entry.^31 US-VISIT is currently available at
           primary inspection at 116 air and 15 sea ports of entry, and in
           the secondary inspection areas at 154 land ports. Many primary
           officers who have visual inspection tools available told us they
           utilize these tools to check additional security features when
           their inspection of the two or three features they typically rely
           on was not satisfactory. In addition, officers who use the
           databases to inspect State-issued travel documents told us that
           access to information on visas issued by State has greatly
           improved their ability to reliably confirm the validity of visas
           and detect their fraudulent use.
			  
			  Limited Availability and Use of Technology Limit Use of Security
			  Features in Inspection of U.S. Passports and Visas

           CPB officers at primary inspection are not fully able to exploit
           the security features in U.S. passports and visas due to the
           limited availability or use of tools and technology considered
           critical to ensuring the integrity of travel documents (see fig.
           4). As a result, they do not always conduct checks against
           available records before admitting travelers to the United States.
           If the tools are not available, and the CBP officer determines
           additional scrutiny of travelers and documents are necessary,
           travelers will be referred to the secondary inspections area. At
           secondary inspections, CBP officers have more time and greater
           access to inspection-related technologies and equipment and, thus,
           are more capable of confirming the fraudulent use of U.S.
           passports and visas identified at primary inspection.
			  
^31To obtain a U.S. nonimmigrant visa, most foreign nationals are required
to submit two fingerprint scans and a digital photo with their visa
application. When visas are issued, applicants' biographical data are
shared with DHS's US-VISIT, creating electronic records that can be
checked against the data at the time of entry.

Figure 4: Overview of the Process, Tools, and Technology for Primary
Inspection of Travel Documents at U.S. Air, Sea, and Land Ports of Entry

  Technology and Equipment to Assist Primary Inspection of U.S. Passports and
  Visas Are Not Fully Utilized

Though officers have various tools and technology available to them, the
availability and use of equipment to conduct records and identity checks
of travelers during primary inspection differ based on whether they arrive
at air, sea, or land ports. In addition, these and other critical tools
and technology are not consistently used at air, sea, and land ports of
entry. For example, although CBP guidance states that visual inspection
tools should be used and are extremely valuable for detecting counterfeit
or altered passports and visas, CBP has provided tools to many, but not
all, primary inspection workstations at air, sea, and land ports of entry.
Moreover, use of these tools is a matter of port policy. At the air, sea,
and land ports we visited, some officers told us they used these tools
consistently, while other officers said they rarely used them.

Due in part to the large volume of travelers, primary officers at southern
land ports only machine read--access a database that queries travelers'
records--travel documents or manually enter travelers' biographic data to
query records in TECS when deemed appropriate for the inspection
situation, given the local traffic flow and traveler wait times. For
example, at the southern land border ports we visited, CBP officers stated
that currently only about 40 percent of travel documents that are machine
readable are actually machine read during primary inspections, although
this percentage has been rising in the last several years. CBP supervisor
and inspection officers told us that officers are not restricted in their
inspection of travel documents and are able to machine read a document
should they deem it necessary. In addition, CBP policy requires that all
non-BCC visa holders be referred to secondary inspection at land ports of
entry, according to CBP. In contrast, CBP told us that officers on the
northern border are required to read all machine readable documents, and
at air ports, officers consistently query travelers' records to identify
lookout information on U.S. passports and visas.

Most travelers presenting BCCs at southern land ports are generally not
subject to US-VISIT requirements, although primary inspection officers can
refer BCC holders to secondary inspection for US-VISIT screening.^32
However, only a small percentage of travelers with BCCs are referred for a
US-VISIT screening (see fig. 5)--in particular, only if a primary officer
determines travelers are traveling beyond their geographic limits or
exceeding the number of travel days allowed, or if there are concerns
about the traveler. Without the use of US-VISIT systems, officers observe
and interview travelers and compare the photo and data in the BCC with the
bearer of the document, but do not have the benefit of looking for
discrepancies between the information provided by the travelers and the
fingerprint data in the system. CBP officials stated there are no current
plans to expand the use of biometric checks on travelers presenting BCCs
due, in part, to concerns about extending the inspections processing time
at primary inspection and space constraints at land ports. However, CBP
acknowledges the use of biometric checks of travelers presenting BCCs,
when available, provides additional verification that travel documents are
valid and belong to travelers presenting the documents, helping to address
imposter fraud--the most significant type of fraud associated with BCCs.
CBP officers intercepted nearly 16,000 BCCs used by imposters in fiscal
year 2006.

^32BCCs can be machine-read at primary inspection in southern land ports,
displaying the biographic data for the CBP officer to compare to the
presented document.

Figure 5: Overview of US-VISIT Procedures at Air, Sea, and Land Ports of
Entry

In addition, DHS is not fully exploiting at primary inspection a key
security feature of the new U.S. e-passport--the chip. Specifically,
because DHS has not fully deployed e-passport readers at all primary
inspection areas, officers cannot routinely read and authenticate the chip
in e-passports, which would better enable officers to detect many forms of
passport fraud, including photo substitution and imposters.^33 Without an
e-passport reader, inspection officers do not have the benefit of
comparing the traveler with the photograph and biographic information
stored in the RFID chip of the e-passport. DHS deployed, in response to a
legislative requirement, a total of 212 of these readers for use on
foreign e-passports at 33 out of 116 air ports of entry. These 33 air
ports were chosen because they process the largest volume of
travelers--about 97 percent--from Visa Waiver Program countries.^34 The
remaining readers are used for training purposes. While the same
e-passport readers may also be used to read the chip in U.S. e-passports,
U.S. citizens are primarily processed through specific lanes at these air
ports that are not equipped with e-passport readers.

CBP has no schedule to install e-passport readers to primary inspection
lanes for U.S. citizens at air ports or to install e-passport readers at
sea and land ports of entry. CBP has also not defined the specific
conditions that should be in place to expand the deployment of e-passport
readers to additional ports. CBP officials indicated they intend to
install e-passport readers at additional ports in the future. These
officials noted several factors for why they have not installed additional
readers or developed a planned schedule to do so, including the need for
additional funding and advancements in the software technology for the
readers. CBP officials stated that further funding would have to be
allocated to expand the deployment of e-passport readers at air, land, and
sea ports of entry and that a request has been made to DHS to include
additional funding in the agency's fiscal year 2009 budget. As of June
2007, CBP has been unable to provide additional information on the details
of this budget request. CBP officials also said that due to the current
software, the new e-passport readers are slower than current inspection
machines and could possibly extend the inspection-processing time for U.S.
citizens--negatively affecting land ports already experiencing extensive
wait times for inspections.

^33CBP officers use e-passport readers to access the biographic
information and digitized photo stored on the RFID chip of e-passports. To
read e-passports, officers place the biographical page of the e-passport
on the reader's glass plate. The reader then electronically scans the
biographical information--including the document type, issuing country
code, document number and bearer name, bearer nationality, date of birth,
gender, and document expiration date--to access the biographical data and
digital photograph embedded in the e-passport's RFID chip. Once the
biographical data and photograph are displayed on the primary inspection
computer screen, the officer compares the information displayed with the
passport photo and information on the biographic page and verifies the
data extracted from the RFID chip are valid and not fraudulent.

^34The Enhanced Border Security and Visa Entry Reform Act of 2002
requires, for Visa Waiver Program countries, that passports be machine
readable, tamper resistant, and incorporate biometrics and document
authentification identifiers and that DHS deploy equipment and software
necessary to biometrically compare and authenticate these documents. DHS
has interpreted this provision to require applicants for admission under
Visa Waver Program who are traveling on a passport issued on or after Oct.
26, 2006 to present an e-passport, and DHS deployment and use of
e-passport readers as of that same date, according to DHS.

In addition, the e-passport reader software is currently not programmed to
validate e-passports' digital signatures, which ensure the data stored on
the RFID chip are authored by an issuing authority--the State Department
in the case of U.S. e-passports--and have not been altered. Although DHS
officials stated the current reading of the chip in foreign and U.S.
e-passports does not fully verify the digital signatures, State and DHS
are drafting a memorandum of understanding to govern interagency use of a
validation service--DHS's e-passport Validation Service and Repository--to
verify the integrity and validity of electronically stored data on
e-passports received at ports of entry.

  Equipment and Technology Available at Secondary Inspections to Confirm the
  Fraudulent Use of U.S. Passports and Visas

Once a CBP officer at primary inspection intercepts passports or visas
that are suspected of being fraudulently used or counterfeit, secondary
inspection officers have more time to question travelers, review the
validity and authenticity of travel documents, and conduct database checks
to confirm the travelers' identities. In addition, officers conducting
secondary inspection are more experienced and trained to use support not
available at primary inspection, such as tools and equipment for forensic
examination of suspected fraudulent U.S. passports and visas, and
additional forensic support and intelligence information from outside
sources, such as DHS's Forensic Document Laboratory (FDL) (see fig. 6).

Figure 6: Overview of the Process, Tools, and Technology for Secondary
Inspection of Travel Documents at U.S. Ports of Entry

Officers at secondary inspection have access to more tools and equipment
and more time with which to examine the security features of suspected
fraudulent travel documents than do officers at primary inspection. For
example, secondary inspection areas generally have a variety of magnifying
devices and microscopes to detect data alterations, photo and page
substitutions in passports, and altered or counterfeit visas. In addition,
secondary officers generally have access to high-intensity light devices,
which allow for the inspection of certain paper disturbances often caused
by erasures, for example. Recently, some ports have received a laboratory
workstation that secondary officers can use to examine questionable travel
documents under different types of lighting and at various magnifications.

CBP officers in secondary inspection also have access to additional
databases to confirm travelers' identities and verify the authenticity of
U.S. passports and visas. For example, secondary officers have access to
databases containing lookout information and travelers' biometric data,
including photographs and fingerprints. In addition, secondary officers
have access to State's databases to confirm data on nonimmigrant visa and
passport issuance; State's Consular Consolidated Database (CCD), which
stores information about visa applications, issuances, and refusals; and
State's Passport Information Electronic Retrieval System (PIERS), which
provides similar data on passport issuance to confirm the identity and
authenticity of U.S. passports.

During secondary inspections, officers can seek support outside the port
to assist in confirming travel document fraud. For example, DHS's FDL
provides forensic document analysis and law enforcement support services
to secondary officers in real time, 7 days a week. Some ports are equipped
with photophones to transmit images of documents to FDL experts for
verification of altered and counterfeit U.S. passports and visas, and
secondary officers can forward suspected fraudulent U.S. passports and
visas to FDL experts for a thorough forensic examination. In addition, to
inform officers of fraudulent trends concerning travel documents,
secondary inspection areas maintain archived intelligence information from
a number of sources, including FDL, State, and intelligence officers at
the port, that details how U.S. passports and visas have been fraudulently
used in the past. Although CBP officers are responsible for reviewing
alerts on the fraudulent use of U.S. passports and visas they receive by
e-mail and daily briefings, secondary inspection areas maintain hard
copies of intelligence information on file for officers to review, as
needed. In addition, archived alerts are also available through electronic
databases, such as the DHS's intranet, which officers can choose to access
in the secondary inspection area.

Officers Lack Sufficient Training on the Security Features and Fraudulent Trends
of U.S. Passports and Visas

CBP did not update its training program for all officers to include
information on the security features in the e-passport before State began
issuing this travel document. Between the summer of 2006 and March 2007,
State provided exemplars--genuine documents for training purposes--of the
e-passport to a variety of entities, including its U.S. missions overseas,
foreign governments, FDL, and DHS, according to State documentation. We
found that CBP was not provided with exemplars prior to issuance of the
new e-passport. Although State began issuing e-passports as early as
December 2005, CBP was not provided with e-passport exemplars until March
2007, according to State documentation. According to CBP officials,
training on the features of the new e-passport was not provided to
officers at basic training until April 2007. In addition, CBP has not
provided formal training utilizing e-passport exemplars to officers at all
ports of entry, although training with e-passport exemplars was provided
to officers at the 33 airports where e-passport readers were installed,
according to CBP officials.

State officials explained that preparing exemplars is a time-consuming
process and that meeting production demands limited the supply of document
exemplars. Therefore, according to State, exemplars were provided only to
FDL and foreign embassies located in Washington, D.C., prior to the
issuance of the e-passport. To provide information on the features of the
new documents, FDL prepared an alert for CBP and other law enforcement
entities outlining the details of the security features in the e-passport
and new emergency passport. Without an official exemplar, a CBP training
officer at one port we visited used his own e-passport to provide officers
training on the security features of the e-passport. This training officer
stated that while he used the FDL alert to train officers, use of the
alert alone does not provide officers with an understanding of the look
and feel of the actual document. In addition, CBP officers at several
ports we visited stated they had inspected e-passports but were not aware
of how the security features of the e-passport differed from previous
generations and how changes to the security features addressed the types
of fraudulent attacks commonly committed against older generations of
passports.

  Lack of Ongoing Training Impedes Officers' Understanding of Security Features
  of Valid Generations of Passports and Visas at Some Ports

Given evolving fraud trends and the quality of attempts to alter passports
and visas, ensuring officers are properly trained to recognize the
fraudulent use of these travel documents is essential. Training officers
at most of the ports we visited identified the importance of continual
training on the security features and evolving fraudulent trends related
to all generations of valid passports and visas; however, the extent to
which mandatory training is supplemented by refresher training in the
subject varied among these ports. For example, two ports we visited
provide continual training on fraudulent document detection to all
officers yearly, while other ports provided refresher training less
frequently. While CBP requires officers to complete courses that include
segments in fraudulent document detection relating to passports and visas,
CBP officials stated there is currently no program in place to ensure
officers receive such training continually. Some senior officers at some
of the ports we visited stated they had not been retrained on the security
features of passports and visas and fraudulent document detection since
basic training.

CBP officials explained that the need to balance officers' inspections
responsibilities with training limits training opportunities. At most of
the ports we visited, port officials explained there is not enough time to
provide all officers with additional training on the security features of
valid generations of passports and visas due to inspection priorities and
limited staffing at ports. To provide greater opportunities for continual
document examination training relating to passports and visas, many ports
we visited undertook their own training initiatives. For example, four of
the ports added segments on fraudulent document detection to mandated
courses that did not already include such information. In addition, based
on training developed in the field, CBP developed a Web-based course on
the security features of visas. Officials at ports undertaking these
initiatives said they realized that without continual training, officers
often felt less prepared to understand and recognize security features and
fraudulent trends. They stated that because passports and visas could
remain valid for 10 years, fraudulent attacks committed against older
generations of these travel documents often recur, and officers should be
reminded of these fraud trends through continuing training. In addition,
to identify and adopt best practices on fraudulent document detection
training, CBP held a forum in January 2005 that led to the development of
a nationwide training effort requiring supplemental training on fraudulent
document detection at all ports. However, CBP does not have any plans to
hold such forums in the near future, and while CBP encourages ports to
adopt initiatives to improve the delivery of refresher training on the
examination of passports and visas, it is often not possible to mandate
initiatives that are appropriate for all ports because ports differ in the
types of fraudulent travel documents they encounter.

Conclusions

Ensuring the integrity of passports and visas is an essential part of
border security requiring continual vigilance and new initiatives to stay
ahead of those seeking to enter the United States illegally. Preventing
the fraudulent use of travel documents requires a combination of enhanced
document features, solid issuance measures, and an inspection process that
utilizes the security features of these documents. A well-designed
document has limited utility if it is not well-produced or the inspection
does not utilize the available security features to detect attempts to
falsely enter the United States. State has added technical features and
security techniques to the design and production of these documents that
make it much harder to counterfeit or alter new generations of passports
and visas. Nonetheless, older documents have been fraudulently used.
Further, counterfeit and alteration threats to the security of these
documents are always changing, requiring regular reassessments of the
security features in the documents' design. In addition, because it takes
several years to address a vulnerability that has been identified in a
document's design, a structured process for reassessing the features and
planning for new generations of these documents is critical. State has
also strengthened the issuance process for visas and passports. Despite
some improvements, however, the passport issuance process remains
vulnerable, especially at the application acceptance stage, where
oversight of the thousands of acceptance facilities--responsible for
verifying the identity of applicants--remains weak. Finally, many CBP
inspectors at U.S. ports of entry face time constraints in processing
large volumes of people and therefore rely on a few visual and tactile
security features of passports and visas, in addition to their interviews,
to identify fraudulent use of these documents. Moreover, CBP officers are
unable to take full advantage of the improved technical and security
features in passports and visas because of insufficient training and
uneven access to equipment. While it would not be possible to remove all
risks inherent in issuing and inspecting travel documents, or to foresee
all evolving counterfeit and alteration threats, we believe that more
systematic testing, planning, oversight, and data analysis practices could
enhance border security.

Recommendations for Executive Action

We are recommending that the Secretary of State take the following two
actions to improve the integrity of its travel documents.

           o Develop a process and schedule for periodically reassessing the
           security features and planning the redesign of its travel
           documents.
           o Establish a comprehensive oversight program of passport
           acceptance facilities. In doing so, State should consider
           conducting performance audits of acceptance facilities, agents,
           and accepted applications and establishing an appropriate system
           of internal controls over the acceptance facilities.

           We are also recommending that the Secretary of Homeland Security
           take the following two actions to more fully utilize the security
           features of passports and visas.

           o Develop a deployment schedule for providing sufficient
           e-passport readers to U.S. ports of entry, which would enable
           inspection officials to better utilize the security features in
           the new U.S. e-passport.
           o Develop a strategy for better utilizing the biometric features
           of BCCs in the inspection process to reduce the risk of imposter
           fraud.

           Finally, we are recommending that the Secretaries of State and
           Homeland Security collaborate to provide CBP inspection officers
           with better training for the inspection of travel documents issued
           by the State department, to better utilize the security features.
           This training should include training materials that reflect
           changes to State-issued travel documents in advance of State's
           issuance of these documents, including the provision of exemplars
           of new versions of these documents in advance of issuance.
			  
			  Agency Comments and Our Evaluation

           We provided draft copies of this report to the Secretaries of
           State and Homeland Security and to the U.S. Public Printer at the
           Government Printing Office for review and comment. We also
           provided a draft copy to the Department of Commerce's National
           Institute of Standards and Technology. We received written
           comments from State and DHS, which are reprinted in appendixes VI
           and VII, respectively. State, DHS, GPO and NIST provided technical
           comments which we have incorporated in the report, as appropriate.
           State and DHS concurred with the findings and recommendations of
           the report.

           State agreed with our recommendations and described the actions it
           is taking and plans to take to implement them. State also provided
           additional information on the Consular Consolidated Database
           (CCD), recent visa fraud cases, and the ways in which State
           identifies fraudulent passports and visas.

           DHS concurred with our recommendations and described the actions
           it is taking and plans to take to implement them. DHS believes it
           has already implemented our recommendation that it develop a
           strategy for better utilizing the biometric features of BCCs in
           the inspection process. We agree that DHS's US-VISIT capability
           enables primary inspectors at air and some sea ports of entry to
           use fingerprint biometrics to compare and authenticate the
           document and holder of visas and BCCs. However, at land border
           ports this capability is not available in primary inspection.
           Furthermore, travelers with BCCs at southern land border
           ports--the ports where BCC imposter fraud is most significant--
           are not routinely referred to secondary inspection, where they do
           have the capability to utilize the fingerprint records for
           comparison, and all BCCs are not machine-read for access to the
           biographic data during inspection at these ports of entry. As a
           result, inspectors are not making full use of the biometric
           information available for BCCs. To more fully utilize the
           available fingerprint biometric in the BCC and mitigate imposter
           fraud, we are suggesting that DHS develop a strategy to better use
           both fingerprint biometric of the BCC and increase card reads of
           the BCC in primary inspection at southern land border ports of
           entry.

           We are sending copies of this report to the Secretaries of State
           and Homeland Security, the U.S. Public Printer at the Government
           Printing Office, as well as the Director of the National Institute
           of Standards and Technology. We will also make copies available to
           others on request. In addition, the report will be available at no
           charge on the GAO Web site at http://www.gao.gov.

           If you or your staff have any questions about this report, please
           contact me at (202) 512-4268 or [57][email protected] . Contact points
           for our Offices of Congressional Relations and Public Affairs may
           be found on the last page of this report. GAO staff who made
           contributions to this report are listed in appendix VIII.

           Jess T. Ford
			  Director, International Affairs and Trade
			  
			  Appendix I: Scope and Methodology

           To examine the features in passports and visas, we reviewed
           relevant documentation, including materials on the security
           features, available counterfeit deterrence and durability studies,
           fraud bulletins and alerts, and regulations. We also interviewed
           officials at Department of State's Consular Affairs Bureau,
           Department of Homeland Security's (DHS) Forensic Document
           Laboratory (FDL), the Department of Commerce's National Institute
           of Standards and Technology (NIST), and the Government Printing
           Office (GPO). To identify required and recommended standards for
           international travel documents, we reviewed documentation from the
           International Civil Aviation Organization and attended the
           organization's machine-readable travel document symposium in
           Montreal, Canada. To identify the process for addressing potential
           risks, we reviewed documentation and interviewed officials at
           State's Consular Affairs Bureau, FDL, and NIST. To identify how
           State obtains, analyzes, and shares information on the features
           and fraudulent use of these documents, we reviewed relevant
           documentation, including fraud bulletins and alerts, and met with
           State officials from the Diplomatic Security and Consular Affairs
           Bureaus, including the fraud prevention units of passport and visa
           services, as well as with DHS officials from CBP and FDL.

           To examine the integrity of the issuance process for these
           documents, we reviewed relevant documentation, including reports
           and audits of internal controls and production and issuance
           procedures, and interviewed officials at State's Consular Affairs
           Bureau. We also conducted site visits and interviewed officials at
           seven domestic passport offices and two U.S. consulates in Mexico.
           To examine how passport fraud is committed during the issuance
           process, we reviewed State Department Bureau of Diplomatic
           Security and Bureau of Consular Affairs statistics on passport
           fraud. We also met with officials at State's Diplomatic Security
           Headquarters Criminal Division and at Diplomatic Security's Field
           Offices in Los Angeles, Seattle, Miami, Chicago, Boston, and
           Portsmouth, New Hampshire. We visited State's passport-issuing
           offices in Los Angeles, Seattle, Miami, Chicago, Boston,
           Portsmouth, and Washington, D.C. We chose the Portsmouth office
           because it is one of the two passport "megacenters" responsible
           for adjudicating applications from other regions. We chose these
           locations to gain an appropriate mix of geographic coverage,
           workload, and levels and types of passport fraud. We did not
           select these locations to be generalizable to all passport
           offices, but rather to obtain an appropriate mix of geographic
           coverage and workload. We analyzed fraud referral statistics from
           State's office of passport services and Diplomatic Security for
           fiscal years 2002 through 2006. Together with passport services
           officials, we identified the methods used to capture and compile
           the data and determined that the data were sufficiently reliable
           and generally usable for the purposes of our study. At five of the
           seven offices we visited, we conducted interviews with various
           officials and interviewed passport examiners chosen by office
           management, although we provided input into the selection of
           examiners and interviewed these individuals without the presence
           of management. We also met with Diplomatic Security agents
           attached to field offices responsible for investigating fraud
           suspected at the offices we visited. In addition, we interviewed
           relevant State officials at Passport Services, Diplomatic
           Security, and the Office of the Inspector General.

           To examine the measures taken to ensure the integrity of blank
           passports, we visited the GPO production facilities in Washington,
           D.C., and observed the production of blank passports; interviewed
           relevant GPO and GPO Inspector General officials about the measure
           taken throughout the production and delivery processes; and
           reviewed GPO Inspector General reports on audits of the security
           aspects of blank passport production and transportation. To
           examine the measures that have been taken to strengthen the
           issuance process for visas, we reviewed past GAO reports and
           interviewed State officials in the Visa Office. To identify the
           measures taken to ensure the integrity of blank visa foils prior
           to delivery to State custody, we interviewed GPO officials and
           reviewed relevant GPO documents. To examine the measures taken to
           ensure the integrity of the border crossing card (BCC), we visited
           two production facilities in Vermont and Nebraska where BCCs are
           produced. We interviewed production and management staff at both
           of these facilities. We identified and reviewed past GAO and
           Inspector General reports on the internal controls and audits in
           place for the visas process. For BCCs, we identified the internal
           controls and measures that differ from the normal visa process,
           but did not assess compliance with these controls.

           To examine the inspection measures and processes for travel
           documents issued by the State Department at U.S. ports of entry,
           we reviewed relevant documentation and interviewed officials at
           DHS's U.S. Customs and Border Protection (CBP), FDL, and U.S.
           Visitor and Immigrant Status Indicator Technology (US-VISIT)
           program, and conducted site visits to ports of entry. We reviewed
           CBP inspections program policies, procedures, and related
           memorandums and relevant laws and regulations. At headquarters, we
           met with CBP officials responsible for field operations,
           information technology, training and development, intelligence,
           and information technology. We also interviewed officials from the
           Federal Law Enforcement Training Center and FDL about issues
           relating to document examination training, and we discussed with
           FDL officials the types of forensic document analysis and
           operational support services provided to CBP. In addition, we
           interviewed US-VISIT officials and reviewed relevant documentation
           on the deployment and use of inspections-related technologies.

           To observe inspections processes and measures, we conducted site
           visits to nine U.S. ports of entry. Due to differences in travel
           document inspections processes and measures among air, sea, and
           land ports, we selected three ports of each type. Air ports of
           entry included Chicago O'Hare, Dallas/Fort Worth, and Miami. Sea
           ports of entry included Los Angeles/Long Beach, Miami, and Port
           Everglades, Florida. Land ports of entry included Laredo, Texas;
           Limestone/Houlton, Maine; and San Ysidro, California. We selected
           a nongeneralizable sample of air, sea, and land ports that ensured
           we included a range of the characteristics that can cause
           variation in the inspections process. Using CBP inspections
           program performance data, we selected ports that had high and
           medium levels of fraudulent documents, based on the total and
           average number of fraudulent travel documents intercepted, and the
           ratio of total travelers inspected to total fraudulent documents
           intercepted for fiscal years 2000 through 2005. We also selected
           ports based on a geographic mix, to include land ports on the
           Mexican and Canadian border, and a mix of ports in the northern,
           eastern, southern, and western regions of the United States. At
           each of these ports we met with port directors, CBP officers
           responsible for intelligence information and training, observed
           CBP officers conducting primary inspections, and reviewed
           procedures and the equipment available in primary and secondary
           inspection areas to examine State Department-issued travel
           documents. At some ports, no travelers were referred for secondary
           inspections for the fraudulent use of State Department-issued
           travel documents at the time we observed inspections; however, CBP
           officers provided us with an overview of secondary inspection
           procedures and resources. In addition to the nine ports of entry
           we selected, we conducted preliminary site visits to the Nogales,
           Arizona, land port of entry, and the Los Angeles and Washington
           Dulles air ports of entry. During these preliminary site visits,
           we observed primary and secondary inspection processes and
           equipment and interviewed CBP officials.

           We conducted our work from June 2006 through May 2007 in
           accordance with generally accepted government auditing standards.
			  
			  Appendix II: Types of Passports 

           State issues four types of passports: tourist, official,
           diplomatic, and emergency.

           o A tourist passport, for individuals 16 years or older, is valid
           for 10 years from the date of issuance; it is valid for 5 years
           for younger applicants.
           o An official passport, for federal employees traveling on
           official government business, is valid for 5 years from the date
           of issuance.
           o A diplomatic passport, for government officials with diplomatic
           status, is valid for 5 years from the date of issuance.
           o An emergency passport, for individuals overseas who no longer
           possess a valid passport, may be valid for up to 1 year or, in
           cases of repatriations, limited to direct return to the United
           States.

           In conjunction with the rollout of the new e-passport, State also
           began issuing a new emergency passport in August 2006,
           representing the first time that U.S. embassies and consulates
           issued a standard-design emergency passport. Prior to the
           emergency passport, U.S. embassies and consulates used the 1994 or
           earlier versions to issue a passport for emergency purposes. The
           emergency passport resembles the e-passport except that it is
           personalized using a foil that is stuck in the book in a manner
           similar to a visa foil.

           The passport card is expected to be valid for 10 years from the
           date of issuance for individuals 16 years or older and valid for 5
           years for younger applicants. State plans to issue the passport
           card in 2008.
			  
			  Appendix III: Testing Conducted in Development of E-Passport Design

           To test the passport design, State requested expertise from FDL
           and NIST. Specifically, FDL conducted counterfeit deterrence
           studies on the security features of the diplomatic and tourist
           e-passport in 2005. FDL had conducted similar studies for State in
           the past on the 1998 tourist passport. In addition, State asked
           FDL to test the physical security of the e-passport using the
           diplomatic e-passport. Results of FDL tests were incorporated into
           the design prior to the issuance of the tourist passport. NIST
           also conducted tests, such as durability testing, to evaluate the
           technical merits of passport books and to inform GPO and State's
           decisions for awarding contracts to suppliers. While there is a
           provision in the awarded contracts to conduct long-term durability
           testing, NIST has not been asked to provide these tests. In
           addition, in response to security and privacy concerns, NIST was
           requested to evaluate the vulnerability of the e-passport chip to
           remote access by an unauthorized party.

           Additional tests were also conducted at airports to assess the
           performance of the new e-passport in an actual inspection
           environment. For example, tests were conducted with airlines in
           which holders of U.S. diplomatic and official e-passports
           presented their e-passports for inspection when arriving in the
           United States at select airports. These tests were conducted to
           gather information on the accuracy and speed in reading the chip
           to support the development and implementation of the e-passport.
           State incorporated the results from the tests to improve the
           design.
			  
			  Appendix IV: Issuance Process for Passports and Visas
			  
			  Passport Issuance Process

           Once a passport application has been received by one of the 17
           domestic passport-issuing offices, each application must be
           examined by a passport examiner who determines, through a process
           called adjudication, whether the applicant should be issued a
           passport. Adjudication requires the examiner to scrutinize
           identification and citizenship documents presented by applicants
           to verify their identity and U.S. citizenship.^1 When examiners
           detect potentially fraudulent passport applications, they refer
           the applications to their local fraud prevention program for
           review, with potential referral to State's Bureau of Diplomatic
           Security for further investigation. Once an applicant has been
           determined eligible for a passport by a passport examiner, the
           passport is personalized with the applicant's information at one
           of the domestic passport-issuing offices or the production
           facility and then delivered to the applicant. For an overview of
           the passport process, see figure 7.
			  
^1The passport adjudication process is facilitated by computer systems,
which automatically check the applicant's name against several databases.
In addition, examiners scrutinize paper documents and other relevant
information, watch for suspicious behavior and travel plans, and request
additional identification when they feel the documents presented are
insufficient.

Figure 7: Application and Issuance Process for Passports

Visa Issuance Process

DHS is responsible for establishing visa policy, reviewing implementation
of the policy, providing additional direction, and reviewing petitions for
immigration. State manages the visa process, as well as the consular corps
and its functions at 219 visa-issuing posts overseas, and provides
guidance, in consultation with DHS, to consular officers regarding visa
policies and procedures.^2 GPO overseas the production of blank visa
foils. Visas foils are personalized at posts overseas with the applicant's
personal information, attached to the foreign passport, and delivered to
the applicant. DHS's U.S. Citizenship and Immigration Services produces
and personalizes BCCs once an applicant has been determined eligible by a
consular officer and delivers the cards to State for distribution by the
U.S. mission in Mexico. For an overview of the visa process, see figure 8.

^2The 1952 Immigration and Nationality Act, as amended, is the primary
body of law governing immigration and visa operations (P.L. 82-414, 8
U.S.C. S 1101 et seq.). The Homeland Security Act of 2002 (P.L. 107-296)
generally grants DHS exclusive authority to issue regulations on,
administer, and enforce the Immigration and Nationality Act and all other
immigration and nationality laws relating to the functions of U.S.
consular officers in connection with the granting or denial of visas.
State retains authority in certain circumstances as outlined in the act. A
September 2003 memorandum of understanding between State and DHS further
outlines the responsibilities of each agency with respect to visa
issuance.

Figure 8: Application and Issuance Process for Visas

aVisa foils are manufactured by contractor under supervision of GPO and
State.

Appendix V: Primary Inspection Processes at Air, Sea, and Land Ports of
Entry 

The primary inspection process for passports and visas varies at air, sea,
and land ports of entry due to differences in ports' environments and the
risk each type of port faces with regard to fraudulent travel documents.
In addition, the mode of travel and how travelers bearing passports and
visas enter dictate the primary inspection procedures. For example, while
at each port, primary officers question travelers regarding their identity
and purpose of travel, and examine their passports or visas, the
availability and use of equipment to conduct identity and records checks
of travelers during primary inspection differ based on whether travelers
arrive by plane, sea vessel, vehicle, or on foot. If the primary officer
determines that further review is needed, the officer will refer the
traveler to secondary inspection. In secondary inspection, an officer
makes a final determination to admit the traveler or deny admission for
reasons such as the presentation of a fraudulent or counterfeit passport
or visa. Once a CBP officer in secondary inspection has determined a
document is fraudulent or is being presented by a traveler other than the
rightful holder, the officer processes the traveler as inadmissible and
ensures that information about the document is distributed promptly.
Information about seized fraudulent and counterfeit passports and visas is
regarded as possible intelligence that may have a connection to other
criminal activities and national security concerns, such as terrorism. See
figure 9 for an overview of the inspection process at U.S. ports of entry.

Figure 9: Inspection Process for Entry into the United States

           o Air Ports of Entry: Prior to travelers' arrival, for flights to
           the United States, commercial airlines are required to submit
           passenger and crew manifests containing first and last names,
           dates of birth, nationalities and passport numbers to CBP through
           the Advanced Passenger Information System (APIS). With information
           from APIS, CBP officers conduct queries of lookout records for
           each traveler in the Treasury Enforcement Communications System
           (TECS). TECS queries provide officers with lookout information on
           travelers, including alerts of lost and stolen travel documents
           that may be used fraudulently. In addition, primary officers query
           records of U.S. visas to verify the State Department's visa
           information. For a traveler with a U.S. nonimmigrant visa subject
           to processing in DHS's U.S. Visitor and Immigrant Status Indicator
           Technology (US-VISIT) systems, primary officers collect scans of
           the traveler's two fingerprints (the right and left index fingers)
           and take a digital photograph of the traveler. The computer system
           compares the two fingerprints against existing records collected
           at issuance to confirm that the traveler is the person to whom
           State issued the U.S. visa.

           o Sea Ports of Entry: At sea ports of entry, commercial carriers
           are required to submit passenger manifests to CBP through APIS
           prior to docking, and CBP officers analyze TECS data using APIS to
           identify passengers requiring further examination when they enter
           the United States. Some seaports have automated terminals with
           computer systems equipped with TECS and US-VISIT systems, and the
           inspections process is similar to that of an air port. Other sea
           ports have nonautomated terminals that are not equipped with
           computer systems. At these terminals, primary inspections occur
           onboard or dockside, where officers rely on the advanced TECS
           checks and do not conduct US-VISIT biometric checks. Officers at
           the sea ports we visited stated the risk of travelers presenting
           fraudulent travel documents at seaports is not as significant as
           at air and land ports of entry, as most cruise ship passengers
           begin and end their trips in the United States, and crew members
           often make several entries and are inspected each time.

           Land Ports of Entry: CBP has established procedures to inspect
           travelers expeditiously at land ports due to the large volume of
           travelers arriving on foot and in vehicles at land ports of
           entry--more than 85 percent of all entries into the United States.
           Primary officers perform pedestrian and vehicle inspections
           usually with no advanced passenger information and do not
           consistently conduct record checks in TECS. In addition, primary
           inspection procedures differ for pedestrians and vehicles. For
           pedestrians, if TECS is available, the traveler's name can be
           machine read from the travel document or manually keyed in by the
           primary officer. For vehicles, officers frequently inspect
           multiple travelers entering in a single vehicle, and the TECS
           queries are conducted primarily on the vehicle data to refer the
           vehicle and travelers for secondary inspection. Documents and
           names of the vehicles' occupants are generally checked randomly or
           when the officer suspects something is wrong. In addition,
           travelers with nonimmigrant visas or border crossing cards
           requiring additional US-VISIT processing are sent to secondary
           inspections areas. In general, at land ports, officers rely on
           visual observation, interviewing skills, and a quick check of
           document security features and facial identification to identify
           imposters and determine secondary referrals.
			  
			  Appendix VI: Comments from the Department of State

Note: GAO comments supplementing those in the report text appear at the
end of this appendix.

See comment 2.

See comment 1.

See comment 3.

See comment 3.

See comment 3.

See comment 3.

See comment 1.

See comment 4.

See comment 3.

GAO Comments

           The following are GAO's comments on the Department of State's
           letter dated July 24, 2007.

                        1. We believe there is value in a mandated regular
                        review procedure for document integrity and recommend
                        that State develop a process and schedule for
                        periodically reassessing security features in the
                        design of its travel documents. We recognize that an
                        informal process is important for responding to
                        vulnerabilities and counterfeit or altered passports
                        and visas, as they are discovered. It is not our
                        intention to inhibit or replace the informal process
                        already in place. However, we believe that an
                        informal process by itself is not an effective way to
                        re-evaluate the security features of passports and
                        visas against evolving counterfeit and alteration
                        threats. While State has made adjustments in the
                        design of passports and visas, its approach has been
                        largely reactive. A structured process for
                        reassessing the features and planning for new
                        generations of passports and visas is critical
                        because counterfeit and alteration threats to the
                        security of these documents are always changing, many
                        passports and visas have a long lifespan, and it
                        takes State several years to fully implement a new
                        document design. The increasing pace of technology
                        change and use of electronics makes State's current
                        approach less viable than it might have been in the
                        past, and best practices, such as for currency
                        design, suggest that periodic evaluation of designs
                        and introduction of new security features are more
                        viable approaches in the management of counterfeit
                        and alteration threats. We welcome State's recent
                        steps to develop a schedule for periodically
                        reassessing security features in the design of
                        passports and visas.
                        2. We welcome State's recent steps to hire an analyst
                        to design and implement a comprehensive program for
                        the oversight of passport acceptance agents. During
                        the course of our review, we were informed that the
                        acceptance agent program remained a significant fraud
                        concern and that efforts were under way to implement
                        actions to address identified vulnerabilities in this
                        program. However, State officials were unable to
                        provide us with documentation identifying these
                        vulnerabilities or a plan for addressing them. After
                        our draft report was provided to the agency for
                        review and comment, we were provided with a draft
                        document identifying initiatives to improve oversight
                        of the passport acceptance agent program. State has
                        identified the vulnerabilities in this program and
                        proposed reasonable oversight measures to address
                        these vulnerabilities.
                        3. We revised the text of this report to reflect this
                        information.
                        4. During the course of our review, we were informed
                        by Consular Affairs officials in the Office of Fraud
                        Prevention Programs that State did not have a formal
                        process for reassessing the security features in
                        visas or for planning the redesign of the documents
                        in the future. According to these officials, formal
                        plans for redesigning the BCC did not exist, although
                        they did indicate that State was considering the use
                        of the new passport card design to develop the next
                        BCC. We welcome the decision to model the new BCC
                        after the passport card design and issue the next
                        generation of this card in 2008, when the current
                        cards will begin to expire. Furthermore, we believe
                        it is important to periodically reassess the security
                        features in the design of the new BCC to manage
                        future counterfeit and alteration threats.

           Appendix VII: Comments from the Department of Homeland Security
				
Note: GAO comments supplementing those in the report text appear at the
end of this appendix.

See comment.1.

           The following are GAO's comments on the Department of Homeland
           Security's letter dated July 20, 2007.

GAO Comment

                        1. We agree that DHS's US-VISIT capability enables
                        primary inspectors at air and some sea ports of entry
                        to use the fingerprint biometric to compare and
                        authenticate the document and holder of visas and
                        BCCs. However, at land border ports this capability
                        is not available in primary inspection. Travelers
                        with BCCs at southern land border ports--the ports
                        where BCC imposter fraud is most significant--are not
                        routinely referred to secondary inspection, where
                        they do have the capability to utilize the
                        fingerprint records for comparison. In addition, at
                        southern land border ports, all BCCs are not
                        machine-read for access to the biographic data and
                        photo during primary inspection and vehicle lanes do
                        not have the capability to access the photograph for
                        comparison. As a result, inspectors are not making
                        full use of the biometric information available for
                        BCCs. To more fully utilize the available fingerprint
                        biometric in the BCC and mitigate imposter fraud, we
                        are suggesting that DHS develop a strategy to better
                        use both fingerprint biometric of the BCC and
                        increase card reads of the BCC in primary inspection
                        at southern land border ports of entry.
          
           Appendix VIII: GAO Contact and Staff Acknowledgments
			  
			  GAO Contact

           Jess T. Ford, (202) 512-4268 or [email protected]
			  
			  Staff Acknowledgments

           In addition to the contact named above, John Brummet (Assistant
           Director), Claude Adrien, Monica Brym, Joe Carney, Richard Hung,
           and Bradley Hunt made key contributions to this report. Technical
           assistance was provided by Kate Brentzel, Aniruddha Dasgupta,
           Etana Finkler, Elisabeth Helmer, Sona Kalapura, Chris Martin, Jose
           Pena, and Marisela Perez.
			  
			  GAO's Mission

           The Government Accountability Office, the audit, evaluation and
           investigative arm of Congress, exists to support Congress in
           meeting its constitutional responsibilities and to help improve
           the performance and accountability of the federal government for
           the American people. GAO examines the use of public funds;
           evaluates federal programs and policies; and provides analyses,
           recommendations, and other assistance to help Congress make
           informed oversight, policy, and funding decisions. GAO's
           commitment to good government is reflected in its core values of
           accountability, integrity, and reliability.
			  
			  Obtaining Copies of GAO Reports and Testimony

           The fastest and easiest way to obtain copies of GAO documents at
           no cost is through GAO's Web site ( [58]www.gao.gov ). Each
           weekday, GAO posts newly released reports, testimony, and
           correspondence on its Web site. To have GAO e-mail you a list of
           newly posted products every afternoon, go to [59]www.gao.gov and
           select "Subscribe to Updates."
			  
			  Order by Mail or Phone

           The first copy of each printed report is free. Additional copies
           are $2 each. A check or money order should be made out to the
           Superintendent of Documents. GAO also accepts VISA and Mastercard.
           Orders for 100 or more copies mailed to a single address are
           discounted 25 percent. Orders should be sent to:

           U.S. Government Accountability Office 441 G Street NW, Room LM
           Washington, D.C. 20548

           To order by Phone: Voice: (202) 512-6000
			  TDD: (202) 512-2537
			  Fax: (202) 512-6061
			  
			  To Report Fraud, Waste, and Abuse in Federal Programs

           Contact:

           Web site: [60]www.gao.gov/fraudnet/fraudnet.htm
			  E-mail: [61][email protected]
			  Automated answering system: (800) 424-5454 or (202) 512-7470
			  
			  Congressional Relations

           Gloria Jarmon, Managing Director, [62][email protected] (202)
           512-4400 U.S. Government Accountability Office, 441 G Street NW,
           Room 7125 Washington, D.C. 20548
			  
			  Public Affairs

           Paul Anderson, Managing Director, [63][email protected] (202)
           512-4800 U.S. Government Accountability Office, 441 G Street NW,
           Room 7149 Washington, D.C. 20548

(320440)

www.gao.gov/cgi-bin/getrpt? [64]GAO-07-1006 .

To view the full product, including the scope

and methodology, click on the link above.

For more information, contact Jess T. Ford at (202) 512-4268 or
[email protected].

Highlights of [65]GAO-07-1006 , a report to congressional requesters

July 2007

BORDER SECURITY

Security of New Passports and Visas Enhanced, but More Needs to Be Done to
Prevent Their Fraudulent Use

Travel documents are often used fraudulently in attempts to enter the
United States. The integrity of U.S. passports and visas depends on the
combination of well-designed security features and solid issuance and
inspection processes. GAO was asked to examine (1) the features of U.S.
passports and visas and how information on the features is shared; (2) the
integrity of the issuance process for these documents; and (3) how these
documents are inspected at U.S. ports of entry. We reviewed documents such
as studies, alerts, and training materials. We met with officials from the
Departments of State, Homeland Security, and Commerce's National Institute
of Standards and Technology, and U.S. Government Printing Office, and with
officials at seven passport offices, nine U.S. ports of entry, two U.S.
consulates in Mexico, and two Border Crossing Card production facilities.

[66]What GAO Recommends

GAO recommends that State and DHS better plan for new generations of
passports and visas, address potential vulnerabilities in the acceptance
process of U.S. passport applications, utilize the electronic features of
the new e-passport, better use the biometric feature of BCCs, and provide
inspectors with systematic training prior to the issuance of new travel
documents. State and DHS agreed with our recommendations.

The Department of State (State) has developed passports and visas,
including border crossing cards (BCC), that are more secure than older
versions of these documents; however, older versions have been
fraudulently used and remain more vulnerable to fraud during their
lifespan. For example, earlier versions valid until 2011, of which there
are more than 20 million in circulation, remain vulnerable to fraudulent
alteration by such means as photo substitution. Although State has updated
or changed the security features of its travel documents, State does not
have a structured process to periodically reassess the effectiveness of
the security features in its documents against evolving threats and to
actively plan for new generations.

State has taken a number of measures to ensure the security and quality of
passports and visas, including establishing internal control standards and
quality assurance measures, training of acceptance agents, and initiating
new visa policies and procedures. However, additional measures are needed
in the passport issuance process to minimize the risk of fraud. State
lacks a program for oversight of the thousands of passport acceptance
facilities that serve an important function in verifying the identity of
millions of passport applicants each year.

Officers in primary inspection--the first and most critical opportunity to
identify fraudulent travel documents at U.S. ports of entry--are unable to
take full advantage of the security features in passports and visas. These
officers rely on both their observations of travelers and visual and
manual examination of documents to detect fraudulent documents. However,
the Department of Homeland Security (DHS) has not yet provided most ports
of entry with the technology tools to read the new electronic passports
and does not have a process in place for primary inspectors to utilize
fingerprints collected for visas, including BCCs, at all land ports of
entry. Moreover, DHS has provided little regular training to update its
officers on the security features and fraud trends in passports and visas.

Key Elements of a Secure Travel Document

References

Visible links
  50. mailto://www.gao.gov/cgi-bin/getrpt?GAO-03-174
  51. mailto://www.gao.gov/cgi-bin/getrpt?GAO-01-277
  52. mailto://www.gao.gov/cgi-bin/getrpt?GAO-05-477
  53. mailto://www.gao.gov/cgi-bin/getrpt?GAO-04-1001
  54. mailto://www.gao.gov/cgi-bin/getrpt?GAO-03-174
  55. mailto://www.gao.gov/cgi-bin/getrpt?GAO-05-859
  56. mailto://www.gao.gov/cgi-bin/getrpt?GAO-06-115
  57. mailto:[email protected]
  58. mailto://www.gao.gov/
  59. mailto://www.gao.gov/
  60. mailto://www.gao.gov/fraudnet/fraudnet.htm
  61. mailto:[email protected]
  62. mailto:[email protected]
  63. mailto:[email protected]
  64. mailto://www.gao.gov/cgi-bin/getrpt?GAO-07-1006
  65. mailto://www.gao.gov/cgi-bin/getrpt?GAO-07-1006
*** End of document. ***