Border Security: US-VISIT Program Faces Strategic, Operational,  
and Technological Challenges at Land Ports of Entry (31-JAN-07,  
GAO-07-378T).							 
                                                                 
This testimony summarizes a December 2006 GAO report on the	 
Department of Homeland Security's (DHS) efforts to implement the 
U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT)
program at land ports of entry (POE). US-VISIT is designed to	 
collect, maintain, and share data on selected foreign nationals  
entering and exiting the United States at air, sea, and land	 
POEs. These data, including biometric identifiers like digital	 
fingerprints, are to be used to screen persons against watch	 
lists, verify identities, and record arrival and departure. This 
testimony addresses DHS's efforts to (1) implement US-VISIT entry
capability, (2) implement US-VISIT exit capability, and (3)	 
define how US-VISIT fits with other emerging border security	 
initiatives. GAO analyzed DHS and US-VISIT documents, interviewed
program officials, and visited 21 land POEs with varied traffic  
levels on both borders. 					 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-07-378T					        
    ACCNO:   A65427						        
  TITLE:     Border Security: US-VISIT Program Faces Strategic,       
Operational, and Technological Challenges at Land Ports of Entry 
     DATE:   01/31/2007 
  SUBJECT:   Biometric identification				 
	     Biometric visas					 
	     Border patrols					 
	     Border security					 
	     Homeland security					 
	     Identification cards				 
	     Information management				 
	     Internal controls					 
	     Standards						 
	     Strategic planning 				 
	     Visas						 
	     Waivers						 
	     Program implementation				 
	     DHS Visitor and Immigrant Status			 
	     Indicator Technology Program			 
                                                                 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-07-378T

   

     * [1]Summary
     * [2]Background

          * [3]US-VISIT Scope, Operations, and Processing at Land POEs

     * [4]DHS Had Installed US-VISIT Biometric Entry Capability at Nea
     * [5]DHS Cannot Currently Implement a Biometric US-VISIT Exit Cap

          * [6]Various Factors Have Prevented US-VISIT from Implementing a
          * [7]The US-VISIT Program Office Tested Nonbiometric Technology t

     * [8]DHS Had Not Articulated How US-VISIT Strategically Fits with
     * [9]Conclusions, Recommendations, and Agency Response
     * [10]GAO Contact and Staff Acknowledgements
     * [11]GAO's Mission
     * [12]Obtaining Copies of GAO Reports and Testimony

          * [13]Order by Mail or Phone

     * [14]To Report Fraud, Waste, and Abuse in Federal Programs
     * [15]Congressional Relations
     * [16]Public Affairs

Testimony before the Subcommittee on Terrorism, Technology, and Homeland
Security, Committee on the Judiciary, U.S. Senate

United States Government Accountability Office

GAO

For Release on Delivery Expected at 2:30 p.m. EST

Wednesday, January 31, 2007

BORDER SECURITY

US-VISIT Program Faces Strategic, Operational, and Technological
Challenges at Land Ports of Entry

Statement of Richard M. Stana, Director Homeland Security and Justice
Issues

GAO-07-378T

Chairman Feinstein and Members of the Subcommittee:

I appreciate the opportunity to be here today to provide a summary of our
December 2006 report^1 on the challenges facing the Department of Homeland
Security (DHS) as it implements United States Visitor and Immigrant Status
Indicator Technology (US-VISIT) at land ports of entry (POE).^2

In the years since the 2001 terrorist attacks, the need to secure U.S.
borders has taken on added importance and has received increasing
attention from Congress and the public. In an effort to avoid repetition
of such attacks, and improve overall national security, Congress and the
Administration have sought better ways to record and track the entry and
departure of foreign visitors who pass through U.S. POEs by air, land, or
sea; to verify their identities; and to authenticate their travel
documentation. Pursuant to several statutory mandates, DHS, in
consultation with the Department of State, established an automated
visitor system to integrate information on the entry and exit from the
United States of foreign nationals, called the US-VISIT Program. According
to DHS, the purpose of US-VISIT is to enhance the security of U.S.
citizens and visitors, facilitate legitimate travel and trade, ensure the
integrity of the U.S. immigration system, and protect visitors' privacy.
The program is managed by the US-VISIT Program Office, which is headed by
the US-VISIT Director, who currently reports to the DHS Deputy Secretary.
US-VISIT is used in the field by officers with U.S. Customs and Border
Protection (CBP), a separate DHS component.

US-VISIT is designed to use biographic information (e.g., name,
nationality, and date of birth) and biometric information (e.g., digital
fingerprint scans and photographs) to verify the identity of those covered
by the program. The program applies to certain visitors whether they hold
a nonimmigrant visa or are traveling from a country that has a visa waiver
agreement with the United States under the Visa Waiver Program.^3 U.S.
citizens, lawful permanent residents, and most Canadian and Mexican^4
citizens are currently exempt from being processed under US-VISIT upon
entering and exiting the country.^5 When foreign nationals subject to
US-VISIT arrive at a land POE, they are directed by CBP officers from the
primary inspection area to the secondary inspection area for further
processing. Visitors covered by US-VISIT who are determined to be
admissible are issued an I-94 arrival/departure form, which, among other
things, records their date of arrival and the date their authorized period
of admission expires. The requirement that arriving nonimmigrants admitted
to the United States, unless otherwise exempted, be issued a Form I-94 as
evidence of the terms of their admission predates implementation of
US-VISIT and was incorporated into US-VISIT processing.^6

^1 GAO, Border Security: US-VISIT Program Faces Strategic, Operational, and
Technological Challenges at Land Ports of Entry, [17]GAO-07-248
(Washington, D.C.: December 2006), which is the publicly available version
of our report entitled Border Security: US-VISIT Program Faces Strategic,
Operational, and Technological Challenges at Land Ports of Entry,
[18]GAO-07-56SU (Washington, D.C.: November 2006).

^2 A port of entry is generally a physical location, such as a pedestrian
walkway and/or a vehicle plaza with booths, and associated inspection and
administration buildings, at a land border crossing point, or a restricted
area inside an airport or seaport, where entry into the country by persons
and cargo arriving by air, land, or sea is controlled by U.S. Customs and
Border Protection.

Many aspects of US-VISIT program implementation have been driven or
defined by various legislative mandates. These include a 2001 statutory
requirement to focus particularly on the use of biometric technology in
developing the integrated entry-exit system subsequently named US-VISIT; a
2002 statutory requirement to develop biometric identifier standards to be
used to verify the identity of persons seeking to enter the United States
at POEs; and a requirement to install at all POEs equipment and software
to allow biometric comparison and authentication of U.S. visas and other
travel and entry documents issued to aliens, as well as Visa Waiver
Program participant passports. In addition, by law, an integrated entry
and exit data system was to be implemented at all U.S. POEs, including
land POEs, by December 31, 2005, but there was no specific requirement to
collect any new data on foreign nationals departing at land POEs by that
date. The Intelligence Reform and Terrorism Prevention Act of 2004, on the
other hand, did require the collection of biometric exit data for all
individuals subject to US-VISIT, but it did not set a deadline for
implementation of this requirement.

^3 The Visa Waiver Program enables nationals of certain countries to
travel to the United States for tourism or business for stays of 90 days
or less without obtaining a visa. Most western European countries
participate in this program, along with Japan, Singapore, Australia,
Brunei, and New Zealand.

^4 To visit the United States, Mexican citizens generally need either a
Mexican passport and U.S. visa, or a Border Crossing Card (BCC), which is
issued to Mexican visitors who wish to enter the country for business or
pleasure for no more than 6 months. The BCC contains machine-readable
biographic and biometric information. Mexican citizens with BCCs who are
traveling within 25 miles of the border, (75 miles in Arizona, if entering
through certain POEs near Tucson) and who plan to stay no more than 30
days, are generally not subject to US-VISIT processing upon entry. A
Mexican citizen is subject to US-VISIT requirements, however, if a CBP
officer determines that the entrant intends to stay more than 30 days or
travel beyond the 25- or 75-mile limit.

^5 On July 27, 2006, DHS issued a Notice of Proposed Rulemaking that, if
finalized, would expand the scope of US-VISIT to include, among others,
lawful permanent residents, aliens seeking admission on immigrant visas,
refugees and asylees, and certain categories of Canadians. DHS did not
report how many additional persons would be covered by US-VISIT if the
rule was adopted.

^6 Visitors traveling on nonimmigrant visas are issued Form I-94 and
visitors from Visa Waiver Program countries are issued Form I-94W. Both
forms show the date of arrival, port of entry, and date the authorized
period of admission expires.

This statement presents a summary of our December 2006 report on the
US-VISIT program, which was requested by the Chairman and Ranking Minority
Member of the House Homeland Security Committee and Congressmen Filner,
Grijalva, Hinojosa, Ortiz, and Reyes. My testimony today provides a
summary of our report and will focus on the following issues:

           o what the US-VISIT Program Office has done to implement US-VISIT
           entry capabilities at land POEs and what impact US-VISIT has had
           on these facilities,

           o the status of US-VISIT Program Office efforts to implement a
           US-VISIT exit capability at land POE facilities, and

           o what DHS has done to define how US-VISIT fits with other
           emerging border security initiatives.

Summary

US-VISIT entry capability had been installed, as of November 2006, at 154
of the 170 land POEs. Officials at all 21 sites we visited reported that
US-VISIT had improved their ability to process visitors and verify
identities. DHS plans to further enhance US-VISIT's capabilities by, among
other things, requiring new technology and equipment for scanning all 10
fingerprints. While this may aid border security, installation could
increase processing times and adversely affect operations at land POEs
where space constraints, traffic congestion, and processing delays already
exist. We found that management controls in place to identify such
problems and evaluate operations were insufficient and inconsistently
administered. For example, we identified computer processing problems at
12 sites visited; at 9 of these, the problems were not always reported to
CBP's computer help desk, as required by CBP guidelines. US-VISIT has
developed performance measures, but measures to gauge factors that
uniquely affect land POE operations were not developed; these would put
US-VISIT officials in a better position to identify areas for improvement.

Our December 2006 report also stated that US-VISIT officials had concluded
that, for various reasons, a biometric US-VISIT exit capability cannot be
implemented without incurring a major impact on land POE facilities.
According to these officials, implementing a biometrically based exit
recording system like that used to record those entering or re-entering
the country is potentially costly (an estimated $3 billion in 2003), would
require new infrastructure, and would produce major traffic congestion
because travelers would have to stop their vehicles upon exit to be
processed--an option officials consider unacceptable. US-VISIT officials
stated that they believe technological advances over the next 5 to 10
years will enable the biometric verification of persons exiting the
country without a major impact on facilities. The US-VISIT Program Office
has tested radio frequency identification (RFID) technology as a
nonbiometric means of recording visitors as they exit. RFID technology can
be used to electronically identify and gather information contained on a
tag--in this case, a unique identifying number embedded in a tag on a
visitor's arrival/departure form--which an electronic reader at the POE is
intended to detect. While RFID technology required few facility and
infrastructure changes, US-VISIT's initial testing and analysis of this
technology identified numerous performance and reliability problems, such
as the failure of RFID readers to detect a majority of travelers' tags
during testing. Furthermore, the RFID solution did not meet the statutory
requirement for a biometric exit capability because the technology as
tested cannot meet a key goal of US-VISIT--ensuring that visitors who
enter the country are the same ones who leave. Specifically, the RFID tag
in the visitor's arrival/departure form cannot be physically tied to an
individual, which means that while a document may be detected as leaving
the country, the person to whom it was issued at time of entry may be
somewhere else. By statute, DHS was to have reported to Congress by June
2005 on how it intended to fully implement a comprehensive, biometric
entry/exit program, but DHS had not yet reported how it intended to do so,
or use nonbiometric solutions. Until this plan is finalized, neither DHS
nor Congress is in a good position to prioritize and allocate program
resources, including funds for any facility modifications that might be
needed, plan for the program's future, or consider trade-offs between
traveler convenience and security.

DHS had not articulated how US-VISIT is to strategically fit with other
land border security initiatives and mandates and could not ensure that
these programs work in harmony to meet mission goals and operate cost
effectively. As we reported 3 years ago, agency programs need to properly
fit within a common strategic context governing key aspects of program
operations, such as what functions are to be performed, what facility or
infrastructure changes will be needed to ensure that they operate in
harmony and as intended, and what standards govern the use of
technology.^7 DHS had drafted a strategic plan defining an overall
immigration and border management strategy, but had not yet approved it,
and did not provide it to us for review. Meanwhile, new border security
initiatives or mandates are planned or under way that could potentially
have an impact on US-VISIT operations and facilities at land POEs. For
example, no later than June 2009, U.S. citizens and foreign nationals of
Canada, Bermuda, and Mexico who enter the United States at land POEs from
within the Western Hemisphere will be required, for the first time, to
present a passport or other documents deemed sufficient to show identity
and citizenship. It is not yet known what types of documents, other than
passports, may be permitted at land POEs, or whether these documents and
the equipment required to read them can be aligned with US-VISIT
technologies. Until decisions for this and other initiatives are made, it
remains unclear how this program will be integrated with US-VISIT, if at
all--raising the possibility that CBP would be faced with managing
differing technology platforms and border inspection processes at each
land POE. Knowing how US-VISIT is to work in concert with other border
security and homeland security initiatives and what facility or facility
modifications might be needed could help Congress, DHS, and others better
understand what resources and tools are needed to ensure success and
ensure that land POE facilities are positioned to accommodate them.

We made three recommendations to enhance the US-VISIT program at land
POEs. Specifically, with respect to entry capability our report
recommended that DHS (1) improve existing controls for identifying and
reporting computer processing and other operational problems to help
ensure that these controls are consistently administered and (2) develop
performance measures specifically for assessing the impact of US-VISIT
operations at land POEs. With respect to the mandated report to Congress,
we recommended that the Secretary take steps to ensure that it includes,
among other things, (1) information on the costs, benefits, and
feasibility of deploying biometric and nonbiometric exit capabilities at
land POEs; and (2) a description of how DHS plans to align US-VISIT with
other emerging land border security initiatives to ensure that different
technologies and processes work in harmony. DHS generally agreed and said
that it has already begun or plans to implement our recommendations.

^7 GAO, Homeland Security: Risks Facing Key Border and Transportation
Security Program Need to Be Addressed, [19]GAO-03-1083  (Washington, D.C.:
Sept. 19, 2003).

Background

US-VISIT is a large, complex governmentwide program intended to

           o collect, maintain, and share information on certain foreign
           nationals who enter and exit the United States;

           o identify foreign nationals who (1) have overstayed or violated
           the terms of their visit; (2) can receive, extend, or adjust their
           immigration status; or (3) should be apprehended or detained by
           law enforcement officials;

           o detect fraudulent travel documents, verify visitor identity, and
           determine visitor admissibility through the use of biometrics
           (digital fingerprints and a digital photograph); and

           o facilitate information sharing and coordination within the
           immigration and border management community.

The US-VISIT Program Office has responsibility for managing the
acquisition, deployment, operation, and sustainment of US-VISIT and has
been delivering US-VISIT capability incrementally based, in part, on
statutory deadlines for implementing specific portions of US-VISIT. For
example, the statutory deadline for implementing US-VISIT at the 50
busiest land POEs was December 31, 2004, and at the remaining POEs,
December 31, 2005.^8 From fiscal year 2003 through fiscal year 2007, total
funding for the US-VISIT program has been about $1.7 billion.

In reports on US-VISIT over the last 3 years, we have identified numerous
challenges that DHS faces in delivering program capabilities and benefits
on time and within budget. In September 2003, we reported that the
US-VISIT program is a risky endeavor, both because of the type of program
it is (large, complex, and potentially costly) and because of the way that
it was being managed.^9 We reported, for example, that the program's
acquisition management process had not been established, and that US-VISIT
lacked a governance structure. In March 2004, we testified that DHS faces
a major challenge maintaining border security while still welcoming
visitors. Preventing the entry of persons who pose a threat to the United
States cannot be guaranteed, and the missed entry of just one can have
severe consequences. Also, US-VISIT is to achieve the important law
enforcement goal of identifying those who overstay or otherwise violate
the terms of their visas. Complicating the achievement of these security
and law enforcement goals are other key US-VISIT goals: facilitating trade
and travel through POEs and providing for enforcement of U.S. privacy laws
and regulations.^10 Subsequently, in May 2004, we reported that DHS had
not employed the kind of rigorous and disciplined management controls
typically associated with successful programs.^11 Moreover, in February
2006, we reported that while DHS had taken steps to implement most of the
recommendations from our 2003 and 2004 reports, progress in critical areas
had been slow.^12 As of February 2006, of 18 recommendations we made since
2003, only 2 had been fully implemented, 11 had been partially
implemented, and 5 were in the process of being implemented, although the
extent to which they would be fully carried out is not yet known.

^8 See appendix I for a legislative overview of the US-VISIT program.

^9 [20]GAO-03-1083 .

US-VISIT Scope, Operations, and Processing at Land POEs

Currently, US-VISIT's scope includes the pre-entry, entry, status, and
exit of hundreds of millions of foreign national travelers who enter and
leave the United States at over 300 air, sea, and land POEs. However, most
land border crossers--including U.S. citizens, lawful permanent residents,
and most Canadian and Mexican citizens--are, by regulation or statute, not
required to enroll into US-VISIT.^13 In fiscal year 2004, for example,
U.S. citizens and lawful permanent residents constituted about 57 percent
of land border crossers; Canadian and Mexican citizens constituted about
41 percent; and less than 2 percent were US-VISIT enrollees. Figure 1
shows the number and percentage of persons processed under US-VISIT as a
percentage of all border crossings at land, air, and sea POEs in fiscal
year 2004.

^10 GAO, Homeland Security: Risks Facing Key Border and Transportation
Security Program Need to Be Addressed,  [21]GAO-04-569T  (Washington,
D.C.: March 2004).

^11GAO, Homeland Security: First Phase of Visitor and Immigration Status
Program Operating, but Improvements Needed, [22]GAO-04-586  (Washington,
D.C.: May 2004).

^12 GAO, Homeland Security: Recommendations to Improve Key Border Security
Programs Need to Be Implemented, [23]GAO-06-296 (Washington, D.C.:
February 2006).

^13 Since the statute governing US-VISIT applies to foreign national
arrival and departure data only, U.S. citizens do not fall within the
scope of the program and therefore are exempt from US-VISIT screening.
Also, in general, regardless of whether they are to be processed into
US-VISIT, Mexican citizens must present either a passport and visa or a
BCC when seeking admission to the United States, while Canadian citizens
generally do not need such documents at this time (Canadian visitors at
land POEs may need passports as early as January 2008, however, under
regulations implementing a new statutory provision on passport
requirements). According to US-VISIT, when a Mexican receives a BCC, the
data on the individual entered into U.S. databases at the time of their
visa application are accessible by US-VISIT--if they are to be processed
into it for any reason.

Figure 1: Persons Processed under US-VISIT as a Percentage of All Border
Crossings at Land, Air, and Sea Ports of Entry, Fiscal Year 2004

Note: Persons processed by US-VISIT may include foreign nationals who were
also issued an I-94 valid for multiple entries and who have re-entered
multiple times. Total entering the United States includes U.S. citizens
who may have re-entered the country multiple times and foreign nationals,
including those not issued I-94s, such as Canadian citizens and Mexicans
with BCCs, and those issued multiple entry I-94s who also may have
re-entered multiple times. U.S. citizens do not fall within the statutory
scope of US-VISIT and therefore are exempt from US-VISIT screening.

Foreign nationals subject to US-VISIT who intend to enter the country
encounter different inspection processes at different types of POEs
depending on their mode of travel. Those who intend to enter the United
States at an air or sea POE are to be processed, for purposes of US-VISIT,
in the primary inspection area upon arrival. Generally, these visitors are
subject to prescreening, before they arrive, via passenger manifests,
which are forwarded to CBP by commercial air or sea carrier in advance of
arrival.^14 By contrast, foreign nationals intending to enter the United
States at land POEs are generally not subject to prescreening because they
arrive in private vehicles or on foot and there is no manifest to record
their pending arrival. Thus, when foreign nationals subject to US-VISIT
arrive at a land POE in vehicles, they initially enter the primary
inspection area where CBP officers, often located in booths, are to
visually inspect travel documents and query the visitors about such
matters as their place of birth and proposed destination. Visitors
arriving as pedestrians enter an equivalent primary inspection area,
generally inside a CBP building. If the CBP officer believes a more
detailed inspection is needed or if the visitors are required to be
processed under US-VISIT,^15 the visitors are to be referred to the
secondary inspection area--an area away from the primary inspection
area--which is generally inside a facility. The secondary inspection area
inside the facility generally contains office space, waiting areas, and
space to process visitors, including US-VISIT enrollees. Equipment used
for US-VISIT processing includes a computer, printer, digital camera, and
a two-fingerprint scanner. Figure 2 shows how U.S. citizens and most
Mexicans, Canadians, and foreign nationals subject to US-VISIT are to be
processed at land POEs.

^14 Under the Enhanced Border Security and Visa Entry Reform Act of 2002
(Pub. L. No. 107-173, S 402(a), 116 Stat. 543, 557-59), commercial air and
sea carriers are to transmit crew and passenger manifests to appropriate
immigration officials before arrival of an aircraft or vessel in the
United States. These manifests are transmitted to CBP through the Advanced
Passenger Information System (APIS), which helps officers identify (1)
those arrivals for which biometric data are available and (2) foreign
nationals who need to be scrutinized more closely.

^15At land border POEs, the Form I-94 issued to foreign nationals covered
by US-VISIT who are deemed admissible is considered issued for multiple
entries, unless specifically annotated otherwise. A multiple entry I-94
permits them to re-enter the country, generally for up to 6 months,
without additional US-VISIT processing during the period covered by the
I-94.

Figure 2: Overview of US-VISIT Processing at Land POEs for Visitors with
and without Visas Entering the Country

As of August 2006, there were 170 land POEs that are geographically
dispersed along the nation's more than 7,500 miles of borders with Canada
and Mexico. Some are located in rural areas (such as Alexandria Bay, New
York, and Blaine-Pacific Highway, Washington) and others in cities (such
as Detroit) or in U.S. cities across from Mexican cities, such as Laredo
and El Paso, Texas. The volume of visitor traffic at these POEs varied
widely, with the busiest four POEs characterized by CBP, in fiscal year
2005, as San Ysidro, Calexico, and Otay Mesa, California, and Bridge of
the Americas in El Paso, Texas.

DHS Had Installed US-VISIT Biometric Entry Capability at Nearly All Land POEs,
but Faces Challenges Identifying and Monitoring the Operational Impacts on POE
Facilities

My statement will now focus on what the US-VISIT Program Office had done
to implement US-VISIT entry capabilities at land POEs and what impact
US-VISIT has had on these facilities.

At the time of our review, DHS had installed the entry portion of US-VISIT
at 154 of the nation's 170 land POEs,^16 usually with minimal new
construction or changes to existing facilities. As required by law, the
US-VISIT entry capability includes biometric features--such as digital
scans of 2 fingerprints--to help verify the identity of visitors. CBP
officials at all 21 land POEs we visited told us that US-VISIT's entry
capability has generally enhanced their ability to process visitors
subject to US-VISIT by providing assurance that visitors' identities can
be confirmed through biometric identifiers and by automating the paperwork
associated with processing I-94 arrival/departure forms.

Going forward, DHS plans to introduce changes and enhancements to US-VISIT
at land POEs intended to further bolster CBP's ability to verify the
identity of individuals entering the country, including a transition from
digitally scanning 2 fingerprints to scanning 10. While such changes are
intended to further enhance border security, deploying them may have an
impact on aging and space-constrained land POE facilities because they
could increase inspection times and adversely affect POE operations. Our
site visits, interviews with US-VISIT and CBP officials, and the work of
others suggest that both before and after US-VISIT entry capability was
installed at land POEs, these facilities faced a number of
challenges--operational and physical--including space constraints
complicated by the logistics of processing high volumes of visitors and
associated traffic congestion. Moreover, our work over the past 3 years
showed that the US-VISIT program office had not taken necessary steps to
help ensure that US-VISIT entry capability operates as intended. For
example, in February 2006 we reported that the approach taken by the
US-VISIT Program Office to evaluate the impact of US-VISIT on land POE
facilities focused on changes in I-94 processing time at 5 POEs and did
not examine other operational factors, such as US-VISIT's impact on
physical facilities or work force requirements.^17 As a result, program
officials did not always have the information they needed to anticipate
problems that occurred, such as problems processing high volumes of
visitors in space-constrained facilities.

^16 US-VISIT was not installed at 14 of the 16 other POEs because visitors
subject to US-VISIT are not permitted to enter the country at those
locations; at the other 2 POEs, DHS lacked the infrastructure needed to
install the equipment.

Turning to another aspect of our work on US-VISIT entry capability, our
December 2006 report stated that management controls did not always alert
US-VISIT and CBP to operational problems. Our standards for internal
controls in the federal government state that it is important for agencies
to have controls in place to help ensure that policies and procedures are
applied and that managers be made aware of problems so that that they can
be addressed and resolved in a timely fashion.^18 CBP officials at 12 of
21 land POE sites we visited told us about US-VISIT-related computer
slowdowns and freezes that adversely affected visitor processing and
inspection times, and at 9 of the 12 sites, computer processing problems
were not always reported to CBP's computer help desk, as required by CBP
guidelines. Although various controls are in place to alert US-VISIT and
CBP officials to problems as they occur, these controls did not alert
officials to all problems, given that they had been unaware of the
problems we identified before we brought them to their attention. These
computer processing problems have the potential to not only inconvenience
travelers because of the increased time needed to complete the inspection
process, but to compromise security, particularly if CBP officers are
unable to perform biometric checks--one of the critical reasons US-VISIT
was installed at POEs.

Our internal control standards also call for agencies to establish
performance measures throughout the organization so that actual
performance can be compared to expected results. While the US-VISIT
Program Office established performance measures for fiscal years 2005 and
2006 intended to gauge performance of various aspects of US-VISIT at air,
sea, and land POEs in the aggregate, performance measures specifically for
land POEs had not been developed. It is important to do so, given that
there are significant operational and facility differences among these
different types of POEs. Additional performance measures that consider
operational and facility differences at land POEs would put US-VISIT
program officials in a better position to identify problems, trends, and
areas needing improvements.

^17 [24]GAO-06-296 .

^18 GAO, Internal Control: Standards for Internal Control in the Federal
Government, [25]GAO/AIMD-00-21 .3.1 (Washington, D.C.: November 1999) and
GAO, Internal Control Standards: Internal Control Management and
Evaluation Tool, [26]GAO-01-1008G (Washington, D.C.: August 2001).

DHS Cannot Currently Implement a Biometric US-VISIT Exit Capability at Land POEs
and Faces Uncertainties as Testing of an Alternative Exit Strategy Continues

My statement will now focus on the challenges facing DHS as it attempts to
implement a biometric exit capability at land POEs.

Various Factors Have Prevented US-VISIT from Implementing a Biometric Exit
Capability

Various factors have prevented US-VISIT from implementing a biometric exit
capability. Federal laws require the creation of a US-VISIT exit
capability using biometric verification methods to ensure that the
identity of visitors leaving the country can be matched biometrically
against their entry records.^19 However, according to officials at the
US-VISIT Program Office and CBP and US-VISIT program documentation, there
are interrelated logistical, technological, and infrastructure constraints
that have precluded DHS from achieving this mandate, and there are cost
factors related to the feasibility of implementation of such a solution.
The major constraint to performing biometric verification upon exit at
this time, in the US-VISIT Program Office's view, is that the only proven
technology available would necessitate mirroring the processes currently
in use for US-VISIT at entry. A mirror image system for exit would, like
one for entry, require CBP officers at land POEs to examine the travel
documents of those leaving the country, take fingerprints, compare
visitors' facial features to photographs, and, if questions about identity
arise, direct the departing visitor to secondary inspection for additional
questioning. These steps would be carried out for exiting pedestrians as
well as for persons exiting in vehicles. The US-VISIT Program Office
concluded in January 2005 that the mirror-imaging solution was "an
infeasible alternative for numerous reasons, including but not limited to,
the additional staffing demands, new infrastructure requirements, and
potential trade and commerce impacts."^20

19 Intelligence Reform and Terrorism Prevention Act of 2004, S 7208, 8
U.S.C. S 1365b. See also USA PATRIOT Act, Pub. L. No. 107-56, S 414(b)(1),
115 Stat. 272, 353 (2001); 8 U.S.C. S 1365a(b)(2)-(4).

US-VISIT officials told us that they anticipated that a biometric exit
process mirroring that used for entry could result in delays at land POEs
with heavy daily volumes of visitors. And they stated that in order to
implement a mirror image biometric exit capability, additional lanes for
exiting vehicles and additional inspection booths and staff would be
needed, though they had not determined precisely how many. According to
these officials, it is unclear how new traffic lanes and new facilities
could be built at land POEs where space constraints already exist, such as
those in congested urban areas. (For example, San Ysidro, California,
currently has 24 entry lanes, each with its own staffed booth and 6
unstaffed exit lanes. Thus, if full biometric exit capability were
implemented using a mirror image approach, San Ysidro's current capacity
of 6 exit lanes would have to be expanded to 24 exit lanes.) As shown in
figure 3, based on observations during our site visit to the San Ysidro
POE, the facility is surrounded by dense urban infrastructure, leaving
little, if any, room to expand in place. Some of the 24 entry lanes for
vehicle traffic heading northward from Mexico into the United States
appear in the bottom left portion of the photograph, where vehicles are
shown waiting to approach primary inspection at the facility; the 6ix exit
lanes (traffic toward Mexico), which do not have fixed inspection
facilities, are at the upper left.

^20 US-VISIT, Increment 2C Operational Alternatives Assessment--FINAL
(Rosslyn, Virginia: Jan. 31, 2005).

Figure 3: Aerial View of San Ysidro, California, POE

Other POE facilities are similarly space-constrained. At the POE at
Nogales-DeConcini, Arizona, for example, we observed that the facility is
bordered by railroad tracks, a parking lot, and industrial or commercial
buildings. In addition, CBP has identified space constraints at some rural
POEs. For example, the Thousand Islands Bridge POE at Alexandria Bay, New
York, is situated in what POE officials described as a "geological bowl,"
with tall rock outcroppings potentially hindering the ability to expand
facilities at the current location. Officials told us that in order to
accommodate existing and anticipated traffic volume upon entry, they are
in the early stages of planning to build an entirely new POE on a hill
about a half-mile south of the present facility. CBP officials at the
Blaine-Peace Arch POE in Washington state said that CBP also is
considering whether to relocate and expand the POE facility, within the
next 5 to 10 years, to better handle existing and projected traffic
volume. According to the US-VISIT program officials, none of the plans for
any expanded, renovated, or relocated POE include a mirror image addition
of exit lanes or facilities comparable to those existing for entry.

In 2003, the US-VISIT Program Office estimated that it would cost
approximately $3 billion to implement US-VISIT entry and exit capability
at land POEs where US-VISIT was likely to be installed and that such an
effort would have a major impact on facility infrastructure at land POEs.
We did not assess the reliability of the 2003 estimate. The cost estimate
did not separately break out costs for entry and exit construction, but
did factor in the cost for building additional exit vehicle lanes and
booths as well as buildings and other infrastructure that would be
required to accommodate a mirror imaging at exit of the capabilities
required for entry processing. US-VISIT program officials told us that
they provided this estimate to congressional staff during a briefing, but
that the reaction to this projected cost was negative and that they
therefore did not move ahead with this option. No subsequent cost estimate
updates had been prepared, and DHS's annual budget requests have not
included funds to build the infrastructure that would be associated with
the required facilities.

US-VISIT officials stated that they believe that technological advances
over the next 5 to 10 years will make it possible to utilize alternative
technologies that provide biometric verification of persons exiting the
country without major changes to facility infrastructure and without
requiring those exiting to stop and/or exit their vehicles, thereby
precluding traffic backup, congestion, and resulting delays. US-VISIT's
report assessing biometric alternatives noted that although limitations in
technology currently preclude the use of biometric identification because
visitors would have to be stopped, the use of the as yet undeveloped
biometric verification technology supports the long-term vision of the
US-VISIT program.^21 However, no such technology or device currently
exists that would not have a major impact on facilities. The prospects for
its development, manufacture, deployment, and reliable utilization are
currently uncertain or unknown, although a prototype device that would
permit a fingerprint to be read remotely without requiring the visitor to
come to a full stop is under development.

While logistical, technical, and cost constraints may prevent
implementation of a biometrically based exit technology for US-VISIT at
this time, it is important to note that there currently is not a
legislatively mandated date for implementation of such a solution. The
Intelligence Reform and Terrorism Prevention Act of 2004 requires US-VISIT
to collect biometric exit data from all individuals who are required to
provide biometric entry data.^22 The act did not set a deadline, however,
for requiring collection of biometric exit data from all individuals who
are required to provide biometric entry data. Although US-VISIT had set a
December 2007 deadline for implementing exit capability at the 50 busiest
land POEs, US-VISIT has since determined that implementing exit capability
by this date is no longer feasible, and a new date for doing so has not
been set.

^21 US-VISIT, Increment 2C Operational Alternatives Assessment--FINAL
(Rosslyn, Virginia: Jan. 31, 2005).

The US-VISIT Program Office Tested Nonbiometric Technology to Record Travelers'
Departure, but Identified Numerous Performance and Reliability Problems

US-VISIT has tested nonbiometric technology to record travelers'
departure, but testing showed numerous performance and reliability
problems. Because there is at present no biometric technology that can be
used to verify a traveler's exit from the country at land POEs without
also making major and costly changes to POE infrastructure and facilities,
US-VISIT tested radio frequency identification (RFID) technology as a
nonbiometric means of recording visitors as they exit. RFID technology can
be used to electronically identify and gather information contained on a
tag--in this case, a unique identifying number embedded in a tag on a
visitor's arrival/departure form--which an electronic reader at the POE is
intended to detect. While RFID technology required few facility and
infrastructure changes, US-VISIT's testing and analysis at five land POEs
at the northern and southern borders identified numerous performance and
reliability problems, such as the failure of RFID readers to detect a
majority of travelers' tags during testing. For example, according to
US-VISIT, at the Blaine-Pacific Highway test site, of 166 vehicles tested
during a 1-week period, RFID readers correctly identified 14 percent--a
sizable departure from the target read rate of 70 percent.^23

Another problem that arose was that of cross-reads, in which multiple RFID
readers installed on poles or structures over roads, called gantries,
picked up information from the same visitor, regardless of whether the
individual was entering or exiting in a vehicle or on foot. Thus,
cross-reads resulted in inaccurate record keeping. According to a January
2006 US-VISIT corrective-action report, remedying cross-reads would
require changes to equipment and infrastructure on a case-by-case basis at
each land POE, because each has a different physical configuration of
buildings, roadways, roofs, gantries, poles, and other surfaces against
which the signals can bounce and cause cross-reads. Each would therefore
require a different physical solution to avoid the signal interference
that triggers cross-reads. Although cost estimates or time lines had not
been developed for such alterations to facilities and equipment, it is
possible that having to alter the physical configuration at each land POE
in some regard and then test each separately to ensure that cross-reads
had been eliminated would be both time consuming and potentially costly,
in terms of changes to infrastructure and equipment.

^22 8 U.S.C. S 1365b(d).

^23 A US-VISIT program official explained that for vehicles exiting during
RFID testing, one could "reasonably expect" a read rate of 70 percent
because vehicles are not required to stop upon exit. The official also
cited vehicle speed, safety, and awareness (of optimal positioning of the
arrival/departure form; for example, holding the form up to the window of
the vehicle) as factors that affected RFID read rates.

However, even if RFID deficiencies were to be fully addressed and
deadlines set, questions remain about DHS's intentions going forward. For
example, the RFID solution did not meet the congressional requirement for
a biometric exit capability because the technology that had been tested
cannot meet a key goal of US-VISIT--ensuring that visitors who enter the
country are the same ones who leave. By design, an RFID tag embedded in an
I-94 arrival/departure form cannot provide the biometric identity-matching
capability that is envisioned as part of a comprehensive entry/exit border
security system using biometric identifiers for tracking overstays and
others entering, exiting, and re-entering the country. Specifically, the
RFID tag in the I-94 form cannot be physically tied to an individual. This
situation means that while a document may be detected as leaving the
country, the person to whom it was issued at time of entry may be
somewhere else.

Our report also noted that DHS was to have reported to Congress by June
2005 on how the agency intended to fully implement a biometric entry/exit
program. As of October 2006, this plan was still under review in the
Office of the Secretary, according to US-VISIT officials. According to
statute, this plan is to include, among other things, a description of the
manner in which the US-VISIT program meets the goals of a comprehensive
entry and exit screening system--including both biometric entry and
exit--and fulfills statutory obligations imposed on the program by several
laws enacted between 1996 and 2002.^24 Until such a plan is finalized and
issued, DHS is not able to articulate how entry/exit concepts will fit
together--including any interim nonbiometric solutions--and neither DHS
nor Congress is positioned to prioritize and allocate resources for a
US-VISIT exit capability or plan for the program's future.

^24 8 U.S.C. S1365b(c)(2)(E).

DHS Had Not Articulated How US-VISIT Strategically Fits with Other Land Border
Security Initiatives

My statement will now focus on DHS efforts to define how US-VISIT fits
with other emerging border security initiatives.

DHS had not articulated how US-VISIT strategically fits with other land
border security initiatives. In recent years, DHS has planned or
implemented a number of initiatives aimed at securing the nation's
borders. In September 2003, we reported that agency programs need to
properly fit within a common strategic context governing key aspects of
program operations--e.g., what functions are to be performed by whom; when
and where they are to be performed; what information is to be used to
perform them; what rules and standards will govern the application of
technology to support them; and what facility or infrastructure changes
will be needed to ensure that they operate in harmony and as intended.^25
We further stated that DHS had not defined key aspects of the larger
homeland security environment in which US-VISIT would need to operate. For
example, certain policy and standards decisions had not been made, such as
whether official travel documents would be required for all persons who
enter and exit the country, including U.S. and Canadian citizens, and how
many fingerprints would be collected--factors that could potentially
increase inspection times and ultimately increase traveler wait times at
some of the higher volume land POE facilities. To minimize the impact of
these changes, we recommended that DHS clarify the context in which
US-VISIT is to operate. Our December 2006 report noted that, 3 years
later, defining this strategic context remained a work in progress. Thus,
the program's relationships and dependencies with other closely allied
initiatives and programs were still unclear.

According to the US-VISIT Chief Strategist, the Program Office drafted in
March 2005 a strategic plan that showed how US-VISIT would be
strategically aligned with DHS's organizational mission and also defined
an overall vision for immigration and border management.^26 According to
this official, the draft plan provided for an immigration and border
management enterprise that unified multiple internal departmental and
other external stakeholders with common objectives, strategies, processes,
and infrastructures. As of October 2006, we were told that DHS had not
approved this strategic plan. This draft plan was not available to us, and
it is unclear how it would provide an overarching vision and road map of
how all these component elements can at this time be addressed given that
critical elements of other emerging border security initiatives have yet
to be finalized.

^25 [27]GAO-03-1083 .

^26In commenting on our December 2006 report, DHS stated that this plan
includes US-VISIT's draft response to the legislative requirement that DHS
produce a report to Congress by June 2005 that describes a comprehensive
US-VISIT entry/exit screening system, as discussed earlier in this report.

For example, under the Intelligence Reform and Terrorism Prevention Act of
2004, DHS and the Department of State are to develop and implement a plan,
no later than June 2009, which requires U.S. citizens and foreign
nationals of Canada, Bermuda, and Mexico to present a passport or other
document or combination of documents deemed sufficient to show identity
and citizenship to enter the United States (this is currently not a
requirement for these individuals entering the United States via land POEs
from within the Western Hemisphere).^27 This effort, known as the Western
Hemisphere Travel Initiative (WHTI), was first announced in 2005, and some
members of Congress and others have raised questions about agencies'
progress carrying out WHTI. In May 2006, we issued a report that provided
our observations on efforts to implement WHTI along the U.S. border with
Canada.^28 We stated that DHS and the Department of State had taken some
steps to carry out the Travel Initiative, but they had a long way to go to
implement their proposed plans, and time was slipping by. Among other
things, we found that

           o key decisions had yet to be made about what documents other than
           a passport would be acceptable when U.S. citizens and citizens of
           Canada enter or return to the United States--a decision critical
           to making decisions about how DHS is to inspect individuals
           entering the country, including what common facilities or
           infrastructure might be needed to perform these inspections at
           land POEs, and

           o a DHS and Department of State proposal to develop an alternative
           form of passport, called a PASS card, would rely on RFID
           technology to help DHS process U.S. citizens re-entering the
           country, but DHS had not made decisions involving a broad set of
           considerations that included (1) utilizing security features to
           protect personal information, (2) ensuring that proper equipment
           and facilities are in place to facilitate crossings at land
           borders, and (3) enhancing compatibility with other border
           crossing technology already in use.

^27 In November 2006, DHS and the Department of State issued a final rule
announcing that, beginning on January 23, 2007, citizens of the United
States, Canada, Mexico, and Bermuda generally are required to present a
passport to enter the United States when arriving by air from any part of
the Western Hemisphere (8 C.F.R. Parts 212 and 235 and 22 C.F.R. Parts 41
and 53). According to DHS, a separate proposed rule addressing land and
sea travel will be published at a later date with specific requirements
for travelers entering the United States through land and sea POEs. By
law, these new requirements are to be in place no later than June 2009.

^28 GAO, Observations on Efforts to Implement the Western Hemisphere
Travel Initiative on the U.S. Canadian Border, [28]GAO-06-741R 
(Washington, D.C.: May 25, 2006).

As of September 2006, DHS had still not finalized plans for changing the
inspection process and using technology to process U.S. citizens and
foreign nationals of Canada, Bermuda, and Mexico re-entering or entering
the country at land POEs. In the absence of decisions about the strategic
direction of both programs, it was unclear (1) how the technology used to
facilitate border crossings under the Travel Initiative would be
integrated with US-VISIT technology, if at all, and (2) how land POE
facilities would have to be modified to accommodate both programs to
ensure efficient inspections that do not seriously affect wait times. This
raises the possibility that CBP would be faced with managing differing
technology platforms and border inspection processes at high-volume land
POEs facilities that, according to DHS, already face space constraints and
congestion.

Similarly, our December 2006 report noted that it is not clear how
US-VISIT is to operate in relation to another emerging border security
effort, the Secure Border Initiative (SBI)--a comprehensive DHS
initiative, announced last year, to secure the country's borders and
reduce illegal migration. Under SBI and its CBP component, called SBInet,
DHS plans to use a systems approach to integrate personnel,
infrastructures, technologies, and rapid response capability into a
comprehensive border protection system. DHS reports that, among other
things, SBInet is to encompass both the northern and southern land
borders, including the Great Lakes, under a unified border control
strategy whereby CBP is to focus on the interdiction of cross-border
violations between the ports and at the official land POEs and funnel
traffic to the land POEs. As part of SBI, DHS also plans to focus on
interior enforcement--disrupting and dismantling cross border crime into
the interior of the United States while locating and removing aliens who
are present in the United States in violation of law. Although DHS has
published some information on SBI and SBInet, it remains unclear how
SBInet will be linked, if at all, to US-VISIT so that the two systems can
share technology, infrastructure, and data across programs.

Also, given the absence of a comprehensive entry and exit system,
questions remain about what meaningful data US-VISIT may be able to
provide other DHS components, such as Immigration and Customs Enforcement
(ICE), to ensure that DHS can, from an interior enforcement perspective,
identify and remove foreign nationals covered by US-VISIT who may have
overstayed their visas. In a May 2004 report, we stated that although no
firm estimates were available, the extent of overstaying is
significant.^29 We stated that most long-term overstays appeared to be
motivated by economic opportunities, but a few had been identified as
terrorists or involved in terrorist-related activities. Notably, some of
the September 11 hijackers had overstayed their visas. We further reported
that US-VISIT held promise for identifying and tracking overstays as long
as it could overcome weaknesses matching visitors' entry and exit.

Conclusions, Recommendations, and Agency Response

Developing and deploying complex technology that records the entry and
exit of millions of visitors to the United States, verifies their
identities to mitigate the likelihood that terrorists or criminals can
enter or exit at will, and tracks persons who remain in the country longer
than authorized is a worthy goal in our nation's effort to enhance border
security in a post-9/11 era. But doing so also poses significant
challenges; foremost among them is striking a reasonable balance between
US-VISIT's goals of providing security to U.S. citizens and visitors while
facilitating legitimate trade and travel.

DHS has made considerable progress making the entry portion of the
US-VISIT program at land POEs operational, but our work raised questions
whether DHS has adequately assessed how US-VISIT has affected operations
at land POEs. Because US-VISIT will likely continue to have an impact on
land POE facilities as it evolves--especially as new technology and
equipment are introduced--it is important for US-VISIT and CBP officials
to have sufficient management controls for identifying and reporting
potential computer and other operational problems that could affect the
ability of US-VISIT entry capability to operate as intended. For example,
if disruptions to US-VISIT computer operations are not consistently and
promptly reported and resolved, it is possible that a critical US-VISIT
function--notably, the ability to use biometric information to confirm
visitors' identities through various databases--could be disrupted, as has
occurred in the past. The need to avoid disruptions to biometric
verification is important given that one of the primary goals of US-VISIT
is to enhance the security of U.S. citizens and visitors, and in light of
the substantial investment DHS has made in US-VISIT technology and
equipment. To help DHS achieve benefits commensurate with its investment
in US-VISIT at land POEs and security goals and objectives, we recommended
that DHS (1) improve existing controls for identifying and reporting
computer processing and other operational problems to help ensure that
these controls are consistently administered and (2) develop performance
measures specifically for assessing the impact of US-VISIT operations at
land POEs.

^29 GAO, [29]Overstay Tracking: A Key Component of Homeland Security and a
Layered Defense , [30]GAO-04-82  (Washington, D.C.: May 2004).

With respect to DHS's effort to create an exit verification capability,
developing and deploying this capability at land POEs has posed a set of
challenges that are distinct from those associated with entry. US-VISIT
has not determined whether it can achieve, in a realistic time frame, or
at an acceptable cost, the legislatively mandated capability to record the
exit of travelers at land POEs using biometric technology. Apart from
acquiring new facilities and infrastructure at an estimated cost of
billions of dollars, US-VISIT officials have acknowledged that no
technology now exists to reliably record travelers' exit from the country,
and to ensure that the person leaving the country is the same person who
entered, without requiring that person to stop upon exit--potentially
imposing a substantial burden on travelers and commerce. US-VISIT
officials stated that they believe a biometrically based solution that
does not require those exiting the country to stop for processing, that
minimizes the need for major facility changes, and that can be used to
definitively match a visitor's entry and exit will be available in 5 to 10
years. In the interim, it remains unclear how DHS plans to proceed.
According to statute, DHS was required to report more than a year ago on
its plans for developing a comprehensive biometric entry and exit system,
but DHS has yet to finalize this road map for Congress. Until DHS
finalizes such a plan, neither Congress nor DHS is likely to have
sufficient information as a basis for decisions about various factors
relevant to the success of US-VISIT, ranging from funding needed for any
land POE facility modifications in support of the installation of exit
technology to the trade-offs associated with ensuring traveler convenience
while providing verification of travelers' departure consistent with
US-VISIT's national security and law enforcement goals. We recommended
that as DHS finalizes the mandated report, the Secretary take steps to
ensure that the report includes, among other things, information on the
costs, benefits, and feasibility of deploying biometric and nonbiometric
exit capabilities at land POEs. Our recommendation also stated that DHS's
report should include a description of how DHS plans to align US-VISIT
with other emerging land border security initiatives and what facilities
or facility modifications would be needed at land POEs to ensure that
different technologies and processes work in harmony. By showing how these
initiatives are to be aligned, Congress, DHS, and others would be in a
better position to understand what resources and tools are needed to
ensure success and ensure that land POE facilities are positioned to
accommodate them.

DHS generally agreed with our recommendations and stated that it either
had begun to take or was planning to take actions to implement them. It
acknowledged that the exit technology tested by DHS would not satisfy
statutory requirements for a biometric exit system and said that it would
perform research and industry outreach to satisfy the mandate. DHS,
however, disagreed with our finding that the US-VISIT Program Office did
not fully consider the impact of US-VISIT on the overall operations at
POEs. It said that US-VISIT impacts are limited to changes in Form I-94
processing time, which according to officials, improved, and that issues
related to capacity, staffing, and other factors are "arguably" beyond the
scope of US-VISIT. We agree that the approach taken to do operational
assessments of the impact of US-VISIT land POE facilities focused on
changes to I-94 processing time. Our concern is that the assessments did
not examine other operational factors, such as US-VISIT's impact on
physical facilities, to help ensure that US-VISIT operates as intended. We
believe more complete assessments of the impact of US-VISIT on land POE
operations would better position DHS to anticipate potential problems and
develop solutions, especially as additional US-VISIT capabilities, such as
10-fingerprint scanning, are introduced at these facilities.

This concludes my prepared testimony. I would be happy to respond to any
questions that Members of the Subcommittee may have.

GAO Contact and Staff Acknowledgements

For further information about this testimony, please contact me at (202)
512-8816. John Mortin, Assistant Director; Amy Bernstein; Frances Cook;
Odi Cuero; Richard Hung; Amanda Miller; James R. Russell; and Jonathan
Tumin made key contributions to this testimony.

Appendix I: Legislative Overview of the US-VISIT Program

The Illegal Immigration Reform and Immigrant Responsibility Act of 1996
originally required the development of an automated entry and exit control
system to collect a record of departure for every alien departing the
United States and match the record of departure with the record of the
alien's arrival in the United States; make it possible to identify
nonimmigrants who remain in the country beyond the authorized period; and
not significantly disrupt trade, tourism, or other legitimate cross-border
traffic at land border ports of entry. It also required the integration of
overstay information into appropriate databases of the Immigration and
Naturalization Service and the Department of State, including those used
at ports of entry and at consular offices. The system was originally to be
developed by September 30, 1998; this deadline was changed to October 15,
1998, and was changed again for land border ports of entry and sea ports
to March 30, 2001.

The Immigration and Naturalization Service Data Management Improvement Act
(DMIA) of 2000 replaced the 1996 statute in its entirety, requiring
instead an electronic system that would provide access to and integrate
alien arrival and departure data that are authorized or required to be
created or collected under law, are in an electronic format, and are in a
database of the Department of Justice or the Department of State,
including those created or used at ports of entry and at consular offices.
The act specifically provided that it not be construed to permit the
imposition of any new documentary or data collection requirements on any
person for the purpose of satisfying its provisions, but it further
provided that it also not be construed to reduce or curtail any authority
of the Attorney General (now Secretary of Homeland Security) or Secretary
of State under any other provision of law. The integrated entry and exit
data system was to be implemented at airports and seaports by December 31,
2003, at the 50 busiest land ports of entry by December 31, 2004, and at
all remaining ports of entry by December 31, 2005.

The DMIA also required that the system use available data to produce a
report of arriving and departing aliens by country of nationality,
classification as an immigrant or nonimmigrant, and date of arrival in and
departure from the United States. The system was to match an alien's
available arrival data with the alien's available departure data, assist
in the identification of possible overstays, and use available alien
arrival and departure data for annual reports to Congress. These reports
were to include the number of aliens for whom departure data were
collected during the reporting period, with an accounting by country of
nationality; the number of departing aliens whose departure data were
successfully matched to the alien's arrival data, with an accounting by
country of nationality and classification as an immigrant or nonimmigrant;
the number of aliens who arrived pursuant to a nonimmigrant visa, or as a
visitor under the visa waiver program, for whom no matching departure data
have been obtained as of the end of the alien's authorized period of stay,
with an accounting by country of nationality and date of arrival in the
United States; and the number of identified overstays, with an accounting
by country of nationality.

In 2001, the USA PATRIOT Act provided that, in developing the integrated
entry and exit data system under the DMIA, the Attorney General (now
Secretary of Homeland Security) and Secretary of State were to focus
particularly on the utilization of biometric technology and the
development of tamper-resistant documents readable at ports of entry. It
also required that the system be able to interface with law enforcement
databases for use by federal law enforcement to identify and detain
individuals who pose a threat to the national security of the United
States. The PATRIOT Act also required by January 26, 2003, the development
and certification of a technology standard, including appropriate
biometric identifier standards, that can be used to verify the identity of
persons applying for a U.S. visa or persons seeking to enter the United
States pursuant to a visa for the purposes of conducting background
checks, confirming identity, and ensuring that a person has not received a
visa under a different name. This technology standard was to be the
technological basis for a cross-agency, cross-platform electronic system
that is a cost-effective, efficient, fully interoperable means to share
law enforcement and intelligence information necessary to confirm the
identity of persons applying for a U.S. visa or persons seeking to enter
the United States pursuant to a visa. This electronic system was to be
readily and easily accessible to consular officers, border inspection
agents, and law enforcement and intelligence officers responsible for
investigation or identification of aliens admitted to the United States
pursuant to a visa. Every 2 years, beginning on October 26, 2002, the
Attorney General (now Secretary of Homeland Security) and the Secretary of
State were to jointly report to Congress on the development,
implementation, efficacy, and privacy implications of the technology
standard and electronic database system.

The Enhanced Border Security and Visa Entry Reform Act of 2002 required
that, in developing the integrated entry and exit data system for the
ports of entry under the DMIA, the Attorney General (now Secretary of
Homeland Security) and Secretary of State implement, fund, and use the
technology standard required by the USA PATRIOT Act at U.S. ports of entry
and at consular posts abroad. The act also required the establishment of a
database containing the arrival and departure data from machine-readable
visas, passports, and other travel and entry documents possessed by aliens
and the interoperability of all security databases relevant to making
determinations of admissibility under section 212 of the Immigration and
Nationality Act. In implementing these requirements, the INS (now the
Department of Homeland Security [DHS]) and the Department of State were to
utilize technologies that facilitate the lawful and efficient cross-border
movement of commerce and persons without compromising the safety and
security of the United States and were to consider implementing a North
American National Security Program, for which other provisions in the act
called for a feasibility study.

The act, as amended, also established a number of requirements regarding
biometric travel and entry documents. It required that not later than
October 26, 2004, the Attorney General (now Secretary of Homeland
Security) and the Secretary of State issue to aliens only
machine-readable, tamper-resistant visas and other travel and entry
documents that use biometric identifiers and that they jointly establish
document authentication standards and biometric identifiers standards to
be employed on such visas and other travel and entry documents from among
those biometric identifiers recognized by domestic and international
standards organizations. It also required by October 26, 2005, the
installation at all ports of entry of the United States of equipment and
software to allow biometric comparison and authentication of all U.S.
visas and other travel and entry documents issued to aliens and passports
issued by visa waiver participants. Such biometric data readers and
scanners were to be those that domestic and international standards
organizations determine to be highly accurate when used to verify
identity, that can read the biometric identifiers used under the act, and
that can authenticate the document presented to verify identity. These
systems also were to utilize the technology standard established pursuant
to the PATRIOT Act.

The Intelligence Reform and Terrorism Prevention Act of 2004 did not amend
the existing statutory provisions governing US-VISIT, but it did establish
additional statutory requirements concerning the program. It described the
program as an "automated biometric entry and exit data system" and
required DHS to develop a plan to accelerate the full implementation of
the program and to report to Congress on this plan by June 15, 2005. The
report was to provide several types of information about the
implementation of US-VISIT, including a "listing of ports of entry and
other DHS and Department of State locations with biometric exit data
systems in use." The report also was to provide a description of the
manner in which the US-VISIT program meets the goals of a comprehensive
entry and exit screening system, "including both entry and exit
biometric;" and fulfills the statutory obligations imposed on the program
by several laws enacted between 1996 and 2002. The act provided that
US-VISIT "shall include a requirement for the collection of biometric exit
data for all categories of individuals who are required to provide
biometric entry data, regardless of the port of entry where such
categories of individuals entered the United States."

The new provisions in the 2004 act also addressed integration and
interoperability of databases and data systems that process or contain
information on aliens and federal law enforcement and intelligence
information relevant to visa issuance and admissibility of aliens;
maintaining the accuracy and integrity of the US-VISIT data system; using
the system to track and facilitate the processing of immigration benefits
using biometric identifiers; the goals of the program (e.g., serving as a
vital counterterrorism tool, screening visitors efficiently and in a
welcoming manner, integrating relevant databases and plans for database
modifications to address volume increase and database usage, and providing
inspectors and related personnel with adequate real time information);
training, education, and outreach on US-VISIT, low-risk visitor programs,
and immigration law; annual compliance reports by DHS, State, the
Department of Justice, and any other department or agency subject to the
requirements of the new provisions; and development and implementation of
a registered traveler program.

(440573)

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail:
[email protected] Automated answering system: (800) 424-5454 or (202)
512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548

Public Affairs

Paul Anderson, Managing Director, [email protected] (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548

www.gao.gov/cgi-bin/getrpt?GAO-07-378T .

To view the full product, including the scope
and methodology, click on the link above.

For more information, contact Richard Stana at (202) 512-8777 or
[email protected].

Highlights of [38]GAO-07-378T , a report to a testimony before the
Subcommittee on Terrorism, Technology, and Homeland Security, Committee on
the Judiciary, U.S. Senate

January 2007

BORDER SECURITY

US-VISIT Program Faces Strategic, Operational, and Technological
Challenges at Land Ports of Entry

This testimony summarizes a December 2006 GAO report on the Department of
Homeland Security's (DHS) efforts to implement the U.S. Visitor and
Immigrant Status Indicator Technology (US-VISIT) program at land ports of
entry (POE). US-VISIT is designed to collect, maintain, and share data on
selected foreign nationals entering and exiting the United States at air,
sea, and land POEs. These data, including biometric identifiers like
digital fingerprints, are to be used to screen persons against watch
lists, verify identities, and record arrival and departure. This testimony
addresses DHS's efforts to (1) implement US-VISIT entry capability, (2)
implement US-VISIT exit capability, and (3) define how US-VISIT fits with
other emerging border security initiatives. GAO analyzed DHS and US-VISIT
documents, interviewed program officials, and visited 21 land POEs with
varied traffic levels on both borders.

[39]What GAO Recommends

GAO recommended that DHS improve management controls for US-VISIT; develop
performance measures to assess the impact of US-VISIT at land POEs; and
ensure that a statutorily mandated report describes how DHS will move to a
biometric entry/exit capability and align US-VISIT with emerging land
border security initiatives. DHS generally agreed and said that it has
begun to or plans to implement GAO's recommendations.

US-VISIT entry capability had been installed at 154 of the 170 land POEs.
Officials at all 21 sites GAO visited reported that US-VISIT had improved
their ability to process visitors and verify identities. DHS plans to
further enhance US-VISIT's capabilities by, among other things, requiring
new technology and equipment for scanning all 10 fingerprints (see photo,
below left). While this may aid border security, installation could
increase processing times and adversely affect operations at land POEs
where space constraints, traffic congestion, and processing delays already
exist. GAO's work indicated that management controls in place to identify
such problems and evaluate operations were insufficient and inconsistently
administered. For example, GAO identified computer processing problems at
12 sites visited; at 9 of these, the problems were not always reported.
US-VISIT has developed performance measures, but measures to gauge factors
that uniquely affect land POE operations were not developed; these would
put US-VISIT officials in a better position to identify areas for
improvement.

US-VISIT officials concluded that, for various reasons, a biometric
US-VISIT exit capability cannot now be implemented without incurring a
major impact on land POE facilities. An interim nonbiometric exit
technology tested (see photo, below right) did not meet the statutory
requirement for a biometric exit capability and thus cannot ensure that
visitors who enter the country are those who leave. DHS had not yet
reported to Congress on a required plan describing how it intended to
fully implement a biometric entry/exit program or use nonbiometric
solutions. Until this plan is finalized, neither DHS nor Congress is in a
good position to prioritize and allocate program resources or plan for POE
facilities modifications.

DHS had not articulated how US-VISIT is to align with other emerging land
border security initiatives and mandates, and thus could not ensure that
the program would meet strategic program goals and operate cost
effectively at land POEs. Knowing how US-VISIT is to work with these
initiatives, such as one requiring U.S. citizens, Canadians, and others to
present passports or other documents at land POEs in 2009, is important
for understanding the broader strategic context for US-VISIT and
identifying resources, tools, and potential facility modifications needed
to ensure success.

US-VISIT entry capability set up with computer and camera (left);
nonbiometric exit identification readers mounted over highway (right)

References

Visible links

  17. http://www.gao.gov/cgi-bin/getrpt?GAO-07-248
  18. http://www.gao.gov/cgi-bin/getrpt?GAO-07-56SU
  19. http://www.gao.gov/cgi-bin/getrpt?GAO-03-1083
  20. http://www.gao.gov/cgi-bin/getrpt?GAO-03-1083
  21. http://www.gao.gov/cgi-bin/getrpt?GAO-04-569T
  22. http://www.gao.gov/cgi-bin/getrpt?GAO-04-586
  23. http://www.gao.gov/cgi-bin/getrpt?GAO-06-296
  24. http://www.gao.gov/cgi-bin/getrpt?GAO-06-296
  25. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.3.1
  26. http://www.gao.gov/cgi-bin/getrpt?GAO-01-1008G
  27. http://www.gao.gov/cgi-bin/getrpt?GAO-03-1083
  28. http://www.gao.gov/cgi-bin/getrpt?GAO-06-741R
  29. http://searching.gao.gov/cs.html?charset=iso-8859-1&url=http%3A//www.gao.gov/new.items/d0482.pdf&qt=overstays&col=&n=1&la=en
  30. http://www.gao.gov/cgi-bin/getrpt?GAO-04-82
  31. http://www.gao.gov/
  32. http://www.gao.gov/
  33. http://www.gao.gov/fraudnet/fraudnet.htm
  34. file:///home/webmaster/infomgt/d07378t.htm#mailto:[email protected]
  35. file:///home/webmaster/infomgt/d07378t.htm#mailto:[email protected]
  36. file:///home/webmaster/infomgt/d07378t.htm#mailto:[email protected]
  37. http://www.gao.gov/cgi-bin/getrpt?GAO-07-378T
  38. http://www.gao.gov/cgi-bin/getrpt?GAO-07-378T
*** End of document. ***