Homeland Security: US-VISIT Program Faces Operational,		 
Technological, and Management Challenges (20-MAR-07,		 
GAO-07-632T).							 
                                                                 
This testimony summarizes GAO's work on the Department of	 
Homeland Security's (DHS) efforts to implement the U.S. Visitor  
and Immigrant Status Indicator Technology (US-VISIT) program at  
air, sea, and land ports of entry (POE). US-VISIT is designed to 
collect, maintain, and share data on selected foreign nationals  
entering and exiting the United States at air, sea, and land	 
POEs. These data, including biometric identifiers like digital	 
fingerprints, are to be used to screen persons against watch	 
lists, verify identities, and record arrival and departure. This 
testimony addresses DHS's efforts to (1) implement US-VISIT entry
capability, (2) implement US-VISIT exit capability, and (3)	 
resolve longstanding management challenges that could impair	 
DHS's ability to effectively implement the US-VISIT program. GAO 
analyzed DHS and US-VISIT documents, interviewed program	 
officials, and visited 21 land POEs with varied traffic levels on
both borders.							 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-07-632T					        
    ACCNO:   A67044						        
  TITLE:     Homeland Security: US-VISIT Program Faces Operational,   
Technological, and Management Challenges			 
     DATE:   03/20/2007 
  SUBJECT:   Biometrics 					 
	     Border security					 
	     Data collection					 
	     Homeland security					 
	     Immigration					 
	     Internal controls					 
	     Program evaluation 				 
	     Program management 				 
	     Radio frequency identification			 
	     technology 					 
                                                                 
	     Strategic planning 				 
	     Technology 					 
	     Visas						 
	     Program implementation				 
	     DHS Visitor and Immigrant Status			 
	     Indicator Technology Program			 
                                                                 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-07-632T

   

     * [1]Summary
     * [2]Background

          * [3]US-VISIT Scope, Operations, and Processing at POEs

     * [4]DHS Has Installed US-VISIT Biometric Entry Capability at Nea
     * [5]Implementing a Biometric US-VISIT Exit Capability has Been a

          * [6]A Biometric Exit Capability is being Tested at Air and Sea P
          * [7]Various Factors Have Prevented US-VISIT from Implementing a

     * [8]DHS Continues to Face Longstanding US-VISIT Management Chall

          * [9]DHS Has Not Defined and Developed US-VISIT Within a DHS-wide
          * [10]DHS Has Not Economically Justified US-VISIT Increments or As

               * [11]DHS Did Not Economically Justify Its Proposed
                 Incremental In
               * [12]DHS Did Not Adequately Assess the Impact of Entry
                 Capabiliti
               * [13]US-VISIT Did Not Adequately Evaluate Exit Capability
                 Impacts
               * [14]DHS Has Not Adequately Justified Increases in, and
                 Disclosed

          * [15]DHS Has Not Fully Implemented Key US-VISIT Acquisition and F
          * [16]DHS Has Yet to Establish Effective Program Accountability Me

     * [17]Concluding Observations
     * [18]GAO Contact and Staff Acknowledgements
     * [19]GAO's Mission
     * [20]Obtaining Copies of GAO Reports and Testimony

          * [21]Order by Mail or Phone

     * [22]To Report Fraud, Waste, and Abuse in Federal Programs
     * [23]Congressional Relations
     * [24]Public Affairs

Testimony before the Committee on Homeland Security, House of
Representatives

United States Government Accountability Office

GAO

For Release on Delivery Expected at 10:00 a.m. DST
Tuesday, March 20, 2007

HOMELAND SECURITY

US-VISIT Program Faces Operational, Technological, and Management
Challenges

Statement of Richard M. Stana, Director
Homeland Security and Justice Issues

GAO-07-632T

Mr. Chairman and Members of the Committee:

I appreciate the opportunity to be here today to provide a summary of our
work on the challenges facing the Department of Homeland Security (DHS) as
it implements United States Visitor and Immigrant Status Indicator
Technology (US-VISIT) at air, sea, and land ports of entry (POE).1

In the years since the 2001 terrorist attacks, the need to secure U.S.
borders has taken on added importance and has received increasing
attention from Congress and the public. In an effort to avoid repetition
of such attacks, and improve overall national security, Congress and the
Administration have sought better ways to record and track the entry and
departure of foreign visitors who pass through U.S. POEs by air, land, or
sea; to verify their identities; and to authenticate their travel
documentation. Pursuant to several statutory mandates, DHS, in
consultation with the Department of State, established an automated
visitor system to integrate information on the entry and exit from the
United States of foreign nationals, called the US-VISIT Program. According
to DHS, the purpose of US-VISIT is to enhance the security of U.S.
citizens and visitors, facilitate legitimate travel and trade, ensure the
integrity of the U.S. immigration system, and protect visitors' privacy.
The program is managed by the US-VISIT Program Office, which is headed by
the US-VISIT Director, who currently reports to the DHS Deputy Secretary.
However, as of March 31, 2007, the US-VISIT Program Office is expected to
report to the newly established Under Secretary for the National
Protection and Program Directorate. US-VISIT is used in the field by
officers with U.S. Customs and Border Protection (CBP), a separate DHS
component.

US-VISIT is designed to use biographic information (e.g., name,
nationality, and date of birth) and biometric information (e.g., digital
fingerprint scans and photographs) to verify the identity of those covered
by the program. The program applies to certain visitors whether they hold
a nonimmigrant visa or are traveling from a country that has a visa waiver
agreement with the United States under the Visa Waiver Program.2 U.S.
citizens, lawful permanent residents, and most Canadian and Mexican3
citizens are currently exempt from being processed under US-VISIT upon
entering and exiting the country.4

1 A port of entry is generally a physical location, such as a pedestrian
walkway and/or a vehicle plaza with booths, and associated inspection and
administration buildings, at a land border crossing point, or a restricted
area inside an airport or seaport, where entry into the country by persons
and cargo arriving by air, land, or sea is controlled by U.S. Customs and
Border Protection.

Many aspects of US-VISIT program implementation have been driven or
defined by various legislative mandates. These include a 2001 statutory
requirement to focus particularly on the use of biometric technology in
developing the integrated entry-exit system subsequently named US-VISIT; a
2002 statutory requirement to develop biometric identifier standards to be
used to verify the identity of persons seeking to enter the United States
at POEs; and a requirement to install at all POEs equipment and software
to allow biometric comparison and authentication of U.S. visas and other
travel and entry documents issued to aliens, as well as Visa Waiver
Program participant passports. In addition, by law, an integrated entry
and exit data system was to be implemented at all U.S. POEs, including
land POEs, by December 31, 2005, but there was no specific requirement to
collect any new data on foreign nationals departing at land POEs by that
date. The Intelligence Reform and Terrorism Prevention Act of 2004, on the
other hand, did require the collection of biometric exit data for all
individuals subject to US-VISIT, but it did not set a deadline for
implementation of this requirement.5

2 The Visa Waiver Program enables nationals of certain countries to travel
to the United States for tourism or business for stays of 90 days or less
without obtaining a visa. Most western European countries participate in
this program, along with Japan, Singapore, Australia, Brunei, and New
Zealand.

3 To visit the United States, Mexican citizens generally need either a
Mexican passport and U.S. visa, or a Border Crossing Card (BCC), which is
issued to Mexican visitors who wish to enter the country for business or
pleasure for no more than 6 months. The BCC contains machine-readable
biographic and biometric information. Mexican citizens with BCCs who are
traveling within 25 miles of the border, (75 miles in Arizona, if entering
through certain POEs near Tucson) and who plan to stay no more than 30
days, are generally not subject to US-VISIT processing upon entry. A
Mexican citizen is subject to US-VISIT requirements, however, if a CBP
officer determines that the entrant intends to stay more than 30 days or
travel beyond the 25- or 75-mile limit.

4 On July 27, 2006, DHS issued a Notice of Proposed Rulemaking that, if
finalized, would expand the scope of US-VISIT to include, among others,
lawful permanent residents, aliens seeking admission on immigrant visas,
refugees and asylees, and certain categories of Canadians. DHS did not
report how many additional persons would be covered by US-VISIT if the
rule was adopted.

My testimony today draws on this body of completed work to provide a
snapshot of what US-VISIT capabilities have and have not been delivered,
what work has recently begun to enhance already delivered capabilities,
and the range of longstanding challenges that hamper DHS efforts to
establish and live up to program expectations and commitments. All the
work on which this testimony is based was performed in accordance with
generally accepted government auditing standards.

Summary

DHS is operating US-VISIT entry capabilities at most POEs and has begun to
work to move from 2 to10 fingerprint biometric capabilities and expand
electronic information sharing with stakeholders. Of particular note is
the fact that a US-VISIT biometric-based entry screening capability is
operating at 115 airports, 14 seaports, and 154 land POEs. While US-VISIT
has improved DHS's ability to process visitors and verify identities upon
entry, we found that management controls in place to identify and evaluate
computer and other operational problems at land POEs were insufficient and
inconsistently administered.

Although US-VISIT has conducted various exit demonstration projects at a
small number of POEs, a biometric exit capability is not currently
available. According to program officials, this is due to a number of
factors. For example, at this time the only proven technology available
for biometric land exit verification would necessitate mirroring the
processes currently in use for entry at these POEs, which would create
costly staffing demands and infrastructure requirements, and introduce
potential trade, commerce, and environmental impacts. Further, a pilot
project to examine an alternative technology at land POEs did not produce
a viable solution. By statute, DHS was to have reported to Congress by
June 2005 on how it intended to fully implement a comprehensive, biometric
entry/exit program, but DHS had not yet reported how it intended to do so,
or use nonbiometric solutions.

DHS continues to face longstanding US-VISIT management challenges and
future uncertainties. For example, DHS had not articulated how US-VISIT is
to strategically fit with other land border security initiatives and
mandates and could not ensure that these programs work in harmony to meet
mission goals and operate cost effectively. DHS had drafted a strategic
plan defining an overall immigration and border management strategy but,
in February 2007, we were told that the plan was with OMB and had not yet
been approved. Further, critical acquisition management processes need to
be established and followed to ensure that program capabilities and
expected mission outcomes are delivered on time and within budget. These
processes include effective project planning, requirements management,
contract tracking and oversight, test management, and financial
management. As we have reported for several years, DHS has yet to
adequately do these things. Until these issues are addressed, the risk of
US-VISIT continuing to fall short of expectations is increased.

5 For a legislative overview of the US-VISIT program, see appendix III of
GAO, Border Security: US-VISIT Program Faces Strategic, Operational, and
Technological Challenges at Land Ports of Entry, [25]GAO-07-248
(Washington, D.C.: December 2006).

Background

US-VISIT is a large, complex governmentwide program intended to

           o collect, maintain, and share information on certain foreign
           nationals who enter and exit the United States;

           o identify foreign nationals who (1) have overstayed or violated
           the terms of their visit; (2) can receive, extend, or adjust their
           immigration status; or (3) should be apprehended or detained by
           law enforcement officials;

           o detect fraudulent travel documents, verify visitor identity, and
           determine visitor admissibility through the use of biometrics
           (digital fingerprints and a digital photograph); and

           o facilitate information sharing and coordination within the
           immigration and border management community.

The US-VISIT Program Office has responsibility for managing the
acquisition, deployment, operation, and sustainment of US-VISIT and has
been delivering US-VISIT capability incrementally based, in part, on
statutory deadlines for implementing specific portions of US-VISIT. For
example, the statutory deadline for implementing US-VISIT at the 50
busiest land POEs was December 31, 2004, and at the remaining POEs,
December 31, 2005. From fiscal year 2003 through fiscal year 2007, total
funding for the US-VISIT program has been about $1.7 billion. According to
program officials, as of January 31, 2007, almost $1.3 billion has been
obligated to acquire, develop, deploy, enhance, operate, and maintain
US-VISIT entry capabilities, and to test and evaluate exit capability
options.6

Since 2003, DHS has planned to deliver US-VISIT capability in four
increments: Increment 1 (air and sea entry and exit), Increment 2 (air,
sea, and land entry and exit), Increment 3 (land entry), and Increment 4,
which is to define, design, build, and implement more strategic program
capability, and which program officials stated will consist of a series of
incremental releases or mission capability enhancements that will support
business outcomes. In Increments 1 through 3, the program has built
interfaces among existing ("legacy") systems, enhanced the capabilities of
these systems, and deployed these capabilities to air, sea, and land POEs.
The capabilities that DHS currently has regarding the first three
increments have been largely acquired and implemented through existing
system contracts and task orders.

In reports on US-VISIT over the last several years, we have identified
numerous challenges that DHS faces in delivering program capabilities and
benefits on time and within budget. In September 2003, we reported that
the US-VISIT program is a risky endeavor, both because of the type of
program it is (large, complex, and potentially costly) and because of the
way that it was being managed.7 We reported, for example, that the
program's acquisition management process had not been established, and
that US-VISIT lacked a governance structure. In March 2004, we testified
that DHS faces a major challenge maintaining border security while still
welcoming visitors. Preventing the entry of persons who pose a threat to
the United States cannot be guaranteed, and the missed entry of just one
can have severe consequences. Also, US-VISIT is to achieve the important
law enforcement goal of identifying those who overstay or otherwise
violate the terms of their visas. Complicating the achievement of these
security and law enforcement goals are other key US-VISIT goals:
facilitating trade and travel through POEs and providing for enforcement
of U.S. privacy laws and regulations.8 Subsequently, in May 2004, we
reported that DHS had not employed the kind of rigorous and disciplined
management controls typically associated with successful programs.9
Moreover, in February 2006, we reported that while DHS had taken steps to
implement most of the recommendations from our 2003 and 2004 reports,
progress in critical areas had been slow.10 As of February 2006, of 18
recommendations we made since 2003, only 2 had been fully implemented, 11
had been partially implemented, and 5 were in the process of being
implemented, although the extent to which they would be fully carried out
is not yet known. In addition, in June 2006, we reported that US-VISIT
contract and financial management needed to be strengthened; in December
2006, we reported that the US-VISIT program faced strategic, operational
and technological challenges at land ports of entry; and in February 2007,
we reported that planned expenditures for the US-VISIT program needed to
be adequately defined and justified.11

6 This includes, for example, computers, printers, digital cameras,
fingerprint scanners, telecommunications upgrades, existing system
enhancements, and facilities modifications.

7 GAO, Homeland Security: Risks Facing Key Border and Transportation
Security Program Need to Be Addressed, GAO-03-1083 (Washington, D.C.:
Sept. 19, 2003).

8 GAO, Homeland Security: Risks Facing Key Border and Transportation
Security Program Need to Be Addressed, [26]GAO-04-569T  (Washington, D.C.:
March 2004).

US-VISIT Scope, Operations, and Processing at POEs

Currently, US-VISIT's scope includes the pre-entry, entry, status, and
exit of hundreds of millions of foreign national travelers who enter and
leave the United States at over 300 air, sea, and land POEs. Most land
border crossers--including U.S. citizens, lawful permanent residents, and
most Canadian and Mexican citizens--are, by regulation or statute, not
required to enroll into US-VISIT.12 In fiscal year 2004, for example, U.S.
citizens and lawful permanent residents constituted about 57 percent of
land border crossers; Canadian and Mexican citizens constituted about 41
percent; and less than 2 percent were US-VISIT enrollees. Figure 1 shows
the number and percentage of persons processed under US-VISIT as a
percentage of all border crossings at land, air, and sea POEs in fiscal
year 2004.

9 GAO, Homeland Security: First Phase of Visitor and Immigration Status
Program Operating, but Improvements Needed, [27]GAO-04-586  (Washington,
D.C.: May 2004).

10 GAO, Homeland Security: Recommendations to Improve Key Border Security
Programs Need to Be Implemented, [28]GAO-06-296 (Washington, D.C.:
February 2006).

11  GAO, Homeland Security: Contract Management and Oversight for Visitor
and Immigrant Status Program Need to Be Strengthened, GAO-06-404
(Washington, D.C.: June 9, 2006); GAO, Border Security, US-VISIT Program
Faces Strategic, Operational, and Technological Challenges at Land Ports
of Entry, GAO-07-248  (Washington, D.C.: December 6, 2006); and GAO,
Homeland Security: Planned Expenditures for U.S. Visitor and Immigrant
Status Program Need to Be Adequately Defined and Justified, GAO-07-278
(Washington, D.C.: Feb. 14, 2007).

12 Since the statute governing US-VISIT applies to foreign national
arrival and departure data only, U.S. citizens do not fall within the
scope of the program and therefore are exempt from US-VISIT screening.
Also, in general, regardless of whether they are to be processed into
US-VISIT, Mexican citizens must present either a passport and visa or a
BCC when seeking admission to the United States, while Canadian citizens
generally do not need such documents at this time (Canadian visitors at
land POEs may need passports as early as January 2008, however, under
regulations implementing a new statutory provision on passport
requirements). According to US-VISIT, when a Mexican receives a BCC, the
data on the individual entered into U.S. databases at the time of their
visa application are accessible by US-VISIT--if they are to be processed
into it for any reason.

Figure 1: Persons Processed under US-VISIT as a Percentage of All Border
Crossings at Land, Air, and Sea Ports of Entry, Fiscal Year 2004

Note: Persons processed by US-VISIT may include foreign nationals who were
also issued an I-94 arrival/departure form (which shows the date of
arrival, port of entry, and date the authorized period of admission
expires) valid for multiple entries and who have re-entered multiple
times. Total entering the United States includes U.S. citizens who may
have re-entered the country multiple times and foreign nationals,
including those not issued I-94s, such as Canadian citizens and Mexicans
with BCCs, and those issued multiple entry I-94s who also may have
re-entered multiple times. U.S. citizens do not fall within the statutory
scope of US-VISIT and therefore are exempt from US-VISIT screening.

Foreign nationals subject to US-VISIT who intend to enter the country
encounter different inspection processes at different types of POEs
depending on their mode of travel. Those who intend to enter the United
States at an air or sea POE are to be processed, for purposes of US-VISIT,
in the primary inspection area upon arrival. Generally, these visitors are
subject to prescreening, before they arrive, via passenger manifests,
which are forwarded to CBP by commercial air or sea carrier in advance of
arrival.13 By contrast, foreign nationals intending to enter the United
States at land POEs are generally not subject to prescreening because they
arrive in private vehicles or on foot and there is no manifest to record
their pending arrival. Thus, when foreign nationals subject to US-VISIT
arrive at a land POE in vehicles, they initially enter the primary
inspection area where CBP officers, often located in booths, are to
visually inspect travel documents and query the visitors about such
matters as their place of birth and proposed destination. Visitors
arriving as pedestrians enter an equivalent primary inspection area,
generally inside a CBP building. If the CBP officer believes a more
detailed inspection is needed or if the visitors are required to be
processed under US-VISIT, the visitors are to be referred to the secondary
inspection area--an area away from the primary inspection area--which is
generally inside a facility. The secondary inspection area inside the
facility generally contains office space, waiting areas, and space to
process visitors, including US-VISIT enrollees. Equipment used for
US-VISIT processing includes a computer, printer, digital camera, and a
two-fingerprint scanner. Visitors covered by US-VISIT who are determined
to be admissible are issued an I-94 arrival/departure form, which, among
other things, records their date of arrival and the date their authorized
period of admission expires.14

13 Under the Enhanced Border Security and Visa Entry Reform Act of 2002
(Pub. L. No. 107-173, S 402(a), 116 Stat. 543, 557-59), commercial air and
sea carriers are to transmit crew and passenger manifests to appropriate
immigration officials before arrival of an aircraft or vessel in the
United States. These manifests are transmitted to CBP through the Advanced
Passenger Information System (APIS), which helps officers identify (1)
those arrivals for which biometric data are available and (2) foreign
nationals who need to be scrutinized more closely.

14 Visitors traveling on nonimmigrant visas are issued Form I-94 and
visitors from Visa Waiver Program countries are issued Form I-94W. Both
forms show the date of arrival, port of entry, and date the authorized
period of admission expires. At land border POEs, the Form I-94 issued to
foreign nationals covered by US-VISIT who are deemed admissible is
considered issued for multiple entries, unless specifically annotated
otherwise. A multiple entry I-94 permits them to re-enter the country,
generally for up to 6 months, without additional US-VISIT processing
during the period covered by the I-94.

DHS Has Installed US-VISIT Biometric Entry Capability at Nearly All POEs, but
Faces Challenges Identifying and Monitoring the Operational Impacts on Land POE
Facilities

The US-VISIT program office has largely met its expectations relative to a
biometric entry capability. For example, on January 5, 2004, it deployed
and began operating most aspects of its planned biometric entry capability
at 115 airports and 14 seaports for selected foreign nationals, including
those from visa waiver countries;15 as of December 2006, the program
office had deployed and began operating this entry capability in the
secondary inspection areas of 154 of 170 land POEs. According to program
officials, 14 of the remaining 16 POEs have no operational need to deploy
US-VISIT because visitors who are required to be processed through
US-VISIT are, by regulation, not authorized to enter into the United
States at these locations.16 The other two POEs do not have entry
capability deployed because they do not have the necessary transmission
lines to operate US-VISIT; CBP officers at those sites have continued to
process visitors manually. CBP officials told us that US-VISIT's entry
capability has generally enhanced their ability to process visitors
subject to US-VISIT by providing assurance that visitors' identities can
be confirmed through biometric identifiers and by automating the paperwork
associated with processing I-94 arrival/departure forms.

To the department's credit, the development and deployment of this entry
capability was largely in accordance with legislative time lines and has
occurred during a period of considerable organizational change, starting
with the creation of DHS from 23 separate agencies in early 2003, followed
by the birth of a US-VISIT program office shortly thereafter--which was
only about 5 months before the program had to meet its first legislative
milestone. Compounding these program challenges was the fact that the
systems that were to be used in building and deploying a biometric entry
capability were managed and operated by a number of the separate agencies
that had been merged to form the new department, each of which was
governed by different policies, procedures, and standards.

Moreover, DHS reports that US-VISIT entry capabilities have produced
results. According to US-VISIT's Consolidated Weekly Summary Report, as of
December 28, 2006, there have been more than 5,400 biometric hits in
primary entry, resulting in more than 1,300 people having adverse actions,
such as denial of entry, taken against them. According to the report,
about 4,100 of these hits occurred at air and sea ports of entry and over
1,300 at land ports of entry. Further, the report indicates that more than
1,800 biometric hits have been referred to DHS's immigration enforcement
unit, resulting in 293 arrests. We did not verify the information in the
consolidated report.

15 On September 30, 2004, US-VISIT expanded biometric entry procedures to
include individuals from visa waiver countries applying for admission.

16 According to CBP, these POEs are classified as Class B ports. Under 8
C.F.R. S100.4 (c) (2), only citizens of the United States, Canada, and
Bermuda, and Lawful Permanent Residents of the United States and certain
holders of border crossing cards may enter through Class B ports.

Another potential consequence, although difficult to demonstrate, is the
deterrent effect of having an operational entry capability. Although
deterrence is not an expressly stated goal of the program, officials have
cited it as a potential byproduct of having a publicized capability at the
border to screen entry on the basis of identity verification and matching
against watch lists of known and suspected terrorists. Accordingly, the
deterrent potential of the knowledge that unwanted entry may be thwarted
and the perpetrators caught is arguably a layer of security that should
not be overlooked.

Despite these results, US-VISIT's entry capability at land POEs has not
been without operational and system performance problems. During recent
visits to land POEs, we identified some space constraints and other
capacity issues. For example, at the Nogales-Morley Gate POE in Arizona,
where up to 6,000 visitors are processed daily (and up to 10,000 on
holidays), equipment was installed17 but not used because of CBP concerns
about its ability to carry out the US-VISIT process in a constrained space
while thousands of other people not subject to US-VISIT are processed
through the facility daily.18 Thus, visitors that are to be processed into
US-VISIT from Morley Gate are directed to return to Mexico (a few feet
away) and to walk approximately 100 yards to the Nogales-DeConcini POE
facility, which has the capability to handle secondary inspections of this
kind.

Going forward, DHS plans to introduce changes and enhancements to US-VISIT
at land POEs intended to further bolster CBP's ability to verify the
identity of individuals entering the country, including a transition from
digitally scanning 2 fingerprints to scanning 10. While such changes are
intended to further enhance border security, deploying them may have an
impact on aging and space-constrained land POE facilities because they
could increase inspection times and adversely affect POE operations. Our
site visits, interviews with US-VISIT and CBP officials, and the work of
others suggest that both before and after US-VISIT entry capability was
installed at land POEs, these facilities faced a number of
challenges--operational and physical--including space constraints
complicated by the logistics of processing high volumes of visitors and
associated traffic congestion. Moreover, our work over the past 3 years
showed that the US-VISIT program office had not taken necessary steps to
help ensure that US-VISIT entry capability operates as intended. For
example, in February 2006 we reported that the approach taken by the
US-VISIT Program Office to evaluate the impact of US-VISIT on land POE
facilities focused on changes in I-94 processing time at 5 POEs and did
not examine other operational factors, such as US-VISIT's impact on
physical facilities or work force requirements.19 As a result, program
officials did not always have the information they needed to anticipate
problems that occurred, such as problems processing high volumes of
visitors in space-constrained facilities.

17 Such equipment includes a computer, printer, digital camera, and
fingerprint scanners.

18 CBP based this decision on the high volume of pedestrians entering the
United States through the Morley Gate POE; the fact that, before
deployment, I-94s had not been previously issued at the Morley Gate POE;
and the close proximity of the Morley Gate POE facility to the nearby
DeConcini POE facility, about 100 yards away.

In addition, we found that management controls did not always alert
US-VISIT and CBP to operational problems. Our standards for internal
controls in the federal government state that it is important for agencies
to have controls in place to help ensure that policies and procedures are
applied and that managers be made aware of problems so that that they can
be addressed and resolved in a timely fashion.20 CBP officials at 12 of 21
land POE sites we visited told us about US-VISIT-related computer
slowdowns and freezes that adversely affected visitor processing and
inspection times, and at 9 of the 12 sites, computer processing problems
were not always reported to CBP's computer help desk, as required by CBP
guidelines. Although various controls are in place to alert US-VISIT and
CBP officials to problems as they occur, these controls did not alert
officials to all problems, given that they had been unaware of the
problems we identified before we brought them to their attention. These
computer processing problems have the potential to not only inconvenience
travelers because of the increased time needed to complete the inspection
process, but to compromise security, particularly if CBP officers are
unable to perform biometric checks--one of the critical reasons US-VISIT
was installed at POEs.

19 [29]GAO-06-296 .

20 GAO, Internal Control: Standards for Internal Control in the Federal
Government, [30]GAO/AIMD-00-21 .3.1 (Washington, D.C.: November 1999) and
GAO, Internal Control Standards: Internal Control Management and
Evaluation Tool, [31]GAO-01-1008G (Washington, D.C.: August 2001).

Our internal control standards also call for agencies to establish
performance measures throughout the organization so that actual
performance can be compared to expected results. While the US-VISIT
Program Office established performance measures for fiscal years 2005 and
2006 intended to gauge performance of various aspects of US-VISIT at air,
sea, and land POEs in the aggregate, performance measures specifically for
land POEs had not been developed. It is important to do so, given that
there are significant operational and facility differences among these
different types of POEs. Additional performance measures that consider
operational and facility differences at land POEs would put US-VISIT
program officials in a better position to identify problems, trends, and
areas needing improvements.

Implementing a Biometric US-VISIT Exit Capability has Been a Challenge

DHS has devoted considerable time and resources toward establishing an
operational exit capability. Over the last 4 years, it has committed over
$160 million to pilot test and evaluate an exit solution at 12 air, 2 sea,
and 5 land POEs. Despite this considerable investment of time and
resources, the US-VISIT program still does not have either an operational
exit capability or a viable exit solution to deploy to all air, sea, and
land POEs.

A Biometric Exit Capability is being Tested at Air and Sea POEs, But Operational
Concerns Need to be Addressed

Although US-VISIT is pilot testing a biometric exit capability for air and
sea POEs, it is not currently available at all ports. In January 2004,
devices for collecting biometric data were deployed to one airport and one
seaport on a pilot basis. Subsequently, this pilot was expanded to 12
airports and 2 seaports. The pilot tested several exit alternatives,
including an enhanced kiosk (a self-service device that captures a digital
photograph and fingerprint, and prints out an encoded receipt), a mobile
device (a hand-held device operated by a workstation attendant21 that
captures a digital photograph and fingerprint), and a validator (a
hand-held device operated by a workstation attendant that captures a
digital photograph and fingerprint and then matches the captured
photograph and fingerprint to the ones originally captured via the kiosk
and encoded in the receipt). Each alternative required the traveler to
comply with inspection processes. The pilot was completed in May 2005, and
established the technical feasibility of a biometric exit solution.
However, it identified issues that limited the operational effectiveness
of the solution, such as the lack of traveler compliance with the
processes.

21 Workstation attendants also assist travelers in using the kiosk.

The fiscal year 2006 expenditure plan allocated $33.5 million to continue
the exit pilots for air and sea POEs. According to program officials,
US-VISIT is now developing a plan for deploying a comprehensive,
affordable exit solution. However, no time frame has been established for
this plan being approved or implemented. Meanwhile, US-VISIT plans to
conduct a second pilot phase at air and sea POEs that will involve
multiple operational scenarios which would compel greater traveler
compliance, such as repositioning the kiosks, integrating biometric exit
into airport check-in processes, integrating biometric exit into existing
airline processes, integrating biometric exit into Transportation Security
Administration screening checkpoints, and enhancing the use of Immigration
and Customs Enforcement programs intended for enforcement, such as
screening of targeted flights at selected airports.

Various Factors Have Prevented US-VISIT from Implementing a Biometric Exit
Capability at Land POEs

Various factors have prevented US-VISIT from implementing a biometric exit
capability at land POEs. Federal laws require the creation of a US-VISIT
exit capability using biometric verification methods to ensure that the
identity of visitors leaving the country can be matched biometrically
against their entry records.22 However, according to officials at the
US-VISIT Program Office and CBP and US-VISIT program documentation, there
are interrelated logistical, technological, and infrastructure constraints
that have precluded DHS from achieving this mandate, and there are cost
factors related to the feasibility of implementation of such a solution.
The major constraint to performing biometric verification upon exit at
this time, in the US-VISIT Program Office's view, is that the only proven
technology available would necessitate mirroring the processes currently
in use for US-VISIT at entry. A mirror image system for exit would, like
one for entry, require CBP officers at land POEs to examine the travel
documents of those leaving the country, take fingerprints, compare
visitors' facial features to photographs, and, if questions about identity
arise, direct the departing visitor to secondary inspection for additional
questioning. These steps would be carried out for exiting pedestrians as
well as for persons exiting in vehicles. The US-VISIT Program Office
concluded in January 2005 that the mirror-imaging solution was "an
infeasible alternative for numerous reasons, including but not limited to,
the additional staffing demands, new infrastructure requirements, and
potential trade and commerce impacts."23

22 Intelligence Reform and Terrorism Prevention Act of 2004, S 7208, 8
U.S.C. S 1365b. See also USA PATRIOT Act, Pub. L. No. 107-56, S 414(b)(1),
115 Stat. 272, 353 (2001); 8 U.S.C. S 1365a(b)(2)-(4).

US-VISIT officials told us that they anticipated that a biometric exit
process mirroring that used for entry could result in delays at land POEs
with heavy daily volumes of visitors. And they stated that in order to
implement a mirror image biometric exit capability, additional lanes for
exiting vehicles and additional inspection booths and staff would be
needed, though they had not determined precisely how many. According to
these officials, it is unclear how new traffic lanes and new facilities
could be built at land POEs where space constraints already exist, such as
those in congested urban areas. (For example, San Ysidro, California,
currently has 24 entry lanes, each with its own staffed booth and 6
unstaffed exit lanes. Thus, if full biometric exit capability were
implemented using a mirror image approach, San Ysidro's current capacity
of 6 exit lanes would have to be expanded to 24 exit lanes.) As shown in
figure 3, based on observations during our site visit to the San Ysidro
POE, the facility is surrounded by dense urban infrastructure, leaving
little, if any, room to expand in place. Some of the 24 entry lanes for
vehicle traffic heading northward from Mexico into the United States
appear in the bottom left portion of the photograph, where vehicles are
shown waiting to approach primary inspection at the facility; the 6 exit
lanes (traffic toward Mexico), which do not have fixed inspection
facilities, are at the upper left.

23 US-VISIT, Increment 2C Operational Alternatives Assessment--FINAL
(Rosslyn, Virginia: Jan. 31, 2005).

Figure 2: Aerial View of San Ysidro, California, POE

Other POE facilities are similarly space-constrained. At the POE at
Nogales-DeConcini, Arizona, for example, we observed that the facility is
bordered by railroad tracks, a parking lot, and industrial or commercial
buildings. In addition, CBP has identified space constraints at some rural
POEs. For example, the Thousand Islands Bridge POE at Alexandria Bay, New
York, is situated in what POE officials described as a "geological bowl,"
with tall rock outcroppings potentially hindering the ability to expand
facilities at the current location. Officials told us that in order to
accommodate existing and anticipated traffic volume upon entry, they are
in the early stages of planning to build an entirely new POE on a hill
about a half-mile south of the present facility. CBP officials at the
Blaine-Peace Arch POE in Washington state said that CBP also is
considering whether to relocate and expand the POE facility, within the
next 5 to 10 years, to better handle existing and projected traffic
volume. According to the US-VISIT program officials, none of the plans for
any expanded, renovated, or relocated POE include a mirror image addition
of exit lanes or facilities comparable to those existing for entry.

In 2003, the US-VISIT Program Office estimated that it would cost
approximately $3 billion to implement US-VISIT entry and exit capability
at land POEs where US-VISIT was likely to be installed and that such an
effort would have a major impact on facility infrastructure at land POEs.
We did not assess the reliability of the 2003 estimate. The cost estimate
did not separately break out costs for entry and exit construction, but
did factor in the cost for building additional exit vehicle lanes and
booths as well as buildings and other infrastructure that would be
required to accommodate a mirror imaging at exit of the capabilities
required for entry processing. US-VISIT program officials told us that
they provided this estimate to congressional staff during a briefing, but
that the reaction to this projected cost was negative and that they
therefore did not move ahead with this option. No subsequent cost estimate
updates had been prepared, and DHS's annual budget requests have not
included funds to build the infrastructure that would be associated with
the required facilities.

US-VISIT officials stated that they believe that technological advances
over the next 5 to 10 years will make it possible to utilize alternative
technologies that provide biometric verification of persons exiting the
country without major changes to facility infrastructure and without
requiring those exiting to stop and/or exit their vehicles, thereby
precluding traffic backup, congestion, and resulting delays. US-VISIT's
report assessing biometric alternatives noted that although limitations in
technology currently preclude the use of biometric identification because
visitors would have to be stopped, the use of the as yet undeveloped
biometric verification technology supports the long-term vision of the
US-VISIT program.24 However, no such technology or device currently exists
that would not have a major impact on facilities. The prospects for its
development, manufacture, deployment, and reliable utilization are
currently uncertain or unknown, although a prototype device that would
permit a fingerprint to be read remotely without requiring the visitor to
come to a full stop is under development.

While logistical, technical, and cost constraints may prevent
implementation of a biometrically based exit technology for US-VISIT at
this time, it is important to note that there currently is not a
legislatively mandated date for implementation of such a solution. The
Intelligence Reform and Terrorism Prevention Act of 2004 requires US-VISIT
to collect biometric exit data from all individuals who are required to
provide biometric entry data.25 The act did not set a deadline, however,
for requiring collection of biometric exit data from all individuals who
are required to provide biometric entry data. Although US-VISIT had set a
December 2007 deadline for implementing exit capability at the 50 busiest
land POEs, US-VISIT has since determined that implementing exit capability
by this date is no longer feasible, and a new date for doing so has not
been set.

24 US-VISIT, Increment 2C Operational Alternatives Assessment--FINAL
(Rosslyn, Virginia: Jan. 31, 2005).

US-VISIT has tested nonbiometric technology to record travelers'
departure, but testing showed numerous performance and reliability
problems. Because there is at present no biometric technology that can be
used to verify a traveler's exit from the country at land POEs without
also making major and costly changes to POE infrastructure and facilities,
US-VISIT tested radio frequency identification (RFID) technology as a
nonbiometric means of recording visitors as they exit. RFID technology can
be used to electronically identify and gather information contained on a
tag--in this case, a unique identifying number embedded in a tag on a
visitor's arrival/departure form--which an electronic reader at the POE is
intended to detect. While RFID technology required few facility and
infrastructure changes, US-VISIT's testing and analysis at five land POEs
at the northern and southern borders identified numerous performance and
reliability problems, such as the failure of RFID readers to detect a
majority of travelers' tags during testing. For example, according to
US-VISIT, at the Blaine-Pacific Highway test site, of 166 vehicles tested
during a 1-week period, RFID readers correctly identified 14 percent--a
sizable departure from the target read rate of 70 percent.26

Another problem that arose was that of cross-reads, in which multiple RFID
readers installed on poles or structures over roads, called gantries,
picked up information from the same visitor, regardless of whether the
individual was entering or exiting in a vehicle or on foot. Thus,
cross-reads resulted in inaccurate record keeping.

25 8 U.S.C. S 1365b(d).

26 A US-VISIT program official explained that for vehicles exiting during
RFID testing, one could "reasonably expect" a read rate of 70 percent
because vehicles are not required to stop upon exit. The official also
cited vehicle speed, safety, and awareness (of optimal positioning of the
arrival/departure form; for example, holding the form up to the window of
the vehicle) as factors that affected RFID read rates.

Even if RFID deficiencies were to be fully addressed and deadlines set,
questions remain. For example, the RFID solution did not meet the
congressional requirement for a biometric exit capability because the
technology that had been tested cannot meet a key goal of
US-VISIT--ensuring that visitors who enter the country are the same ones
who leave. By design, an RFID tag embedded in an I-94 arrival/departure
form cannot provide the biometric identity-matching capability that is
envisioned as part of a comprehensive entry/exit border security system
using biometric identifiers for tracking overstays and others entering,
exiting, and re-entering the country. Specifically, the RFID tag in the
I-94 form cannot be physically tied to an individual. This situation means
that while a document may be detected as leaving the country, the person
to whom it was issued at time of entry may be somewhere else.

DHS was to have reported to Congress by June 2005 on how the agency
intended to fully implement a biometric entry/exit program. In February
2007, US-VISIT officials told us that this plan had been forwarded to the
Office of Management and Budget (OMB) for review. According to statute,
this plan is to include, among other things, a description of the manner
in which the US-VISIT program meets the goals of a comprehensive entry and
exit screening system--including both biometric entry and exit--and
fulfills statutory obligations imposed on the program by several laws
enacted between 1996 and 2002.27 Until such a plan is finalized and
issued, DHS is not able to articulate how entry/exit concepts will fit
together--including any interim nonbiometric solutions--and neither DHS
nor Congress is positioned to prioritize and allocate resources for a
US-VISIT exit capability or plan for the program's future.

DHS Continues to Face Longstanding US-VISIT Management Challenges and Future
Uncertainties

Our work and other best practice research have shown that applying
disciplined and rigorous management practices improves the likelihood of
delivering expected capabilities on time and within budget. Such practices
and processes include determining how the program fits within the larger
context of an agency's strategic plans and related operational and
technology environments, whether the program will produce benefits in
excess of costs over its useful life, and whether program impacts and
options are being fully identified, considered, and addressed. To further
ensure that programs are managed effectively, it is important that they be
executed in accordance with acquisition and financial management
requirements and best practices, and that progress against program
commitments is defined and measured so that program officials can be held
accountable for results.

27 8 U.S.C. S1365b(c)(2)(E).

Over the last several years, we have reported on fundamental limitations
in DHS's efforts to define and justify the program's future direction and
to cost-effectively manage the delivery of promised capabilities on time
and within budget. To a large degree, what is operating and what is not
operating today, and what future program changes are underway and yet to
be defined, are affected by these limitations. DHS needs to address these
challenges going forward, and the recommendations that we made are aimed
at encouraging this. Until these recommendations are fully implemented,
the program will be at greater risk of not optimally meeting mission needs
and falling short of meeting expectations.

DHS Has Not Defined and Developed US-VISIT Within a DHS-wide Operational and
Technological Context

As we previously reported, agency programs need to properly fit within a
common strategic context or frame of reference governing key aspects of
program operations (such as who is to perform what functions, when and
where they are to be performed, what information is to be used to perform
them, and what rules and standards will govern the use of technology to
support them).28 Without a clear operational context to guide and
constrain both US-VISIT and other border security and immigration
enforcement initiatives, DHS risks investing in programs and systems that
are duplicative, are not interoperable, and do not optimize enterprisewide
mission operations and produce intended outcomes.

For almost 4 years, DHS has continued to pursue US-VISIT (both in terms of
deploying interfaces between and enhancements to existing systems and in
defining a longer-term, strategic US-VISIT solution) without producing the
program's operational context. In September 2003, we reported that DHS had
not defined key aspects of the larger homeland security environment in
which US-VISIT would need to operate. In the absence of a DHS-wide
operational and technological context, program officials were making
assumptions about certain policy and standards decisions that had not been
made, such as whether official travel documents would be required for all
persons who enter and exit the country--including U.S. and Canadian
citizens--and how many fingerprints would be collected for biometric
comparisons. We further reported that if the program office's assumptions
and decisions turned out to be inconsistent with subsequent policy or
standards decisions, it would require US-VISIT rework.

28 GAO, Homeland Security: Risks Facing Border and Transportation Security
Program Need to be Addressed, GAO-03-1083 (Washington, D.C.: Sept. 19,
2003).

According to the program's Chief Strategist, an immigration and border
management strategic plan was drafted in March 2005 to show how US-VISIT
is aligned with DHS's organizational mission and to define an overall
vision for immigration and border management. According to this official,
the vision provides for an immigration and border management enterprise
that unifies multiple departmental and external stakeholders around common
objectives, strategies, processes, and infrastructures. As of February
2007, about 2 years later, we were told that this strategic plan has not
yet been approved, although the program's Acting Director stated that the
plan is currently with OMB and should be provided to the House and Senate
Appropriations Subcommittees on Homeland Security by March 2007.

However, at the same time, US-VISIT has not taken steps to ensure that the
direction that it is taking is both operationally and technologically
aligned with DHS's enterprise architecture (EA). As the report that we
issued this week states, the DHS Enterprise Architecture Board, which is
the DHS entity that determines EA compliance, has not reviewed the
US-VISIT architecture compliance for more than 2 years. However, since
August 2004, both US-VISIT and the EA have changed. For example,
additional functionality, such as the interoperability of US-VISIT's
Automated Biometric Information System (IDENT) and the Department of
Justice's Integrated Automated Fingerprint Identification System (IAFIS),
and the expansion of IDENT to collect t10 rather than 2 fingerprints, has
been added. Also, two versions of the DHS EA have been issued since August
2004.

While the strategic plan has not been approved or disseminated, the
program office has developed a strategic vision and blueprint and begun to
implement it. According to program officials, this future vision is to be
delivered through a number of planned mission capability enhancements. Of
these, the first enhancement is underway and is to provide several new
capabilities, including what the program refers to as "Unique Identity,"
which is to include the migration from the 2-fingerprint to 10-fingerprint
collection at program enrollment. It is also to interoperate US-VISIT's
IDENT system and the Department of Justice's IAFIS system. Currently, the
US-VISIT officials plan to complete Unique Identity in several phases and
have it fully operational by December 2009, although these plans have not
yet approved by DHS.

At this same time, DHS has launched other major border security programs
without adequately defining the relationships to US-VISIT and each other.
For example, the Intelligence Reform and Terrorism Prevention Act of 2004
directs DHS and the Department of State to develop and implement a plan,
no later than June 2009, that requires U.S. citizens and foreign nationals
of Canada, Bermuda, and Mexico to present a passport or other document or
combination of documents deemed sufficient to show identity and
citizenship to enter the United States (this is currently not a
requirement for these individuals entering the United States via sea and
land POEs from most countries within the western hemisphere).29 This
effort, known as the Western Hemisphere Travel Initiative, was first
announced in 2005. In May 2006, we reported that DHS and the Department of
State had taken some steps to carry out the initiative, but they had a
long way to go to implement their proposed plans.30 Among other things,
key decisions had yet to be made about what documents other than a
passport would be acceptable when U.S. citizens and citizens of Canada
enter or return to the United States. Further, while DHS and Department of
State had proposed an alternative form of passport, called a PASS card,
that would rely on RFID technology to help DHS process U.S. citizens
re-entering the country, DHS had not made decisions involving a broad set
of considerations that include (1) utilizing security features to protect
personal information, (2) ensuring that proper equipment and facilities
are in place to facilitate crossings at land borders, and (3) enhancing
compatibility with other border crossing technology already in use.

DHS has also initiated another border security program, known as the
Secure Border Initiative (SBI)--a multi-year, multi-billion dollar
program, to secure the borders and reduce illegal immigration by
installing state-of-the-art surveillance technologies along the border,
increasing border security personnel, and ensuring information access to
DHS personnel at and between POEs. Under SBI and its component, called
SBInet, DHS plans to integrate personnel, infrastructures, technologies,
and rapid response capability into a comprehensive border protection
capability. DHS reports that, among other things, SBInet is to encompass
both the northern and southern land borders, including the Great Lakes,
under a unified border control strategy whereby CBP is to focus on the
interdiction of cross-border violations between and at the land POEs,
funneling traffic to the land POEs. As part of SBI, DHS also plans to
focus on interior enforcement--disrupting and dismantling cross-border
crime into the interior of the United States while locating and removing
aliens who are present in the United States in violation of law. However,
it is unclear how SBInet will be linked, if at all, to US-VISIT so that
the two can share technology, infrastructure, and data.

29 Pub. L. No. 108-458, S 7209 (Dec. 17, 2004), as amended, Pub. L. No.
109-295, S 546 (Oct. 4, 2006). In November 2006, DHS and the Department of
State issued a final rule announcing that, beginning on January 23, 2007,
citizens of the United States, Canada, Mexico, and Bermuda are required to
present a passport to enter the United States when arriving by air from
any part of the Western Hemisphere (8 C.F.R. Parts 212 and 235 and 22
C.F.R. Parts 41 and 53). According to DHS, a separate proposed rule
addressing land and sea travel will be published at a later date with
specific requirements for travelers entering the United States through
land and sea border crossings.

30 GAO, Observations on Efforts to Implement the Western Hemisphere Travel
Initiative on the U.S. Canadian Border, [32]GAO-06-741R  (Washington,
D.C.: May 25, 2006).

Clearly defining the dependencies among US-VISIT and programs like the
Western Hemisphere Travel Initiative and SBI is important because there is
commonality among their strategic goals and operational environments. For
example, both US-VISIT and SBI share the goal of securing the POEs.
Moreover, there is overlap in the data that each is to produce and use.
For example, both US-VISIT and the Western Hemisphere Travel Initiative
will require identification data for travelers at POEs.

Despite these dependencies, DHS has yet to define these relationships or
how they will be managed. Further, according to a March 6, 2006 memo from
the DHS Joint Requirements Council, the US-VISIT strategic plan did not
provide evidence of sufficient coordination between the program and the
other entities involved in border security and immigration efforts. The
council's recommendation was that the strategic plan not be approved until
greater coordination between US-VISIT and other components was addressed.

According to the Acting Program Director, a number of efforts are underway
to coordinate with other entities, such as with CBP on RFID, with the
Coast Guard on development of a mobile biometric reader, and with State on
standards for document readers. Without a clear, complete, transparent,
and understood definition of how related programs and initiatives are to
interact, US-VISIT and other border security and immigration enforcement
programs run the risk of being defined and implemented in a way that does
not optimize DHS-wide performance and results.

DHS Has Not Economically Justified US-VISIT Increments or Assessed Their
Operational Impacts

The decision to invest in any system or capability should be based on
reliable analyses of return on investment. That is, an agency should have
reasonable assurance that a proposed program will produce mission value
commensurate with expected costs and risks. According to OMB guidance,
individual increments of major systems should be individually supported by
analyses of benefits, cost, and risk. Thus far, DHS has yet to develop an
adequate basis for knowing whether its incrementally deployed US-VISIT
capabilities represent a good return on investment, particularly in light
of shortfalls in DHS's assessments of the program's operational impacts,
including costs of proposed capabilities. Without this knowledge, DHS will
not know until after the fact whether it is investing wisely or pursuing
cost-effective and affordable solutions.

  DHS Did Not Economically Justify Its Proposed Incremental Investments

US-VISIT had not assessed the cost and benefits of its early increments.
For example, we reported in September 2003 that it had not assessed the
costs and benefits of Increment 1. Again, in February 2005, we reported
that although the program office developed a cost-benefit analysis for its
land entry capability, it had not justified the investment because the
treatment of both benefits and costs were unclear and insufficient.
Further, we reported that the cost estimates on which the cost-benefit
analysis was based were of questionable reliability because effective
cost-estimating practices were not followed. Most recently, in February
2006, we reported again that the program office had not justified its
investment in its air and sea exit capability. For example, we reported
that while the cost-benefit analysis explained why the investment was
needed, and considered at least two alternatives to the status quo, which
is consistent with OMB guidance for cost-benefit analyses, it did not
include a complete uncertainty analysis for the three exit alternatives
evaluated. Specifically, it did not include a sensitivity analysis31 for
the three alternatives, which is a major part of an uncertainty analysis.
A complete analysis of uncertainty is important because it provides
decision makers with a perspective on the potential variability of the
cost and benefit estimates should the facts, circumstances, and
assumptions change. Further, the cost estimate upon which the analysis was
based did not meet key criteria for reliable cost estimating. For example,
it did not include a detailed work breakdown structure, which serves to
organize and define the work to be performed so that associated costs can
be identified and estimated.

Further, as we state in our February 2007 report, DHS has devoted
considerable time and resources toward establishing an operational exit
capability at land, air, and sea POEs. For example, over the last 4 years,
DHS has committed over $160 million to evaluate and operate exit pilots at
selected air, sea, and land POEs. Notwithstanding this considerable
investment of time and resources, the US-VISIT program still does not have
either an operational exit capability or a viable exit solution to deploy
to all air, sea, and land POEs.

31 A sensitivity analysis is a quantitative assessment of the effect that
a change in a given assumption, such as unit labor cost, will have on net
present value.

Moreover, US-VISIT exit pilot reports have raised concerns and
limitations. For example, as we previously stated, land exit pilots
experienced several performance problems, such as the failure of RFID
readers to detect a majority of travelers' tags during testing and
cross-reads, in which multiple RFID readers installed on poles or
structures over roads, called gantries, picked up information from the
same visitor.

Notwithstanding these results, we reported in February 2007 that the
program office planned to invest another $33.5 million to continue its air
and sea exit pilots. However, neither the fiscal year 2006 expenditure
plan nor other exit-related program documentation adequately defined what
these efforts entail or what they will accomplish. In particular, the plan
and other exit-related documentation merely state that $33.5 million will
be used to continue air and sea exit pilots while a comprehensive exit
solution is developed. They do not adequately describe measurable outcomes
(benefits and results) from the pilot efforts, or related cost, schedule,
and capability commitments that will be met. Further, the plan does not
recognize the challenges revealed from the prior exit efforts, nor does it
show how proposed exit investments address these challenges. In addition,
the plan allocates more funding for continuing the air and sea exit pilots
($33.5 million) than the prior year's plan said would be needed to fully
deploy an operational air and sea exit solution ($32 million). According
to program officials, the air and sea exit pilots are being continued to
maintain a presence intended to provide a deterrent effect at exit
locations, and to gather additional data that could help support planning
for a comprehensive exit solution.

Moreover, US-VISIT reported in August 2006 that it planned to spend an
additional $21.5 million to continue its land exit demonstration project
without adequate justification. However, we reported in February 2007 that
these plans lacked adequate justification in light of the problems we
discussed earlier in this statement. Accordingly, program officials told
us that they intend to terminate the land exit project until a
comprehensive exit strategy can be developed. They have also stated that a
small portion of the $21.5 million is to be used to close out the
demonstration project and have requested that the remainder of the money
be reprogrammed to support Unique Identity.

  DHS Did Not Adequately Assess the Impact of Entry Capabilities on Land Ports
  of Entry Operations and Planned Capability Enhancements Carry Potential Cost
  Implications

Knowing how planned US-VISIT capabilities will impact POE operations is
critical to US-VISIT investment decision makers. In May 2004, we reported
that the program had not assessed how deploying entry capabilities at land
POEs would impact the workforce and facilities. We questioned the validity
of the program's assumptions and plans concerning workforce and
facilities, since the program lacked a basis for determining whether its
assumptions were correct and thus whether its plans were adequate.
Subsequently, the program office evaluated the operational performance of
the land entry capability with the stated purpose of determining the
effectiveness of its performance at the 50 busiest land POEs. For this
evaluation, the program office established a baseline for comparing the
average time it takes to issue and process entry/exit forms at 3 of these
50 POEs, and then conducted two evaluations of the processing times at the
three POEs, one after the entry capability was deployed as a pilot, and
another one 3 months later, after the entry capability was deployed to all
50 POEs. The evaluation results showed that the average processing times
decreased for all three sites. Program officials concluded that these
results supported their workforce and facility investment assumptions that
no additional staff was required to support deployment of the entry
capability and that minimal modifications were required at the
facilities.32

However, the scope of the evaluations was not sufficient to satisfy the
evaluations' stated purpose for assessing the full impact of the entry
capability. For example, the selection of the three sites, according to
program officials, was based on a number of factors, including whether the
sites already had sufficient staff to support the pilot. Selecting sites
based on this factor is problematic because it presupposes that all not
POEs have the staff needed to support the land entry capability. In
addition, evaluation conditions were not always held constant:
specifically, fewer workstations were used to process travelers in
establishing the baseline processing times at two of the POEs than were
used during the pilot evaluations.

Moreover, CBP officials from a land port of entry that was not an
evaluation site (San Ysidro) told us that US-VISIT deployment had not
reduced but actually lengthened processing times. (San Ysidro processes
the highest volume of travelers of all land POEs.) Although these
officials did not provide specific data to support their statement, their
perception nevertheless raises questions about the potential impact of
land entry capabilities on the 47 sites that were not evaluated.

32 Specifically, they said minimal modifications to interior workspace
were required to accommodate biometric capture devices and printers and to
install electrical circuits. These officials stated that modifications to
existing officer training and interior space were the only changes needed.

Exacerbating this situation is the fact that DHS plans to introduce
changes and enhancements to US-VISIT at land POEs to verify the identity
of individuals entering the country, including a transition from digitally
scanning 2 fingerprints to 10. While such changes are intended to further
enhance border security, deploying them may have an impact on aging and
spatially-constrained land POEs facilities because they could increase
inspection times and adversely affect POEs operations. Moreover, the
increase from 2 to 10 fingerprints can affect the capacity of the systems
and communications networks processing because of the larger data sets
being processed and transmitted (10 vs 2 fingerprints). This need for
increased capacity will in turn affect program costs.

  US-VISIT Did Not Adequately Evaluate Exit Capability Impacts on Operations at
  Air and Sea Ports of Entry

The impact of planned exit capabilities at air and sea POEs has also not
been adequately analyzed, and is thus not available to inform investment
decisions. In February 2005, we reported that the program office had not
adequately planned for evaluating its exit pilot at air and sea POEs
because the pilot's evaluation scope and timeline were compressed. As a
result, the US-VISIT program office extended the pilot from 5 to 14 POEs
(12 airports and 2 seaports). Notwithstanding the expanded scope of the
pilot, the exit alternatives were not sufficiently evaluated.
Specifically, the program office evaluated these alternatives against
three criteria,33 including compliance with the exit process. According to
the exit evaluation plan report, the average compliance rate across all
three alternatives was only 24 percent.34 The evaluation report cited
several reasons for the low compliance rate, including that compliance
during the pilot was voluntary. As a result, the evaluation report
concluded that national deployment of the exit solution will not meet the
desired compliance rate unless the scope of the exit process is expanded
to incorporate an enforcement mechanism, such as not allowing persons to
reenter the United States if they do not comply with the exit process or
not allowing persons to board a carrier until they are processed by an
airline or the Transportation Security Administration. As of February
2006, program officials had not conducted any formal evaluation of
enforcement mechanisms or their possible effect on compliance and cost,
and according to the Acting Program Director, they do not plan to do so.

33 The other two evaluation criteria were conduciveness to travel and
cost.

34 Compliance rates were 23 percent for the kiosk, 36 percent for the
mobile device, and 26 percent for the validator.

  DHS Has Not Adequately Justified Increases in, and Disclosed the Scope and
  Nature of, Program Management-Related Fiscal Year 2006 Expenditures

Program management is an important and integral aspect of any system
acquisition program. The importance of program management, however, does
not by itself justify any level of investment in such activities. Rather,
investments in program management capabilities should be viewed the same
as investments in any program capability, meaning the scope, nature, size,
and value of the investment should be disclosed and justified in relation
to the size and significance of the acquisition activities being
performed.

As our February 2007 report states, US-VISIT's planned investment in
program management-related activities has risen steadily over the last 4
years, while planned investment in development of new program capabilities
has declined. Figure 3 shows the breakdown of planned expenditures for
US-VISIT fiscal year 2002 through 2006 expenditure plans.

Figure 3: US-VISIT Breakdown of Planned Expenditures as a Dollar Amount
for FY2002 Through FY2006

Note: According to US-VISIT program officials, actual cost information for
program management and operations cannot be readily provided due to
limitations in their financial management system.

Specifically, the fiscal year 2003 expenditure plan provided $30 million
for program management and operations and about $325 million for new
development efforts, whereas the fiscal year 2006 plan provided $126
million for program management-related functions--an increase of $96
million--and $93 million for new development. This means that the fiscal
year 2006 plan proposed expending $33 million more for program management
and operations than it is for new development.

The increase in planned program management-related expenditures is more
pronounced if it is viewed as a percentage of planned development
expenditures. Figure 4 shows planned US-VISIT expenditures for program
management and operations as a percentage of development for fiscal years
2002 thru 2006.

Figure 4: US-VISIT Planned Expenditures for Program Management and
Operations as a Percentage of Development for FY2002 through FY2006

Note: According to US-VISIT program officials, actual cost information for
program management and operations cannot be readily provided due to
limitations in their financial management system.

Specifically, planned program management-related expenditures represented
about 9 percent of planned development in fiscal year 2003, but
represented about 135 percent of fiscal year 2006 development, meaning
that the fiscal year 2006 expenditure plan proposed spending about $1.35
on program management-related activities for each dollar spent on
developing new US-VISIT capability.

Moreover, the fiscal year 2006 expenditure plan did not explain the
reasons for this recent growth or otherwise justify the sizeable proposed
investment in program management and operations on the basis of measurable
and expected value. Further, the plan did not adequately describe the
range of planned program management and operations activities.

Program officials told us that the DHS Acting Undersecretary for
Management raised similar concerns about the large amount of program
management and operations funding in the expenditure plan. In January
2007, DHS submitted a revised expenditure plan to the House and Senate
Appropriations Subcommittees on Homeland Security, at the committee's
direction, to address their concerns. The revised plan allocates some
program management funds to individual increments and to two new
categories--program services and data integrity and biometric support, and
program and project support contractor services. However, the revised plan
still shows a relatively sizeable portion of proposed funding going toward
program management-related activities.

DHS Has Not Fully Implemented Key US-VISIT Acquisition and Financial Management
Controls

Managing major programs like US-VISIT requires applying discipline and
rigor when acquiring and accounting for systems and services. Our work and
other best practice research have shown that applying such rigorous
management practices improves the likelihood of delivering expected
capabilities on time and within budget. In other words, the quality of IT
systems and services is largely governed by the quality of the management
processes involved in acquiring and managing them. Some of these processes
and practices are embodied in the Software Engineering Institute's (SEI)
Capability Maturity Models(R), which define, among other things
acquisition process management controls that, if implemented effectively,
can greatly increase the chances of acquiring systems that provide
promised capabilities on time and within budget. Other practices are
captured in OMB guidance, which establishes policies for planning,
budgeting, acquisition, and management of federal capital assets.

Over the last several years, we have made numerous recommendations aimed
at strengthening US-VISIT program management controls relative to
acquisition management, including for example configuration management,
security and privacy management, earned value management (EVM), 35 and
contract tracking and oversight.

The program office has taken steps to lay the foundation for establishing
several of these controls. For example, the program adopted the SEI
Capability Maturity Model Integration (CMMI(R))36 to guide its efforts to
employ effective acquisition management practices, and approved an
acquisition management process improvement plan dated May 16, 2005. The
goal, as stated in the plan, was to conduct an independent CMMI assessment
in October 2006 to affirm that requisite process controls were in place
and operating.

In September 2005, the program office completed an initial assessment of
13 key acquisition process areas that revealed a number of weaknesses. To
begin addressing these weaknesses, the program office narrowed the scope
of the process improvement activities from 13 to 6 (project planning,
project monitoring and control, requirements development and management,
configuration management, product and process quality assurance, and risk
management) of the CMMI process areas and revised its process improvement
plan in April 2006 to reflect these changes. In May 2006, the program
conducted a second internal assessment of the six key process areas, and
according to the results of this assessment, improvements were made, but
weaknesses remained in all six process areas. For example,

           o a number of key acquisition management documents were not
           adequately prepared and processes were not sufficiently defined,
           including those related to systems development, budget and
           finance, facilities, and strategic planning (e.g., product work
           flow among organizational units was unclear and not documented);
           and
           o roles, responsibilities, work products, expectations, resources,
           and accountability of external stakeholder organizations were not
           well-defined.

Notwithstanding these weaknesses, program officials told us that their
self-assessments show that they have made incremental progress in
implementing the 113 practices associated with the six key processes. (See
figure 5 for US-VISIT's progress in implementing these practices.)
However, they also recently decided to postpone indefinitely the planned
October 2006 independent appraisal. Instead, the program intends to
perform quarterly internal assessments until the results show that they
can pass an independent appraisal. Further, the program has not committed
to a revised target date for having an external appraisal.

35 EVM is a management tool to help ensure that work performed for a
program or project is consistent with cost and schedule goals.

36 The CMMI(R) ranks organizational maturity according to five levels.
Maturity levels 2 through 5 require verifiable existence and use of
certain key process areas.

Figure 5: US-VISIT Progress in Implementing Key Acquisition Practices from
August 2005 to November 2006

The acquisition management weaknesses in the six key process areas are
exacerbated by weaknesses in other areas. For example, we recently
reported37 that the US-VISIT contract tracking and oversight process
suffers from a number of weaknesses. Specifically, we reported that the
program had not effectively overseen US-VISIT-related contract work
performed on its behalf by other DHS and non-DHS agencies, and these
agencies did not always establish and implement the full range of controls
associated with effective management of contractor activities. Further,
the program office and other agencies did not implement effective
financial controls.38 In particular, the program office and other agencies
managing US-VISIT-related work were unable to reliably report the scope of
contracting expenditures. In addition, some agencies improperly paid and
accounted for related invoices, including making a duplicate payment and
making payments for non-US-VISIT services from funds designated for
US-VISIT.

37 GAO, Homeland Security: Contract Management and Oversight for Visitor
and Immigrant Status Program Need to Be Strengthened, GAO-06-404
(Washington, D.D.: June 9, 2006).

Fully and effectively implementing the above discussed key acquisition
management and related controls takes considerable time. However,
considerable time has elapsed since we first recommended establishment of
these controls and they are not yet operational and it is unclear when
they will be. Therefore, it is important that these improvement efforts
stay on track. Until these capabilities are in place, the program risks
not meeting its stated goals and commitments.

US-VISIT has not yet implemented other key management practices, such as
developing and implementing a security plan and employing an EVM system to
help manage and control program cost and schedule. As we previously
reported, the program's 2004 security plan generally satisfied OMB and the
National Institute of Standards and Technology security guidance. Further,
the fiscal year 2006 expenditure plan states that all of the US-VISIT
component systems have been certified and accredited and given full
authority to operate. However, the 2004 security plan preceded the
US-VISIT risk assessment, which was not completed until December 2005, and
the security plan was not updated to reflect this risk assessment.
According to program officials, they intend to develop a security strategy
by the end of 2006 that reflects the risk assessment. We have ongoing work
for the Senate Committee on Homeland Security and Governmental Affairs to
review the information security controls associated with computer systems
and networks supporting the US-VISIT program.

Regarding EVM, the program is currently relying on the prime contractor's
EVM system to manage the prime contractor's progress against cost and
schedule goals. According to the fiscal year 2006 expenditure plan, the
program office has assessed the prime contractor's EVM system against
relevant standards. However, in reality, this EVM system was
self-certified by the prime contractor in December 2003 as meeting
established standards. OMB requires that agencies verify contractor
self-certifications. The program office has yet to do this, although
program officials told us that they plan to retain the services of another
contractor to perform this validation. This needs to be done quickly. Our
review of the integrated baseline review, which agencies are required by
OMB to complete to ensure that the EVM program baseline is accurate,
showed that it did not address key baseline considerations, such as cost
and schedule risks. Moreover, other US-VISIT contractors have not been
required to use EVM, although program officials told us that this was to
change effective October 1, 2006.

38 Financial controls are practices to provide accurate, reliable, and
timely accounting for billings and expenditures.

DHS Has Yet to Establish Effective Program Accountability Mechanisms

To ensure that programs manage their performance effectively, it is
important that they define and measure progress against program
commitments and hold themselves accountable for results. Measurements of
the operational performance, progress, and results are important to
reasonably ensure that problems and shortfalls can be addressed and
resolved in a timely fashion and so that responsible parties can be held
accountable.

More specifically, to permit meaningful program oversight, it is important
that expenditure plans describe how well DHS is progressing against the
commitments made in prior expenditure plans. However, US-VISIT's
expenditure plan for fiscal year 2006 (the fifth expenditure plan)
continued a longstanding pattern of not describing progress against
commitments made in previous plans. For example, according to the fiscal
year 2005 expenditure plan, the prime contractor was to begin integrating
the long-term Increment 4 strategy into the interim US-VISIT system's
environment and the overall DHS enterprise architecture, and that US-VISIT
and the prime contractor would work with the stakeholder community to
identify opportunities for delivery of long-term capabilities under
Increment 4. However, the fiscal year 2006 plan does not discuss progress
or accomplishments relative to these commitments.

Additionally, the expenditure plan committed to begin deploying the most
effective exit alternative for capturing biometrics at air and sea POEs
during fiscal year 2005. In contrast, the 2006 expenditure plan states
that the exit pilots will continue throughout fiscal year 2006 and does
not address whether the fiscal year 2005 schedule deployment commitment
was met. Also, the fiscal year 2006 expenditure plan did not address all
performance measures cited in the fiscal year 2005 plan. Specifically, the
2005 plan included 11 measures. In contrast, the 2006 plan listed 7
measures, 4 of which are similar, but not identical to, some of the 11
measures in the 2005 plan. This means that several of the 2005 plan's
measures are not addressed in the 2006 plan. Moreover, even in cases of
similar performance measures, the fiscal year 2006 plan does not
adequately describe progress in meeting commitments. For example, the
fiscal year 2005 expenditure plan cited a performance measurement of
"Pre-entry watch list hits on biometrically enabled visa applications."
The fiscal year 2006 plan cites the performance measure of "Number of
biometric watch list hits for visa applicants processed at consular
offices." According to the latter plan, in fiscal year 2005 there were 897
such hits; however, neither plan cites a performance target against which
to gauge progress, assuming that the two performance measures mean the
same thing. Without such measurements, program performance and
accountability can suffer.

Concluding Observations

Developing and deploying complex technology that records the entry and
exit of millions of visitors to the United States, verifies their
identities to mitigate the likelihood that terrorists or criminals can
enter or exit at will, and tracks persons who remain in the country longer
than authorized is a worthy goal in our nation's effort to enhance border
security in a post-9/11 era. But doing so also poses significant
challenges; foremost among them is striking a reasonable balance between
US-VISIT's goals of providing security to U.S. citizens and visitors while
facilitating legitimate trade and travel.

DHS has made considerable progress making the entry portion of the
US-VISIT program at air, sea and land POEs operational, but our work
raised questions whether DHS has adequately assessed how US-VISIT has
affected operations at land POEs. Because US-VISIT will likely continue to
have an impact on land POE facilities as it evolves--especially as new
technology and equipment are introduced--it is important for US-VISIT and
CBP officials to have sufficient management controls for identifying and
reporting potential computer and other operational problems that could
affect the ability of US-VISIT entry capability to operate as intended.

With respect to DHS's effort to create an exit verification capability,
developing and deploying this capability at land POEs has posed a set of
challenges that are distinct from those associated with entry. US-VISIT
has not determined whether it can achieve, in a realistic time frame, or
at an acceptable cost, the legislatively mandated capability to record the
exit of travelers at land POEs using biometric technology. Apart from
acquiring new facilities and infrastructure at an estimated cost of
billions of dollars, US-VISIT officials have acknowledged that no
technology now exists to reliably record travelers' exit from the country,
and to ensure that the person leaving the country is the same person who
entered, without requiring that person to stop upon exit--potentially
imposing a substantial burden on travelers and commerce. US-VISIT
officials stated that they believe a biometrically based solution that
does not require those exiting the country to stop for processing, that
minimizes the need for major facility changes, and that can be used to
definitively match a visitor's entry and exit will be available in 5 to 10
years. In the interim, it remains unclear how DHS plans to proceed.
According to statute, DHS was required to report more than a year ago on
its plans for developing a comprehensive biometric entry and exit system,
but DHS has yet to finalize this road map for Congress. Until DHS
finalizes such a plan, neither Congress nor DHS is likely to have
sufficient information as a basis for decisions about various factors
relevant to the success of US-VISIT, ranging from funding needed for any
land POE facility modifications in support of the installation of exit
technology to the trade-offs associated with ensuring traveler convenience
while providing verification of travelers' departure consistent with
US-VISIT's national security and law enforcement goals.

Fundamental questions about the program's future direction and fit within
the larger homeland security context as well as its return on investment
remain unanswered. Moreover, the program is overdue in establishing the
means to ensure that it is pursuing the right US-VISIT solution, and that
it is managing it the right way. The longer the program proceeds without
these, the greater the risk that the program will not optimally support
mission operations and will fall short of commitments. Measuring and
disclosing the extent to which these commitments are being met are also
essential to holding the department accountable. We look forward to
continuing to work constructively with the US-VISIT program to better
ensure the program's success.

This concludes my prepared testimony. I would be happy to respond to any
questions that Members of the Committee may have.

GAO Contact and Staff Acknowledgements

For further information about this testimony, please contact me at (202)
512-8777 or [email protected] , or Randolph Hite, Director, at (202)
512-3439 or [email protected] . Other major contributors to this testimony
include John Mortin, Assistant Director; Deborah Davis, Assistant
Director; Amy Bernstein; Frances Cook; Odi Cuero; David Hinchman; James
Houtz; Richard Hung; Sandra Kerr; Amanda Miller; Freda Paintsil; James R.
Russell; Sushmita Srikanth; and Jonathan Tumin.

(440603)

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail:
[email protected] Automated answering system: (800) 424-5454 or (202)
512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548

Public Affairs

Paul Anderson, Managing Director, [email protected] (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548

For more information, contact Richard Stana at (202) 512-8777 or
[email protected] , or Randolph Hite at (202) 512-3439 or
[email protected] .

Highlights of [43]GAO-07-632T , a testimony before the Committee on
Homeland Security, House of Representatives

March2007

HOMELANDSECURITY

US-VISIT Program Faces Operational, Technological, and Management
Challenges

This testimony summarizes GAO's work on the Department of Homeland
Security's (DHS) efforts to implement the U.S. Visitor and Immigrant
Status Indicator Technology (US-VISIT) program at air, sea, and land ports
of entry (POE). US-VISIT is designed to collect, maintain, and share data
on selected foreign nationals entering and exiting the United States at
air, sea, and land POEs. These data, including biometric identifiers like
digital fingerprints, are to be used to screen persons against watch
lists, verify identities, and record arrival and departure. This testimony
addresses DHS's efforts to (1) implement US-VISIT entry capability, (2)
implement US-VISIT exit capability, and (3) resolve longstanding
management challenges that could impair DHS's ability to effectively
implement the US-VISIT program. GAO analyzed DHS and US-VISIT documents,
interviewed program officials, and visited 21 land POEs with varied
traffic levels on both borders.

DHS is operating US-VISIT entry capabilities at most POEsand has begun to
work to move from 2 to10 fingerprint biometric capabilities and expand
electronic information sharing with stakeholders. Of particular note is
the fact that a US-VISIT biometric-based entry screening capability is
operating at 115 airports, 14 seaports, and 154 land POEs. While US-VISIT
has improved DHS's ability to process visitors and verify identities upon
entry, we found that management controls in place to identify and evaluate
computer and other operational problems at land POEs were insufficient and
inconsistently administered.

Although US-VISIT has conducted various exit demonstration projects at a
small number of POEs, a biometric exit capability is not currently
available. According to program officials, this is due to a number of
factors. For example, at this time the only proven technology available
for biometric land exit verification would necessitate mirroring the
processes currently in use for entry at these POEs, which would create
costly staffing demands and infrastructure requirements, and introduce
potential trade, commerce, and environmental impacts. Further, a pilot
project to examine an alternative technology at land POEs did not produce
a viable solution. By statute, DHS was to have reported to Congress by
June 2005 on how it intended to fully implement a comprehensive, biometric
entry/exit program, but DHS had not yet reported how it intended to do so,
or use nonbiometric solutions.

DHS continues to face longstanding US-VISIT management challenges and
future uncertainties. For example, DHS had not articulated how US-VISIT is
to strategically fit with other land border security initiatives and
mandates and could not ensure that these programs work in harmony to meet
mission goals and operate cost effectively. DHS had drafted a strategic
plan defining an overall immigration and border management strategy but,
as of February 2007, the plan was under review by OMB. Further, critical
acquisition management processes need to be established and followed to
ensure that program capabilities and expected mission outcomes are
delivered on time and within budget. These processes include effective
project planning, requirements management, contract tracking and
oversight, test management, and financial management. Until these issues
are addressed, the risk of US-VISIT continuing to fall short of
expectations is increased.

References

Visible links
  25. http://www.gao.gov/cgi-bin/getrpt?GAO-07-248
  26. http://www.gao.gov/cgi-bin/getrpt?GAO-04-569T
  27. http://www.gao.gov/cgi-bin/getrpt?GAO-04-586
  28. http://www.gao.gov/cgi-bin/getrpt?GAO-06-296
  29. http://www.gao.gov/cgi-bin/getrpt?GAO-06-296
  30. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.3.1
  31. http://www.gao.gov/cgi-bin/getrpt?GAO-01-1008G
  32. http://www.gao.gov/cgi-bin/getrpt?GAO-06-741R
  43. http://www.gao.gov/cgi-bin/getrpt?GAO-06-936
*** End of document. ***