Report Dings DHS for Data Problems That Undermine Critical US-VISIT Screening Process

A new investigative report from the DHS Office of the Inspector General (OIG) reveals extensive and troubling data integrity problems that interfere with a key border security program's effectiveness in preventing the entry of individuals using aliases.

US-VISIT is one of our most important border security programs. It was originally intended to be a comprehensive biometric entry-exit system that was first mandated by Congress in 1996 (after the first World Trade Center attack). Since it was launched in 2004, the identities of foreign visitors who arrive by air and sea are (supposed to be) authenticated by fingerprints and are screened for possible terrorism or criminal connections, as well as visa compliance. Progress on expanding the program to screen and record all land visitors and to implement the exit portion has been stalled for many years. In the meantime, US-VISIT has become the repository of biometric information on many foreign visitors, in support of immigration and law enforcement agencies, such as CBP, ICE, USCIS, and State.

The OIG report concludes that this repository is clogged with bad data; so clogged that it can prevent the system and the officers from detecting people using aliases, even when they are connected to the same set of fingerprints.

The OIG found that the fingerprints of 375,000 individual travelers with records in DHS systems have multiple biographic entries associated with them, and that these inconsistent and possibly fraudulent identities were not flagged by US-VISIT. These individuals were associated with more than four million encounters at U.S. ports of entry. Many of the discrepancies were due to data entry errors or ridiculously lax data entry standards, but some of the discrepancies were cases of travelers trying to thwart the biometric screening process of US-VISIT.

From the report:

Although most of the biographic data discrepancies in IDENT data can be attributed to data entry errors, we identified instances where individuals appeared to have used different names and dates of birth to attempt to enter the United States. These individuals attempted to enter the country multiple times over several years under different biographic data. In one example, the same set of fingerprints was associated with nine different names and nine different birth dates in 10 different attempts to enter the United States. In another example, the same individual (as identified by the same set of fingerprints) had eight different names and eight different birth dates listed in IDENT data for nine attempts to enter the United States.

Some of these travelers using aliases were nevertheless intercepted by alert consular officers and border inspectors (demonstrating once again that technology never can fully replace the instincts of well-trained officers). However, the investigators reported on one case of an individual who did successfully thwart the US-VISIT fingerprint matching three times by using an alias:

A female who was identified as a recidivist alien in 2008 used different biographic data to visit the United States, once in 2009 and twice in 2011.

The report also noted that some of the individuals who attempted to enter using an alias were, surprise, people who had previously been deported or refused entry, sometimes because of criminal backgrounds.

To complicate matters, some of the bad data are the result of CBP port of entry inspectors failing to enter actual biographic data for travelers. Instead of typing the traveler's name, they entered the phrase "frequent traveler". The investigators found that 244,000 individuals had been entered as "frequent traveler" instead of by name on nearly a million encounters at the ports of entry.

By way of recommendations, the investigators directed DHS to look into the records further and determine if there are any additional cases of fraud that were not detected by US-VISIT. They also directed DHS to refer these cases to the appropriate law enforcement agencies for possible prosecution and to place the individuals on the watch lists so that they can't get away with it again.

DHS concurred, and since then the investigation has already looked at more than 1,200 records and added 192 people to the watch list. However, DHS prefers to confine its investigation to only the relatively small sub-set of foreign visitors who have been assigned alien registration numbers (A-numbers) as a result of more prolonged contact with the immigration system. They do not intend to look to see if any of the millions of annual visa waiver visitors, for example, may have entered using aliases.

Immigration control opponents will seize on these findings as evidence that the entire concept of US-VISIT is flawed, and that this system, together with E-Verify and Secure Communities, should be scrapped. Nonsense; there are some common sense solutions.

My colleague, W.D. Reasoner, who has lots of experience with these matters, after an initial reaction to the report of "you have got to be kidding me!" has a few additional constructive observations and recommendations. Truly, all of these should have been identified and corrected years ago:

  1. The OIG investigators found that some of the bad data clogging up things are actually test data that users have been allowed to enter into the system. Yikes! Why is US-VISIT allowing this? The sign-on screen should articulate very clearly that test data is disallowed, and that user privileges will be suspended for those who do so. There also clearly is no protocol nor algorithm that has been designed to systematically weed such junk out of the system, bring it to the attention of administrators, and set in motion some punishment for irresponsible users. There needs to be a "dummy" or "sandbox" training module for new users to play around in so they don't mess up the real database for everyone else.

  2. "Garbage in, garbage out", as the saying goes. The lack of standards for data entry is prevalent throughout DHS, as we found when examining data from the Secure Communities program. OIG inexplicably missed the most obvious recommendation, namely that DHS develop mandatory data entry standards, especially for the CBP port of entry inspectors who are the primary users, to maintain system integrity. The practice of entering "frequent traveler" in lieu of an actual name should be halted.

  3. DHS should develop standardized naming conventions and data entry protocols in order to minimize problems with foreign names, such as hyphenated Hispanic surnames and Asian names where the surname is listed first.

It is truly mind boggling that even today, 11 years after the 9/11 attacks, there is so little attention within DHS leadership to ensuring the quality and integrity of our most vital national security and border control systems.