Mideast Counterfeit Bust Shows ICE Needs to Tighten Student Program

By Janice Kephart on March 10, 2010

This past week, Immigration and Customs Enforcement (ICE) conducted a rather unusual bust using a new spin on visa fraud. This time it was not a fraudulent school masquerading as legitimate and siphoning money for student visas for a curriculum that did not exist, as was the March 4, 2010, bust of a Miami language school that resulted in arrests of 81 student violators and $2.4 million forfeited in illicit cash received. Nor was it referencing the three counterfeit document rings taken out in the last few days. These include a bust in Milwaukee on March 5, 2010, and two March 4 busts -- one in Fresno and the other in Panama City, Fla.

The ring busted in this instance abused legitimate colleges that use the federal government's student tracking program, SEVP. It then exploited identity fraud to circumvent SEVP, thereby keeping the students "clean" in the federal government's system. Run by 46-year-old Eamonn Higgins and about 12 associates, the counterfeit operation's mission was to support lawful immigration status for those using a student visa to enter the U.S. and residing in southern California.

The ring operated from about 2002 to 2009, and according to the ICE press release, "a forensic analysis of the computer and related evidence revealed more than 100 foreign students who may have participated in the fraud scheme. Of those, ICE determined 47 are still in the United States." However, only 16 were arrested and of those, 10 were to be placed in removal proceedings and only six brought up on criminal charges. From a national security standpoint, it may or may not be troubling that prosecutors "allege that some of the clients traveled to the Middle East multiple times and gained re-entry to the U.S. by applying for a student visa and registering to study at a different college."

The case continues to be investigated. So far, according to ICE, the scheme involved foreign students paying Americans to attend class and take exams for them, using fake California driver licenses listing the name of the foreign student with a photo of their American replacement. For what reason, either ICE does not know or will not say. With money from what source, we are not told. Nor are we told why the FBI was involved with a case that looks from the surface to be about immigration and document fraud.

The counterfeit foreign students came from Saudi Arabia, the United Arab Emirates, Lebanon, Kuwait, Turkey, and Qatar. According to the Associated Press story on this bust, $34,000 was paid to Higgins' associates to take a full course load for "a Saudi Arabian student named Mohammed Ali Alnuaim." Despite the high prices, however, the fraud was pretty shoddy. For example, in one case, a blonde American female's photo was placed on a fake ID bearing an Arabic male name. But shoddiness did not matter when SEVP does not provide sufficient information for universities to assure the identity of the foreign students registering, and the universities admit they do not verify the identity of those in classes or those taking tests. Any ID would do, pretty much, when identity is never assured on campus … or at least this ring got away with it for seven years.

Analysis

Underlying near every 9/11 Commission identity-related border recommendation is the essential point that identity assurance must be redundant in program architectures. Specifically, "The job of protection is shared among these many defined checkpoints. By taking advantage of them all, we need not depend on any one point in the system to do the whole job." (9/11 Commission Report, p. 386) What was not said, but is essential, is that each point in the system must do its whole job.

In the case of SEVP, the program is robust until the student arrives at college. This is because SEVP requires foreign students admitted to U.S. schools to go to a foreign consulate and apply for a visa. During that process, 10 fingerprints and a digital photo are taken (as with all visa holders). When the student seeks entry into the U.S., the visa photo pops up with the border screening tool US-VISIT, and another digital photo is taken. That info of entry is then relayed to the student's school. All is redundant and fine to this point; identity fraud is near impossible once the student is in the system.

However, once the student gets beyond the port of entry and registers at school -- assuming he or she shows up -- SEVP loses its ability to verify students' identities. Instead, SEVP simply reports that an individual presenting ID with the foreign student's name has registered. Why? Because SEVP does not permit the schools to view the photo accompanying the name when the student registers. (This is the same problem E-Verify has in that employers have no access digital photos taken with driver licenses, so they cannot verify that the person standing before them is the same person who was issued the ID.) Nor are the schools required to send back the student ID photo they take when the student registers. Thus, ICE has no notice of the identity swap, and no lead to fraud. Instead, the foreign student remains "clean" in the system despite the identity fraud. For this reason, identity fraud rings like the one run by Higgins can run rampant for years.

A simple solution would be to require schools to provide digital photos with foreign student registration, and have those photos returned to SEVP for compliance determination. The universities thus are simply doing a function they do anyway -- taking student photos for school-issued IDs -- and relaying them back to the federal government. Schools would not be required to conduct identity assurance; that responsibility would remain with the federal government. They would just be supplying data that completes the SEVP identity assurance architecture as supported by 9/11 recommendations. Of course, this will not solve the problem of test-taker swapping if colleges still refuse to check IDs at such instances, but at least more blatant abuses of SEVP will not be as easily tolerated, leads can be developed, and more often than not, the counterfeiters will be discouraged from using this scheme so flagrantly.

As we discussed in our monograph 9/11 and Terrorist Travel, the higher education lobby is powerful. It managed to fight off implementation of SEVP from 1996 until shortly after 9/11. They did so despite the fact that SEVP put no new requirements on schools, but simply streamlined a required but outdated paper system of foreign student reporting to the federal government. Their claim before 9/11 was that SEVP would be unduly burdensome and costly. The real reason, I learned as a counsel to the Senate Judiciary Subcommittee on Technology and Terrorism, had more to do with the fact that, like airlines, U.S. colleges want to have their cake and to eat it too: they want foreign visitor revenue, but they do not want to take any responsibility for the fact that encouraging foreign visitors, while a often boon for our economy and our democratic values, also brings about risks regarding immigration and national security.

If we want robust, streamlined foreign student visitor program, it is absolutely essential that each point in the SEVP system do its whole job. As long as schools in the SEVP program are not required to provide digital images of the foreign students registering at their school, the last point in the system -- and the place that actually tracks the student's attendance and major -- is not doing its whole job. If the status quo continues, the counterfeiters will continue to abuse the type of loophole that Al Qaeda relishes -- legitimacy in appearance only.