Follow-up Review of the Status of IDENT/IAFIS Integration

E & I Report No. I-2005-001
December 2004

Introduction


The Office of the Inspector General (OIG) conducted this review to examine the Department of Justice’s (Department) and the Federal Bureau of Investigation’s (FBI) preparations to support the expedited deployment of the initial integrated version of the Department of Homeland Security’s (DHS) Automated Biometric Identification System (IDENT) and the FBI’s Integrated Automated Fingerprint Identification System (IAFIS). However, because we discovered significant disagreements between the Departments of Justice, Homeland Security, and State regarding the definition and required elements of an interoperable biometric fingerprint system, we broadened our review scope to include an analysis of these issues. We also reviewed the Department’s plans to develop and deploy the next version of IAFIS, which will be required to complete the integration project.

In four reviews since 2000, the OIG has reported on the efforts to integrate IDENT and IAFIS. In those reports, we found that integration was moving slowly and would take years to accomplish fully. These reports were:

  • March 2000 - "The Rafael Resendez-Ramirez Case: A Review of the INS’s Actions and the Operation of its IDENT Automated Fingerprint Identification System;"

  • December 2001 - "Status of IDENT/IAFIS Integration" (follow-up report);

  • June 2003 - "Status of IDENT/IAFIS Integration" (follow-up report); and

  • March 2004 - "IDENT/IAFIS: The Batres Case and the Status of the Integration Project."

Since our March 2004 report, the use of IDENT/IAFIS at air, sea, and land ports of entry has been expanded to meet new DHS entry/exit and border security requirements implemented in the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) system. These requirements include an entry/exit tracking system to collect, maintain, and share information on foreign nationals, including biometric identifiers. Several of the principal federal agencies that manage and use biometric databases, including the Department, the DHS, and the Department of State (DOS), are in the process of establishing the common elements of a comprehensive biometric fingerprint policy and its attendant procedures to meet the new requirements of the Enhanced Border Security and Visa Reform Act of 2002 (Border Security Act).

The Background section of this report provides a brief description of the IAFIS, IDENT, and US-VISIT systems; the efforts to integrate the IDENT and IAFIS systems; congressional direction regarding the interoperability of these biometric fingerprint systems; and the DHS’s efforts to expedite the deployment of Version 1.2 of IDENT/IAFIS. The Background section also identifies each of the federal agencies involved in the IDENT/IAFIS integration and the sharing of biometric fingerprint information among these agencies.

The Results of the Review section is organized into three parts. Part I describes the FBI’s short-term preparations for the DHS’s expedited deployment of Version 1.2 of IDENT/IAFIS. Part II describes the barriers to further integration of IDENT and IAFIS, including differing positions on interoperability and the minimum elements required for an interoperable biometric fingerprint system, as defined by the National Institute of Standards and Technology (NIST). Part III describes the Department’s progress on the recommendations in our March 2004 report.

To supplement the descriptions provided in the Background section, Appendix I contains a complete history of the IDENT and IAFIS systems, including summaries of our four prior reports and the efforts made by the DHS and the FBI to integrate the systems. Appendix II contains a list of acronyms used in this report.


BACKGROUND

Fingerprint Biometric Identification Systems

The IAFIS, IDENT, and US-VISIT systems were designed by three different agencies to provide biometric identification support for three separate purposes. The uses and basic operation of each system are described below, along with a brief summary of the effort to integrate IDENT and IAFIS.

IAFIS. IAFIS is the FBI’s automated fingerprint identification system and criminal history file, operated by the FBI’s Criminal Justice Information Services (CJIS) Division in Clarksburg, West Virginia. IAFIS contains digitized records of latent fingerprints (e.g., fingerprints found at crime scenes) and a Criminal Master File of more than 47 million sets of ten rolled fingerprints.16 IAFIS also includes a Civil Subject Index Master File, which contains fingerprints of non-criminals (e.g., military, government, or authorized non-government personnel). IAFIS includes three major components: the Automated Fingerprint Identification System (AFIS), the Identification Tasking and Networking (ITN), and the Interstate Identification Index (III). The AFIS is the search engine that matches fingerprint images, the ITN maintains the fingerprint image repository and manages workflow processes, and the III contains textual criminal history information on arrests and dispositions of criminal subjects.17

IAFIS provides fingerprint identification and criminal history services to the law enforcement community and others needing access to such data through a network of integrated systems. According to the IAFIS System Requirements Definition (SRD) document, the FBI provides "user identification services" to: "(1) authorized customers located at the over 62,000 law enforcement and criminal justice service agencies; (2) others who have an authorized justification (such as members of Congress or United States citizens requesting their own FBI record); and (3) FBI staff members who are identified as service providers [e.g., fingerprint examiners]."18 The five basic user identification services provided by IAFIS are:

  • Ten-print services for criminal and civil fingerprints. Ten-print fingerprint records are checked against the criminal fingerprint database to identify subjects of criminal investigations or to do civil background checks and provide the requesting law enforcement agency with rap sheets of potential matches.19 Civil fingerprint database checks are not routine.

  • Image request services. Criminal database searches attempt to match subjects by name, FBI number, or other information to identify a fingerprint record.20 For potential matches, the requestor receives the subject’s fingerprint image and an indication of whether a criminal photo or palm print is available. These requests are known as "IRQs."

  • Document submission services. These services include providing requesters with documents, expunging records from the database, consolidating multiple records, entering death notices, and responding to requests from United States citizens for their FBI records.

  • Subject search and criminal history request services. Searches of the civil and criminal master files conducted using a subject’s name and physical and/or biographic descriptors.

  • Latent print services. The Forensic Analysis Division, within the FBI Laboratory located in Quantico, Virginia, attempts to match unidentified fingerprints (such as those from crime scenes) with fingerprints of known individuals.

TPRS and CAR transactions. In 2001, the CJIS Division developed the special Ten-Print Rap Sheet (TPRS) transaction for the DHS. The CJIS Division designed the TPRS, which refers to the criminal history file associated with an alien’s fingerprints, to return a response within 10 minutes.
Efforts to Integrate IDENT and IAFIS

Since the early 1990s, the FBI and the INS have been discussing and working toward integrating their fingerprint identification systems. The integrated system, IDENT/IAFIS, has been developed and deployed in successive versions that implement increasing capabilities. Deployment of the current version of IDENT/IAFIS [Version 1.2] began in the fall of 2003. The purpose of the Version 1.2 integrated workstation was to provide information from IAFIS to immigration authorities.

Using Version 1.2 workstations, immigration officers take ten rolled fingerprints and a digital photograph. The IDENT/IAFIS workstation uses this ten-print record to query IAFIS and simultaneously uses the prints of the two index fingers to query and enroll the alien in IDENT. The results of the two queries are generally available to the officers in less than 10 minutes. The next planned version of the IDENT/IAFIS integrated system is Version 2. The goal of Version 2, which has not yet been developed, is to share immigration information with federal, state, and local law enforcement. For a complete history of the integration project, see Appendix I.
When a Border Patrol agent or an officer in secondary inspection at a port of entry transmits an alien’s fingerprints to IAFIS, the system searches its Criminal Master File for a potential "hit" or match. If the alien’s fingerprints generate a match in IAFIS, and the fingerprint scores (based on the number of matching points between the fingerprints) of a candidate are above a predetermined threshold, IAFIS returns the criminal history file to the officer and the system automatically verifies the match. If the alien meets the DHS’s booking criteria, the alien is booked at the station or the port of entry, and the officer transmits a Criminal Answer Required (CAR) rolled ten-print transaction back to IAFIS. This CAR fingerprint record is then accessible to other law enforcement agencies when they query IAFIS.

IDENT. IDENT was developed by the former Immigration and Naturalization Service (INS) to track individuals apprehended for illegal border crossing and to identify recidivists for possible criminal prosecution.21 The system matches two flat fingerprints from the right and left index fingers of detained aliens against similar fingerprint records contained in the following IDENT databases:

  • Lookout database. The lookout database contains fingerprints, photographs, and basic information on aliens who have been previously deported or who have criminal records. As of June 2004, there were approximately 1 million aliens in the lookout database.

  • Apprehension database. The apprehension database contains fingerprints and photographs of aliens who have been previously apprehended. The apprehension database lists the time, date, and circumstances of each apprehension, as well as information on aliens who may require special attention, such as for a medical condition. As of June 2004, there were approximately 6 million aliens in the apprehension database. The apprehension database also includes alert records that may require special attention at a subsequent encounter, such as a medical alert, an officer safety alert, or an alert that the alien has a prior removal from the United States.22

US-VISIT. At the direction of Congress, the DHS developed the US-VISIT entry/exit tracking system to "collect, maintain, and share information on foreign nationals, including biometric identifiers, through a dynamic system that determines whether the individual should be prohibited from entering the U.S.; has overstayed or otherwise violated the terms of her/his admission; should be apprehended or detained for law enforcement action; [or] needs special protection/attention (e.g., refugees)."23 The US-VISIT program is designed to provide "end-to-end management of data on foreign nationals covering their interactions with U.S. officials before they enter, when they enter, while they are in the U.S., and when they exit."24 As of November 15, 2004, the US-VISIT database contained the records (two fingerprints and a photograph) of over 10 million enrolled legitimate travelers to the United States.

Approximately 260 million foreign visitors seek admission to the United States annually. In 2005, about 43 million of these visitors (about 118,000 per day) will be subject to enrollment into US-VISIT. The 43 million visitors subject to US-VISIT include most individuals traveling to the United States on a visa and the nationals of the 27 countries participating in the Visa Waiver Program who do not require a visa if their stay for business or pleasure is less than 90 days. Visitors not subject to US-VISIT requirements include those with certain designated visa classifications, children under the age of 14, persons over the age of 79, Mexican nationals to whom the DOS has issued Border Crossing Cards for use along the southern border, and Canadians entering the United States across the northern border.

The DHS designed the US-VISIT system to collect two flat fingerprints and a digital photograph, and to query databases (such as the US-VISIT watch list and, for some visitors who will be refused admission, IAFIS) to ensure that the individual applying for a visa or seeking entry to the United States does not have any criminal or immigration violations before they are permitted to enter this country.25 The fingerprints are taken either at visa-issuing consulates overseas or at the ports of entry when the visitors arrive. According to the DHS Expenditure Plan, this pre-entry processing will establish one "gold standard" identity for each foreign national and will be used in all of his or her future travel to and from the United States.

The first time a visitor’s fingerprints are taken, they are checked against the US-VISIT watch list and the visitor is enrolled into the US-VISIT database.26 When visitors subsequently enter or exit the United States, their fingerprints are only matched against their own enrolled fingerprints (a "one-to-one" verification match) to confirm the visitor’s identity. In fiscal year (FY) 2003 and FY 2004, the DHS spent approximately $700 million on US-VISIT. The DHS anticipates spending up to $15 billion on the program in the next ten years.

Congress Directed that Biometric Identification Systems Be Interoperable

Beginning in 1999, Congress expressed its concern that the biometric identification systems of the FBI and the INS could not communicate, resulting in the INS encountering criminal aliens wanted by the FBI and releasing them without knowing that they were wanted. As documented in prior OIG reports on the Rafael Resendez-Ramirez and Victor Manual Batres cases, the failure to identify these criminals while they were in INS custody sometimes led to tragic results.

In the USA PATRIOT Act (Patriot Act) enacted on October 26, 2001, Congress directed the Attorney General and the Secretary of State, jointly with the NIST, to develop a technology standard for verifying the identity of visa applicants.27 Congress called for a "cross-agency, cross-platform electronic system that is a cost-effective, efficient, fully integrated means to share law enforcement and intelligence information necessary to confirm the identity of…persons applying for a United States visa.…"28 The Department, the DOS, and the NIST were directed to "develop and certify a technology standard that can be used to verify the identify of persons applying for a United States visa or such persons seeking to enter the United States pursuant to a visa for the purposes of conducting background checks, confirming identity, and ensuring that a person has not received a visa under a different name or such person seeking to enter the United States…." The Patriot Act also specified that the electronic system should be readily and easily accessible to all consular offices, Federal inspection agents, and all law enforcement and intelligence officers responsible for investigating aliens.

The Border Security Act, enacted on January 23, 2002, amended several key portions of the Patriot Act, including the sections regarding the identification of aliens. Section 202(a)(2) of the Border Security Act required an "interoperable electronic data system to provide current and immediate access to information in databases of Federal law enforcement agencies and the intelligence community that is relevant to determine whether to issue a visa or to determine the admissibility or deportability of an alien."29 The Border Security Act also amended the Patriot Act by accelerating the deadlines and expanding the technology standard to be developed by the Department (now the DHS), the DOS, and the NIST (described in the paragraph above) to include "appropriate biometric identifier standards."30 The Border Security Act also required that the Department (now the DHS) and the DOS implement the technology standard at United States ports of entry and overseas consular posts, and to "issue to aliens only machine-readable, tamper-resistant visas and other travel and entry documents that use biometric identifiers."

In more recent legislation, Congress has become increasingly specific in directing that the biometric fingerprint identification systems operated by various federal law enforcement agencies work together. On April 20, 2004, Senator Judd Gregg, Chairman of the Commerce, Justice, State and the Judiciary Appropriations Subcommittee, which initially approved funding for the FBI’s IAFIS, spoke about fingerprint compatibility and the continuing need for the DHS to become fully integrated with the FBI. Regarding the deployment of DHS’s IDENT/IAFIS Version 1.2 workstations, Senator Gregg stated:

    Workstations are only a one-way solution. Workstations give DHS access to IAFIS, but they do not give law enforcement access to immigration records. FBI and State and local law enforcement believe there are situations that require access to immigration records.

    Five years have passed and $41 million has been provided and the systems are still not integrated. Extracting a sampling of IAFIS information every two weeks is not enough…even daily extracts cannot substitute real-time information or full interoperability. The extracts do not include criminal histories. The need for criminal histories was made apparent in the 2002 case of Victor Manual Batres.

In reports accompanying the DHS’s FY 2004 and FY 2005 appropriations bills, Congress gave specific directions regarding the interoperability of the IAFIS, IDENT, and US-VISIT systems.31 The Congress also urged increased coordination between the Department and the DHS, as shown in the following excerpts:

    DHS Appropriations Bill, FY 2004 (Conference Report 108-280): The conferees believe that the success of US VISIT depends on the effective integration of biometrics into its systems and operations. The biometric infrastructure being built must be a viable long-term solution fully interoperable with the FBI [IAFIS] that meets biometric standards of [NIST].

    DOJ Appropriations Bill, FY 2005 (Conference Report on H.R. 4818, Consolidated Appropriations Act, 2005): The conferees are troubled by the security gap on the nation's borders caused by delays in linking [IDENT]….and [US-VISIT] with criminal history data contained in the [FBI’s IAFIS]...With implementation of a new visa tracking system and enrollment of millions of visitors into US-VISIT, it is essential that the Federal Bureau of Investigation collaborate with the Directorate of Border and Transportation Security to ensure that IDENT and US-VISIT can retrieve, in real time, biometric information contained in the IAFIS database, and that the IAFIS database can retrieve, in real time, biometric information contained in IDENT and US-VISIT.32

The DHS Deployed Version 1.2 of IDENT/IAFIS Workstations to All Border Patrol Stations, and Committed to Deploying the Integrated Workstations at 179 Ports of Entry by December 31, 2004.

The March 2004 Batres report generated significant attention on the status of the integration project. In March 2004, approximately two months after the launching of US-VISIT, DHS officials announced plans for an expedited deployment of Version 1.2 IDENT/IAFIS workstations. In congressional testimony, DHS officials announced that the DHS was planning to expedite the deployment of Version 1.2 IDENT/IAFIS workstations to all Border Patrol stations and the 50 highest volume ports of entry by December 31, 2004.

During a March 4, 2004, hearing of the Homeland Security Subcommittee of the House Appropriations Committee, DHS Secretary Tom Ridge responded to questions regarding findings contained in the OIG’s Batres report. When the Committee Chairman asked Secretary Ridge why the Border Patrol did not yet have instant access to the FBI’s fingerprint records, Secretary Ridge responded, "…I think we can make a significant number of connections between the points of entry in the Border Patrol and the database this year with the dollars available in the budget. I think that can get us up to 65 to 70 percent of those connections."

It was unclear from Secretary Ridge’s congressional testimony whether the "65 to 70 percent" referred only to the Border Patrol stations (there are currently 136 nationwide), or also included the 331 United States ports of entry.33 According to US-VISIT Program Managers we spoke with, they interpreted Secretary Ridge’s reference to "65 to 70 percent" as applying only to Border Patrol stations. While the DHS’s overall goal was to deploy IDENT/IAFIS workstations at 70 percent of the Border Patrol locations by the end of the 2004 calendar year, they were likely to exceed this goal and deploy the workstations to all Border Patrol stations by December 31, 2004. These same Program Managers indicated that in addition to deploying IDENT/IAFIS workstations to all Border Patrol stations, the DHS would also deploy the integrated workstations to 179 ports of entry by December 31, 2004. The 179 ports of entry will include all air and sea locations and the 50 largest land ports of entry. The DHS plans to complete deployment by December 31, 2005, when it installs workstations at its ICE investigative offices, detention locations, and the remaining ports of entry.

On September 21, 2004, the DHS issued a press release announcing the early completion of the deployment of the integrated workstations to all Border Patrol stations. Thus, the 1.1 million aliens apprehended by Border Patrol agents annually will now be processed with Version 1.2 of IDENT/IAFIS.34 The following table (Table 1) provides a brief chronology of relevant deadlines and actions taken by the Department, the DHS, and other entities prior to, and immediately following, the issuance the OIG Batres report in March 2004.

Table 1
Timeline of IDENT/IAFIS/US-VISIT Actions and Deadlines in 2004
DATE
 ACTION OR DEADLINE
January
1/5/04		DHS launches Increment 1 of US-VISIT at 115 airports and 15 seaports.
February
2/1/04		FBI's CJIS Division continues implementing IAFIS upgrades began in September 2003.
March
3/2/04		OIG publishes report, "IDENT/IAFIS: The Batres Case and the Status of the Integration Project."
March
3/4/04		DHS Secretary announces expedited deployment of IDENT/IAFIS to 70% of Border Patrol stations by 12/31/04.
April
4/20/04		Senator Gregg stresses need for DHS/DOJ system interoperability, citing lack of interoperability between US-VISIT and IAFIS.
May
5/9/04		DHS begins expedited rollout of IDENT/IAFIS workstations at Border Patrol stations.
May
5/17/04		FBI's CJIS Division begins providing extracts of IAFIS data (Wants and Warrants) to DHS on a daily basis, instead of bi-weekly.
May
5/19/04		NIST issues report on one-to-one verification using fingerprint matching.
June
6/2/04		DHS selects Accenture as US-VISIT prime contractor.
NIST issues report on US-VISIT's fingerprint identification performance.
June
6/4/04		NIST issues summary report of 2003 fingerprint vendor technology evaluation.
August
8/27/04		JMD releases preliminary draft of its second Metrics Study report.
September
9/4/04		The Department, through NIJ, solicits input for ten-print "fast capture" fingerprint/palm technology initiative.
September
9/13/04		NIST issues summary of past research, reiterating its January 2003 recommendations to Congress that ten flat fingerprints be the enrollment standard for large biometric databases, and two flat fingerprints and a photograph be the standard for identity verification.
September
9/21/04		DHS completes deployment of IDENT/IAFIS workstations at all Border Patrol stations ahead of schedule.
September
9/30/04		DHS expands US-VISIT procedures to include visitors traveling under the Visa Waiver Program arriving at air and sea ports of entry.
October
10/26/04		DOS deadline for all visa issuing consulates to electronically transmit two fingerprints to query the US-VISIT watch list, per the Border Security Act.
November
11/15/04		DHS goal for US-VISIT and IDENT/IAFIS installation at 50 busiest land ports of entry.
December
12/31/2004		Data Management Improvement Act of 2000 deadline for US-VISIT installation at 50 busiest land ports of entry and DHS goal for IDENT/IAFIS installation at 180 ports of entry.

Key Agencies in the IDENT/IAFIS Integration

In response to the March 2004 OIG report on the Batres case and the status of the efforts to integrate IDENT and IAFIS, several other agencies, notably the DOS and the Department of Defense (DoD), have become more involved with the Department and the DHS as they decide how fingerprint biometrics should be collected and shared across the government. These agencies have also increased their coordination and communication with each other through participation in various interagency meetings. The following section describes each organization’s role in the IDENT/IAFIS integration, and the interagency meetings held to support the project.

Department of Justice

Justice Management Division. The Justice Management Division (JMD) is the Department component with direct responsibility for the IDENT/IAFIS integration project. JMD has had oversight of the integration project since 1999, when the Attorney General assigned JMD to coordinate the development of a plan to integrate IDENT and IAFIS.35 The Assistant Attorney General for Administration heads JMD, along with four Deputy Assistant Attorneys General (DAAG).

Management and Planning Staff. Within JMD, the Management and Planning Staff, under the DAAG for Policy, Management, and Planning, is responsible for the day-to-day coordination of the IDENT/IAFIS integration project. The Management and Planning Staff is responsible for compiling budget requests, creating project plans, conducting integration studies, publishing reports, attending regular interagency meetings, and working directly with Department and non-Department representatives on IDENT/IAFIS integration issues.

Office of the Chief Information Officer. The DAAG for Information Resources Management is the Department’s Chief Information Officer (CIO), and is responsible for leading and implementing the efficient acquisition and management of information technology across the Department. The CIO is the highest ranking individual in the Department directly responsible for managing the IDENT/IAFIS integration project. The CIO represents the Department in meetings with the DHS and at high-level policy meetings with other non-Department entities, such as the Office of Management and Budget, the White House Homeland Security Council Deputies, and the CJIS Division.

Joint Automated Booking System (JABS) Program Management Office. The purpose of the JABS is to enable federal law enforcement agencies nationwide to share information on offenders, including fingerprint data. The system receives booking information from law enforcement agencies, stores it, then queries IAFIS for matching fingerprint and biographical data. The JABS Program Management Office ensures that all Department law enforcement components, the DHS, and other federal agencies have access to JABS data, and also oversees the data sharing process.36 The JABS Board of Directors is an oversight group for the JABS program that makes process and policy-related recommendations to the JABS Program Management Office.

FBI’s Criminal Justice Information Services Division. The FBI’s CJIS Division, located in Clarksburg, West Virginia, maintains and operates IAFIS. The CJIS Division has approximately 2,400 employees organized into the following three branches: Policy, Administrative and Liaison; Communications and Technology; and Operations. The Deputy Assistant Director (DAD) for the Operations Branch is responsible for identifying the funding needs of the various Operations Branch’s priority projects and tasks. For the IDENT/IAFIS integration project, the Operations Branch DAD also serves as the FBI’s liaison for policy issues with JMD, the DHS, and technical groups outside the FBI. Two of the Operations Branch’s sections have direct responsibility for IAFIS -- the Information Technology Management Section (ITMS), and the Identification and Investigative Services Section (IISS).

Within the ITMS, the Requirements Management Unit (RMU) is responsible for identifying IAFIS user needs, developing system specifications, and conducting system testing. The RMU Chief works with other ITMS Unit Chiefs regarding IAFIS-related operations, systems, and technology support issues. The RMU Chief also serves as the technical liaison representing the CJIS Division at regular working group meetings with JMD and DHS staff. The IISS Chief attends meetings with JMD, the DHS, and other entities outside the FBI. The IISS houses the Division’s approximately 250 fingerprint examiners who, when needed, verify fingerprint matches run through IAFIS. The fingerprint verification service is provided 24 hours a day, 7 days a week.

Department of Homeland Security

On March 1, 2003, the DHS assumed responsibility for national border security and enforcement of immigration laws. The DHS has five major divisions or "directorates." The largest one, the Border and Transportation Security (BTS) Directorate, manages the IDENT and US-VISIT systems. The DHS’s operational immigration responsibilities are divided among three bureaus: the Bureau of Customs and Border Protection (CBP), the Bureau of Immigration and Customs Enforcement (ICE) (both units of BTS), and the Bureau of Citizenship and Immigration Services (CIS).

Bureau of Customs and Border Protection. The Border Patrol falls under the DHS’s CBP, along with employees from the former U.S. Customs Service, the INS, and the Department of Agriculture. The CBP’s mission includes preventing terrorists and criminal aliens from entering the United States and apprehending individuals attempting to enter the United States illegally. Over 40,000 employees, including Border Patrol agents and inspectors stationed at ports of entry, work for the CBP.

US-VISIT Program Management Office. The DHS manages US-VISIT through its US-VISIT Program Management Office. The Office includes the ENFORCE/IDENT Program Management Office, which in turn manages IDENT/IAFIS integration and deployment of integrated workstations.37 The Program Management Office staff’s responsibilities include communicating with CJIS Division and JMD representatives and participating in meetings with non-Department entities.

Biometrics Support Center. The Biometrics Support Center is a DHS contractor facility that updates and maintains the IDENT lookout and apprehensions with alert database enrollments. It also provides DHS agents with an immediate response to (non-electronic) queries of subjects’ fingerprints. The Biometrics Support Center is staffed with fingerprint examiners, many of whom are former FBI personnel. The Biometrics Support Center also accepts search requests from local law enforcement personnel through a local immigration officer.

National Institute of Standards and Technology

The Commerce Department’s NIST has statutory authority, along with the Secretaries of State and Homeland Security, to develop and certify a Technology Standard that includes biometrics, in order to verify the identity of individuals applying for a visa or using a visa to enter the United States. In developing this Technology Standard, the NIST evaluated government and commercial biometric systems, and published the results of its research, including recommendations, in several reports since 2002. Scientists at the NIST have been working with the FBI for over 30 years to research, develop, and improve fingerprint-matching procedures, and have created several fingerprint databases used to test new fingerprint identification algorithms and "live" fingerprint scanners, such as the types used by US-VISIT and IDENT/IAFIS. The NIST works with representatives from the CJIS Division, JMD, the DOS, and the DHS, and participates in regular interagency meetings with them and relevant contractors.

Department of State

To comply with the US-VISIT biometric identifier requirement, the DOS is currently deploying small single-finger electronic fingerprint scanners and digital cameras at all United States visa processing embassies and overseas consulates. The DOS US-VISIT deployment schedule indicates that, as of October 26, 2004, all of the approximately 214 visa-issuing consulates are required to transmit two flat fingerprints to query the IDENT/US-VISIT biometric watch list.38

Bureau of Consular Affairs. The DOS’s Bureau of Consular Affairs is responsible for implementing policies relating to the broad range of overseas consular services and immigration, including the management of individuals applying for a United States visa. Representatives from the Bureau of Consular Affairs work with the DHS and the Department regarding biometrics issues, and participate in the interagency meetings regarding fingerprint issues. The Bureau of Consular Affairs is also overseeing several pilot projects with the FBI, in which United States consulates in Mexico (including Guadalajara and Monterrey) are taking ten flat fingerprints from visa applicants.

Department of Defense

The Secretary of the Army is responsible for biometrics within the DoD. The Army’s Biometric Management Office and Biometrics Fusion Center report directly to the Army CIO.

Biometric Management Office. Representatives from the DoD’s Biometric Management Office have been working with FBI’s CJIS Division since November 2003 to develop standardized policies for collecting, searching and sharing fingerprints collected overseas from military detainees and latent fingerprints gathered from investigation sites. As a result of this collaboration, the DoD is currently upgrading its technology to conform to the electronic fingerprint standards that IAFIS utilizes. The DoD is in the process of configuring its own automated fingerprint identification system and is coordinating with the CJIS Division. The Biometric Management Office representatives also participate in various inter-agency meetings.

Key Working Groups

The above groups have created several interagency committees and working groups to coordinate the sharing of biometric fingerprint information. They address topics ranging from policy and long-term issues, to meetings with working-level participants to discuss technical and operational issues. The committees and working groups include:

  • Executive Office of the President, Homeland Security Council, Deputies Committee. Officials at the Deputy level (or their designees) from the Department, the DHS, the DOS, and other agencies have met regularly since January 2004 to discuss security issues, including IDENT/IAFIS and US-VISIT fingerprint biometric interoperability issues and long-term goals.

  • Policy Coordination Committee. Also formed in January 2004, the Policy Coordination Committee reports to the Homeland Security Council Deputies on issues such as current and future use of the fingerprint data contained in IAFIS, IDENT, and US-VISIT. Managed by the Office of Management and Budget, Policy Coordination Committee participants include representatives from the Department (e.g., the CIO, the FBI CJIS Division, and JMD), the DHS, the DOS, and the DoD.

  • US-VISIT Federal Stakeholders Advisory Board (US-VISIT Board). The US-VISIT Board, chaired by the DHS’s Under Secretary for BTS, provides advice and recommendations for the management of the US-VISIT system. Non-DHS members include the Department CIO, Assistant Director in Charge of the CJIS Division, and the Deputy Assistant Secretary of State for Consular Affairs.

  • Interagency Task Force. The Task Force, chaired by the Director of US-VISIT, meets weekly to discuss operational issues but has no policy role. The group includes Accenture (US-VISIT prime contractor) and representatives from across the DHS and other agencies. The Department’s Office of the CIO is also represented.

  • US-VISIT Strategic Plan Team. The Team outlines business requirements needed for immigration and border management and the technology, data, and facilities needed to support the requirements. The FBI CJIS Division and the Department are represented.

  • NIST Biometric Working Group. Representatives from JMD, CJIS Division, the DOS, the DHS, as well as relevant contractors, attend regular meetings at the NIST to discuss issues surrounding Patriot Act biometrics. Scientists at the NIST attend these meetings and explain to participants the findings of their biometrics research studies.

  • JABS Board of Directors. The JABS Board of Directors is an oversight group that makes process and policy-related recommendations to the JABS Policy Management Office. It is comprised of the Department’s CIO, a Section Chief from the CJIS Division, and other representatives from the organizations that utilize JABS.

  • Source Selection Advisory Committee. The DHS formed the Source Selection Advisory Committee, which was comprised of managers from the DHS’s US-VISIT Policy Management Office and included the CJIS Division’s Operations Branch DAD, to select the prime contractor for US-VISIT. The contract was awarded to Accenture on June 2, 2004.


SCOPE AND METHODOLOGY

Because the scope of this review involves issues beyond the Department, including issues within the DHS, we coordinated this review with the DHS’s Office of Inspector General. Our fieldwork consisted of interviews, site visits, and extensive documentation review.

Interviews. We interviewed individuals from the Department, the DHS, the NIST, the DOS, and the DoD. We also spoke to contractors working for the companies responsible for supporting the integration project.

Interviews with Department personnel. From the Department, we interviewed the CIO, his Special Assistant, and a Senior Program Analyst in the CIO’s office. From JMD, we interviewed the IDENT/IAFIS and JABS Program Managers, and members of their staff. From the FBI, we interviewed the Assistant Director in Charge of the CJIS Division and members of his staff, including two Deputy Assistant Directors, two Section Chiefs, a Senior Information Technology Specialist, a fingerprint examiner, and several other senior personnel at the CJIS Division.

Interviews with DHS personnel. From the DHS’s US-VISIT Program Management Office, we interviewed the Deputy Director of US-VISIT, and several IDENT/IAFIS Program Managers. From the Bureau of Customs and Border Protection, we interviewed the senior Border Patrol Officer responsible for IDENT/IAFIS, an inspector at the Dulles International Airport, and a Program Officer from the executive office of US-VISIT.

Interviews with the NIST, the DOS, and the DoD. From the NIST, we interviewed the chief scientist with principle responsibility for biometrics research. From the State Department, we interviewed the Deputy Assistant Secretary of State for Consular Affairs, and two members of her staff involved in biometrics. From the Defense Department, we interviewed the Director of the DoD Biometrics Management Office, a representative of the DoD’s Office of the Assistant Secretary of Defense, and several contractors.

Site visits. We visited the FBI’s CJIS Division in Clarksburg, West Virginia in order to interview FBI personnel and observe IAFIS system capabilities. We also visited the DHS’s port of entry at Dulles International Airport to observe IDENT/IAFIS operations and US-VISIT entry/exit procedures, and to interview DHS staff. In addition, we attended the Department’s Fingerprint Vendor Technology Evaluation meeting, and a presentation given by JMD and relevant contractors regarding their assessment of IDENT/IAFIS search accuracy.

Documentation review. We reviewed numerous documents, including the Department’s and the DHS’s updated deployment and budget plans; the most recent JMD Metrics Study; fingerprint biometrics studies conducted by the NIST and the FBI; IDENT/IAFIS integration status reports; recent congressional testimony and reports; FBI and US-VISIT system descriptions and performance data; interagency meeting minutes; and correspondence between representatives from the Departments of Justice, Homeland Security, and State.

Footnotes

  1. The law enforcement standard is to take fingerprints from all ten fingers by rolling and pressing each finger on either a scanner or a standard fingerprint record form (ten rolled prints). Fingerprints may also be taken without rolling the fingers (flat fingerprints) and from fewer than ten fingers. Prints taken by simultaneously pressing all fingers straight down are referred to as "slap" fingerprints.

  2. Textual queries are also sent through IAFIS via the National Crime Information Center (NCIC), which operates a national database of computerized information on individuals with active wants and warrants, stolen articles, vehicles, guns, license plates, and other data. Over 80,000 participating federal, state, and local law enforcement agencies submit information for wanted and missing persons to the NCIC.

  3. IAFIS Systems Requirement Definition, October 31, 2003, p. 7.

  4. Rap sheet refers to the Record of Arrests and Prosecutions.

  5. The FBI number is a unique identification number assigned to each individual who has a criminal history record in the NCIC. An associated fingerprint record for the individual will have the same FBI number.

  6. On March 1, 2003, the INS was transferred to the DHS and its operational responsibilities divided among three bureaus: the Bureau of Customs and Border Protection (CBP), the Bureau of Immigration and Customs Enforcement (ICE), and the Bureau of Citizenship and Immigration Services (CIS).

  7. IDENT also contains an Asylum database of fingerprints records searched and enrolled only by immigration officers that process asylum claims, and a Border Crossing Card database of fingerprints searched and enrolled by DOS officials that process Mexican Border Crossing Card applications and a database of the fingerprint records of nonimmigrant aliens arriving from certain countries identified as presenting an elevated security concern. Applicants seeking admission to the United States under US-VISIT are not searched against the apprehension, asylum, or border crossing card databases. Also, US-VISIT uses the lookout capability of IDENT to check the travelers' biometrics.

  8. US-VISIT Fiscal Year (FY) 2004 Expenditure Plan, January 2004, p.1.

  9. US-VISIT Fiscal Year (FY) 2004 Expenditure Plan, January 2004, p.1.

  10. The US-VISIT watch list includes the IDENT lookout records, the IDENT apprehension records with alerts, "Wants and Warrants" data extracted from IAFIS daily, records of individuals from countries with special registration requirements, and individuals with unknown or foreign birthplaces or prior arrests on immigration charges. Wants and Warrants refer to the Wanted Persons file of the National Crime Information Center.

  11. Because immigration inspectors at primary inspection generally have less than a minute to inspect arriving visitors, a rapid response time is essential. A check of the US-VISIT watch list takes approximately 15 to 20 seconds.

  12. After the DHS's creation in the Homeland Security Act of 2002, the responsibility for immigration-related issues shifted from the Attorney General to the Secretary of the DHS.

  13. USA PATRIOT Act (P.L. 107-56), Section 403(c)(2).

  14. In its directive regarding the sharing of biometric fingerprint information among systems, Congress describes the operations of the systems as being "fully-integrated" or "interoperable." For purposes of this report, we consider these terms to have the same meaning.

  15. Enhanced Border Security and Visa Reform Act of 2002 (P.L. 107-173), Section 202(a)(4)(B).

  16. The Department is still operating under a continuing resolution, thus the FY 2005 Appropriation Bill is not yet available.

  17. This language is almost identical to the language in the DHS FY 2005 Appropriations Bill, Conference Report 108-774.

  18. This includes 317 sites in the United States and 14 "pre-clearance" sites in other countries.

  19. Exceptions to the requirement include aliens under 14 years of age, over 79 years of age, and when the workload at the Border Patrol station is too great, in which case Border Patrol agents are only required to enter/enroll apprehended aliens into IDENT.

  20. In July 1999, a House Report directed the INS to suspend further deployment of IDENT until the Department submitted a plan for integrating IDENT and IAFIS.

  21. All TPRS transactions pass through JABS. Therefore, JABS will also have to be prepared to support the increased workload from the DHS. The officials we spoke to stated that JABS was ready for the expedited deployment of Version 1.2.

  22. ENFORCE is the DHS's case management system that documents and tracks the investigation, identification, apprehension, detention, and removal of immigration law violators.

  23. This deadline, postponed from October 1, 2003, refers to the date by which certain passports used for travel to the United States must be machine-readable (Border Security Act, Section 303).