Glenn A. Fine
U.S. Department of Justice
House Judiciary Committee
Subcommittee on Immigration and Claims
October 11, 2001
* * * * *
Mr. Chairman, Congresswoman Jackson Lee, and Members of the Subcommittee on Immigration and Claims:
I appreciate the opportunity to appear before the Subcommittee on Immigration and Claims to discuss the Immigration and Naturalization Service's (INS's) use of information technology to secure America's borders. My testimony this morning will focus on the work of the Department of Justice (Department) Office of the Inspector General (OIG) in examining programs and related automated systems in the INS.
In recent years, the OIG has spent approximately one-half of our total resources on INS-related oversight. We expended this effort in response to concerns expressed within the Department and Congress, as well as our own assessment, about how the INS was handling its important and diverse responsibilities. As the INS's budget and workforce have increased to more than $5 billion and 33,000 staff, the need for concerted OIG oversight similarly has increased.
At the outset of my statement, I want to stress that while the OIG has noted serious deficiencies in INS operations and systems over the years, this should in no way diminish the important contributions thousands of INS employees make on a daily basis. These employees perform diligently, under very difficult circumstances, and their mission is critical to the proper functioning of our government.
Yet, as this statement will discuss, our reviews of INS programs and their associated information technology systems have revealed significant problems that leave gaps in the INS's attempts to secure the nation's borders. In this statement, I will highlight examples of OIG work in the INS that identifies some of these shortcomings.
Before I turn to these specific OIG reviews, however, let me offer several general observations based upon our body of work in the INS. Over the past decade, the OIG has found serious process and management deficiencies in the INS. Many OIG reviews of INS programs have questioned the reliability of the agency's automated information systems and the accuracy of the data produced by those systems. We see separate automated systems planned for almost every function in the INS, but many of these systems do not "talk" to each other and therefore cannot be used to meet other important agency missions. Furthermore, given the INS's track record in acquiring and managing information technology (IT) systems, the OIG is concerned that the INS will not have the managerial expertise or ability to bring all of its automation initiatives successfully to completion, particularly in a timely and cost effective fashion.
According to Department of Justice estimates, the INS has spent more than $290 million on automated systems in fiscal year (FY) 2001 and more than $260 million in FY 2000. All told, through fiscal year 2001, the INS planned to spend approximately $2.6 billion on its automation programs. However, two OIG reviews of the INS's management of its automation initiatives found lengthy delays in completing many automation programs, unnecessary cost increases, and a significant risk that finished projects would fail to meet the agency's needs.
The OIG first notified the INS in 1995 of our concerns regarding systemic problems in INS automation programs. Based on our extensive audit work during the early 1990s, we identified ten risk areas in the INS's management of its automation programs that required close scrutiny by agency managers.
In March 1998, the OIG completed the first of two comprehensive audits of the INS's management of its automation programs. In our first audit, we found that the INS did not adequately monitor its automation programs. We concluded that the INS lacked comprehensive performance measures and insufficiently tracked the status of its projects. Consequently, the INS could not determine if progress towards the completion of the projects was acceptable. As a result, we stated that the INS faced risks that: (1) completed projects would not meet the overall goals of the automation programs; (2) completion of the automated projects would be significantly delayed; and (3) unnecessary cost increases would occur.
In July 1999, the OIG issued a follow-up report, which again found that the INS was not adequately managing its automation programs. In the 1999 audit, we noted that the INS still could not sufficiently track the status of its automation projects to determine whether progress was acceptable given the amount of time and funds already spent. We reported that: (1) estimated completion dates for projects were delayed without explanation; (2) costs continued to spiral upward with no justification for how funds were spent; and (3) projects neared completion with no assurance for meeting performance and functional requirements.
We identified three causes for these problems. First, INS managers did not have a common base line of automation projects by which to focus their collective efforts. In fact, the INS had substantial difficulty providing us with a complete list of their automation projects. Second, project information needed for effective management and decision-making was not readily available. Third, INS managers did not develop, document, or implement basic management control processes necessary to ensure that projects would be completed on schedule and meet performance and functional requirements. The ultimate cost for the INS's automation programs was uncertain because actual costs incurred were unreliable and projected cost estimates were unsupported.
Furthermore, we found that the INS had not implemented adequate safeguards to ensure the accuracy of existing data that would be used by systems being developed or re-engineered, or the adequacy of future data inputs. As a result, new or existing INS systems could contain inaccurate or unreliable data.
Since these audits, the General Accounting Office (GAO) issued reports in August 2000 and December 2000 that reached related conclusions about the INS's management of its information technology programs. Those reports concluded that the INS does not have an enterprise architecture to ensure that the hundreds of millions of dollars it spends each year on new and existing technology will optimally support the INS's mission. The GAO also concluded that the INS did not have adequate processes in place to effectively manage its planned and ongoing information technology programs.
I will now describe several OIG reviews that examined the management and performance of individual INS information technology systems.
In 1989, the INS began to develop an automated biometric identification system to identify quickly individuals who are apprehended or have come into contact with the INS. Biometrics are biological measurements unique to each person, such as fingerprints, hand geometry, facial patterns, retinal patterns, or other characteristics, that are used to identify individuals. Fingerprints are the most common biometric used by law enforcement agencies. Historically, without a biometric system, the INS had to rely upon the names provided by aliens who were apprehended when checking against their databases or other records. But aliens often used false names or different names during different apprehensions. Also, many persons have similar names, and spelling errors can result in problems identifying individuals accurately.
After several studies, in 1994 the INS began implementing the Automatic Biometric Identification System, called IDENT. IDENT was first deployed in the San Diego Border Patrol Sector and subsequently throughout the southwest border. IDENT workstations consist of a personal computer, camera, and a single-fingerprint scanner. During enrollment of individuals into IDENT, INS agents scan an individual's two fingerprints, take the individual's photograph, and enter basic apprehension information about the individual into the automated system. When this information is saved, IDENT matches the fingerprints of the individual against the corresponding fingerprints of all individuals in two central IDENT databases, the lookout database and the recidivist database.
In the 1996 Illegal Immigration Reform and Immigrant Responsibility Act, Congress directed the INS to expand the use of IDENT to "apply to illegal or criminal aliens apprehended Nationwide." INS officials envisioned that most of the agency's programs and operations - including the Border Patrol, Investigations, Detention and Deportation, Intelligence, Inspections, Benefits Adjudication, and the INS Service Centers - would benefit from the IDENT system through its quick identification of individuals and its ability to obtain information about them from previous encounters with the INS, including any criminal history.
In 1998, the OIG evaluated the INS's implementation of IDENT and found that the INS was enrolling less than two-thirds of the aliens apprehended along the U.S.-Mexico border into the IDENT system. In addition, the INS was entering the fingerprints in the IDENT lookout database of only 41 percent of the aliens deported and excluded in FY 1996; of these, only 24 percent had accompanying photographs even though the INS relies on photographs to confirm identification. We found virtually no controls in place to ensure the quality of data entered into the IDENT lookout database. As a result, we found duplicate records and invalid data. We also raised concerns that the INS had not provided sufficient training to its employees on the use of IDENT. These failures hampered the INS's ability to make consistent and effective use of IDENT.
In March 2000, the OIG issued another review that implicated the IDENT system in tragic circumstances. The OIG examined how the INS handled its encounters with Rafael Resendez-Ramirez (Resendez), a Mexican national accused of committing several murders in the United States. Resendez was known as "the railway killer" because he allegedly traveled around the United States by freight train and committed murders near railroad lines. In early 1999, Texas police obtained a warrant for Resendez's arrest in connection with a brutal murder in Houston, Texas. The police mounted an extensive search to find Resendez and contacted several INS investigators in Houston seeking assistance in the search for him. However, none of those INS investigators placed a lookout notice` for Resendez in IDENT. Instead, the INS investigators referred the police to other agencies or databases.
Consequently, when Border Patrol agents apprehended Resendez on June 1, 1999, as he attempted to illegally cross the border into New Mexico, nothing in IDENT alerted them to the fact that Resendez was wanted for murder or had an extensive criminal record. As a result, the Border Patrol followed its standard policy and voluntarily returned Resendez to Mexico. He returned to the United States within days of his release and murdered several more people before surrendering on July 13, 1999.
The OIG review concluded that the failings by the INS employees who did not place a lookout for Resendez in IDENT were indicative of and partly caused by larger failings in the INS's design and implementation of IDENT. We found that the training that was given to INS employees on IDENT, particularly outside the Border Patrol, was ineffective or non-existent. In the 1998 OIG report, we had noted problems with IDENT training and recommended that the INS develop and implement a strategy for sufficiently training INS personnel using IDENT. Unfortunately, the INS largely rejected this recommendation, claiming that its IDENT training was adequate. We found in the Resendez review that INS program offices, such as Investigations and Intelligence, viewed IDENT as a Border Patrol initiative and were not educated on how IDENT could be useful to their mission.
When we interviewed INS employees in various offices involved with the Resendez case, we found that their knowledge of IDENT was severely lacking. The INS investigators who were contacted by police searching for Resendez did not think of IDENT, even when they were asked to place a lookout in INS databases for Resendez. Although the INS had distributed a lookout policy, it provided no training on the policy and did little to ensure that the policy was understood or read.
IDENT was not, and still is not, linked with FBI databases. The INS's IDENT system and the FBI's Integrated Automated Fingerprint Identification System (IAFIS) and the National Crime Information Center (NCIC) 2000 system were developed separately and along different time lines. Although the INS and the FBI periodically discussed integration of their systems as they were being developed, there was never a sustained effort to achieve that goal and no agreement on integration was reached. We were told that the INS and the FBI made little effort to understand the operational requirements of the other agency. Each agency focused on meeting its own requirements and did not pursue integration. As a result, when the FBI finally deployed IAFIS and NCIC 2000 in July 1999, the FBI fingerprint systems were not linked to IDENT.
The Resendez case vividly illustrated the need for integration of the INS and FBI systems and spurred the FBI and the INS to develop an integration plan. The plan required studies to help determine the feasibility of integration of the systems, which initially would allow the fingerprints of aliens apprehended by the INS to be searched against a subset of the FBI's Criminal Master File and eventually against the entire master file. However, an integration plan is still in the process of being developed and may take years to implement fully.
The INS estimates the number of illegal aliens in the United States at 5 million to 6 million, while others estimate the number to be even higher. A common perception about illegal aliens is that the vast majority enter the United States by surreptitiously crossing our land borders, primarily from Mexico. In fact, the INS estimates that approximately 40 to 50 percent of the illegal alien population entered the United States legally as temporary visitors but simply failed to depart when required. The INS refers to these illegal aliens as nonimmigrant "overstays." More than 90 percent of overstays are tourists or business visitors, but overstays also include students and temporary workers.
In a 1997 inspection, the OIG found that the principal INS record-keeping system for tracking nonimmigrant overstays, the Nonimmigrant Information System (NIIS), does not produce reliable data, either in the aggregate or on individual nonimmigrants. Normally, passengers arriving in the United States fill out an I-94 form and present it to the INS inspector upon arrival. The inspector collects the arrival portion of the form and returns the departure portion to the passenger. The arrival portion is sent to an INS contractor, who inputs the data into NIIS. When the person leaves the United States, the airlines are supposed to collect the departure portion of the I-94 form and provide it to the INS for input into NIIS. The data is then matched by NIIS to identify nonimmigrant overstays.
We found that the NIIS data is incomplete and unreliable due to missing departure records and errors in processing of the records. NIIS does not contain departure records for a large number of aliens, most of whom the INS assumes have left the United States. The INS believes that unrecorded departures result from airlines failing to collect departure forms, from aliens departing through land borders, from data entry errors, from records being lost through electronic transmission or tape-loading problems, or from the failure of the system to match arrival and departure records.
We also found that the INS had no specific enforcement program to identify, locate, apprehend, and remove nonimmigrant overstays, and we concluded that NIIS data would be of little use for locating aliens.
The Illegal Immigration Reform and Immigrant Responsibility Act of 1996 directed the Attorney General to develop an automated entry and exit control system that would collect a record for every alien departing the United States and automatically match these departure records with the record of the alien's arrival. This proposal was designed to replace the manual system of collecting I-94 cards and enable the INS, through on-line searching procedures, to identify lawfully admitted nonimmigrants who remain in the United Sates beyond the period authorized. In 2000, however, Congress extended the deadline for implementing the system for airports and sea border ports of entry until December 31, 2003, and for high-traffic land border ports of entry until December 31, 2004.
In response to this congressional requirement, the INS introduced a pilot system in 1997 to automate the processing of air passenger I-94 forms. This automated I-94 system captures arrival and departure data electronically and uploads non-U.S. citizen data to the INS's NIIS.
This summer, the OIG completed an audit of the design and implementation of the automated I-94 system and found that the INS has not properly managed the project. Despite having spent $31.2 million on the system from FY 1996 to FY 2000, the INS: (1) does not have clear evidence that the system meets its intended goals; (2) has won the cooperation of only two airlines; (3) is operating the system at only a few airports; and (4) is in the process of modifying the system. INS officials estimated that an additional $57 million would be needed for FY 2001 through FY 2005 to complete the system. These projections include development, equipment, and operation and maintenance costs.
As a result of our concerns, we made a series of recommendations to help ensure that the INS rigorously analyzes the costs, benefits, risks, and performance measures of the automated I-94 System before proceeding with further expenditures.
The Immigration Reform and Control Act of 1986 created the Visa Waiver Pilot Program (VWPP), which permitted citizens from certain countries to enter the United States as visitors without first obtaining a visa. The law allowed VWPP visitors to stay in the United States for up to 90 days per visit and required them to possess a round trip ticket and waive their rights to appeal immigration officers' determinations of admissibility or contest any deportation actions.
In October 2000, the program became permanent and is now known as the Visa Waiver Program. Currently visa requirements are waived for citizens of 29 countries who wish to visit the United States.
In 1999, the OIG assessed the INS's efforts to minimize illegal immigration and security threats posed by abuse of the VWPP. Because visitors traveling for business or pleasure under the VWPP were not required to obtain visas, they were not screened in any way prior to their arrival at U.S. ports of entry. Instead, VWPP visitors presented their passports to INS inspectors on arrival. The inspectors observed the applicants, examined their passports, and conducted checks against a computerized lookout system to decide whether to allow applicants entry into the United States. This review by INS inspectors was the principal means of preventing illegal entry. INS inspectors had, on average, less than one minute to check and decide on each applicant.
As a result of our review, we found that INS inspectors did not query all VWPP passport numbers against the INS's computerized system. In addition, our inspection noted that terrorists, criminals, and alien smugglers have attempted to gain entry into the United States through the VWPP.
During our review, the INS informed the OIG that the theft of passports from VWPP countries was a serious problem. Because these stolen passports are genuine documents, their fraudulent use is difficult for INS inspectors to detect. During our review, we tested a sample of 1,067 passports stolen from VWPP countries and found that almost 10 percent may have been used to successfully enter the United States. We also identified problems with the way the INS maintains its lookout system, including its failure to enter information about stolen VWPP passports into the lookout database in a timely or accurate manner. As a result, 567 stolen passports in our sample of 1,067 (53 percent) had no lookout record in the INS system. Of the 500 passport numbers that had lookout records, 112 (22 percent) were not entered accurately. This missing or inaccurate information reduced the effectiveness of the lookout system and increased the possibility that inadmissible VWPP applicants could enter the United States.
In a report issued in March 1998, the OIG examined how two individuals, Gazi Ibrahim Abu Mezer and Lafi Khalil, entered and remained in the United States before their July 1997 apprehension in Brooklyn for allegedly planning to bomb the New York City subway system. Mezer was subsequently convicted and sentenced to life imprisonment. Khalil was acquitted of charges stemming from the bombing plot but found guilty of immigration violations.
In our report, we described how both men were able to enter the United States and remain here. Khalil, who had a Jordanian passport, applied to the U.S. Consular Office in Jerusalem for a visa to travel through the United States en route to Ecuador. The consular official gave him a 29-day, C-1 transit visa after a three-minute interview. When Khalil arrived in New York on December 7, 1996, an immigration inspector mistakenly granted him a 6?month, B-2 tourist visa. He overstayed that visa and was arrested in Brooklyn, along with Mezer, in July 1997.
Mezer, who claimed Jordanian nationality, received a visa from the Canadian Embassy in Israel to study in Canada. Shortly after arriving in Canada in September 1993, he applied for convention status, which is similar to political asylum in the United States, based on his claimed fear of persecution in Israel. Mezer later admitted that he had traveled to Canada with the intent to reach the United States.
In 1996, Mezer was detained by the Border Patrol twice while attempting to cross the border into Washington State. Each time the Border Patrol voluntarily returned him to Canada. In January 1997, the Border Patrol apprehended Mezer in Washington a third time and initiated formal deportation proceedings. Mezer then filed an application for political asylum in the United States and was later released on a $5,000 bond. In his asylum application, Mezer claimed that Israeli authorities had persecuted him because they wrongly believed he was a member of Hamas. The immigration court requested comments from the State Department about Mezer's asylum application, and the State Department returned the application with a sticker indicating that it did not have specific information on Mezer. Mezer's attorney later withdrew the asylum application, stating that Mezer had returned to Canada. Mezer was arrested shortly thereafter in Brooklyn for plotting to bomb the subway system.
During our review, we did not find any information that Mezer was a known terrorist. However, we found systemic problems that were revealed by his case. Our review found that Mezer had entered and remained in Canada despite two criminal convictions there, which highlighted the ease of entry into Canada and the difficulty of controlling illegal immigration from Canada into the United States. We also noted the inadequacy of Border Patrol resources to address illegal immigration along the northern border. In addition, Mezer's case reflected confusion between U.S. government agencies as to which agency would conduct a check for information on whether an asylum applicant was a terrorist. We recommended that the INS and the State Department coordinate more closely on accessing and sharing information that would suggest a detained alien or asylum applicant may be a terrorist.
In February 2000, the OIG issued a report that systematically examined the Border Patrol's efforts to control illegal activity along the northern border, examined how the Border Patrol collects and assesses information about illegal activity and responds to it, and evaluated the allocation of Border Patrol resources to the northern border.
The nearly 4,000 miles of border between the United States and Canada are managed by 8 of the Border Patrol's 21 sectors. As of September 30, 1999, 311 of the national total of 8,364 Border Patrol agents (3.7 percent) were assigned to northern border sectors. In keeping with the INS's strategic plan, the Border Patrol deployed 7,706 Border Patrol agents (92.1 percent of the total) to its nine southwest Border Patrol sectors. The remaining 347 agents were assigned to the coastal sectors, headquarters, INS regional offices, and the Border Patrol Academy. Currently, according to the INS, there are 334 Border Patrol agents assigned to the northern border.
Border Patrol sectors on the Canadian border face significant challenges, even though the volume of known illegal alien entries is much less than along the Mexican border. The OIG review reported an increase in illegal activity along the northern border, including an increase in alien and drug smuggling. But the INS was unable to assess the level of illegal activity along the northern border, given the limited personnel and equipment resources allotted to its eight northern Border Patrol sectors. However, it is clear that the level of illegal activity exceeds the Border Patrol's capacity to respond. We also found that other factors, such as the detailing of agents from the northern to the southwest border and lack of detention space to house apprehended aliens, further diluted the Border Patrol's enforcement capabilities along the northern border.
We concluded that the number of agents assigned could not adequately patrol the entire length of the northern border. Shifts with no Border Patrol coverage left the northern border open. INS Intelligence officers also told us that criminals monitor the Border Patrol's radio communications and observe their actions. The criminals know the times when the fewest agents are on duty and plan their illegal operations accordingly. The Border Patrol realized this risk but, because of the low numbers of agents assigned to northern border sectors, it could not cover all shifts 24 hours a day, 7 days a week. Most Border Patrol officials we interviewed believed around-the-clock coverage was the minimum acceptable level of coverage for northern Border Patrol stations.
"Force-multipliers" such as cameras, sensors, and other technology aid the Border Patrol in its surveillance and interdiction activities, but we found that northern border sectors do not have adequate amounts of this equipment. For example, at the time of our inspection, one northern border sector had identified 65 smuggling corridors along the more than 300 miles of border within its area of responsibility, but the sector had only 36 sensors with which to monitor these corridors.
The Border Patrol's Strategic Plan, issued in 1994, does not address the northern border until the plan's fourth and final phase. Phase I of the Strategic Plan was designed to control the San Diego and El Paso Corridors; Phase II to control South Texas and Tucson corridors; Phase III to control the remainder of the southwest border; and Phase IV to control the rest of the borders, including the northern border. At the time of our inspection in 2000, the Border Patrol was in Phase II of its strategic plan, and no date had been set for implementation of Phase IV. In addition, the strategic plan did not articulate the strategies that the Border Patrol would eventually use to control the northern border once it has achieved control of the southwest border.
The OIG recommended that the INS Commissioner outline the approach the Border Patrol would take to secure the northern border, including determining the minimum number of Border Patrol agents required to address existing gaps in coverage, determining the amount of intelligence resources needed to more accurately assess the level of illegal activity, and identifying and implementing accurate data collection methods to support decisions about personnel and equipment. INS eventually wrote a strategic plan regarding the northern border, but we understand that it has not been implemented. We also recommended that the Commissioner evaluate whether there was a continuing need to detail Border Patrol agents out of northern sectors.
In addition to these reviews, the OIG has examined other INS programs and their related automated systems, including:
In addition, we concluded that the INS's Interior Voluntary Return Tracking System (IVRTS), implemented in FY 1997, did not track individual aliens who were granted voluntary departure and thus could offer only an incomplete count of the number of these departures nationwide. At the time of our review, IVRTS did not record the names or alien numbers of the aliens granted voluntary departure. Furthermore, the system provided no information suitable for follow-up enforcement and no useful information to include in the INS's lookout indices.
A March 2001 OIG audit tested INS data in TECS related to secondary inspections (inspections of travelers that require a more detailed review than the standard primary inspection) at three airports. The audit examined whether the data accurately reflected referrals of travelers to secondary inspection and whether the data included secondary inspection results. We found that the INS's data in TECS for inspections performed at two airports were reliable, while the data for inspections at the third was not. We found that the third airport's inspectors entered the required referral designation and secondary inspection results in TECS for only 3 percent of the secondary inspections performed.
As described by these reports, our work has found that the INS has not managed its diverse information technology systems well. We found numerous and longstanding problems of failures by INS managers to implement reliable, integrated systems in a timely and cost-effective manner.
We believe that the INS needs to more stringently establish priorities on the development of its systems, rather than spend enormous resources and effort to develop so many systems for so many different purposes. The INS has in use or in development approximately 100 automated information systems and it appears to have a separate system for each function in the agency, without sufficient connection or interrelation.
Among other recommendations, based on our work we urge the INS to ensure that its databases share information, both within and outside the INS. For example, the INS and the FBI's automated fingerprint systems - IDENT, IAFIS, and NCIC 2000 - need to be connected. The INS also needs to expand the use of biometrics to accurately identify individuals with whom the INS comes into contact.
It is clear that more resources need to be devoted to the northern border. Technology such as cameras and sensors can help in this effort, but there are too few agents and inspectors along the northern border.
The INS also must improve its tracking of nonimmigrant visa overstays. The current system for identifying overstays - manual I-94 cards inputted into the NIIS database - does not produce reliable or accurate information, either as a whole or on individual overstays, and the automated I-94 project has not worked. The INS must design a system that can accurately capture arrival and departure data, and automatically match them in a reliable fashion.
Solving the problems of INS information technology is a complex issue with no easy solutions, but it requires a strategic vision, strong leadership, and individual and organizational accountability. This effort needs to be a top priority of the agency, since effective INS information technology is essential to protecting the integrity of the immigration system and the national security.
This concludes my prepared statement. I would be pleased to answer any questions.