Homeland Security Watch

DHS Secretary Mike Chertoff reconvenes a group of us bloggers for a roundtable tomorrow at DHS Headquarters. Topics are likely to include the recent developments surrounding REAL ID deadlines and compliance by states. Or perhaps the legal waivers Chertoff issued today that suspend environmental laws and regulations to finish building 670 miles of fence along the southwest border. (Eileen Sullivan at AP reports that these pesky laws currently prevent DHS from building the 267 miles of fencing in California, Arizona, New Mexico, and Texas.)

Readers are encouraged to submit here the questions they would like answered by the Secretary. The last time we met with him, each of us was given only enough time for one question. I hope we’ll be able to make more use of this session. Looking forward to your questions.

Waiting in the HLSWatch.com inbox upon my return from Big Sky, Montana, were scanned copies of correspondence between DHS Assistant Secretary for Policy Stewart Baker and Montana Attorney General Mike McGrath about the state’s request to opt out of the REAL ID Act.

DHS granted an extension on Friday to the state of Montana so that it can comply with the REAL ID Act. The only thing is that Montana never asked for an extension. Montana governor Brian Schweitzer made news over his intention to defy the law passed by Congress in 2005. Schweitzer is leading a charge (joined by Maine, South Carolina, New Hampshire, and Oklahoma) to oppose the REAL ID Act and any efforts by DHS to impose penalties for non-compliance.

The 9/11 Commission recommended that the U.S. rationalize the state identification regime in order to reduce the risk of fraud (suspected to aid terrorists and criminals alike). The Commission argued that the federal government should “set standards for the issuance of … driver’s licenses.” The REAL ID Act requires that a standardized driver’s license be used for “official purposes.” At this point, DHS proposes to define “official purposes” of a REAL ID as accessing federal facilities and nuclear power plants and boarding commercial aircraft. The main beef states have with the Act is the lack of funding to pay for the mandate. DHS is stretching out the compliance period over almost ten years (2014) to make it easier on states, but that only avoids the REAL problem according to Governor Schweitzer. Schweitzer and the Montana state legislature oppose it on principle.

(It sure doesn’t help that the Secretary suggested contrarians should “grow up” about security measures, such as the REAL ID provisions. The statement emboldened critics to examine his tenure more closely and shift the focus away from REAL ID.)

Montana seeks a complete waiver, but DHS’s Stewart Baker explained in a letter to Montana’s Attorney General that DHS has only the authority to carry out the statute or grant extensions to state’s that “meet the requirements” of the REAL ID Act.

Frankly, after Montana’s governor has called the law “nonsensical”, “kooky,” and “hare-brained,” and invited other states to join him in a showdown over “the DHS coercion to comply,” I’m impressed with Baker’s dispassionate response. Baker wrote in a response the same day he received McGrath’s letter:

Under the statute, the Department [of Homeland Security] can only grant an extension of the compliance deadline [as opposed to a waiver.] Therefore, I can only provide the relief you are seeking by treating your letter as a request for an extension.

Of course, Schweitzer’s whole deal is that he’ll never seek an extension because it would be interpreted as intention to implement the Act.

Today DHS issued new rules for certain immigration requests that also propose establishing a new pilot program for a land-border exit system. This – in addition to making Lou Dobbs apoplectic – will have significant effects on benefits delivery and may invoke certain security and governance challenges.  It’ll also make it a lot easier for those fruit farmers in Florida this season.  The rule is intended to provide employers with a streamlined hiring process for temporary and seasonal agricultural workers (the H-2A program).

The proposed rule:

• Reduces current limitations and certain delays faced by U.S. employers and relaxes the current limitations on their ability to petition for multiple, unnamed agricultural workers.

• Reduces from six to three months the time a temporary agricultural worker must wait outside the U.S. before he or she is eligible reenter the country under H-2A status.

• Establishes a land-border exit system pilot program. Under the program, H-2A visa holders admitted through a port of entry participating in the program would also depart through a port of entry participating in the program and present upon departure designated biographical information, possibly including biometric identifiers.

International cooperation in combating terrorism is a no-brainer value add.  And we often try to address on this blog ways in which cooperation can be deepened – or established in the first place as the case may be.  So I was interested — and concerned — to read about a database under joint development by the U.S. Australia, UK, Canada, Japan, and China. 

The database will house biometric data on individuals in order to identify people based on fingerprints, but also such things as voice and facial expression.  These “signatures” are intended to help homeland security authorities better identify and trace terrorists and other suspects.

A story today on News.com.au covered an international forensics conference taking place this week in Australia where this developing database was described by American Patrick Wang, a professor at Northeastern University who spoke at the event. Wang explained that “cross-country collaboration is already under way. There have been some very minor achievements, but people still expect to spend more money and time and to achieve a solution that cannot afford any more mistakes - aiming for 100 per cent accuracy.”

Biometrics are used across many parts of the private sector for facility entry credentials.  But the homeland security and law enforcement communities are gaining momentum. Next month, the FBI will let a contract for a $1 billion revamp of their fingerprints database (IAFIS) into a robust multi-metric identification database called Next Generation Identification that will include the ability to process, store, and analyze several other biometrics. DHS recently started its Biometric Storage System to support its immigration services and other credentialing programs. Could the international database gain access to NGI and BSS? Perhaps these U.S. databases will hoover the international sources.

Professor Wang scopes the effort as follows: “We’re talking about the internet, telephony, mobile phones, mobile phone cameras, digital cameras - all of these are being used not only to commit crimes but also to solve crimes,” he said.

This week, the Administration Transition Task Force reported out to Secretary Chertoff and the overall Homeland Security Advisory Council on its recommendations for how the Department leadership can prepare for and manage the first transition for DHS.  Its a rather skeletal report at 9 pages (the remaining 18 pages are appendixes), but it represents the beginning of a very worthwhile process of managing what will surely be a challenging transition. 

 Many people, even the Secretary, are advocating for a depoliticized transition that focuses on the mission.  This report speaks to that with some detail.  Other efforts to manage the HLS transition are underway at the DNDO, the HSC, and even by contractors of DHS (namely the Council on Excellence in Government).

The “Secure Borders Open Doors Advisory Council” — more easily referred to as the SBODAC — also reported out.  This report can be downloaded here. 

UPDATE: Thanks to reader William Cumming for identifying the related story in today’s Washington Post.  Stephen Barr interviews acting Deputy DHS Secretary Paul Schneider about how the Department is gearing up for the transition.  Check out William’s comment on this post for more.

DHS announced it has contracted California-based Computer Sciences Corp. for information-technology support. Under the $53 million contract CSC will provide desk support, systems training and security and strategic business system planning among other business intelligence analysis support services for USCIS.

USCIS announced that it has selected a team that includes Northrop Grumman Corporation to provide large operations management services at the USCIS California and Vermont service centers. The three-year indefinite delivery/indefinite quantity (ID/IQ) contract has a total ceiling value of $225 million to the team, on which Northrop Grumman will be a subcontractor to Stanley, Inc.

A $357 million contract from USCIS went to Northrop Grumman to continue providing biometric capture services in support of U.S. citizenship applications and green card renewals. Biometric capture services involve electronic scanning and recording of fingerprints, and photograph and signature collection, for identification purposes. Under Northrop Grumman’s management of the biometric program, USCIS has reduced its fingerprint rejection rate from 20 to 1.5 percent.

A $225 million contract supporting USCIS Service Center Operations in Nebraska and Texas went to SI International. The company also supports USCIS Office of Records services with the tracking and accounting of more than 62 million immigration files.

Letters from the Department of Homeland Security will start being mailed out the day after Labor Day (nice touch) to warn employers of the ~ 8 million workers in the U.S. that they must fire any employee without a valid Social Security number or risk criminal charges and fines. 

DHS Secretary Chertoff and Commerce Secretary Gutierrez announced on August 16 a series of border security and immigration measures under the titles e-Verify and Social Security No-Match rule.  The measures are intended to improve worksite enforcement and enhance current guest worker programs, among other things.  The Administration has described these efforts as the next best alternative to legislation that would have reformed several immigration polices had any legislation passed. 

The e-Verify program enables employers to check the work status of their employees online. The-Verify system compares information taken from the I-9 work eligibility verification form and matches it against the Social Security Administration’s database and the DHS immigration databases. The Social Security No-Match rule instructs an employer how to respond to a no-match letter from the Social Security Administration regarding an employee whose name and SSN do not match government records.  A mismatch can imply wrongdoing on the part of either the employee or the employer.  The new rule is intended to reduce fraudulent use of Social Security numbers for the purposes of gaining or providing jobs to illegal immigrants. 

An Administration Fact Sheet on this development is available here. 

The business community gave very tepid support to the Administration’s comprehensive immigration reform efforts when they were not flat out opposing it.  The enforcement of “E-Verify” is among the more invasive measures in the announcement.  This is the most recent incarnation of the Basic Pilot and the Employment Eligibility Verification System (EEVS).  E-Verify affects employers significantly by placing the burden on them to know whether they are in violation of the law and to take measures that either confirm an employee’s legal status (via the SSN) or unemploy those who are not legal or unable to prove their status.   

The E-Verify system will be a portal through which employers may submit an employee’s SSN and other identifiers (name, etc) to match against the Social Security Administration’s records.  If the SSA returns a “No-Match” letter, employers are required to cease employment within 90 days or face fines 25% higher than previously.  The E-Verify system is said to be challenged by an error rate ranging from 4%-11%.  The Administration’s plan calls for E-Verify to begin with all 200,000 federal contractors before expanding to states.  Even with this initial tier, the error rate risks significant false positives leading to inefficiencies for employers, unnecessary hardship for workers wrongly identified as unemployable, and the risk of legal challenges.  The immigration reform bill included a redress or repeal process, but it is unclear how E-Verify is prepared in this regard. 

The following table was created by Maggio Kattar, a law firm usually hired by the private sector to help them navigate immigration restrictions.  The table illustrates the no-match procedures and prescribed timeframes:

According to this framework, affected employees may continue to be employed. However, once an employer discovers that an employee is unemployable under the no-match procedure, the employer must terminate employment or face fines. 

US-VISIT last week opened a newly remodeled Biometric Support Center (BSC) in
San Diego, Calif. The BSC/West was established in 1995. Initially, it was opened to provide fingerprint verification services to Immigration and Naturalization Service.  The BSC/West operates 24/7 with a staff of twenty-seven.  The BSC/West counts the following metrics:

•        54,962 fugitive warrant verifications.

•        622,000 fingerprint comparisons in FY 2007.

•        81 verifications of unknown deceased subjects in FY 2007. 

GAO just released three studies.  The first reviews FBI’s management of acquiring and implementing Sentinel, which is a program slated to replace and improve upon the FBI’s failed Virtual Case File project.  The Sentinel program is critical to FBI’s need to modernize case management and information sharing obligations.  Think of this as a case of the opposite of the Deepwater project run by Lockheed for the Coast Guard: this GAO report actually focuses on how well the project is going.  For GAO to publish something positive is a rarity.  This report highlights “best practices” used by FBI to implement Sentinel with IBM.  Complete report available here.

 (click thumbnail)

The second study scrutinizes the privacy protection capabilities of the US-VISIT technology.  Intended to track all those people who enter and exit at any of the country’s 285 air, sea, and land ports of entry, US-VISIT is an ambitious undertaking — and a frequent subject of GAO studies.  Given the various sources of information DHS draws upon in order to run US-VISIT, matters pertaining to privacy rank at the top for members of Congress.  This GAO report gets into just this topic, but also weighs in on the information sharing capabilities of US-VISIT to determine if the program does a good enough job of sharing the info that it hoovers with the practioners who need it operationally.  Following is an image from the GAO study that illustrates this range of entities within the US-VISIT orbit.  Complete report available here.

(click thumbnail)

The third study details the challenges faced by the State Department in adjudicating large and growing numbers of visa applications while facilitating the legitimate flow of visitors.  The GAO study starts off with this problem statement: 

DOS has acknowledged that long waits for visas may discourage legitimate travel to the United States, potentially costing the country billions of dollars in economic benefits over time, and adversely influencing foreign citizens’ opinions of our nation. 

This helpful chart below makes the point that we need to be ready for a surge in immigration requests.  Of course, this portends challenges not only for State, but also USCIS.  How DHS plans to manage such a trend is difficult to discern now that immigration reform is off the table this Congress.  It was that legislation that would have provided an avenue for much needed modernization of USCIS capabilities.  Even with the recent increases in fees charged by USCIS, they won’t be able to collect enough to fund technology upgrades that are needed immediately because those fees will take a while to roll in.  Complete report available here.

The head of Customs and Border Protection, Commissioner Ralph Basham, circulated a memo to employees this week announcing plans to open a new Office of Intelligence and Operations Coordination on October 1 under his command.  Frankly, I’m fond of any reorganization that includes the word Coordination.  I’m not sure if its possible to have too much. 

The main points at this stage are that the OIOC is not operational, it appears to be more of an executive management function, and it reflects a focus on information analysis and flow.  This is key language from the announcement: 

The office will be comprised of an optimal blend of operators and analysts and will be structured in such a way as to optimize their interaction and collaboration.  The office will be focused on programmatic oversight, analysis and coordination, rather than conducting operations.  The new OIOC will establish mechanisms to ensure the flow of valuable information to and from field intelligence assets and the integration of field information into broader analytic products that directly support headquarters and field operators. 

And the starting line-up:

• Al Gina, Deputy Assistant Commissioner
• Tom Bortmes, Executive Director of Intelligence and Situational Awareness
• Tom Bush, Director of Targeting and Analysis
• Jeanne Ray-Condon, Director of Field Coordination
• Rodney Scott, Director of Incident Management and Operations Coordination

The Basham memo: 

 

When Christian Beckner unplugged from Homeland Security Watch, which he created and led, he called on some of us to maintain the blog. His are big shoes to fill. My name is Jonah Czerwinski and I will be one of the many required to pick up where Christian left off. More about my background will follow shortly. In the meantime, on with the Watch:

House Homeland Chairman Outlines Committee Priorities

During a luncheon discussion today Congressman Bennie Thompson, Chairman of the House Homeland Security Committee, offered a glimpse of what will populate his Committee’s agenda for the 110^th. Jointly hosted by the Homeland Security Policy Institute and The Aspen Institute , the luncheon was an opportunity for Chairman Thompson to introduce what he calls a “Real Deal for Homeland Security.” His prepared remarks can now be found on the Committee website, but there are some points he highlighted – and even added – during his delivery before a few dozen HLS wonks:

Mass transit. Chairman Thompson said to look for legislation next month aimed at strengthening mass transit security. In his remarks, he listed a few demands that legislation will likely include: vulnerability assessments, information sharing measures, and security training programs, among others.

Hurricanes Katrina and Rita represent a failure that should never be repeated, he said, but they also revealed equities that need better Congressional support. He called out the National Guard and U.S. Coast Guard for special attention and suggested the two need better federal support. The USCG Deepwater Project must be fully funded. That was not in the prepared remarks.

FEMA reorganization is unfinished. Chairman Thompson characterized efforts to reorient FEMA as insufficient. The audience was given the impression that current plans fall short of a solution to prevent the kind of under-performance witnessed in the Gulf Coast.

Other aspects of the Department are due for “aggressive oversight.” The Chairman identified both the DHS Management and S&T Directorates as needing scrutiny in three areas: leadership, mission, and accounting. Both the House Homeland Security and House Science Committees are preparing for a hearing on S&T after the President’s budget is released next month.

The Chairman called out Biowatch by name. This is the program that deploys detectors to provide early warning of an intentionally introduced pathogen. According to today’s remarks, Biowatch can expect renewed scrutiny.

While it was not in his prepared remarks, Chairman Thomson pointed out during his comments the lack of screening for air cargo and suggested that his Committee would seek measures aimed providing some kind of visibility into the contents of cargo placed on passenger planes. He also noted that sea-borne cargo (“anything entering our ports”) must be subject to better screening. It was unclear if his call for transparency was intended to support 100% radiography screening of shipping container bound for the U.S. His prepared speech made no mention of ports or screening.

DHS contracting accountability made the list. The Chairman named both the Secure Border Initiative (SBI Net) and US-VISIT as likely targets of oversight. He directly questioned the use of a “border fence” to manage immigration and security needs.

“Secure Borders, Open Doors” Makes Progress, Sets Goals, Requests Input

That leads into another message today that Maura Harty, Assistant Secretary of State for Consular Affairs, circulated through an email to outline measures intended to improve visa processing under the joint State Department-DHS “Secure Borders, Open Doors” policy. Her message as I received it today (bold emphasis added, immaterial language snipped):

January 29, 2007

SUBJECT: A Message from Maura Harty, Assistant Secretary for Consular Affairs, regarding Improvements to U.S. Visa Processing

The United States is one of the most open and engaged societies on Earth, maintaining vibrant family, commercial and educational links with peoples and countries across the globe. As a leader in the travel industry, you fully appreciate the national economic impact of international visitors. Foreign travelers contribute almost $105 billion annually to the American economy; international students account for an additional $13 billion.

[…snip….]

Our task is to vigilantly protect U.S. border security and at the same time to maintain America’s openness to legitimate travelers - a policy we call “Secure Borders, Open Doors.” Working closely with the international business and travel community, academic groups, and other stakeholders, we have introduced features designed to streamline visa processing. Recent improvements include:

* An electronic visa application form, which reduces errors, eliminates duplicative data-entry, and so increases the number of applicants each office can interview daily;

* All consular offices post their visa appointment wait times on-line, so travelers can plan accordingly;

* We give scheduling and processing priority to students and urgent business travelers;

* We have added 570 consular positions worldwide, and are transferring some positions to ensure that workloads are evenly distributed;

* We are making significant investment in technology to speed processing and improve data sharing with other government agencies.

I am pleased to say that these efforts have produced results. In Fiscal Year 2006, overall nonimmigrant visa issuance rose 8% over the previous year. Business/tourist visa issuance rose 12% worldwide, and student visa issuances were up 14%. Processing delays have been cut dramatically: 98% of qualified visa applicants are approved within two days of their visa interview. We have “turned the corner” and will continue our efforts in this positive direction.

Meanwhile, visa demand is surging, especially in key emerging travel markets such as China, India and Brazil. Adding more staff and more resources are part of the answer; we are also piloting creative new approaches, leveraging technology and proven best business practices, to meet this challenge. Over the next two years we plan to introduce a variety of enhancements, including:

* A start-to-finish all-electronic visa process;

* A centralized visa appointment management system that will ensure that over 90% of requests for visa appointments can be handled within 30 business days;

* Technological innovations including remote data collection and interview via digital videoconference.

As we implement our plans, we genuinely welcome suggestions and comments from private sector stakeholders. At the same time, we depend on you and others in the private sector to help spread the word that the U.S. welcomes international visitors and that the visa application process is not a daunting ordeal, as it is sometimes still depicted in the press. News media are quick to report negative stories - many of which recycle complaints about problems that have long since been addressed and solved, or describe increasingly rare instances of long waits for visa approval.

We believe our efforts are striking the right balance between security and openness. The Bureau of Consular Affairs is committed to working with the international business and travel community to maintain and enhance our welcome to legitimate travelers. I look forward to hearing your thoughts.

Sincerely,

Maura Harty
Assistant Secretary
Bureau for Consular Affairs
Department of State
Washington, DC

More To Come

My posts on Homeland Security Watch will focus on organizational challenges, WMD issues, international aspects of homeland security, and developments that relate to the homeland security marketspace. Expect me to veer from this pretty regularly if I can. I’ll also make an effort to share useful materials pertaining to these and other issue areas as often as possible.

Final Note: I join Christian in thanking all the readers of Homeland Security Watch. Please keep up with this site as I’ll be joined by other contributors posting regularly. And, naturally, your comments are always greatly valued.

A story in the San Francisco Chronicle today examines a recent Congressional Research Service report on border security, the first version of which was published on this site back in October. An updated version of the CRS report was released in December, and this is what the Chronicle reporter examines:

The cost of building and maintaining a double set of steel fences along 700 miles of the U.S.-Mexico border could be five to 25 times greater than congressional leaders forecast last year, or as much as $49 billion over the expected 25-year life span of the fence, according to the nonpartisan Congressional Research Service.

A little-noticed study the research service released in December notes that even the $49 billion does not include the expense of acquiring private land along hundreds of miles of border or the cost of labor if the job is done by private contractors — both of which could drive the price billions of dollars higher.

….The Dec. 12, 2006, nonpartisan congressional report said the corps predicted that the combined cost of building and maintaining the fence over a 25-year life cycle would range from $16.4 million to $70 million per mile, depending on how heavily and how often the fence is damaged by would-be border jumpers. At $70 million per mile, a 700-mile fence would cost $49 billion.

I’ve written repeatedly on this site about the dangers of cost inflation on border fence proposals, out of concern for a political “bait-and-switch” where the costs of fencing are initially lowballed as a means to gain public acceptance. At the same time, I think that fencing has an appropriate role in the border security system if it can be priced appropriately, and negative symbolism aside, is potentially a more cost-effective way to secure the border than other current proposals.

Ultimately, however, there is still a lot of uncertainty about the potential costs of a border fence, creating a gap in the political debate on this issue. This CRS report is a useful synthesis of existing information, but it relies heavily on a ten-year old report from the Army Corps of Engineers, many assumptions of which are highly uncertain (note the wide variation in the estimates in the excerpt above) and seem to be outdated, e.g. the cost assumptions in the report are based on proposals for short border fence segments, and don’t seem to account for the possibility of economies of scale in projects.

To remedy this gap, DHS should commission and publish a neutral study on the costs of border fencing - and/or publish any existing work on this topic that it has at hand. There’s too much uncertainty in the debate today on the costs of border fencing, making for a slippery political debate on the topic.

Today’s edition of the Federal Register provides notice of the interim agreement that was reached in October 2006 between the United States and the European Union on passenger name record (PNR) data, following the European Court of Justice’s decision to strike down the earlier PNR agreement that dated from 2004. There are no surprises in the new notice - its contents had been widely aired last fall - but it’s useful as a complete record of the new agreement.

DHS Asst. Secretary for Policy Stewart Baker spoke at a forum at CSIS yesterday, and defended the recently-criticized Automated Targeting System, as noted in this GCN story and this Reuters piece:

The U.S. Automated Targeting System, or ATS, a computerized program that collects personal data on travelers and retains it for up to 40 years, has come under fire in recent weeks from rights activists who say it violates privacy laws and a congressional-funding ban.

But Stewart Baker, assistant secretary of the Department of Homeland Security, said the system’s critics are either “paranoid” or don’t understand that ATS assigns risk ratings only to cargo.

“We have risk scores for cargo,” Baker told a forum hosted by the Center for Strategic & International Studies.

“I don’t think that we’re scoring human beings, and we’re certainly not keeping score on them,” he said. “We do an assessment of people when we look at the data. But that could vary from flight to flight, day to day.”

I’ve maintained since this story started to break in early November that the concerns about this program have been overstated by its recent critics, and I’m glad to see DHS finally pushing back and defending the program. There needs to be more clarity about how ATS-P works and how information is saved and stored within it, but it clearly has a valid role within the broader border and traveler entry system, and is worthy of a vigorous defense.

Update (12/21): Here are Baker’s remarks from the CSIS event.

Update (12/29): The full transcript from the CSIS event is available here.

The New York Times reported today that DHS, in an elaborate tribute to Jean-Paul Sartre, is planning to scuttle the “exit” portion of the US-VISIT program, based on the belief that developing such a system is technologically infeasible and would cost too much to implement. This represents a 180 degree turn from a report in mid-November which suggested that DHS was moving forward within the exit portion of US-VISIT. From the NYT story:

Domestic security officials, who have allocated $1.7 billion since the 2003 fiscal year to track arrivals and departures, argue that creating the program with the existing technology would be prohibitively expensive.

They say it would require additional employees, new buildings and roads at border crossings, and would probably hamper the vital flow of commerce across those borders.

….Efforts to determine whether visitors actually leave have faltered. Departure monitoring would help officials hunt for foreigners who have not left, if necessary. Domestic security officials say, however, it would be too expensive to conduct fingerprint or facial recognition scans for land departures. Officials have experimented with less costly technologies, including a system that would monitor by radio data embedded in a travel form carried by foreigners as they depart by foot or in vehicles.

Tests of that technology, Radio Frequency Identification, found a high failure rate. At one border point, the system correctly identified 14 percent of the 166 vehicles carrying the embedded documents, the General Accountability Office reported.

DHS’s decision to not move forward on an exit system is criticized by members of Congress from both parties in the NYT piece, in large measure due to the fact that it’s already been ten years since Congress created the legislative mandate for an entry-exit system.

As I noted in my previous post on the exit system, I think the develop of an exit system is a critical part of a border security strategy, and I’m concerned by the idea of scuttling this activity. To be sure, there are real challenges with this in terms of the land border infrastructure (e.g. very few exit “lanes” at major border checkpoints today, creating the need for significant amounts of construction), but many of the other technology issues should be feasible; for example, why did DHS’s RFID test only work 10% of the time when RFID-based EZPASS works with nearly 100% reliability?

For more info, you can read the GAO report on US-VISIT that is mentioned in the story at this link.

In June 2006 I wrote about a plan in Texas to put up live Internet webcams on the Texas-Mexico border as a border security tool. Washington Technology reports today that Texas has completed its initial pilot of this technology:

Texas’ month-long experiment with border surveillance Web cameras is being touted as a success with 221,000 people participating via the Internet, state officials said.

The Texas Border Watch Test Site operated for a month, closing on Dec. 3. During the experiment, live video feeds from border surveillance cameras in Texas were made available on a Web site. Subscribers registered to view the footage and report suspicious activity.

During the month, 221,562 subscribers visited the Web site and viewed footage 27 million times, generating more than 13,000 emails, according to an update on the Texas Border Watch test project.

“Some wrote to alert law enforcement officials to suspicious activity, others to recommend improvements to the Web site or offer other comments. Many of the recommendations for improvements to the Web site were incorporated during the test period,” the Web site said.

Given these results, Texas should move forward and deploy this on a wider basis. And this is something that other border states should look into as well.

The controversy over the passenger component of the Automated Targeting System has simmered over the past month (see my previous posts here and here) in the media and the blogosphere, with the latest feud centering around whether a provision in the FY 2007 appropriations acts prohibits the risk assessment function of the ATS-P. Privacy and civil liberties groups have argued in the past week that it does. DHS has started to fight back against these charges in the media, as exemplified by Sec. Chertoff’s quotes in this National Journal piece by Shane Harris.

You can read the full provision in question, Sec. 514, on pages 25-26 of the FY 2007 DHS appropriations bill (H.R. 5441) at this link. My take on this question is that ATS-P does not violate Sec. 514, which specifically references the domestic Secure Flight program and “any successor programs.” ATS-P is a program that preceded Secure Flight. And all of the references to GAO requirements in Sec. 514 confirm that this was solely written with Secure Flight in mind.

There is one other important difference between the two programs that is also worth pointing out: the domains in which the two programs are used. ATS-P is for inbound international arrivals. Secure Flight, if it were to become operational, would be for domestic air travel. The security imperatives and the personal rights of individuals are inherently different in these two domains. In the domestic realm (Secure Flight), travelers are presumed to be legally in the United States, and the sole purpose of risk assessment is related to risks associated with the air travel. In the international realm (ATS-P), identity is not assumed but needs to be proven, and the government has a legitimate role in determining the identity and nationality of individuals entering the United States as a legitimate assertion of national sovereignty. At borders and points-of-entry, the government has greater authority to conduct search and inspection activities than at any place inside of the country’s borders. This same inherent authority is what, I think, should give the ATS-P system a greater authority to conduct security-related risk analysis than any domestic risk assessment system.

There are some legitimate concerns that the privacy and civil liberties groups have brought forward in the course of this debate, e.g. questioning the rationale for retaining records for 40 years. But overall, I find myself sticking to my original impression of this issue when I first posted about it in early November, and wondering what all the fuss is about.

The Department of Homeland Security published a strategic plan for the Secure Border Initiative last Friday. The document included a projection that the SBINet project would cost $7.6 billion over the next five years (in 2006 dollars, so the actual amount is higher), a total that is several times larger than the $2 billion estimate that was touted by industry analysts at the beginning of 2006. This estimate prompted criticism by incoming Senate HSGAC Chairman Joe Lieberman. This total is broken out into three categories in the accompanying strategic plan - acquisition costs, integrated logistics support, and operations costs - but there is no further breakdown of the $7.6 billion estimate in either document. It raises again the question, which I’ve discussed previously, as to whether the most cost-effective mix of people, technology, and physical infrastructure is being considered here. At a $7.6 billion cost, a “virtual fence” sounds like it’s more expensive than a real fence. In any case, I expect that Congress will want to know more about this before appropriating funds in FY 2008.

This strategic plan is useful in another respect, in that it provides a solid set of border security statistics, measured over a multi-year period in many cases. For example, on page 35 it shows the real shift in the apprehension and detention of Other-than-Mexicans (”OTMs”) at the border over the past year, with detention rates climbing rapidly from the mid-50% range to over 95% during the summer of 2006 - a reality that seems to have had a deterrent effect on OTM entry, with apprehension numbers gradually declining in 2006.

You can read the full “Secure Border Strategic Plan” at this link.

The AP has a story tonight that follows up on a Washington Post story from a couple of weeks ago and looks at the Automated Targeting System-Passenger (ATS-P) at DHS which is used to assess travelers entering the country. Since the initial Post story, DHS has released a Privacy Impact Assessment for the program and the Electronic Freedom Foundation (EFF) has sent comments to DHS questioning the system. DHS is arguing that this is not a new risk assessment system, but instead a well-established one, an assertion with which I agree; indeed, as I showed in my previous post on this, there are references to the ATS-P in the public record as far back as 2004.

But what about its actual function? David Sobel from EFF asserts in a CQ piece today (subscription req’d) that he wasn’t aware that ATS had a passenger risk assessment function until this recent notice:

But EFF contends that “prior to the Department’s publication of its Federal Register notice on Nov. 2, there had been no public disclosure of the fact that the ATS was being used to assign levels of suspicion or potential risk to individuals — all public discussion of the system indicated that it was used to screen cargo.”

A DHS inspector general’s report from August that surveyed the department’s programs using data-mining technology described ATS as a cargo screening system, said EFF senior counsel David Sobel. When he read the IG’s report, “I was basically looking for programs that raised privacy issues . . . and I wasn’t concerned about [ATS]” because it concerned cargo, he said.

But the notice now raises “substantial privacy issues,” Sobel said, adding that the department is making it “sound like this is not a significant change.” DHS claims that the Automated Targeting System is associated with the TECS, but Sobel said a previous Federal Register notice about the Treasury Department’s program mentions nothing about ATS.

However, a quick Internet search shows that there are prior public references to the Automated Targeting System having a role in terms of the risk assessment of passengers inbound to the United States. For example, there’s this passage in a June 2006 report by Canada’s privacy commissioner on the Canadian Border Services Agency (emphasis added):

More specifically, the HRTI tool facilitates the sharing of API data from the CBSA’s Passenger Information System (PAXIS) and the U.S. Automated Targeting System-Passenger (ATS-P) system over a secure IT link. We were informed that the sharing of PNR data under the HRTI initiative will not begin prior to June 2006.

….The back-end analysis component involves running risk patterns, jointly established by the CBSA and the U.S. CBP, based on known indicators, trends and analysis, against a traveller’s API/PNR in order to establish a risk score for the traveller. The risk patterns are comprised of various PNR elements, however the scores and risk levels attributed to them vary in accordance to the pattern they are assigned to. The risk score total is used to assess whether a traveller meets an established risk threshold of a particular risk pattern, which would theoretically identify the traveller as an individual who may require closer scrutiny or who is of high or unknown risk.

As I stated in my original post on this, I think this is an overblown story in some respects. There should be a dialogue on the efficacy of this system and its privacy protections, but I don’t think it’s correct for privacy groups and the media to acted shock about the existence and function of the ATS-P.

RAND released a report this week that assesses the US-VISIT program, entitled “Revisiting US-VISIT: U.S. Immigration Processes, Concerns, and Consequences.” You can download the full report at this link. The report evaluates progress on the development of US-VISIT against the program’s key societal objectives, drawing heavily from GAO reports published over the last 2-3 years. And it contains an interesting case study that contrasts the US experience on this project with a similar effort in France in the 1980s and 1990s.

Reuters has a story tonight which reveals that the US-VISIT entry-exit system has led to only one terror-related apprehension since the program’s inception:

A U.S. border security program that photographs and fingerprints visitors from most foreign countries has apprehended just one terrorism-related suspect since its 2004 inception, officials said on Wednesday.

Details about the 2005 case, brought to light under the Department of Homeland Security’s US-VISIT program, remain murky mainly because of classified restrictions on information about U.S. counterterrorism efforts overseas.

US-VISIT, an acronym for United States Visitor and Immigrant Status Indicator Technology, has denied entry to an estimated 1,644 foreign nationals by matching digital photos and fingerprint scans with records from criminal and terrorism databases.

Most turned away are criminals or immigration law violators. Apart from the single 2005 case, there have been no reported arrests of terrorism suspects as a result of US-VISIT, which has processed tens of millions of people since it began screening visa applicants in January 2004.

The likely reaction to this story will be that this system is ineffective and/or a waste of money, along the lines of Bruce Schneier’s prior thoughtsabout this program. But I think such a critique is essentially unfair. It elides the fact that the primary anti-terror value of US-VISIT is in deterrence, not interdiction; it increases the risk of legal entry such that potential terrorists from non-VWP countries are likely to be deterred from trying to enter by applying for a visa, and instead will choose alternate options such as illicit land border crossings.

Sec. Chertoff released a statement today discussing the Visa Waiver Program (VWP), following on remarks by Pres. Bush earlier in the day in Latvia and Estonia announcing his intentions to find a way to get them into the Visa Waiver Program. Chertoff’s statement describes a vision for a modified VWP that would look a lot like his desired end-state for advanced passenger notification, as outlined in the course of the US-EU negotiations over the PNR dispute earlier this year. His statement today notes:

We envision a secure travel authorization system that will allow us to receive data about travelers from countries before they get on the plane. Countries that are willing to assist the United States in doing effective checks on travelers could be put on track to enter the program soon. For countries seeking admission to the Visa Waiver Program, this would be an opportunity to set a standard that will be applied to the program generally.

This is a clever maneuver on the part of DHS, one that gives eastern European countries the incentive to accede to DHS’s desired rules on PNR’s, and by doing so create pressure on the European nations who are already in the VWP to bend in this direction. Whether this strategy works or not remains to be seen, and a lot will depend on the specifics of the proposal. But this could be a good way to broaden the VWP while at the same time addressing a key security vulnerabilities: the legal, thinly-screened entry into the United States of terrorists who are VWP-country citizens.

The final regulations for the air travel portion of the Western Hemisphere Travel Initiative (WHTI) were published in the Federal Register today, available at this link. The publication today means that regulations will go into effect 60 days from today - January 23, 2006 - and will require U.S. citizens and non-immigrant aliens to present a passport when departing or arriving internationally within North America.

The most interesting part of the document is the regulatory analysis, which includes an estimate that 4 million people will need to purchase passports as a result of this regulation in the first year after the rules go into effect, and a significantly lower number in subsequent years. And the document keeps open the possibility that REAL ID-compliant drivers’ licenses could be a future option for WHTI compliance, depending upon how states implement these rules in the coming years.

The Center for Strategic and International Studies (CSIS) held an event that I attended earlier today which looked at the Western Hemisphere Travel Initiative (WHTI). The event focused primarily on the US-Canada border, and examined the challenges associated with delivering the security imperatives of WHTI while at the same time preserving and facilitating the movement of people across borders and accounting for the geographic heterogeneity of the border environment.

I don’t have the time or wherewithal to write up a full summary, but below are a few newsworthy and/or interesting comments from the event:

• Paul Rosenzweig from the DHS Policy Office mentioned something that has been speculated but I haven’t seen the government confirm: that the Terrorist Identities Datamart Environment (TIDE) database gets more positive ‘hits’ at the US-Canada border than at the US-Mexico border.
• The State Department and DHS intend to release the Notice of Proposed Rulemaking for the land portion of WHTI in the first quarter of calendar year 2007. The Departments intend to then implement this land rule as quickly as possible, and not wait until the new deadline of June 2009.
• Frank Moss from the Department of State mentioned a statistic that I hadn’t heard previously, but which makes sense: that 48% of the crossings at the US-Canada border each year are done by 2% of the total population of border crossers (about 500,000 people) - in essence, people who regularly cross the border for work, school, family visits, or shopping trips. But another speaker noted that only about 25% of these 500,000 are enrolled in the NEXUS frequent traveler program right now.
• The issue of REAL ID came up frequently throughout the morning’s discussions, in terms of its potential linkages to WHTI, and forthcoming activity on REAL ID. Alan Snyder from the Office of Rep. Louise Slaughter noted that initial REAL ID regulations are likely to be released in December, and that there was “not a lot of enthusiasm” for REAL ID among the incoming leadership of the House - a comment that could foreshadow changes to laws regarding its mandates.

Overall, it was a very interesting event. C-Span was there, so you’ll perhaps be able to catch reruns over Thanksgiving weekend (but hopefully you have better things to do). And I’ll amend this post if/when there are any news stories that emanate from the event.

Update (11/21): GovExec reports on the event.

The testimony from last week’s hearing on the Secure Border Initiative, which I mentioned in this recent post, is now online on the House Homeland Security Committee website. Looking through the prepared remarks, I found a very interesting chart in the testimony by DHS officials Greg Giddens and Deborah Spero that conceptualizes the DHS strategy for border security in a way that I’ve seen discussed but never illustrated (click picture to enlarge):

The chart essentially provides a framework for deciding what types of resources (e.g. physical infrastructure, technology, border officers) are needed at a particular point along the border, given existing resources, current flows of people, and the geographical realities in that area. The leadership of DHS has talked in the last year about how it is using this type of dynamic model to simulate activity along the border and accordingly make investment decisions, but this is the first time that I’ve seen the concept presented in this format.

The Congressional Research Service updated their report that tracks immigration-related legislation earlier this month:

RL33125: Immigration-Related Legislation in the 109th Congress. Updated Nov. 7, 2006.

As always the full collection of CRS reports at Homeland Security Watch is available here.

The House Homeland Security Committee held a hearing today to look at SBINet, DHS’s major border security integration project, at which the DHS Inspector General released their first review of DHS’s work on the project. The report looks at two types of risk to the project: (a) organizational capacity for management and oversight, and (b) operational requirements and performance management, and finds DHS not fully up to speed in some areas, but taking the steps to remedy any current deficiencies. Overall, I think the report is a clean bill of health for SBINet in its relatively early stages, but given its likely cost it’s important for the IG to continue to closely monitor it.

More on the report and hearing in this GovExec article.

The kooky website Cryptogon had a post a few days ago (hat tip: CQ) where they linked to an Immigration and Customs Enforcement strategic plan for detention and removal from 2004 codenamed Endgame. That report had previously been available online at ice.gov, but shortly after the Cryptogon post revealed its existence, it was removed from the website. The proprietors of this Cryptogon site therefore put it up on their own server, and you can download it here:

ENDGAME: Detention and Removal Strategic Plan, 2003 - 2012

The document is unclassified and fairly banal, so I have a hard time believing that this was removed for security reasons. A likelier explanation is that it was removed because it was outdated, a lot of the content in it having been superceded by strategic work under the auspices of the Secure Border Initiative over the last 1+ years.