Expert pans quality of government's biometric ID system

The Homeland Security Department's US-VISIT system for cross-checking incoming foreign travelers against its biometric database is producing inadequate results, a Stanford University professor told a House panel Thursday.

"On the surface, biometric identification [from] the US-VISIT program appears to be highly effective," Lawrence Wein, a professor of management science, said in prepared testimony for the House Homeland Security Infrastructure and Border Security Subcommittee. An examination of the details, however, shows "it is very difficult to accurately match poor-quality images."

"Our study stems from the belief that terrorist organizations can exploit this observation by choosing U.S.-bound terrorists that have either poor image quality ... or deliberately reduced image quality," Wein said.

He disputed the government's claim of 96 percent success in matching terrorists listed in the database. "The currently implemented strategy has only a 53 percent chance of detecting a terrorist during U.S. entry," he said.

His research team at Stanford, however, found that "a minor software modification that allows the watch-list rule to vary with image quality can increase detection from 53 percent to 73 percent."

Wein also found that using a system that scans more than two index fingers "achieves a 95-percent detection probability." He acknowledged that switching to such a system would be costly but said "there is no excuse for a $10 billion program to settle for performance below this level."

"There is a serious but reparable vulnerability," he said. "In light of the meticulous planning that went into the" Sept. 11, 2001, terrorist attacks, it is likely the future terrorists will attempt to exploit U.S. government security systems.

"One of the concerns I have is making sure that there is a dedicated focus to ensure" that terrorists do not slip past security, said subcommittee Chairman Dave Camp, R-Mich. "It is unclear to me how well all of these resources are utilized and coordinated." Camp called for a multi-faceted approach that does not spread the resources of the department too thin.

Ranking Democrat Loretta Sanchez of California accused federal authorities of employing an "inconsistent strategy." Despite claims of improvements, she said, "the facts don't always match up to these claims." She cited the placement of Sen. Ted Kennedy, D-Mass., on the "no-fly" list of potential terrorists.

"We are reviewing how travel documents are produced and reviewed so that we can better detect altered and counterfeit documents ... and exploring ways to share data with our counterparts that can help identify and thwart terrorists," said C. Stewart Verdery, assistant secretary for border and transportation security at the Homeland Security Department.

Verdery said the department has "successfully integrated" databases from various agencies for US-VISIT.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.