Staying On Track

Keeping tabs on foreign visitors as they arrive has been a surprising information technology success. Noting their departure promises to be much harder.

Asa Hutchinson likes to joke about the time he had 30 days to spend $350 million.

It was the end of August 2003, and Hutchinson was the first undersecretary of Border and Transportation Security at the newly formed Homeland Security Department. His directorate's most pressing priority was meeting a congressional mandate to install by the end of the calendar year a system to track the entrance of foreign nationals through the nation's 115 international airports and cruise ship terminals at 14 seaports. The system was called US VISIT. And not only did DHS need to have US VISIT up and running by the end of the year, but it had to spend its 2003 appropriation for the program-which actually totaled about $362 million-by the end of the fiscal year, Sept. 30.

"That was a tight deadline," recalls Hutchinson, now a partner at the Washington law firm Venable LLC and chief executive officer of the Little Rock, Ark.-based Hutchinson Group. "We had a lot of detractors who said it couldn't be done."

The department met the deadline at the end of 2003, as well as similar incremental deadlines in 2004 and 2005.

US VISIT became the rare, behemoth DHS program-the prime contract held by Accenture Ltd. is valued at several billion dollars-to come in on time and within budget.

But now the program faces an uphill climb to a new pressing deadline: installing the exit part of the system at all American airports by December 2008. This means fingerprinting every non-U.S. citizen leaving the country, as well as checking their photographs and names against terrorist and criminal databases. It's a complicated undertaking. Congress and the Government Accountability Office have voiced strong concerns that DHS has not done the necessary planning, while airlines-which, under DHS' current proposal, would operate the system-are unabashedly opposed. Yet, department leaders steadfastly contend they will finish on time. "Our plan is to begin the process of implementation next year and have it completed by the end of 2008," DHS Secretary Michael Chertoff said at a Sept. 5 hearing before the House Committee on Homeland Security.

The mandates for what has become US VISIT actually predate the terrorist attacks of Sept. 11, 2001. The 1996 Illegal Immigration Re-form and Immigrant Responsibility Act first called for an automated entry-and-exit control system to collect biographic information on immigrants entering and leaving the United States. The law was passed in response to the 1993 bombing of the World Trade Center and the realization that visa overstays, a large part of the illegal immigration problem, posed a security threat. After implementation delays, Congress passed another law in 2001 requiring entry-exit systems by the end of 2003, 2004 and 2005-for airports, seaports and land points of entry-and two laws passed in 2002 updated the requirements. Those updates included a mandate for a system to record biometrics-personal, physical characteristics such as fingerprints or digital photographs-of incoming visitors.

After years of delays, DHS began to deliver the system starting in 2003. The result was a success story for the department, according to just about every observer, including the 9/11 commission. Today, the entry portion of US VISIT is operating at almost 300 points of entry and more than 200 visa-issuing posts. Since January 2004, it has processed more than 76 million visitors and caught 1,800 immigration violators and people with criminal records. In fiscal 2006, the system collected the biometrics of 2.8 million travelers.

Here's how it works: When a foreigner arrives at an airport, seaport or land point of entry, a Customs and Border Protection inspector takes a digital photograph of the visitor and uses a digital scanner to take inkless prints of the two index fingers. That biometric information is used to verify that the visitor is the same person who received the visa and to check his or her identity against criminal and terrorist watch lists. That process also happens overseas at American consular offices, which collect finger scans and digital photographs when issuing visas.

Stewart Verdery, who worked for Hutchinson as assistant secretary for Border and Transportation Security policy from 2003 to 2005, says that what got US VISIT moving was a decision by then-DHS Secretary Tom Ridge in 2003 to break the project into manageable increments. "The problem was no one could figure out how to deploy everything at once," recalls Verdery, now a partner at Monument Policy Group LLC, the Washington-based consulting firm he founded.

"We didn't build the whole thing, but we built what was promised and doable at the time. . . . [Ridge's attitude was] 'Let's start building this thing, understanding it's not complete. But if you don't start somewhere, you'll never start.' "

To illustrate the importance of incremental building, Verdery provides the example of fingerprint scanners: US VISIT began in 2003 with two-print scanners and, four years later, is in the process of updating the system to more accurate 10-print scanners. "People said, 'But [scanning] 10 fingerprints is better,' but there was no 10-print device that would work at the time," Verdery says.

"For years, people let the perfect be the enemy of the good, instead of saying 'We're going to do something that has a big-but not perfect-impact on security.' "

An even bigger impact is expected when DHS completes the more difficult exit portion for US VISIT. It might seem strange to read that border security relies on checking the identity of people leaving the country. But comprehensively checking the identity of all departing foreign nationals is the only way to figure out who has not left. Those overstaying their visas represent 30 percent to 50 percent of the illegal immigrants in this country, according to the Congressional Research Service. Twelve terrorists in the country between 1993 and 2001 had overstayed their visas, including four of the Sept. 11 hijackers.

The exit portion is fraught with problems. DHS officials have given up on producing a biometric-based exit system for land ports in the short term, calling the endeavor too complex. And plans for implementing the exit component at airports, where more than 91 percent of all travelers from countries of interest arrive, have been criticized from all sides.

Clashing With Airlines

The department has announced plans to start putting in the airport exit system by June 2008 and complete it by that December. DHS plans to release a notice of proposed rule-making, laying out a draft proposal for how the exit system will work, by the end of this year. Next year, officials say, DHS will refine the project plan, incorporate feedback from the comment period and align the US VISIT exit system with other air passenger data systems. DHS would not make Robert Mocny, US VISIT program director, available for an interview. But through a statement e-mailed from a spokeswoman, Mocny said, "US VISIT is on schedule to implement biometric air exit procedures by the end of 2008."

Outside observers are skeptical, to say the least. Randolph C. Hite, the director of IT architecture and systems issues at the Government

Accountability Office, was sharply critical of US VISIT in an August report, lamenting the absence of more detailed planning documents the program was to have submitted to Congress. And when asked at the June 28 hearing about DHS' goal to finish the airport exit component by the end of 2008, he said he had not seen anything "to give me any confidence to show that that's realistic."

"Throwing out dates like that are nice to have as goals," he continued. "[But] there are too many unknowns that haven't been answered yet in my view to even have any confidence as to an end date on this thing."

The biggest unknown is the cooperation of airlines. DHS' current plan calls for airlines to operate the US VISIT exit program, fingerprinting and checking the identity of departing passengers at the ticket counter. But representatives of the air carriers are vehemently against this idea, and say DHS came up with the plan without listening to their input. "It's an out-of-date idea that doesn't make a lot of sense," says John M. Meenan, executive vice president and chief operating officer of the Air Transport Association, a trade organization for U.S. airlines. "It flies in the face of the direction industry has been heading."

Meenan is referring to the movement among airlines to encourage passengers to check in for flights online or away from the ticket counter to decrease congestion and increase speed. ATA says 30 percent of passengers check in electronically, and air carriers hope that method will become more common in the future. Passengers leaving the country still must present passports or visas at the ticket counter before going through the security checkpoint, but ATA officials say installing US VISIT exit procedures at the ticket counter goes against the investments that airlines are making to move passengers online.

ATA officials, and members of the House Homeland Security Committee, also say that fingerprinting foreign nationals is a law enforcement program and therefore should be handled by federal employees. DHS officials point out that under current law, airlines already have to help with certain security measures, such as providing passenger data and collecting I-94 immigration arrival-departure forms. Still, Verdery says he wouldn't be surprised if airlines' liability concerns eventually pushed the disagreement to court.

"We remain concerned that the department is offloading its federal immigration responsibilities onto the air industry and proceeding without an active dialogue with stakeholders," said Rep. Bennie Thompson, D-Miss., House Homeland Security Committee chairman, in an October e-mailed statement. "An unworkable system delayed by lawsuits and poor planning does not serve the security interests of our country."

No Logical Location

Meenan and ATA officials favor installing the system at security checkpoints, but that, too, has drawbacks. More procedures presumably would add more congestion, and DHS wants Transportation Security Administration screeners to concentrate on scanning passengers for weapons, not implementing immigration control. There is no obvious place to put US VISIT exit checks. American airports, unlike other airports around the world, were not built to accommodate passenger departure controls. But the system must be installed in a location through which all passengers must pass.

This was the lesson learned after more than three years of biometric exit pilot tests at 12 airports and two seaports, DHS officials say. "The technology works and it works well, but the procedures did not," Mocny said at the June 28 hearing. "Travel compliance with the pilots was low. Unlike entry, with no infrastructure in which [to] imbed exit procedures, travelers had to change their behavior independently."

There is one other possible location for US VISIT exit procedures, Verdery says: the kiosks for Registered Traveler, a DHS program that speeds the passage of prescreened passengers through security checkpoints. The kiosks already have biometric-enabled screening devices, are not operated by airlines and private sector firms have offered to operate the exit program there for a small fee. Regardless, he says, DHS should have started installing the component two years ago. "The department stalled on this for two years and didn't do anything, and then it came out with a proposal without getting any type of buy-in from [air] carriers," he says. "I think they've gotten to the point where there's not enough time left in this administration to force [airlines] to do it."

Yet Mocny remains resolute. And he has one statistic on his side: Even detractors must admit that the program has been on time and under budget for the $1.7 billion worth of work it has done in the last five years. "When we were given a date certain to do entry-Dec. 31, 2003, 2004, 2005-we met or beat every one of those dates," he said at the June 28 House Homeland Security hearing. "Those were often seen as perhaps not realistic, but we applied ourselves and we applied resources, and we were able to get those dates met."