Homeland Security: Cheap, Fast or Secure--Pick Two

Early in the morning on Jan. 5, 2004, Gloria Quevedo, who had just flown all night from Chile to Atlanta, walked up to Customs and Border Protection (CBP) and became one of the first foreign visitors to the United States to undergo biometric screening. Newspaper and television reporters—as well as Department of Homeland Security Secretary Tom Ridge—witnessed the historic event. Quevedo’s fingerprints were scanned, her identity verified, and her name checked against numerous databases to make sure she wasn’t a suspected terrorist or criminal. Foreign visitors at 114 other airports and 14 seaports would undergo the same kind of screening that day.

More than 600 miles away in Washington, D.C., the man who helped guide the development and implementation of the new system was sitting

nervously at his desk, in constant communication with the help desk and other IT staffers in the field. Scott Hastings, CIO of the US-Visit program, knew that a major glitch in the system (which had been fielded in less than six months) could give the department a black eye. US-Visit, which stands for the United States Visitor and Immigrant Status Indicator Technology system, was one of the primary measures Congress had identified after 9/11 to protect the nation against terrorists.

If the system failed, it would be a public relations disaster. Biometrics had never before been used on such a large scale, and US-Visit needed to prove not only that it could identify miscreants but also that it could protect the privacy of innocent travelers and process them in a reasonable amount of time. Otherwise, the program risked doing serious damage to tourism and international relations.

But on Jan. 5, all went well. An agent greeted Quevedo and swiped her visa through a magnetic reader, accessing her biographical data and a photo from a State Department database. Then the agent took her picture and Quevedo placed her left and then right index fingers on an inkless glass plate, which scanned her fingers. To confirm her identity, the system matched that scan with those collected when she was issued her visa. Her bio-graphical data and fingerprint scans were also checked against watch lists that include suspected or known terrorists. Within seconds, the answer came back: No match. After answering some routine questions, Quevedo was allowed to enter the United States. As were 35,000 other visitors that day.

"The sense of relief was palpable," says Hastings, recalling the mood of his team at the time. "It was a ’cross the fingers every single day’ job." The US-Visit team had met its first deadline with no hiccups. And within its $380 million budget.

Hastings and his team would also meet the next deadline as they deployed the entry screening system to the nation’s 50 busiest land border crossings in January 2005. And later this year, Hastings says, the program office expects to meet yet another deadline by deploying the entry screening system to the remaining 115 border crossings. Of course, as Hastings and others acknowledge, the true measure of success for US-Visit will be keeping terrorists out of the country. In addition, the US-Visit team has yet to develop that portion of the system that verifies that a foreign visitor has left the country when he’s supposed to. As a result, CBP still doesn’t know whether visitors from other countries are overstaying their visas, as some of the 9/11 hijackers did.

While some officials have hailed US-Visit as a rare government IT success story, others are not so charitable. In February, a DHS inspector general report concluded that US-Visit met "only the bare minimum" for checking foreign visitors. The report noted that the system checked only about 3 percent of all foreign travelers to the United States, because many travelers (primarily Mexicans with Border Crossing Cards and Canadians, who don’t need visas), are not required to be screened by US-Visit. In essence, US-Visit seems to be fulfilling its initial mandate, but critics say it needs to do more.

Another internal report, which the Justice Department released in June, found that almost 32,000 individuals on the government’s terrorist watch list had been erroneously classified by US-Visit at the lowest level of security handling, which means CBP officers who encounter these individuals are not required to detain them. And the program recently came under criticism for mistakenly detaining 35 crew members from foreign airlines arriving in the United States. In addition, the Government Accountability Office, the independent watchdog agency for Congress, has repeatedly criticized US-Visit for not following standard program management disciplines, such as developing a strategic plan and tracking costs and benefits.

"Success depends how you measure it," says Randy Hite, the GAO’s director for IT architecture and systems issues, who conducts oversight on the US-Visit program. "If you don’t commit to what you are going to do and how you will measure it, you can declare success on whatever you choose to measure."

Hastings acknowledges that getting a workable screening system in place on time meant making trade-offs in standard project management practices, in documenting what was done and in measuring the ROI. He says he didn’t have time to do the kind of strategic plan that might have enabled the US-Visit team to build the most comprehensive solution possible. He also didn’t have time to build a new system using the latest technologies. Instead, to meet its deadline, the US-Visit staff was forced to cobble together a bunch of legacy applications and networks. The system will need repeated code changes as new requirements are added. In short, the US-Visit program is currently the sum total of all the compromises that deadline pressure made necessary.

"This violated every rule in how you do systems development," Hastings acknowledges. "But you’ve gotta compromise, and you’ve gotta break rules."

No Time to Lose

In the weeks after the 9/11 attacks, Americans looked to their government to respond quickly. In October 2001, Congress passed the USA Patriot Act, which called for (among other things) the creation of a system for checking the identities of foreign travelers entering the United States and for verifying when they left, a so-called entry-exit system. The Patriot Act also set a strict timetable for delivery: By Dec. 31, 2003, the government was to deploy such a system to 115 airports and 14 major seaports. By Dec. 31, 2004, the system had to be expanded to the 50 busiest land border crossings, which process nearly 90 percent of the 240 million people who cross the U.S. border from Canada and Mexico every year.

But before an entry-exit system could be built, let alone deployed, Congress had to create the Department of Homeland Security, a merger of 22 federal agencies. Government executives had to be hired, and security clearances had to be conducted. Consequently, work on the entry-exit system did not begin until the summer of 2003, by which time DHS had just six months to meet its first deadline.

In July 2003, Asa Hutchinson, then deputy secretary for DHS’s Border and Transportation Directorate, hired Jim Williams as director of the US-Visit program. And he hired Hastings, the former CIO of the Immigration and Naturalization Service (INS), as the program’s CIO. Williams and Hastings quickly met with Ridge and Hutchinson. Hastings recalls that they discussed the program’s goals, including making sure the system did not impede commerce (no long lines in customs), and that it protected travelers’ privacy while keeping the terrorists out. One of the only requirements that was not negotiable was the deadline, five months away. Hastings and Williams assured Ridge the project was doable.

After meeting again with Ridge a few weeks later, Williams informed Hastings and the US-Visit team that the secretary wanted the system to rely on biometrics to check identities, removing the opportunity to forge documents. Biometrics had yet to be successfully deployed in a major government-run system, and the privacy concerns were huge, especially in foreign countries where (like the United States) fingerprinting was seen as a practice reserved only for booking criminals.

Making Compromises

In late summer 2003, Williams and Hastings set up a war room on the 17th floor of US-Visit headquarters in Arlington, Va., where the staff, consisting of no more than a dozen people, could meet. The team concluded that it needed a working prototype to test by mid-November.

One thing was immediately apparent: The staff would not be able to follow typical program management practices. Some steps would have to be done in tandem rather than sequentially, such as testing the system while conducting system design and development. According to the GAO, some processes were left out completely, such as documenting the system ROI.

"Given the deadline and resources, this was the only way to do it and still meet the letter of the law," Hastings says.

Hastings knew the team would catch heat for not following proven project management disciplines as, indeed, it did. "We thought the criticism was fair," Hastings says, "but we had no choice, and we knew we would have time later to correct some of the shortcomings."

The team also realized that it could not develop a lot of new systems. Certainly, the outdated infrastructure in U.S. ports would have to be replaced, including installing more than 3,000 new desktops (the old ones had Windows 95 operating systems) or replacing the CBP officers’ green-screen monitors. New biometric readers and digital cameras also had to be installed. The networks at the ports, running on aging cables and routers, had to be consolidated and upgraded. But new technologies such as Web services (which would remove the need to code individual links to multiple databases) were out of the question. The looming deadline forced Hastings to cobble together a system by integrating applications from four independent agencies.

Fortunately, Hastings already had intimate knowledge of the systems the INS used to fingerprint immigration violators and to store travelers’ arrival and departure information. And he had already tapped a small Department of Justice team that had been working on an older entry-exit system required by a 1996 law. (That project was languishing due to lack of funding and attention.) The eight people working on that system were transferred to US-Visit. The staff eventually absorbed program managers and IT staff from around DHS and from other departments, such as the State Department, involved in international travel and commerce.

The group mapped out what it would call a federation of systems—a network formed of legacy INS, customs and State Department IT systems. The team looked for systems that were embedded in existing business processes. (The team knew that the deadline would not allow for reengineering those processes, which would require retraining agents.) The systems had to be scalable so that they could be expanded to hundreds of ports. Ease of integration was a requirement as well, as there was no time for a lot of new programming. The systems also needed to be fast (so that travelers could be cleared quickly).

Seven applications were identified as the core of the new system, including the Ad-vance Passenger Information System, a decade-old mainframe system operated by the U.S. Customs Service that contains arrival and departure manifest data, and the Consular Consolidated Database, a State Department system that stores information on visitors who hold or have applied for a U.S. visa.

Hastings knew he could not afford the time to develop configuration management processes or traceability matrices for software development to determine if in fact every business requirement had been delivered. He had to trust that systems managers were applying the proper procedures to make sure the systems stayed operable and that the data was protected and not corrupted.

"We felt [Secretary Ridge] expected us to deliver immediate capability," Hastings says. "We had to get it right" the first time.

Two Versus 10 Fingerprints

One of the biggest problems still hadn’t been solved. How was the team going to satisfy Ridge’s requirement to use biometrics without bogging down the immigration inspections process?

Hastings felt he had one alternative, and it again required relying on a legacy system. For more than a decade, border patrol agents along the U.S.-Mexican border had been using a system known as Ident to collect fingerprints, digital photos and biographical data from people they encountered during enforcement activities. INS had begun to make the system interoperable with an even larger FBI fingerprint database containing 47 million fingerprint records of suspected and known felons.

The knock against Ident, however, was that it used only two fingerprints for identification, the right and left index fingers. Critics argued that using only two fingerprints makes matching less accurate. It also allows criminals (and terrorists) to foil the system by altering those two fingerprints. Lawrence Wein, a Stanford University professor, testified before Congress that by using the two-fingerprint method, US-Visit would be able to identify terrorists only 53 percent of the time.

1 2 Page 1
Page 1 of 2
Learn how leading CIOs are reinventing IT. Download CIO's new Think Tank report today!