This is the accessible text file for GAO report number GAO-07-632T
entitled 'Homeland Security: US-VISIT Program faces Operational,
Technological, and Management Challenges' which was released on March
20, 2007.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony before the Committee on Homeland Security, House of
Representatives:
United States Government Accountability Office:
GAO:
For Release on Delivery Expected at 10:00 a.m. DST:
Tuesday, March 20, 2007:
Homeland Security:
US-VISIT Program Faces Operational, Technological, and Management
Challenges:
Statement of Richard M. Stana, Director:
Homeland Security and Justice Issues:
GAO-07-632T:
GAO Highlights:
Highlights of GAO-07-632T, a testimony before the Committee on Homeland
Security, House of Representatives
Why GAO Did This Study:
This testimony summarizes GAO’s work on the Department of Homeland
Security’s (DHS) efforts to implement the U.S. Visitor and Immigrant
Status Indicator Technology (US-VISIT) program at air, sea, and land
ports of entry (POE). US-VISIT is designed to collect, maintain, and
share data on selected foreign nationals entering and exiting the
United States at air, sea, and land POEs. These data, including
biometric identifiers like digital fingerprints, are to be used to
screen persons against watch lists, verify identities, and record
arrival and departure. This testimony addresses DHS’s efforts to (1)
implement US-VISIT entry capability, (2) implement US-VISIT exit
capability, and (3) resolve longstanding management challenges that
could impair DHS’s ability to effectively implement the US-VISIT
program. GAO analyzed DHS and US-VISIT documents, interviewed program
officials, and visited 21 land POEs with varied traffic levels on both
borders.
What GAO Found:
DHS is operating US-VISIT entry capabilities at most POEs and has begun
to work to move from 2 to10 fingerprint biometric capabilities and
expand electronic information sharing with stakeholders. Of particular
note is the fact that a US-VISIT biometric-based entry screening
capability is operating at 115 airports, 14 seaports, and 154 land
POEs. While US-VISIT has improved DHS’s ability to process visitors and
verify identities upon entry, we found that management controls in
place to identify and evaluate computer and other operational problems
at land POEs were insufficient and inconsistently administered.
Although US-VISIT has conducted various exit demonstration projects at
a small number of POEs, a biometric exit capability is not currently
available. According to program officials, this is due to a number of
factors. For example, at this time the only proven technology available
for biometric land exit verification would necessitate mirroring the
processes currently in use for entry at these POEs, which would create
costly staffing demands and infrastructure requirements, and introduce
potential trade, commerce, and environmental impacts. Further, a pilot
project to examine an alternative technology at land POEs did not
produce a viable solution. By statute, DHS was to have reported to
Congress by June 2005 on how it intended to fully implement a
comprehensive, biometric entry/exit program, but DHS had not yet
reported how it intended to do so, or use nonbiometric solutions.
DHS continues to face longstanding US-VISIT management challenges and
future uncertainties. For example, DHS had not articulated how US-VISIT
is to strategically fit with other land border security initiatives and
mandates and could not ensure that these programs work in harmony to
meet mission goals and operate cost effectively. DHS had drafted a
strategic plan defining an overall immigration and border management
strategy but, as of February 2007, the plan was under review by OMB.
Further, critical acquisition management processes need to be
established and followed to ensure that program capabilities and
expected mission outcomes are delivered on time and within budget.
These processes include effective project planning, requirements
management, contract tracking and oversight, test management, and
financial management. Until these issues are addressed, the risk of US-
VISIT continuing to fall short of expectations is increased.
For more information, contact Richard Stana at (202) 512-8777 or
stanar@gao.gov, or Randolph Hite at (202) 512-3439 or hiter@gao.gov.
[End of section]
Mr. Chairman and Members of the Committee:
I appreciate the opportunity to be here today to provide a summary of
our work on the challenges facing the Department of Homeland Security
(DHS) as it implements United States Visitor and Immigrant Status
Indicator Technology (US-VISIT) at air, sea, and land ports of entry
(POE).[Footnote 1]
In the years since the 2001 terrorist attacks, the need to secure U.S.
borders has taken on added importance and has received increasing
attention from Congress and the public. In an effort to avoid
repetition of such attacks, and improve overall national security,
Congress and the Administration have sought better ways to record and
track the entry and departure of foreign visitors who pass through U.S.
POEs by air, land, or sea; to verify their identities; and to
authenticate their travel documentation. Pursuant to several statutory
mandates, DHS, in consultation with the Department of State,
established an automated visitor system to integrate information on the
entry and exit from the United States of foreign nationals, called the
US-VISIT Program. According to DHS, the purpose of US-VISIT is to
enhance the security of U.S. citizens and visitors, facilitate
legitimate travel and trade, ensure the integrity of the U.S.
immigration system, and protect visitors' privacy. The program is
managed by the US-VISIT Program Office, which is headed by the US-VISIT
Director, who currently reports to the DHS Deputy Secretary. However,
as of March 31, 2007, the US-VISIT Program Office is expected to report
to the newly established Under Secretary for the National Protection
and Program Directorate. US-VISIT is used in the field by officers with
U.S. Customs and Border Protection (CBP), a separate DHS component.
US-VISIT is designed to use biographic information (e.g., name,
nationality, and date of birth) and biometric information (e.g.,
digital fingerprint scans and photographs) to verify the identity of
those covered by the program. The program applies to certain visitors
whether they hold a nonimmigrant visa or are traveling from a country
that has a visa waiver agreement with the United States under the Visa
Waiver Program.[Footnote 2] U.S. citizens, lawful permanent residents,
and most Canadian and Mexican[Footnote 3] citizens are currently exempt
from being processed under US-VISIT upon entering and exiting the
country.[Footnote 4]
Many aspects of US-VISIT program implementation have been driven or
defined by various legislative mandates. These include a 2001 statutory
requirement to focus particularly on the use of biometric technology in
developing the integrated entry-exit system subsequently named US-
VISIT; a 2002 statutory requirement to develop biometric identifier
standards to be used to verify the identity of persons seeking to enter
the United States at POEs; and a requirement to install at all POEs
equipment and software to allow biometric comparison and authentication
of U.S. visas and other travel and entry documents issued to aliens, as
well as Visa Waiver Program participant passports. In addition, by law,
an integrated entry and exit data system was to be implemented at all
U.S. POEs, including land POEs, by December 31, 2005, but there was no
specific requirement to collect any new data on foreign nationals
departing at land POEs by that date. The Intelligence Reform and
Terrorism Prevention Act of 2004, on the other hand, did require the
collection of biometric exit data for all individuals subject to US-
VISIT, but it did not set a deadline for implementation of this
requirement.[Footnote 5]
My testimony today draws on this body of completed work to provide a
snapshot of what US-VISIT capabilities have and have not been
delivered, what work has recently begun to enhance already delivered
capabilities, and the range of longstanding challenges that hamper DHS
efforts to establish and live up to program expectations and
commitments. All the work on which this testimony is based was
performed in accordance with generally accepted government auditing
standards.
Summary:
DHS is operating US-VISIT entry capabilities at most POEs and has begun
to work to move from 2 to10 fingerprint biometric capabilities and
expand electronic information sharing with stakeholders. Of particular
note is the fact that a US-VISIT biometric-based entry screening
capability is operating at 115 airports, 14 seaports, and 154 land
POEs. While US-VISIT has improved DHS's ability to process visitors and
verify identities upon entry, we found that management controls in
place to identify and evaluate computer and other operational problems
at land POEs were insufficient and inconsistently administered.
Although US-VISIT has conducted various exit demonstration projects at
a small number of POEs, a biometric exit capability is not currently
available. According to program officials, this is due to a number of
factors. For example, at this time the only proven technology available
for biometric land exit verification would necessitate mirroring the
processes currently in use for entry at these POEs, which would create
costly staffing demands and infrastructure requirements, and introduce
potential trade, commerce, and environmental impacts. Further, a pilot
project to examine an alternative technology at land POEs did not
produce a viable solution. By statute, DHS was to have reported to
Congress by June 2005 on how it intended to fully implement a
comprehensive, biometric entry/exit program, but DHS had not yet
reported how it intended to do so, or use nonbiometric solutions.
DHS continues to face longstanding US-VISIT management challenges and
future uncertainties. For example, DHS had not articulated how US-VISIT
is to strategically fit with other land border security initiatives and
mandates and could not ensure that these programs work in harmony to
meet mission goals and operate cost effectively. DHS had drafted a
strategic plan defining an overall immigration and border management
strategy but, in February 2007, we were told that the plan was with OMB
and had not yet been approved. Further, critical acquisition management
processes need to be established and followed to ensure that program
capabilities and expected mission outcomes are delivered on time and
within budget. These processes include effective project planning,
requirements management, contract tracking and oversight, test
management, and financial management. As we have reported for several
years, DHS has yet to adequately do these things. Until these issues
are addressed, the risk of US-VISIT continuing to fall short of
expectations is increased.
Background:
US-VISIT is a large, complex governmentwide program intended to:
* collect, maintain, and share information on certain foreign nationals
who enter and exit the United States;
* identify foreign nationals who (1) have overstayed or violated the
terms of their visit; (2) can receive, extend, or adjust their
immigration status; or (3) should be apprehended or detained by law
enforcement officials;
* detect fraudulent travel documents, verify visitor identity, and
determine visitor admissibility through the use of biometrics (digital
fingerprints and a digital photograph); and:
* facilitate information sharing and coordination within the
immigration and border management community.
The US-VISIT Program Office has responsibility for managing the
acquisition, deployment, operation, and sustainment of US-VISIT and has
been delivering US-VISIT capability incrementally based, in part, on
statutory deadlines for implementing specific portions of US-VISIT. For
example, the statutory deadline for implementing US-VISIT at the 50
busiest land POEs was December 31, 2004, and at the remaining POEs,
December 31, 2005. From fiscal year 2003 through fiscal year 2007,
total funding for the US-VISIT program has been about $1.7 billion.
According to program officials, as of January 31, 2007, almost $1.3
billion has been obligated to acquire, develop, deploy, enhance,
operate, and maintain US-VISIT entry capabilities, and to test and
evaluate exit capability options.[Footnote 6]
Since 2003, DHS has planned to deliver US-VISIT capability in four
increments: Increment 1 (air and sea entry and exit), Increment 2 (air,
sea, and land entry and exit), Increment 3 (land entry), and Increment
4, which is to define, design, build, and implement more strategic
program capability, and which program officials stated will consist of
a series of incremental releases or mission capability enhancements
that will support business outcomes. In Increments 1 through 3, the
program has built interfaces among existing ("legacy") systems,
enhanced the capabilities of these systems, and deployed these
capabilities to air, sea, and land POEs. The capabilities that DHS
currently has regarding the first three increments have been largely
acquired and implemented through existing system contracts and task
orders.
In reports on US-VISIT over the last several years, we have identified
numerous challenges that DHS faces in delivering program capabilities
and benefits on time and within budget. In September 2003, we reported
that the US-VISIT program is a risky endeavor, both because of the type
of program it is (large, complex, and potentially costly) and because
of the way that it was being managed[Footnote 7]. We reported, for
example, that the program's acquisition management process had not been
established, and that US-VISIT lacked a governance structure. In March
2004, we testified that DHS faces a major challenge maintaining border
security while still welcoming visitors. Preventing the entry of
persons who pose a threat to the United States cannot be guaranteed,
and the missed entry of just one can have severe consequences. Also, US-
VISIT is to achieve the important law enforcement goal of identifying
those who overstay or otherwise violate the terms of their visas.
Complicating the achievement of these security and law enforcement
goals are other key US-VISIT goals: facilitating trade and travel
through POEs and providing for enforcement of U.S. privacy laws and
regulation[Footnote 8]s. Subsequently, in May 2004, we reported that
DHS had not employed the kind of rigorous and disciplined management
controls typically associated with successful programs[Footnote 9].
Moreover, in February 2006, we reported that while DHS had taken steps
to implement most of the recommendations from our 2003 and 2004
reports, progress in critical areas had been s[Footnote 10]low. As of
February 2006, of 18 recommendations we made since 2003, only 2 had
been fully implemented, 11 had been partially implemented, and 5 were
in the process of being implemented, although the extent to which they
would be fully carried out is not yet known. In addition, in June 2006,
we reported that US-VISIT contract and financial management needed to
be strengthened; in December 2006, we reported that the US-VISIT
program faced strategic, operational and technological challenges at
land ports of entry; and in February 2007, we reported that planned
expenditures for the US-VISIT program needed to be adequately defined
and justified.[Footnote 11]
US-VISIT Scope, Operations, and Processing at POEs:
Currently, US-VISIT's scope includes the pre-entry, entry, status, and
exit of hundreds of millions of foreign national travelers who enter
and leave the United States at over 300 air, sea, and land POEs. Most
land border crossers--including U.S. citizens, lawful permanent
residents, and most Canadian and Mexican citizens--are, by regulation
or statute, not required to enroll into US-VISIT.[Footnote 12] In
fiscal year 2004, for example, U.S. citizens and lawful permanent
residents constituted about 57 percent of land border crossers;
Canadian and Mexican citizens constituted about 41 percent; and less
than 2 percent were US-VISIT enrollees. Figure 1 shows the number and
percentage of persons processed under US-VISIT as a percentage of all
border crossings at land, air, and sea POEs in fiscal year 2004.
Figure 1: Persons Processed under US-VISIT as a Percentage of All
Border Crossings at Land, Air, and Sea Ports of Entry, Fiscal Year
2004:
[See PDF for image]
Source: GAO analysts of DHS data.
Note: Persons processed by US-VISIT may include foreign nationals who
were also issued an I-94 arrival/departure form (which shows the date
of arrival, port of entry, and date the authorized period of admission
expires) valid for multiple entries and who have re-entered multiple
times. Total entering the United States includes U.S. citizens who may
have re-entered the country multiple times and foreign nationals,
including those not issued I-94s, such as Canadian citizens and
Mexicans with BCCs, and those issued multiple entry I-94s who also may
have re-entered multiple times. U.S. citizens do not fall within the
statutory scope of US-VISIT and therefore are exempt from US-VISIT
screening.
[End of figure]
Foreign nationals subject to US-VISIT who intend to enter the country
encounter different inspection processes at different types of POEs
depending on their mode of travel. Those who intend to enter the United
States at an air or sea POE are to be processed, for purposes of US-
VISIT, in the primary inspection area upon arrival. Generally, these
visitors are subject to prescreening, before they arrive, via passenger
manifests, which are forwarded to CBP by commercial air or sea carrier
in advance of arrival.[Footnote 13] By contrast, foreign nationals
intending to enter the United States at land POEs are generally not
subject to prescreening because they arrive in private vehicles or on
foot and there is no manifest to record their pending arrival. Thus,
when foreign nationals subject to US-VISIT arrive at a land POE in
vehicles, they initially enter the primary inspection area where CBP
officers, often located in booths, are to visually inspect travel
documents and query the visitors about such matters as their place of
birth and proposed destination. Visitors arriving as pedestrians enter
an equivalent primary inspection area, generally inside a CBP building.
If the CBP officer believes a more detailed inspection is needed or if
the visitors are required to be processed under US-VISIT, the visitors
are to be referred to the secondary inspection area--an area away from
the primary inspection area--which is generally inside a facility. The
secondary inspection area inside the facility generally contains office
space, waiting areas, and space to process visitors, including US-VISIT
enrollees. Equipment used for US-VISIT processing includes a computer,
printer, digital camera, and a two-fingerprint scanner. Visitors
covered by US-VISIT who are determined to be admissible are issued an I-
94 arrival/departure form, which, among other things, records their
date of arrival and the date their authorized period of admission
expires.[Footnote 14]
DHS Has Installed US-VISIT Biometric Entry Capability at Nearly All
POEs, but Faces Challenges Identifying and Monitoring the Operational
Impacts on Land POE Facilities:
The US-VISIT program office has largely met its expectations relative
to a biometric entry capability. For example, on January 5, 2004, it
deployed and began operating most aspects of its planned biometric
entry capability at 115 airports and 14 seaports for selected foreign
nationals, including those from visa waiver countries;[Footnote 15] as
of December 2006, the program office had deployed and began operating
this entry capability in the secondary inspection areas of 154 of 170
land POEs. According to program officials, 14 of the remaining 16 POEs
have no operational need to deploy US-VISIT because visitors who are
required to be processed through US-VISIT are, by regulation, not
authorized to enter into the United States at these locations.[Footnote
16] The other two POEs do not have entry capability deployed because
they do not have the necessary transmission lines to operate US-VISIT;
CBP officers at those sites have continued to process visitors
manually. CBP officials told us that US-VISIT's entry capability has
generally enhanced their ability to process visitors subject to US-
VISIT by providing assurance that visitors' identities can be confirmed
through biometric identifiers and by automating the paperwork
associated with processing I-94 arrival/departure forms.
To the department's credit, the development and deployment of this
entry capability was largely in accordance with legislative time lines
and has occurred during a period of considerable organizational change,
starting with the creation of DHS from 23 separate agencies in early
2003, followed by the birth of a US-VISIT program office shortly
thereafter--which was only about 5 months before the program had to
meet its first legislative milestone. Compounding these program
challenges was the fact that the systems that were to be used in
building and deploying a biometric entry capability were managed and
operated by a number of the separate agencies that had been merged to
form the new department, each of which was governed by different
policies, procedures, and standards.
Moreover, DHS reports that US-VISIT entry capabilities have produced
results. According to US-VISIT's Consolidated Weekly Summary Report, as
of December 28, 2006, there have been more than 5,400 biometric hits in
primary entry, resulting in more than 1,300 people having adverse
actions, such as denial of entry, taken against them. According to the
report, about 4,100 of these hits occurred at air and sea ports of
entry and over 1,300 at land ports of entry. Further, the report
indicates that more than 1,800 biometric hits have been referred to
DHS's immigration enforcement unit, resulting in 293 arrests. We did
not verify the information in the consolidated report.
Another potential consequence, although difficult to demonstrate, is
the deterrent effect of having an operational entry capability.
Although deterrence is not an expressly stated goal of the program,
officials have cited it as a potential byproduct of having a publicized
capability at the border to screen entry on the basis of identity
verification and matching against watch lists of known and suspected
terrorists. Accordingly, the deterrent potential of the knowledge that
unwanted entry may be thwarted and the perpetrators caught is arguably
a layer of security that should not be overlooked.
Despite these results, US-VISIT's entry capability at land POEs has not
been without operational and system performance problems. During recent
visits to land POEs, we identified some space constraints and other
capacity issues. For example, at the Nogales-Morley Gate POE in
Arizona, where up to 6,000 visitors are processed daily (and up to
10,000 on holidays), equipment was installed[Footnote 17] but not used
because of CBP concerns about its ability to carry out the US-VISIT
process in a constrained space while thousands of other people not
subject to US-VISIT are processed through the facility daily.[Footnote
18] Thus, visitors that are to be processed into US-VISIT from Morley
Gate are directed to return to Mexico (a few feet away) and to walk
approximately 100 yards to the Nogales-DeConcini POE facility, which
has the capability to handle secondary inspections of this kind.
Going forward, DHS plans to introduce changes and enhancements to US-
VISIT at land POEs intended to further bolster CBP's ability to verify
the identity of individuals entering the country, including a
transition from digitally scanning 2 fingerprints to scanning 10. While
such changes are intended to further enhance border security, deploying
them may have an impact on aging and space-constrained land POE
facilities because they could increase inspection times and adversely
affect POE operations. Our site visits, interviews with US-VISIT and
CBP officials, and the work of others suggest that both before and
after US-VISIT entry capability was installed at land POEs, these
facilities faced a number of challenges--operational and physical--
including space constraints complicated by the logistics of processing
high volumes of visitors and associated traffic congestion. Moreover,
our work over the past 3 years showed that the US-VISIT program office
had not taken necessary steps to help ensure that US-VISIT entry
capability operates as intended. For example, in February 2006 we
reported that the approach taken by the US-VISIT Program Office to
evaluate the impact of US-VISIT on land POE facilities focused on
changes in I-94 processing time at 5 POEs and did not examine other
operational factors, such as US-VISIT's impact on physical facilities
or work force requirements.[Footnote 19] As a result, program officials
did not always have the information they needed to anticipate problems
that occurred, such as problems processing high volumes of visitors in
space-constrained facilities.
In addition, we found that management controls did not always alert US-
VISIT and CBP to operational problems. Our standards for internal
controls in the federal government state that it is important for
agencies to have controls in place to help ensure that policies and
procedures are applied and that managers be made aware of problems so
that that they can be addressed and resolved in a timely
fashion.[Footnote 20] CBP officials at 12 of 21 land POE sites we
visited told us about US-VISIT-related computer slowdowns and freezes
that adversely affected visitor processing and inspection times, and at
9 of the 12 sites, computer processing problems were not always
reported to CBP's computer help desk, as required by CBP guidelines.
Although various controls are in place to alert US-VISIT and CBP
officials to problems as they occur, these controls did not alert
officials to all problems, given that they had been unaware of the
problems we identified before we brought them to their attention. These
computer processing problems have the potential to not only
inconvenience travelers because of the increased time needed to
complete the inspection process, but to compromise security,
particularly if CBP officers are unable to perform biometric checks--
one of the critical reasons US-VISIT was installed at POEs.
Our internal control standards also call for agencies to establish
performance measures throughout the organization so that actual
performance can be compared to expected results. While the US-VISIT
Program Office established performance measures for fiscal years 2005
and 2006 intended to gauge performance of various aspects of US-VISIT
at air, sea, and land POEs in the aggregate, performance measures
specifically for land POEs had not been developed. It is important to
do so, given that there are significant operational and facility
differences among these different types of POEs. Additional performance
measures that consider operational and facility differences at land
POEs would put US-VISIT program officials in a better position to
identify problems, trends, and areas needing improvements.
Implementing a Biometric US-VISIT Exit Capability has Been a Challenge:
DHS has devoted considerable time and resources toward establishing an
operational exit capability. Over the last 4 years, it has committed
over $160 million to pilot test and evaluate an exit solution at 12
air, 2 sea, and 5 land POEs. Despite this considerable investment of
time and resources, the US-VISIT program still does not have either an
operational exit capability or a viable exit solution to deploy to all
air, sea, and land POEs.
A Biometric Exit Capability is being Tested at Air and Sea POEs, But
Operational Concerns Need to be Addressed:
Although US-VISIT is pilot testing a biometric exit capability for air
and sea POEs, it is not currently available at all ports. In January
2004, devices for collecting biometric data were deployed to one
airport and one seaport on a pilot basis. Subsequently, this pilot was
expanded to 12 airports and 2 seaports. The pilot tested several exit
alternatives, including an enhanced kiosk (a self-service device that
captures a digital photograph and fingerprint, and prints out an
encoded receipt), a mobile device (a hand-held device operated by a
workstation attendant[Footnote 21] that captures a digital photograph
and fingerprint), and a validator (a hand-held device operated by a
workstation attendant that captures a digital photograph and
fingerprint and then matches the captured photograph and fingerprint to
the ones originally captured via the kiosk and encoded in the receipt).
Each alternative required the traveler to comply with inspection
processes. The pilot was completed in May 2005, and established the
technical feasibility of a biometric exit solution. However, it
identified issues that limited the operational effectiveness of the
solution, such as the lack of traveler compliance with the processes.
The fiscal year 2006 expenditure plan allocated $33.5 million to
continue the exit pilots for air and sea POEs. According to program
officials, US-VISIT is now developing a plan for deploying a
comprehensive, affordable exit solution. However, no time frame has
been established for this plan being approved or implemented.
Meanwhile, US-VISIT plans to conduct a second pilot phase at air and
sea POEs that will involve multiple operational scenarios which would
compel greater traveler compliance, such as repositioning the kiosks,
integrating biometric exit into airport check-in processes, integrating
biometric exit into existing airline processes, integrating biometric
exit into Transportation Security Administration screening checkpoints,
and enhancing the use of Immigration and Customs Enforcement programs
intended for enforcement, such as screening of targeted flights at
selected airports.
Various Factors Have Prevented US-VISIT from Implementing a Biometric
Exit Capability at Land POEs:
Various factors have prevented US-VISIT from implementing a biometric
exit capability at land POEs. Federal laws require the creation of a US-
VISIT exit capability using biometric verification methods to ensure
that the identity of visitors leaving the country can be matched
biometrically against their entry records.[Footnote 22] However,
according to officials at the US-VISIT Program Office and CBP and US-
VISIT program documentation, there are interrelated logistical,
technological, and infrastructure constraints that have precluded DHS
from achieving this mandate, and there are cost factors related to the
feasibility of implementation of such a solution. The major constraint
to performing biometric verification upon exit at this time, in the US-
VISIT Program Office's view, is that the only proven technology
available would necessitate mirroring the processes currently in use
for US-VISIT at entry. A mirror image system for exit would, like one
for entry, require CBP officers at land POEs to examine the travel
documents of those leaving the country, take fingerprints, compare
visitors' facial features to photographs, and, if questions about
identity arise, direct the departing visitor to secondary inspection
for additional questioning. These steps would be carried out for
exiting pedestrians as well as for persons exiting in vehicles. The US-
VISIT Program Office concluded in January 2005 that the mirror-imaging
solution was "an infeasible alternative for numerous reasons, including
but not limited to, the additional staffing demands, new infrastructure
requirements, and potential trade and commerce impacts."[Footnote 23]
US-VISIT officials told us that they anticipated that a biometric exit
process mirroring that used for entry could result in delays at land
POEs with heavy daily volumes of visitors. And they stated that in
order to implement a mirror image biometric exit capability, additional
lanes for exiting vehicles and additional inspection booths and staff
would be needed, though they had not determined precisely how many.
According to these officials, it is unclear how new traffic lanes and
new facilities could be built at land POEs where space constraints
already exist, such as those in congested urban areas. (For example,
San Ysidro, California, currently has 24 entry lanes, each with its own
staffed booth and 6 unstaffed exit lanes. Thus, if full biometric exit
capability were implemented using a mirror image approach, San Ysidro's
current capacity of 6 exit lanes would have to be expanded to 24 exit
lanes.) As shown in figure 3, based on observations during our site
visit to the San Ysidro POE, the facility is surrounded by dense urban
infrastructure, leaving little, if any, room to expand in place. Some
of the 24 entry lanes for vehicle traffic heading northward from Mexico
into the United States appear in the bottom left portion of the
photograph, where vehicles are shown waiting to approach primary
inspection at the facility; the 6 exit lanes (traffic toward Mexico),
which do not have fixed inspection facilities, are at the upper left.
Figure 2: Aerial View of San Ysidro, California, POE:
[See PDF for image]
Source: GAO.
[End of figure]
Other POE facilities are similarly space-constrained. At the POE at
Nogales-DeConcini, Arizona, for example, we observed that the facility
is bordered by railroad tracks, a parking lot, and industrial or
commercial buildings. In addition, CBP has identified space constraints
at some rural POEs. For example, the Thousand Islands Bridge POE at
Alexandria Bay, New York, is situated in what POE officials described
as a "geological bowl," with tall rock outcroppings potentially
hindering the ability to expand facilities at the current location.
Officials told us that in order to accommodate existing and anticipated
traffic volume upon entry, they are in the early stages of planning to
build an entirely new POE on a hill about a half-mile south of the
present facility. CBP officials at the Blaine-Peace Arch POE in
Washington state said that CBP also is considering whether to relocate
and expand the POE facility, within the next 5 to 10 years, to better
handle existing and projected traffic volume. According to the US-VISIT
program officials, none of the plans for any expanded, renovated, or
relocated POE include a mirror image addition of exit lanes or
facilities comparable to those existing for entry.
In 2003, the US-VISIT Program Office estimated that it would cost
approximately $3 billion to implement US-VISIT entry and exit
capability at land POEs where US-VISIT was likely to be installed and
that such an effort would have a major impact on facility
infrastructure at land POEs. We did not assess the reliability of the
2003 estimate. The cost estimate did not separately break out costs for
entry and exit construction, but did factor in the cost for building
additional exit vehicle lanes and booths as well as buildings and other
infrastructure that would be required to accommodate a mirror imaging
at exit of the capabilities required for entry processing. US-VISIT
program officials told us that they provided this estimate to
congressional staff during a briefing, but that the reaction to this
projected cost was negative and that they therefore did not move ahead
with this option. No subsequent cost estimate updates had been
prepared, and DHS's annual budget requests have not included funds to
build the infrastructure that would be associated with the required
facilities.
US-VISIT officials stated that they believe that technological advances
over the next 5 to 10 years will make it possible to utilize
alternative technologies that provide biometric verification of persons
exiting the country without major changes to facility infrastructure
and without requiring those exiting to stop and/or exit their vehicles,
thereby precluding traffic backup, congestion, and resulting delays. US-
VISIT's report assessing biometric alternatives noted that although
limitations in technology currently preclude the use of biometric
identification because visitors would have to be stopped, the use of
the as yet undeveloped biometric verification technology supports the
long-term vision of the US-VISIT program.[Footnote 24] However, no such
technology or device currently exists that would not have a major
impact on facilities. The prospects for its development, manufacture,
deployment, and reliable utilization are currently uncertain or
unknown, although a prototype device that would permit a fingerprint to
be read remotely without requiring the visitor to come to a full stop
is under development.
While logistical, technical, and cost constraints may prevent
implementation of a biometrically based exit technology for US-VISIT at
this time, it is important to note that there currently is not a
legislatively mandated date for implementation of such a solution. The
Intelligence Reform and Terrorism Prevention Act of 2004 requires US-
VISIT to collect biometric exit data from all individuals who are
required to provide biometric entry data.[Footnote 25] The act did not
set a deadline, however, for requiring collection of biometric exit
data from all individuals who are required to provide biometric entry
data. Although US-VISIT had set a December 2007 deadline for
implementing exit capability at the 50 busiest land POEs, US-VISIT has
since determined that implementing exit capability by this date is no
longer feasible, and a new date for doing so has not been set.
US-VISIT has tested nonbiometric technology to record travelers'
departure, but testing showed numerous performance and reliability
problems. Because there is at present no biometric technology that can
be used to verify a traveler's exit from the country at land POEs
without also making major and costly changes to POE infrastructure and
facilities, US-VISIT tested radio frequency identification (RFID)
technology as a nonbiometric means of recording visitors as they exit.
RFID technology can be used to electronically identify and gather
information contained on a tag--in this case, a unique identifying
number embedded in a tag on a visitor's arrival/ departure form--which
an electronic reader at the POE is intended to detect. While RFID
technology required few facility and infrastructure changes, US-VISIT's
testing and analysis at five land POEs at the northern and southern
borders identified numerous performance and reliability problems, such
as the failure of RFID readers to detect a majority of travelers' tags
during testing. For example, according to US-VISIT, at the Blaine-
Pacific Highway test site, of 166 vehicles tested during a 1-week
period, RFID readers correctly identified 14 percent--a sizable
departure from the target read rate of 70 percent.[Footnote 26]
Another problem that arose was that of cross-reads, in which multiple
RFID readers installed on poles or structures over roads, called
gantries, picked up information from the same visitor, regardless of
whether the individual was entering or exiting in a vehicle or on foot.
Thus, cross-reads resulted in inaccurate record keeping.
Even if RFID deficiencies were to be fully addressed and deadlines set,
questions remain. For example, the RFID solution did not meet the
congressional requirement for a biometric exit capability because the
technology that had been tested cannot meet a key goal of US-VISIT--
ensuring that visitors who enter the country are the same ones who
leave. By design, an RFID tag embedded in an I-94 arrival/ departure
form cannot provide the biometric identity-matching capability that is
envisioned as part of a comprehensive entry/exit border security system
using biometric identifiers for tracking overstays and others entering,
exiting, and re-entering the country. Specifically, the RFID tag in the
I-94 form cannot be physically tied to an individual. This situation
means that while a document may be detected as leaving the country, the
person to whom it was issued at time of entry may be somewhere else.
DHS was to have reported to Congress by June 2005 on how the agency
intended to fully implement a biometric entry/exit program. In February
2007, US-VISIT officials told us that this plan had been forwarded to
the Office of Management and Budget (OMB) for review. According to
statute, this plan is to include, among other things, a description of
the manner in which the US-VISIT program meets the goals of a
comprehensive entry and exit screening system--including both biometric
entry and exit--and fulfills statutory obligations imposed on the
program by several laws enacted between 1996 and 2002.[Footnote 27]
Until such a plan is finalized and issued, DHS is not able to
articulate how entry/exit concepts will fit together--including any
interim nonbiometric solutions--and neither DHS nor Congress is
positioned to prioritize and allocate resources for a US-VISIT exit
capability or plan for the program's future.
DHS Continues to Face Longstanding US-VISIT Management Challenges and
Future Uncertainties:
Our work and other best practice research have shown that applying
disciplined and rigorous management practices improves the likelihood
of delivering expected capabilities on time and within budget. Such
practices and processes include determining how the program fits within
the larger context of an agency's strategic plans and related
operational and technology environments, whether the program will
produce benefits in excess of costs over its useful life, and whether
program impacts and options are being fully identified, considered, and
addressed. To further ensure that programs are managed effectively, it
is important that they be executed in accordance with acquisition and
financial management requirements and best practices, and that progress
against program commitments is defined and measured so that program
officials can be held accountable for results.
Over the last several years, we have reported on fundamental
limitations in DHS's efforts to define and justify the program's future
direction and to cost-effectively manage the delivery of promised
capabilities on time and within budget. To a large degree, what is
operating and what is not operating today, and what future program
changes are underway and yet to be defined, are affected by these
limitations. DHS needs to address these challenges going forward, and
the recommendations that we made are aimed at encouraging this. Until
these recommendations are fully implemented, the program will be at
greater risk of not optimally meeting mission needs and falling short
of meeting expectations.
DHS Has Not Defined and Developed US-VISIT Within a DHS-wide
Operational and Technological Context:
As we previously reported, agency programs need to properly fit within
a common strategic context or frame of reference governing key aspects
of program operations (such as who is to perform what functions, when
and where they are to be performed, what information is to be used to
perform them, and what rules and standards will govern the use of
technology to support them).[Footnote 28] Without a clear operational
context to guide and constrain both US-VISIT and other border security
and immigration enforcement initiatives, DHS risks investing in
programs and systems that are duplicative, are not interoperable, and
do not optimize enterprisewide mission operations and produce intended
outcomes.
For almost 4 years, DHS has continued to pursue US-VISIT (both in terms
of deploying interfaces between and enhancements to existing systems
and in defining a longer-term, strategic US-VISIT solution) without
producing the program's operational context. In September 2003, we
reported that DHS had not defined key aspects of the larger homeland
security environment in which US-VISIT would need to operate. In the
absence of a DHS-wide operational and technological context, program
officials were making assumptions about certain policy and standards
decisions that had not been made, such as whether official travel
documents would be required for all persons who enter and exit the
country--including U.S. and Canadian citizens--and how many
fingerprints would be collected for biometric comparisons. We further
reported that if the program office's assumptions and decisions turned
out to be inconsistent with subsequent policy or standards decisions,
it would require US-VISIT rework.
According to the program's Chief Strategist, an immigration and border
management strategic plan was drafted in March 2005 to show how US-
VISIT is aligned with DHS's organizational mission and to define an
overall vision for immigration and border management. According to this
official, the vision provides for an immigration and border management
enterprise that unifies multiple departmental and external stakeholders
around common objectives, strategies, processes, and infrastructures.
As of February 2007, about 2 years later, we were told that this
strategic plan has not yet been approved, although the program's Acting
Director stated that the plan is currently with OMB and should be
provided to the House and Senate Appropriations Subcommittees on
Homeland Security by March 2007.
However, at the same time, US-VISIT has not taken steps to ensure that
the direction that it is taking is both operationally and
technologically aligned with DHS's enterprise architecture (EA). As the
report that we issued this week states, the DHS Enterprise Architecture
Board, which is the DHS entity that determines EA compliance, has not
reviewed the US-VISIT architecture compliance for more than 2 years.
However, since August 2004, both US-VISIT and the EA have changed. For
example, additional functionality, such as the interoperability of US-
VISIT's Automated Biometric Information System (IDENT) and the
Department of Justice's Integrated Automated Fingerprint Identification
System (IAFIS), and the expansion of IDENT to collect t10 rather than 2
fingerprints, has been added. Also, two versions of the DHS EA have
been issued since August 2004.
While the strategic plan has not been approved or disseminated, the
program office has developed a strategic vision and blueprint and begun
to implement it. According to program officials, this future vision is
to be delivered through a number of planned mission capability
enhancements. Of these, the first enhancement is underway and is to
provide several new capabilities, including what the program refers to
as "Unique Identity," which is to include the migration from the 2-
fingerprint to 10-fingerprint collection at program enrollment. It is
also to interoperate US-VISIT's IDENT system and the Department of
Justice's IAFIS system. Currently, the US-VISIT officials plan to
complete Unique Identity in several phases and have it fully
operational by December 2009, although these plans have not yet
approved by DHS.
At this same time, DHS has launched other major border security
programs without adequately defining the relationships to US-VISIT and
each other. For example, the Intelligence Reform and Terrorism
Prevention Act of 2004 directs DHS and the Department of State to
develop and implement a plan, no later than June 2009, that requires
U.S. citizens and foreign nationals of Canada, Bermuda, and Mexico to
present a passport or other document or combination of documents deemed
sufficient to show identity and citizenship to enter the United States
(this is currently not a requirement for these individuals entering the
United States via sea and land POEs from most countries within the
western hemisphere).[Footnote 29] This effort, known as the Western
Hemisphere Travel Initiative, was first announced in 2005. In May 2006,
we reported that DHS and the Department of State had taken some steps
to carry out the initiative, but they had a long way to go to implement
their proposed plans.[Footnote 30] Among other things, key decisions
had yet to be made about what documents other than a passport would be
acceptable when U.S. citizens and citizens of Canada enter or return to
the United States. Further, while DHS and Department of State had
proposed an alternative form of passport, called a PASS card, that
would rely on RFID technology to help DHS process U.S. citizens re-
entering the country, DHS had not made decisions involving a broad set
of considerations that include (1) utilizing security features to
protect personal information, (2) ensuring that proper equipment and
facilities are in place to facilitate crossings at land borders, and
(3) enhancing compatibility with other border crossing technology
already in use.
DHS has also initiated another border security program, known as the
Secure Border Initiative (SBI)--a multi-year, multi-billion dollar
program, to secure the borders and reduce illegal immigration by
installing state-of-the-art surveillance technologies along the border,
increasing border security personnel, and ensuring information access
to DHS personnel at and between POEs. Under SBI and its component,
called SBInet, DHS plans to integrate personnel, infrastructures,
technologies, and rapid response capability into a comprehensive border
protection capability. DHS reports that, among other things, SBInet is
to encompass both the northern and southern land borders, including the
Great Lakes, under a unified border control strategy whereby CBP is to
focus on the interdiction of cross-border violations between and at the
land POEs, funneling traffic to the land POEs. As part of SBI, DHS also
plans to focus on interior enforcement--disrupting and dismantling
cross-border crime into the interior of the United States while
locating and removing aliens who are present in the United States in
violation of law. However, it is unclear how SBInet will be linked, if
at all, to US-VISIT so that the two can share technology,
infrastructure, and data.
Clearly defining the dependencies among US-VISIT and programs like the
Western Hemisphere Travel Initiative and SBI is important because there
is commonality among their strategic goals and operational
environments. For example, both US-VISIT and SBI share the goal of
securing the POEs. Moreover, there is overlap in the data that each is
to produce and use. For example, both US-VISIT and the Western
Hemisphere Travel Initiative will require identification data for
travelers at POEs.
Despite these dependencies, DHS has yet to define these relationships
or how they will be managed. Further, according to a March 6, 2006 memo
from the DHS Joint Requirements Council, the US-VISIT strategic plan
did not provide evidence of sufficient coordination between the program
and the other entities involved in border security and immigration
efforts. The council's recommendation was that the strategic plan not
be approved until greater coordination between US-VISIT and other
components was addressed.
According to the Acting Program Director, a number of efforts are
underway to coordinate with other entities, such as with CBP on RFID,
with the Coast Guard on development of a mobile biometric reader, and
with State on standards for document readers. Without a clear,
complete, transparent, and understood definition of how related
programs and initiatives are to interact, US-VISIT and other border
security and immigration enforcement programs run the risk of being
defined and implemented in a way that does not optimize DHS-wide
performance and results.
DHS Has Not Economically Justified US-VISIT Increments or Assessed
Their Operational Impacts:
The decision to invest in any system or capability should be based on
reliable analyses of return on investment. That is, an agency should
have reasonable assurance that a proposed program will produce mission
value commensurate with expected costs and risks. According to OMB
guidance, individual increments of major systems should be individually
supported by analyses of benefits, cost, and risk. Thus far, DHS has
yet to develop an adequate basis for knowing whether its incrementally
deployed US-VISIT capabilities represent a good return on investment,
particularly in light of shortfalls in DHS's assessments of the
program's operational impacts, including costs of proposed
capabilities. Without this knowledge, DHS will not know until after the
fact whether it is investing wisely or pursuing cost-effective and
affordable solutions.
DHS Did Not Economically Justify Its Proposed Incremental Investments:
US-VISIT had not assessed the cost and benefits of its early
increments. For example, we reported in September 2003 that it had not
assessed the costs and benefits of Increment 1. Again, in February
2005, we reported that although the program office developed a cost-
benefit analysis for its land entry capability, it had not justified
the investment because the treatment of both benefits and costs were
unclear and insufficient. Further, we reported that the cost estimates
on which the cost-benefit analysis was based were of questionable
reliability because effective cost-estimating practices were not
followed. Most recently, in February 2006, we reported again that the
program office had not justified its investment in its air and sea exit
capability. For example, we reported that while the cost-benefit
analysis explained why the investment was needed, and considered at
least two alternatives to the status quo, which is consistent with OMB
guidance for cost-benefit analyses, it did not include a complete
uncertainty analysis for the three exit alternatives evaluated.
Specifically, it did not include a sensitivity analysis[Footnote 31]
for the three alternatives, which is a major part of an uncertainty
analysis. A complete analysis of uncertainty is important because it
provides decision makers with a perspective on the potential
variability of the cost and benefit estimates should the facts,
circumstances, and assumptions change. Further, the cost estimate upon
which the analysis was based did not meet key criteria for reliable
cost estimating. For example, it did not include a detailed work
breakdown structure, which serves to organize and define the work to be
performed so that associated costs can be identified and estimated.
Further, as we state in our February 2007 report, DHS has devoted
considerable time and resources toward establishing an operational exit
capability at land, air, and sea POEs. For example, over the last 4
years, DHS has committed over $160 million to evaluate and operate exit
pilots at selected air, sea, and land POEs. Notwithstanding this
considerable investment of time and resources, the US-VISIT program
still does not have either an operational exit capability or a viable
exit solution to deploy to all air, sea, and land POEs.
Moreover, US-VISIT exit pilot reports have raised concerns and
limitations. For example, as we previously stated, land exit pilots
experienced several performance problems, such as the failure of RFID
readers to detect a majority of travelers' tags during testing and
cross-reads, in which multiple RFID readers installed on poles or
structures over roads, called gantries, picked up information from the
same visitor.
Notwithstanding these results, we reported in February 2007 that the
program office planned to invest another $33.5 million to continue its
air and sea exit pilots. However, neither the fiscal year 2006
expenditure plan nor other exit-related program documentation
adequately defined what these efforts entail or what they will
accomplish. In particular, the plan and other exit-related
documentation merely state that $33.5 million will be used to continue
air and sea exit pilots while a comprehensive exit solution is
developed. They do not adequately describe measurable outcomes
(benefits and results) from the pilot efforts, or related cost,
schedule, and capability commitments that will be met. Further, the
plan does not recognize the challenges revealed from the prior exit
efforts, nor does it show how proposed exit investments address these
challenges. In addition, the plan allocates more funding for continuing
the air and sea exit pilots ($33.5 million) than the prior year's plan
said would be needed to fully deploy an operational air and sea exit
solution ($32 million). According to program officials, the air and sea
exit pilots are being continued to maintain a presence intended to
provide a deterrent effect at exit locations, and to gather additional
data that could help support planning for a comprehensive exit
solution.
Moreover, US-VISIT reported in August 2006 that it planned to spend an
additional $21.5 million to continue its land exit demonstration
project without adequate justification. However, we reported in
February 2007 that these plans lacked adequate justification in light
of the problems we discussed earlier in this statement. Accordingly,
program officials told us that they intend to terminate the land exit
project until a comprehensive exit strategy can be developed. They have
also stated that a small portion of the $21.5 million is to be used to
close out the demonstration project and have requested that the
remainder of the money be reprogrammed to support Unique Identity.
DHS Did Not Adequately Assess the Impact of Entry Capabilities on Land
Ports of Entry Operations and Planned Capability Enhancements Carry
Potential Cost Implications:
Knowing how planned US-VISIT capabilities will impact POE operations is
critical to US-VISIT investment decision makers. In May 2004, we
reported that the program had not assessed how deploying entry
capabilities at land POEs would impact the workforce and facilities. We
questioned the validity of the program's assumptions and plans
concerning workforce and facilities, since the program lacked a basis
for determining whether its assumptions were correct and thus whether
its plans were adequate. Subsequently, the program office evaluated the
operational performance of the land entry capability with the stated
purpose of determining the effectiveness of its performance at the 50
busiest land POEs. For this evaluation, the program office established
a baseline for comparing the average time it takes to issue and process
entry/exit forms at 3 of these 50 POEs, and then conducted two
evaluations of the processing times at the three POEs, one after the
entry capability was deployed as a pilot, and another one 3 months
later, after the entry capability was deployed to all 50 POEs. The
evaluation results showed that the average processing times decreased
for all three sites. Program officials concluded that these results
supported their workforce and facility investment assumptions that no
additional staff was required to support deployment of the entry
capability and that minimal modifications were required at the
facilities.[Footnote 32]
However, the scope of the evaluations was not sufficient to satisfy the
evaluations' stated purpose for assessing the full impact of the entry
capability. For example, the selection of the three sites, according to
program officials, was based on a number of factors, including whether
the sites already had sufficient staff to support the pilot. Selecting
sites based on this factor is problematic because it presupposes that
all not POEs have the staff needed to support the land entry
capability. In addition, evaluation conditions were not always held
constant: specifically, fewer workstations were used to process
travelers in establishing the baseline processing times at two of the
POEs than were used during the pilot evaluations.
Moreover, CBP officials from a land port of entry that was not an
evaluation site (San Ysidro) told us that US-VISIT deployment had not
reduced but actually lengthened processing times. (San Ysidro processes
the highest volume of travelers of all land POEs.) Although these
officials did not provide specific data to support their statement,
their perception nevertheless raises questions about the potential
impact of land entry capabilities on the 47 sites that were not
evaluated.
Exacerbating this situation is the fact that DHS plans to introduce
changes and enhancements to US-VISIT at land POEs to verify the
identity of individuals entering the country, including a transition
from digitally scanning 2 fingerprints to 10. While such changes are
intended to further enhance border security, deploying them may have an
impact on aging and spatially-constrained land POEs facilities because
they could increase inspection times and adversely affect POEs
operations. Moreover, the increase from 2 to 10 fingerprints can affect
the capacity of the systems and communications networks processing
because of the larger data sets being processed and transmitted (10 vs
2 fingerprints). This need for increased capacity will in turn affect
program costs.
US-VISIT Did Not Adequately Evaluate Exit Capability Impacts on
Operations at Air and Sea Ports of Entry:
The impact of planned exit capabilities at air and sea POEs has also
not been adequately analyzed, and is thus not available to inform
investment decisions. In February 2005, we reported that the program
office had not adequately planned for evaluating its exit pilot at air
and sea POEs because the pilot's evaluation scope and timeline were
compressed. As a result, the US-VISIT program office extended the pilot
from 5 to 14 POEs (12 airports and 2 seaports). Notwithstanding the
expanded scope of the pilot, the exit alternatives were not
sufficiently evaluated. Specifically, the program office evaluated
these alternatives against three criteria,[Footnote 33] including
compliance with the exit process. According to the exit evaluation plan
report, the average compliance rate across all three alternatives was
only 24 percent.[Footnote 34] The evaluation report cited several
reasons for the low compliance rate, including that compliance during
the pilot was voluntary. As a result, the evaluation report concluded
that national deployment of the exit solution will not meet the desired
compliance rate unless the scope of the exit process is expanded to
incorporate an enforcement mechanism, such as not allowing persons to
reenter the United States if they do not comply with the exit process
or not allowing persons to board a carrier until they are processed by
an airline or the Transportation Security Administration. As of
February 2006, program officials had not conducted any formal
evaluation of enforcement mechanisms or their possible effect on
compliance and cost, and according to the Acting Program Director, they
do not plan to do so.
DHS Has Not Adequately Justified Increases in, and Disclosed the Scope
and Nature of, Program Management-Related Fiscal Year 2006
Expenditures:
Program management is an important and integral aspect of any system
acquisition program. The importance of program management, however,
does not by itself justify any level of investment in such activities.
Rather, investments in program management capabilities should be viewed
the same as investments in any program capability, meaning the scope,
nature, size, and value of the investment should be disclosed and
justified in relation to the size and significance of the acquisition
activities being performed.
As our February 2007 report states, US-VISIT's planned investment in
program management-related activities has risen steadily over the last
4 years, while planned investment in development of new program
capabilities has declined. Figure 3 shows the breakdown of planned
expenditures for US-VISIT fiscal year 2002 through 2006 expenditure
plans.
Figure 3: US-VISIT Breakdown of Planned Expenditures as a Dollar Amount
for FY2002 Through FY2006:
[See PDF for image]
Source: GAO analysis based on US-VISIT data.
Note: According to US-VISIT program officials, actual cost information
for program management and operations cannot be readily provided due to
limitations in their financial management system.
[End of figure]
Specifically, the fiscal year 2003 expenditure plan provided $30
million for program management and operations and about $325 million
for new development efforts, whereas the fiscal year 2006 plan provided
$126 million for program management-related functions--an increase of
$96 million--and $93 million for new development. This means that the
fiscal year 2006 plan proposed expending $33 million more for program
management and operations than it is for new development.
The increase in planned program management-related expenditures is more
pronounced if it is viewed as a percentage of planned development
expenditures. Figure 4 shows planned US-VISIT expenditures for program
management and operations as a percentage of development for fiscal
years 2002 thru 2006.
Figure 4: US-VISIT Planned Expenditures for Program Management and
Operations as a Percentage of Development for FY2002 through FY2006:
[See PDF for image]
Source: GAO analysis based on US-VISIT data.
[Note: According to us-visit program officials, actual cost information
for program management and operations cannot be readily provided due to
limitations in their financial management system.
[End of figure]
Specifically, planned program management-related expenditures
represented about 9 percent of planned development in fiscal year 2003,
but represented about 135 percent of fiscal year 2006 development,
meaning that the fiscal year 2006 expenditure plan proposed spending
about $1.35 on program management-related activities for each dollar
spent on developing new US-VISIT capability.
Moreover, the fiscal year 2006 expenditure plan did not explain the
reasons for this recent growth or otherwise justify the sizeable
proposed investment in program management and operations on the basis
of measurable and expected value. Further, the plan did not adequately
describe the range of planned program management and operations
activities.
Program officials told us that the DHS Acting Undersecretary for
Management raised similar concerns about the large amount of program
management and operations funding in the expenditure plan. In January
2007, DHS submitted a revised expenditure plan to the House and Senate
Appropriations Subcommittees on Homeland Security, at the committee’s
direction, to address their concerns. The revised plan allocates some
program management funds to individual increments and to two new
categories--program services and data integrity and biometric support,
and program and project support contractor services. However, the
revised plan still shows a relatively sizeable portion of proposed
funding going toward program management-related activities.
DHS Has Not Fully Implemented Key US-VISIT Acquisition and Financial
Management Controls:
Managing major programs like US-VISIT requires applying discipline and
rigor when acquiring and accounting for systems and services. Our work
and other best practice research have shown that applying such rigorous
management practices improves the likelihood of delivering expected
capabilities on time and within budget. In other words, the quality of
IT systems and services is largely governed by the quality of the
management processes involved in acquiring and managing them. Some of
these processes and practices are embodied in the Software Engineering
Institute's (SEI) Capability Maturity Models®, which define, among
other things acquisition process management controls that, if
implemented effectively, can greatly increase the chances of acquiring
systems that provide promised capabilities on time and within budget.
Other practices are captured in OMB guidance, which establishes
policies for planning, budgeting, acquisition, and management of
federal capital assets.
Over the last several years, we have made numerous recommendations
aimed at strengthening US-VISIT program management controls relative to
acquisition management, including for example configuration management,
security and privacy management, earned value management
(EVM),[Footnote 35] and contract tracking and oversight.
The program office has taken steps to lay the foundation for
establishing several of these controls. For example, the program
adopted the SEI Capability Maturity Model Integration (CMMI®)[Footnote
36] to guide its efforts to employ effective acquisition management
practices, and approved an acquisition management process improvement
plan dated May 16, 2005. The goal, as stated in the plan, was to
conduct an independent CMMI assessment in October 2006 to affirm that
requisite process controls were in place and operating.
In September 2005, the program office completed an initial assessment
of 13 key acquisition process areas that revealed a number of
weaknesses. To begin addressing these weaknesses, the program office
narrowed the scope of the process improvement activities from 13 to 6
(project planning, project monitoring and control, requirements
development and management, configuration management, product and
process quality assurance, and risk management) of the CMMI process
areas and revised its process improvement plan in April 2006 to reflect
these changes. In May 2006, the program conducted a second internal
assessment of the six key process areas, and according to the results
of this assessment, improvements were made, but weaknesses remained in
all six process areas. For example,
* a number of key acquisition management documents were not adequately
prepared and processes were not sufficiently defined, including those
related to systems development, budget and finance, facilities, and
strategic planning (e.g., product work flow among organizational units
was unclear and not documented); and:
* roles, responsibilities, work products, expectations, resources, and
accountability of external stakeholder organizations were not well-
defined.
Notwithstanding these weaknesses, program officials told us that their
self-assessments show that they have made incremental progress in
implementing the 113 practices associated with the six key processes.
(See figure 5 for US-VISIT's progress in implementing these practices.)
However, they also recently decided to postpone indefinitely the
planned October 2006 independent appraisal. Instead, the program
intends to perform quarterly internal assessments until the results
show that they can pass an independent appraisal. Further, the program
has not committed to a revised target date for having an external
appraisal.
Figure 5: US-VISIT Progress in Implementing Key Acquisition Practices
from August 2005 to November 2006:
[See PDF for image]
Source: GAO analysis based on US-VISIT data.
[End of figure]
The acquisition management weaknesses in the six key process areas are
exacerbated by weaknesses in other areas. For example, we recently
reported[Footnote 37] that the US-VISIT contract tracking and oversight
process suffers from a number of weaknesses. Specifically, we reported
that the program had not effectively overseen US-VISIT-related contract
work performed on its behalf by other DHS and non-DHS agencies, and
these agencies did not always establish and implement the full range of
controls associated with effective management of contractor activities.
Further, the program office and other agencies did not implement
effective financial controls.[Footnote 38] In particular, the program
office and other agencies managing US-VISIT-related work were unable to
reliably report the scope of contracting expenditures. In addition,
some agencies improperly paid and accounted for related invoices,
including making a duplicate payment and making payments for non-US-
VISIT services from funds designated for US-VISIT.
Fully and effectively implementing the above discussed key acquisition
management and related controls takes considerable time. However,
considerable time has elapsed since we first recommended establishment
of these controls and they are not yet operational and it is unclear
when they will be. Therefore, it is important that these improvement
efforts stay on track. Until these capabilities are in place, the
program risks not meeting its stated goals and commitments.
US-VISIT has not yet implemented other key management practices, such
as developing and implementing a security plan and employing an EVM
system to help manage and control program cost and schedule. As we
previously reported, the program's 2004 security plan generally
satisfied OMB and the National Institute of Standards and Technology
security guidance. Further, the fiscal year 2006 expenditure plan
states that all of the US-VISIT component systems have been certified
and accredited and given full authority to operate. However, the 2004
security plan preceded the US-VISIT risk assessment, which was not
completed until December 2005, and the security plan was not updated to
reflect this risk assessment. According to program officials, they
intend to develop a security strategy by the end of 2006 that reflects
the risk assessment. We have ongoing work for the Senate Committee on
Homeland Security and Governmental Affairs to review the information
security controls associated with computer systems and networks
supporting the US-VISIT program.
Regarding EVM, the program is currently relying on the prime
contractor's EVM system to manage the prime contractor's progress
against cost and schedule goals. According to the fiscal year 2006
expenditure plan, the program office has assessed the prime
contractor's EVM system against relevant standards. However, in
reality, this EVM system was self-certified by the prime contractor in
December 2003 as meeting established standards. OMB requires that
agencies verify contractor self-certifications. The program office has
yet to do this, although program officials told us that they plan to
retain the services of another contractor to perform this validation.
This needs to be done quickly. Our review of the integrated baseline
review, which agencies are required by OMB to complete to ensure that
the EVM program baseline is accurate, showed that it did not address
key baseline considerations, such as cost and schedule risks. Moreover,
other US-VISIT contractors have not been required to use EVM, although
program officials told us that this was to change effective October 1,
2006.
DHS Has Yet to Establish Effective Program Accountability Mechanisms:
To ensure that programs manage their performance effectively, it is
important that they define and measure progress against program
commitments and hold themselves accountable for results. Measurements
of the operational performance, progress, and results are important to
reasonably ensure that problems and shortfalls can be addressed and
resolved in a timely fashion and so that responsible parties can be
held accountable.
More specifically, to permit meaningful program oversight, it is
important that expenditure plans describe how well DHS is progressing
against the commitments made in prior expenditure plans. However, US-
VISIT's expenditure plan for fiscal year 2006 (the fifth expenditure
plan) continued a longstanding pattern of not describing progress
against commitments made in previous plans. For example, according to
the fiscal year 2005 expenditure plan, the prime contractor was to
begin integrating the long-term Increment 4 strategy into the interim
US-VISIT system's environment and the overall DHS enterprise
architecture, and that US-VISIT and the prime contractor would work
with the stakeholder community to identify opportunities for delivery
of long-term capabilities under Increment 4. However, the fiscal year
2006 plan does not discuss progress or accomplishments relative to
these commitments.
Additionally, the expenditure plan committed to begin deploying the
most effective exit alternative for capturing biometrics at air and sea
POEs during fiscal year 2005. In contrast, the 2006 expenditure plan
states that the exit pilots will continue throughout fiscal year 2006
and does not address whether the fiscal year 2005 schedule deployment
commitment was met. Also, the fiscal year 2006 expenditure plan did not
address all performance measures cited in the fiscal year 2005 plan.
Specifically, the 2005 plan included 11 measures. In contrast, the 2006
plan listed 7 measures, 4 of which are similar, but not identical to,
some of the 11 measures in the 2005 plan. This means that several of
the 2005 plan's measures are not addressed in the 2006 plan. Moreover,
even in cases of similar performance measures, the fiscal year 2006
plan does not adequately describe progress in meeting commitments. For
example, the fiscal year 2005 expenditure plan cited a performance
measurement of "Pre-entry watch list hits on biometrically enabled visa
applications." The fiscal year 2006 plan cites the performance measure
of "Number of biometric watch list hits for visa applicants processed
at consular offices." According to the latter plan, in fiscal year 2005
there were 897 such hits; however, neither plan cites a performance
target against which to gauge progress, assuming that the two
performance measures mean the same thing. Without such measurements,
program performance and accountability can suffer.
Concluding Observations:
Developing and deploying complex technology that records the entry and
exit of millions of visitors to the United States, verifies their
identities to mitigate the likelihood that terrorists or criminals can
enter or exit at will, and tracks persons who remain in the country
longer than authorized is a worthy goal in our nation's effort to
enhance border security in a post-9/11 era. But doing so also poses
significant challenges; foremost among them is striking a reasonable
balance between US-VISIT's goals of providing security to U.S. citizens
and visitors while facilitating legitimate trade and travel.
DHS has made considerable progress making the entry portion of the US-
VISIT program at air, sea and land POEs operational, but our work
raised questions whether DHS has adequately assessed how US-VISIT has
affected operations at land POEs. Because US-VISIT will likely continue
to have an impact on land POE facilities as it evolves--especially as
new technology and equipment are introduced--it is important for US-
VISIT and CBP officials to have sufficient management controls for
identifying and reporting potential computer and other operational
problems that could affect the ability of US-VISIT entry capability to
operate as intended.
With respect to DHS's effort to create an exit verification capability,
developing and deploying this capability at land POEs has posed a set
of challenges that are distinct from those associated with entry. US-
VISIT has not determined whether it can achieve, in a realistic time
frame, or at an acceptable cost, the legislatively mandated capability
to record the exit of travelers at land POEs using biometric
technology. Apart from acquiring new facilities and infrastructure at
an estimated cost of billions of dollars, US-VISIT officials have
acknowledged that no technology now exists to reliably record
travelers' exit from the country, and to ensure that the person leaving
the country is the same person who entered, without requiring that
person to stop upon exit--potentially imposing a substantial burden on
travelers and commerce. US-VISIT officials stated that they believe a
biometrically based solution that does not require those exiting the
country to stop for processing, that minimizes the need for major
facility changes, and that can be used to definitively match a
visitor's entry and exit will be available in 5 to 10 years. In the
interim, it remains unclear how DHS plans to proceed. According to
statute, DHS was required to report more than a year ago on its plans
for developing a comprehensive biometric entry and exit system, but DHS
has yet to finalize this road map for Congress. Until DHS finalizes
such a plan, neither Congress nor DHS is likely to have sufficient
information as a basis for decisions about various factors relevant to
the success of US-VISIT, ranging from funding needed for any land POE
facility modifications in support of the installation of exit
technology to the trade-offs associated with ensuring traveler
convenience while providing verification of travelers' departure
consistent with US-VISIT's national security and law enforcement goals.
Fundamental questions about the program's future direction and fit
within the larger homeland security context as well as its return on
investment remain unanswered. Moreover, the program is overdue in
establishing the means to ensure that it is pursuing the right US-VISIT
solution, and that it is managing it the right way. The longer the
program proceeds without these, the greater the risk that the program
will not optimally support mission operations and will fall short of
commitments. Measuring and disclosing the extent to which these
commitments are being met are also essential to holding the department
accountable. We look forward to continuing to work constructively with
the US-VISIT program to better ensure the program's success.
This concludes my prepared testimony. I would be happy to respond to
any questions that Members of the Committee may have.
GAO Contact and Staff Acknowledgements:
For further information about this testimony, please contact me at
(202) 512-8777 or stanar@gao.gov, or Randolph Hite, Director, at (202)
512-3439 or hiter@gao.gov. Other major contributors to this testimony
include John Mortin, Assistant Director; Deborah Davis, Assistant
Director; Amy Bernstein; Frances Cook; Odi Cuero; David Hinchman; James
Houtz; Richard Hung; Sandra Kerr; Amanda Miller; Freda Paintsil; James
R. Russell; Sushmita Srikanth; and Jonathan Tumin.
FOOTNOTES
[1] A port of entry is generally a physical location, such as a
pedestrian walkway and/or a vehicle plaza with booths, and associated
inspection and administration buildings, at a land border crossing
point, or a restricted area inside an airport or seaport, where entry
into the country by persons and cargo arriving by air, land, or sea is
controlled by U.S. Customs and Border Protection.
[2] The Visa Waiver Program enables nationals of certain countries to
travel to the United States for tourism or business for stays of 90
days or less without obtaining a visa. Most western European countries
participate in this program, along with Japan, Singapore, Australia,
Brunei, and New Zealand.
[3] To visit the United States, Mexican citizens generally need either
a Mexican passport and U.S. visa, or a Border Crossing Card (BCC),
which is issued to Mexican visitors who wish to enter the country for
business or pleasure for no more than 6 months. The BCC contains
machine-readable biographic and biometric information. Mexican citizens
with BCCs who are traveling within 25 miles of the border, (75 miles in
Arizona, if entering through certain POEs near Tucson) and who plan to
stay no more than 30 days, are generally not subject to US- VISIT
processing upon entry. A Mexican citizen is subject to US-VISIT
requirements, however, if a CBP officer determines that the entrant
intends to stay more than 30 days or travel beyond the 25-or 75-mile
limit.
[4] On July 27, 2006, DHS issued a Notice of Proposed Rulemaking that,
if finalized, would expand the scope of US-VISIT to include, among
others, lawful permanent residents, aliens seeking admission on
immigrant visas, refugees and asylees, and certain categories of
Canadians. DHS did not report how many additional persons would be
covered by US-VISIT if the rule was adopted.
[5] For a legislative overview of the US-VISIT program, see appendix
III of GAO, Border Security: US-VISIT Program Faces Strategic,
Operational, and Technological Challenges at Land Ports of Entry, GAO-
07-248 (Washington, D.C.: December 2006).
[6] This includes, for example, computers, printers, digital cameras,
fingerprint scanners, telecommunications upgrades, existing system
enhancements, and facilities modifications.
[7] GAO, Homeland Security: Risks Facing Key Border and Transportation
Security Program Need to Be Addressed, GAO-03-1083 (Washington, D.C.:
Sept. 19, 2003).
[8] GAO, Homeland Security: Risks Facing Key Border and Transportation
Security Program Need to Be Addressed, GAO-04-569T (Washington, D.C.:
March 2004).
[9] GAO, Homeland Security: First Phase of Visitor and Immigration
Status Program Operating, but Improvements Needed, GAO-04-586
(Washington, D.C.: May 2004).
[10] GAO, Homeland Security: Recommendations to Improve Key Border
Security Programs Need to Be Implemented, GAO-06-296 (Washington, D.C.:
February 2006).
[11] GAO, Homeland Security: Contract Management and Oversight for
Visitor and Immigrant Status Program Need to Be Strengthened, GAO-06-
404 (Washington, D.C.: June 9, 2006); GAO, Border Security, US-VISIT
Program Faces Strategic, Operational, and Technological Challenges at
Land Ports of Entry, GAO-07-248 (Washington, D.C.: December 6, 2006);
and GAO, Homeland Security: Planned Expenditures for U.S. Visitor and
Immigrant Status Program Need to Be Adequately Defined and Justified,
GAO-07-278 (Washington, D.C.: Feb. 14, 2007).
[12] Since the statute governing US-VISIT applies to foreign national
arrival and departure data only, U.S. citizens do not fall within the
scope of the program and therefore are exempt from US-VISIT screening.
Also, in general, regardless of whether they are to be processed into
US-VISIT, Mexican citizens must present either a passport and visa or a
BCC when seeking admission to the United States, while Canadian
citizens generally do not need such documents at this time (Canadian
visitors at land POEs may need passports as early as January 2008,
however, under regulations implementing a new statutory provision on
passport requirements). According to US-VISIT, when a Mexican receives
a BCC, the data on the individual entered into U.S. databases at the
time of their visa application are accessible by US-VISIT--if they are
to be processed into it for any reason.
[13] Under the Enhanced Border Security and Visa Entry Reform Act of
2002 (Pub. L. No. 107-173, § 402(a), 116 Stat. 543, 557-59), commercial
air and sea carriers are to transmit crew and passenger manifests to
appropriate immigration officials before arrival of an aircraft or
vessel in the United States. These manifests are transmitted to CBP
through the Advanced Passenger Information System (APIS), which helps
officers identify (1) those arrivals for which biometric data are
available and (2) foreign nationals who need to be scrutinized more
closely.
[14] Visitors traveling on nonimmigrant visas are issued Form I-94 and
visitors from Visa Waiver Program countries are issued Form I-94W. Both
forms show the date of arrival, port of entry, and date the authorized
period of admission expires. At land border POEs, the Form I-94 issued
to foreign nationals covered by US-VISIT who are deemed admissible is
considered issued for multiple entries, unless specifically annotated
otherwise. A multiple entry I-94 permits them to re-enter the country,
generally for up to 6 months, without additional US-VISIT processing
during the period covered by the I-94.
[15] On September 30, 2004, US-VISIT expanded biometric entry
procedures to include individuals from visa waiver countries applying
for admission.
[16] According to CBP, these POEs are classified as Class B ports.
Under 8 C.F.R. §100.4 (c) (2), only citizens of the United States,
Canada, and Bermuda, and Lawful Permanent Residents of the United
States and certain holders of border crossing cards may enter through
Class B ports.
[17] Such equipment includes a computer, printer, digital camera, and
fingerprint scanners.
[18] CBP based this decision on the high volume of pedestrians entering
the United States through the Morley Gate POE; the fact that, before
deployment, I-94s had not been previously issued at the Morley Gate
POE; and the close proximity of the Morley Gate POE facility to the
nearby DeConcini POE facility, about 100 yards away.
[19] GAO-06-296.
[20] GAO, Internal Control: Standards for Internal Control in the
Federal Government, GAO/AIMD-00-21.3.1 (Washington, D.C.: November
1999) and GAO, Internal Control Standards: Internal Control Management
and Evaluation Tool, GAO-01-1008G (Washington, D.C.: August 2001).
[21] Workstation attendants also assist travelers in using the kiosk.
[22] Intelligence Reform and Terrorism Prevention Act of 2004, § 7208,
8 U.S.C. § 1365b. See also USA PATRIOT Act, Pub. L. No. 107-56, §
414(b)(1), 115 Stat. 272, 353 (2001); 8 U.S.C. § 1365a(b)(2)-(4).
[23] US-VISIT, Increment 2C Operational Alternatives Assessment--FINAL
(Rosslyn, Virginia: Jan. 31, 2005).
[24] US-VISIT, Increment 2C Operational Alternatives Assessment--FINAL
(Rosslyn, Virginia: Jan. 31, 2005).
[25] 8 U.S.C. § 1365b(d).
[26] A US-VISIT program official explained that for vehicles exiting
during RFID testing, one could "reasonably expect" a read rate of 70
percent because vehicles are not required to stop upon exit. The
official also cited vehicle speed, safety, and awareness (of optimal
positioning of the arrival/departure form; for example, holding the
form up to the window of the vehicle) as factors that affected RFID
read rates.
[27] 8 U.S.C. §1365b(c)(2)(E).
[28] GAO, Homeland Security: Risks Facing Border and Transportation
Security Program Need to be Addressed, GAO-03-1083 (Washington, D.C.:
Sept. 19, 2003).
[29] Pub. L. No. 108-458, § 7209 (Dec. 17, 2004), as amended, Pub. L.
No. 109-295, § 546 (Oct. 4, 2006). In November 2006, DHS and the
Department of State issued a final rule announcing that, beginning on
January 23, 2007, citizens of the United States, Canada, Mexico, and
Bermuda are required to present a passport to enter the United States
when arriving by air from any part of the Western Hemisphere (8 C.F.R.
Parts 212 and 235 and 22 C.F.R. Parts 41 and 53). According to DHS, a
separate proposed rule addressing land and sea travel will be published
at a later date with specific requirements for travelers entering the
United States through land and sea border crossings.
[30] GAO, Observations on Efforts to Implement the Western Hemisphere
Travel Initiative on the U.S. Canadian Border, GAO-06-741R (Washington,
D.C.: May 25, 2006).
[31] A sensitivity analysis is a quantitative assessment of the effect
that a change in a given assumption, such as unit labor cost, will have
on net present value.
[32] Specifically, they said minimal modifications to interior
workspace were required to accommodate biometric capture devices and
printers and to install electrical circuits. These officials stated
that modifications to existing officer training and interior space were
the only changes needed.
[33] The other two evaluation criteria were conduciveness to travel and
cost.
[34] Compliance rates were 23 percent for the kiosk, 36 percent for the
mobile device, and 26 percent for the validator.
[35] EVM is a management tool to help ensure that work performed for a
program or project is consistent with cost and schedule goals.
[36] The CMMI® ranks organizational maturity according to five levels.
Maturity levels 2 through 5 require verifiable existence and use of
certain key process areas.
[37] GAO, Homeland Security: Contract Management and Oversight for
Visitor and Immigrant Status Program Need to Be Strengthened, GAO-06-
404 (Washington, D.D.: June 9, 2006).
[38] Financial controls are practices to provide accurate, reliable,
and timely accounting for billings and expenditures.
[39] 8 U.S.C.A. §1365c(2)(A)(ii).
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site.
To have GAO e-mail you a list of newly posted products every afternoon,
go to www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548:
Public Affairs:
Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548: