Preface

The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978. This report is one of a series of audit, inspection, and special reports prepared as part of the DHS oversight responsibility to promote economy, effectiveness, and efficiency within the department.

This report assesses the strengths and weaknesses of the use of security checks by U.S. Citizenship and Immigration Services when processing applications for immigration benefits. It is based on interviews with employees and officials, direct observations, and a review of applicable documents.

The recommendations were developed to the best knowledge available to the OIG.

Executive Summary

The staff of the National Commission on Terrorist Attacks upon the United States reported that the Immigration and Naturalization Service’s “inability to adjudicate applications quickly or with adequate security checks made it easier for terrorists to wrongfully enter and remain in the United States throughout the 1990s.” The full Commission recommended:

The Department of Homeland Security, properly supported by the Congress, should complete, as quickly as possible, a biometric entry-exit screening system, including a single system for speeding qualified travelers. It should be integrated with the system that provides benefits to foreigners seeking to stay in the United States. Linking biometric passports to good data systems and decision making is a fundamental goal. No one can hide his or her debt by acquiring a credit card with a slightly different name. Yet today, a terrorist can defeat the link to electronic records by tossing away an old passport and slightly altering the name in the new one.

The Immigration and Naturalization Service (INS), followed by U.S. Citizenship and Immigration Services (USCIS), made multiple changes over the past decade to improve the adequacy of security checks, detect applicants who pose risks to national security and public safety, deter benefits fraud, and ensure that benefits are granted only to eligible applicants.

As part of its ongoing responsibilities to evaluate the effectiveness of Department of Homeland Security (DHS) programs and activities, the Office j of Inspector General (OIG) conducted a review of USCIS security check activities. Our review assessed whether USCIS (1) selected security checks of appropriate scope; (2) properly completed checks and concluded them with
timely referrals and denials when appropriate; and (3) conducted the checks in an efficient manner. The scope and methodology of this review are discussed in Appendix A.

USCIS has several significant changes planned and underway for the conduct of security checks. The Office of Fraud Detection and National Security (FDNS), created in May 2004, has begun to provide centralized support and policy guidance for security checks. In addition, USCIS has two automated systems in development—the Background Check System and Biometric Storage System—that could streamline how USCIS runs, documents, and monitors checks.

Security checks need continued management attention. First, USCIS’ security checks are overly reliant on the integrity of names and documents that f applicants submit; consequently, better use of biometric data is needed to verify applicants’ identity. USCIS has not developed a measurable, risk-based plan to define how USCIS will improve the scope of security checks. Second, except for a small number of benefits, USCIS’ management controls are not comprehensive enough to provide assurance that staff completes checks correctly. For a minority of cases, slow, inconclusive, or legally inapplicable security check results cause applications to stall, but USCIS is pursuing several solutions to conclude stalled cases. Finally, USCIS needs improved automation to eliminate paper-based, duplicative, and inefficient security check processes. Because USCIS’ management of security checks is still somewhat decentralized, more coordination will be required to ensure efficient progress in implementing the changes USCIS envisions.

We are recommending that USCIS: 1) expand the use of biometric identification techniques; 2) establish a comprehensive, risk-based plan for the selection and completion of security checks; 3) set objectives for the conduct and completion of checks and organize management controls to ensure they are met; 4) implement the Background Check Analysis Unit, Background Check System, and Biometric Storage System; and 5) define accountability and timelines for implementing these changes.

Background

On January 24, 2003, USCIS was created as part of the Department of Homeland Security. Along with Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE), USCIS became responsible for providing services formerly provided by the Immigration and Naturalization Service. USCIS processes over 50 types of benefits for immigrants and non- immigrants, including citizenship, asylum, legal permanent residence, work authorization, and extension of stay. In Fiscal Year (FY) 2004, USCIS completed approximately 7.3 million benefit applications and received 5.9 million more. Five large processing centers managed most applications, but others were processed in more than 33 district offices and sub-offices, eight asylum offices, and USCIS headquarters. USCIS’ FY 2004 budget of $1.8 billion was composed of $236 million in appropriated funds and about $1.6 billion in fee revenues.

USCIS’ first of six strategic goals is to ensure the security and integrity of the immigration systems, noting that “a secure homeland depends on the integrity of our immigration system.” During the benefit application process, USCIS conducts security checks in order to prevent ineligible applicants from obtaining benefits and to help law enforcement agencies identify people who pose risks to national security or public safety. Depending on the application submitted, USd5 conducts up to four different types of security checks:

• Interagency Border Inspection System name checks (IBIS). Managed by CBP, IBIS is a database of lookouts, wants, warrants, arrests, and convictions consolidated from over 20 agencies. A complete IBIS query also includes a concurrent check of selected files in the Federal Bureau of Investigation’s (FBI) National Criminal Information Center. USCIS began conducting automated, name-based queries of IBIS for all USCIS applications in 2002. With an average of 3.7 names per application to check, USCIS conducted over 27 million IBIS checks in FY 2004.


• FBI fingerprint check. The FBI’s Integrated Automated Fingerprint Identification System (IAFIS) matches criminal history records from federal, military, and most state apprehensions. USCIS collects and electronically submits applicants’ fingerprints for selected benefits such as naturalization, permanent residence, and asylum. IAFIS has been in place since 1999; before that time, INS manually submitted fingerprint cards for criminal history records checks. USCIS submitted 1.9 million fingerprints at a cost of $31.9 million in FY 2004.



• FBI name check. This partially automated, name-based check searches over 86 million files documenting people who are the main subject or referenced in an FBI investigation. USCIS electronically submits applicant names to the FBI National Name Check Program for benefits such as naturalization, permanent residence, and asylum. The legacy INS queried the main files since 1985 but added reference files to security checks in 2002. USCIS submitted 1.5 million names at a cost of $6.0 million in FY 2004.



• Automated Biometric Identification System (IDENT). Asylum offices have used this automated fingerprint identification system since 1998. Managed by US-VISIT, IDENT enables agencies to screen fingerprints against several different database repositories. USCIS enrolls aliens applying for asylum in the IDENT-Asylum database, screening them against previously enrolled asylum applicants, the immigration lookout database of criminal aliens, and the immigration recidivist database of repeat immigration offenders. Asylum offices completed approximately 146,000 applications receiving this three- part check in FY 2004.

In addition, depending on the benefit, USCIS checks administrative systems to review applicants’ prior immigration history, entry and exits into the United States, student records, and immigration court records. When checks result in confirmed derogatory information, USCIS has an established process for completing the cases with denials and referrals to fraud investigators, law enforcement, and the immigration courts.

USCIS’ current structure for conducting security checks has undergone many changes during the past decade. Previous Government Accountability Office (GAO) and OIG reports criticized the INS for its failure to complete fingerprint checks, failure to review check results during adjudication, inadequate controls to deter impostor applicants, inadequate security check procedures and training, and an improper emphasis on productivity at the expense of accuracy in determining whether applicants were eligible for benefits. INS, and later USCIS, made multiple changes to the security check process to control the conduct and use of security checks. These include the creation of application support centers to collect applicant fingerprints and naturalization quality procedures to guide adjudicators. A more recent change is USCIS’ May 2004 creation of the Office of Fraud Detection and National Security to provide centralized support and policy guidance for security checks and anti-fraud operations.

USCIS continues to operate under production pressures, decreasing a FY 2003 backlog of approximately 3.7 million applications to less than one million by June 30, 2005. USCIS publicly attributed part of the backlog accumulation to the 2002 addition of IBIS name checks for all applications. Without compromising security, USCIS plans to eliminate the backlog by the end of FY 2006.