Spotlight on Surveillance
July 2005:
US-VISIT Rolls Out the Unwelcome Mat
President Bushs proposed $2.57 trillion federal budget for Fiscal Year 2006 greatly increases the amount of money spent on surveillance technology and programs while cutting about 150 programs -- most of them from the Department of Education. EPICs Spotlight on Surveillance project scrutinizes these surveillance programs.
Past Spotlights
- June 2005: Backscatter X-Ray
- May 2005: Camera Surveillance Networks
- April 2005: Homeland Security ID Cards
- March 2005: America's Shield
This months Spotlight on Surveillance shines on the United States Visitor and Immigrant Status Indicator Technology (US-VISIT). The Department of Homeland Security (DHS) requests $390 million for the border security program for Fiscal Year 2006 (an increase from $340 million for FY 2005, and an initial $328 million for FY 2004), and DHS has estimated that the program will cost $7.2 billion through 2014.1 US-VISIT is an integrated government-wide program intended to improve the nation's capability to collect information about foreign nationals who travel to the United States, as well as control the pre-entry, entry, status, and exit of these travelers. However, in its short existence, the program has been replete with problems.2DHS deployed US-VISIT at 115 airports and 15 major seaports on January 5, 2004, and the 50 highest volume land ports of entry were phased in on December 29, 2004.3 By the end of 2005, the program will be operational at all of the nation's more than 400 ports of entry.4 On September 30, 2004, the program began screening travelers entering and leaving the United States through the Visa Waiver Program.5 The expansion affected an estimated 13 million citizens from 27 nations -- including Japan, Australia, and many European countries -- who until then had been permitted to visit the United States for up to 90 days without a visa.
US-VISIT requires foreign nationals entering or exiting the country to submit biometric and biographical information.6 This data collection often begins before a visitor buys her plane ticket, as U.S. consular offices abroad may, before issuing a visa, collect fingerscans from potential visitors and compare them against those in a criminal database.7 Fingerscans are again collected upon the visitor's arrival in the U.S. for verification and then stored in a government database, as are travelers' arrival and departure records.8 Failure to be processed through this departure confirmation system could jeopardize a visitor's re-admittance to the U.S., as the government compares the manifest information provided by air and cruise lines to ascertain that visitors have not overstayed their visas.9
As of May 17, 2005, the US-VISIT program processed more than 25 million visitors to the United States and more than 590 individuals wanted for crimes or immigration violations have been denied admission, DHS says.10 However, there is no evidence that US-VISIT has ever caught a wanted terrorist.
According to DHS, the US-VISIT program seeks to enhance national security and ensure the integrity of the immigration system.11 Recently, EPIC obtained documents from the Department of Homeland Security under the Freedom of Information Act that reveal US-VISIT has resulted in many cases of mistaken identity.12 Commercial aircrew members, vacationers, and businesspersons have all been delayed by the gaffes.13 The problems caused unnecessary delays in the visitors' travels and resulted in the improper flagging of crewmembers by government watch lists.14
AIR PORTS OF ENTRY
DESIGNATED FOR US-VISIT
[ranked in order of highest volume]
JANUARY 5, 2004
1 MIAMI IAP, FL
2 TORONTO, CANADA
3 JFK IAP, NY
4 LOS ANGELES IAP, CA
5 VANCOUVER, CANADA
6 MONTREAL, CANADA
7 SAN FRANCISCO, CA
8 HOUSTON INTERCONTINENTAL, TX
9 CHICAGO OHARE, IL
10 CHICAGO MIDWAY, IL
11 CALGARY, CAN PFI
12 NEWARK, NJ IAP
13 ATLANTA, GA
14 DALLAS FT. WORTH, TX
15 DULLES, VA IAP
16 HONOLULU IAP, HI
17 DETROIT IAP, MI
18 NASSAU, BAHAMAS
19 OTTAWA, CANADA
20 BOSTON LOGAN, MA
21 SEATAC IAP, WA
22 SAN JUAN, PR
23 EDMONTON, CANADA
24 ANCHORAGE IAP, AK
25 LAS VEGAS, NV
26 MINNEAPOLIS ST. PAUL, MA
27 WINNIPEG, CANADA
28 AGANA, GUAM
29 ORLANDO, FL
30 FORT LAUDERDALE, FL
31 PHILADELPHIA, PA
32 PHOENIX , AZ
33 SAN ANTONIO,TX
34 FREEPORT, BAHAMAS
35 HAMILTON, BERMUDA
36 SHANNON, IRELAND PFI
37 CINCINNATI, OH
38 BALTIMORE, MD
39 DENVER, CO
40 TAMPA , FL
41 SAN DIEGO, CA
42 DUBLIN, IRELAND PFI
43 MEMPHIS, TN
44 CHARLOTTE-DOUGLAS, NC
45 PITTSBURGH, PA
46 TUCSON , AZ
47 ARUBA
48 ST. THOMAS, VI
49 WEST PALM BEACH, FL
50 SANFORD, FL
51 NEW ORLEANS, LA
52 LAREDO, TX
53 RALEIGH-DURHAM, NC
54 BANGOR, ME
55 SALT LAKE CITY, UT
56 ST. CROIX, VI
57 ST. LOUIS, MO
58 FORT MYERS, FL
59 BELLINGHAM, WA
60 CLEVELAND, OH
61 SPOKANE, WA
62 KONA, HI
63 PROVIDENCE, RI
64 BRADLEY
65 PORTLAND, OR
66 NORFOLK, VA
67 ERIE, PA
68 BROWNSVILLE-SOUTH PADRE, TX
69 KEY WEST, FL
70 MILWAUKEE, WI
71 FAIRBANK, AK
72 INDIANAPOLIS, IN
73 WILMINGTON, NC
74 PORTLAND, ME
75 MAYAGUEZ, PR
78 DOVER, DE
79 PONCE, PR
80 AUSTIN BERSTROM, TX
81 DEL RIO, TX
82 SANDUSKY GRIFFIN, OH
83 NASHVILLE, TN
84 JUNEAU, AK
85 JACKSONVILLE, FL
86 INTERNATIONAL FALLS, MN
87 RENO, AZ
88 CHARLESTON, SC
89 COLUMBUS, OH
90 KANSAS CITY, KS
91 ALBUQUERQUE, NM
92 VICTORIA - SYDNEY, CANADA
93 AGUADILLA, PR
94 BUFFALO, NY
95 EL PASO, TX
96 FAJARDO, PR
97 GREENVILLE, SC
98 ISLA GRANDE, PR
99 KENMORE, WA
100 KING COUNTY, WA
101 KODIAK, AK
102 MANCHESTER, NH
103 MCALLEN, TX
104 OAKLAND, CA
105 ONTARIO, CA
106 OPA-LOCKA
107 PEASE TRADEPORT, NH
108 RICHMOND, VA
109 SACRAMENTO, CA
110 SAN JOSE, CA
111 SARASOTA, FL
112 ST. LUCIE, FL
113 ST. PETERSBURG, FL
114 TAMIAMI EXECUTIVE, FL
115 TETERBORO, NJ
SEA PORTS OF ENTRY
GALVESTON RCI, TX
LONG BEACH CARNIVAL CRUISE, CA
MIAMI - RCI, FL
PORT CANAVERAL, FL
PORT CANAVERAL, TERMINAL 10 FL
SAN JUAN PAN-AMERICAN, PR
SAN PEDRO WORLD CRUISE CENTER, CA
SEATTLE SEAPORT, WA
SEATTLE, WA BIRTH 30, CRUISE TERMINAL
TAMPA, FL TERMINAL 3
TAMPA, FL TERMINAL 7
VANCOUVER, BALLANTYNE PIER, CAN
VANCOUVER, CANADA PLACE, CAN
VICTORIA, PRE INSPECTION, CAN
WEST PALM SEAPORT, FL
Complaints about the program include e-mails between an airline and the Department about 32 crew members who experienced fingerprint scanning mismatches that caused them to be improperly flagged by government watch lists.15 These crewmembers already had undergone background checks. DHS officials say they have received complaints from 150 individuals.16The documents obtained by EPIC show that some travelers are aware that the US-VISIT database contains erroneous information well before DHS realizes its own mistake and fear that their next visit to the U.S. will result in misidentification. Visitors reported missing their connecting flights due to errors in the database system, and airline crewmembers reported being delayed up to ninety minutes after a long international flight.17 Some travelers reported that the operator collecting fingerscans at a port had erroneously reversed their left and right index fingerprints, labeled a husband's fingerprints as his wife's, failed to collect the data required under US-VISIT, or collected data from travelers exempt from the program, such as holders of a G-4 visa.18 Passengers' numerous requests to the DHS for correction of erroneous personal information suggest that the rush to implement US-VISIT has come at the expense of data accuracy and passenger privacy.
Problems with the US-VISIT two-fingerprint system have been highlighted before. The chance of identifying a terrorist by matching scans poorly imaged by US-VISITs system against the government's biometric watchlist is no more than 53 percent, according to a Stanford Business School research conducted last autumn.19 Biometric identification systems, including fingerprint systems, are susceptible to significant errors. In Congressional testimony in July 2002, EPIC explained the unique problems that are associated with biometrics technology, which are still important today.20 One problem is that the uniqueness of biometric data is affected by time, variability and data collection.21 A recent report by National Institute of Standards and Technology (NIST) showed that the accuracy rate for fingerprint identification drops as the age of the person increases, especially for those more than 50 years old.22
Recently, DHS began testing Radio Frequency Identification (RFID) technology in the US-VISIT program.23 The purpose of an RFID system is to enable data to be transmitted by a portable device, called a tag, which is read by an RFID reader and processed according to the needs of a particular application. The data transmitted by the tag may provide identification or location information.24 RFID-enabled cards use radiowaves to request and transmit data, as opposed to contact cards, which require physical contact with a reader to receive and transmit information.
This spring, trials were run at a simulated port, but the program will extend this month to Nogales East and Nogales West in Arizona, Alexandria Bay in New York, and Pacific Highway and Peach Arch in Washington, and continue through Spring 2006.25 DHS has said it will encode RFID tags with a serial number. The visitor will drive his car, or walk, through RFID readers at the border, and agents will use the serial number to access the visitors file.26 The process is similar to the SpeedPass systems used to pay highway tolls.
The technical specifications of the test RFID tags have not been released to the public, so it is unknown if the information is encrypted or not. If the data is unencrypted, then it can easily be accessed by unauthorized users with RFID readers. Even when the data on RFID tags are encrypted, security risks remain. It has been well documented that criminals are able to use readers to break the encryption systems in RFID tags. One experiment is relevant to the proposed US-VISIT RFID program. In January, researchers at Johns Hopkins University and RSA Laboratories discovered serious security flaws in the RFID chips that are used to protect cars from theft and prevent fraudulent use of SpeedPass keys.27 The researchers easily were able to extract individual SpeedPass secret keys, and used them in another device that allowed for fraudulent charges to the SpeedPass accounts.28
It is not necessary to use RFID in the US-VISIT program. A visitor can just as easily hand the agent a contact card (or even a piece of paper) with the number on it and eliminate the risk that the information will be extracted by an unauthorized party. Even with RFID, the agent must still review the visitors file. The small amount of time saved by sending the information wirelessly does not outweigh the significant privacy and security risks that come with using RFID tags.
The US-VISIT programs goals are to enhance national security, facilitate legitimate travel and trade, ensure the integrity of our immigration system, [and] protect the privacy of our visitors.29 But the program, estimated to cost $7.2 billion by 2014, is rife with technology problems and errors in its databases. It is far from achieving its goals.
1 Department of Homeland Security, Budget-in-Brief Fiscal Year 2006, at 8, 15 (Feb. 7, 2005) available at http://www.epic.org/privacy/surveillance/spotlight/0505/dhsb06.pdf. More information about the US-VISIT program can be found at EPICs page, at http://www.epic.org/privacy/us-visit/, and DHSs page, at http://www.dhs.gov/us-visit. EPICs March 2005 Spotlight on Surveillance highlighted another federal border control program, Customs and Border Protections Americas Shield initiative available at http://www.epic.org/privacy/surveillance/spotlight/0305.html.
2 EPIC has previously highlighted problems with US-VISIT, Comments of the Electronic Privacy Information Center on Border and Transportation Security Doctorate Interim Final Rule and Notice (Feb. 4, 2004) available at http://www.epic.org/privacy/us-visit/us-visit_comments.pdf; Privacy International also has evaluated the system, The enhanced US border surveillance system: an assessment of the implications of US-VISIT (Sept. 28, 2004) available at http://www.privacyinternational.org/issues/terrorism/rpt/dangers_of_visit.pdf.
3 Illegal Immigration Reform and Immigrant Responsibility Act of 1996, Pub. L. 104-208, Div. C, Title III, § 309 (1996), amended by the Immigration and Naturalization Service Data Management Improvement Act of 2000, Pub. L. 106-215, 114 Stat. 337 (2000). A list of the 50 highest volume land ports of entry is available at http://www.dhs.gov/dhspublic/interweb/assetlibrary/USVisit_PortsOfEntry.pdf.
4 The program draws on information from more than 20 information system and databases. Department of Homeland Security, US-VISIT Frequently Asked Questions, available at http://www.dhs.gov/dhspublic/interapp/editorial/editorial_0440.xml (hereinafter US-VISIT FAQ).
5 Id.
6 Id.
7 US-VISIT FAQ, supra note 4.
8 Id.
9 Id.
10 Press Release, Department of Homeland Security, US-VISIT Stops Murderers, Pedophiles and Immigration Violators From Entering The United States Through Biometrics and International Cooperation (May 17, 2005), available at http://news.findlaw.com/prnewswire/20050517/17may2005120404.html.
11 US-VISIT FAQ, supra note 4.
12 Department of Homeland Security documents obtained by EPIC under FOIA available at http://www.epic.org/foia_notes/usvisit1.pdf and http://www.epic.org/foia_notes/usvisit2.pdf (hereinafter EPIC FOIA).
13 Id.
14 Id. There has been a history of problems with government watch lists improperly flagging travelers. The Transportation Security Administrations no-fly lists have even ensnared members of Congress. In August 2004, Sen. Edward Kennedy revealed in a Senate Judiciary Committee hearing on border security that on multiple occasions airline agents tried to prevent him from boarding flights because his name appeared on a watch list. He was halted three times before his staff called the Transportation Security Administration, and afterwards continued to be stalled at the gate. Sen. Kennedy was forced to call Homeland Security Secretary Tom Ridge in order to clear his name, an option unavailable to most travelers. The name on the watch list preventing Kennedy's travel was apparently "T. Kennedy." (See Rachel L. Swarns, Senator? Terrorist? A Watch List Stops Kennedy at Airport, New York Times, Aug. 20, 2004 available at http://www.nytimes.com/2004/08/20/national/20flight.html?ex=1250654400&en=f0c8707234bed6fb&ei=5090
&partner=rssuserland; Sara Kehaulani Goo, Sen. Kennedy Flagged by No-Fly List, Washington Post, Aug. 20, 2004 available at http://www.washingtonpost.com/wp-dyn/articles/A17073-2004Aug19.html.) Reps. John Lewis and Don Young have also been flagged by the watch lists. (See Audrey Hudson, GAO to release evaluation of Secure Flight system, Washington Times, Mar. 27, 2005 available at http://washingtontimes.com/national/20050328-125304-1798r.htm.)15 EPIC FOIA, supra note 12.
16 Sara Kehaulani Goo, US-VISIT Delays Foreign Airlines, Washington Post, June 22, 2005 available at
http://www.washingtonpost.com/wp-dyn/content/article/2005/06/21/AR2005062101631.html.17 EPIC FOIA, supra note 12.
18 Id.
19 Lawrence M. Wein and Manas Baveja, Using fingerprint image quality to improve the identification performance of the U.S. Visitor and Immigrant Status Indicator Technology Program, Proceedings of the National Academy of Sciences of the United States of America (May 13, 2005) available at http://www.pnas.org/cgi/reprint/102/21/7772?maxtoshow=&HITS=10&hits=10&RESULTFORMAT=&fulltext
=wein+fingerprint&searchid=1120006492623_22301&stored_search=&FIRSTINDEX=0&journalcode=pnas.20 Statement of Marc Rotenberg, Executive Director, Electronic Privacy Information Center, and Carla Meninsky, EPIC IPIOP Fellow, at a Joint Hearing on Identity Theft Involving Elderly Victims Before the Special Committee on Aging (July 18, 2002) available at http://www.epic.org/privacy/biometrics/testimony_071802.html.
21 Id.
22 National Institute of Standards and Technology, Fingerprint Vendor Technology Evaluation 2003: Summary of Results and Analysis Report, at 64 (June 2004).
23 Press Release, Department of Homeland Security, Fact Sheet: US-VISIT (Feb. 24, 2005) available at http://www.dhs.gov/dhspublic/display?content=4379 (hereinafter DHS Fact Sheet).
24 EPIC's Radio Frequency Identification (RFID) Systems page, available at http://www.epic.org/privacy/rfid/.
25 DHS Fact Sheet, supra note 23.
26 Id.
27 Steve Bono, Matthew Green, Adam Stubblefield, and Avi Rubin, Johns Hopkins University, and Ari Juels and Michael Szydlo, RSA Laboratories, Analysis of the Texas Instruments DST RFID, Jan. 29, 2005, available at http://rfidanalysis.org/.
28 Id.
29 US-VISIT FAQ, supra note 4.