IE 11 is not supported. For an optimal experience visit our site on another browser.

U.S. border security at a crossroads

One of the Homeland Security Department's most ambitious projects, a 10-year, $10 billion effort to track foreign visitors in the U.S., is being built on top of aging databases and software that government scientists found to be out of date, poorly coordinated and ineffective.
/ Source: a href="" linktype="External" resizable="true" status="true" scrollbars="true">The Washington Post</a

The race to tighten the nation's borders began just after the terror attacks on Sept. 11, 2001. Authorities learned that hijackers had lived illegally in the country, renting apartments, taking flying lessons and moving around freely.

Congress demanded changes in border controls and tight deadlines for building a computer network that would screen foreign visitors as they seek to enter or leave the country by scanning their fingerprints and matching them against databases of suspected terrorists.

Pressing to meet that goal, the Homeland Security Department last year awarded one of the most ambitious technology contracts in the war on terror — a 10-year deal estimated at up to $10 billion — to the global consulting firm Accenture. In return, the company and its subcontractors promised to create a "virtual border" that would electronically screen millions of foreign travelers.

Documents and interviews with people familiar with the program, called US-VISIT, show that government officials are betting on speculative technology while neglecting basic procedures to ensure that taxpayers get full value from government contractors.

‘Illusion of security’
"There's no question we could end up spending billions of dollars and end up with nothing," said Steven A. Camarota, the director of research at the Center for Immigration Studies, a nonprofit group that has been monitoring efforts to improve border controls. "It creates an illusion of security that doesn't exist."

Although the government has already spent or budgeted about $1 billion for the US-VISIT program, the new system is being built on top of aging computer databases and software that government scientists concluded two years ago are out of date, poorly coordinated and ineffective. Among them is a fingerprint system that does not use the government's state-of-the-art biometric standard. As a consequence, millions of dollars are budgeted this year for upgrades, according to budget documents.

The technology problems diminish the current effectiveness of US-VISIT, according to audits and government documents. Today, only a small fraction of foreign visitors — fewer than 1 percent — is fully screened by the existing system.

US-VISIT director James L. Williams defended the program's strategy, saying officials plan to phase in new technology over the next decade while taking steps in the next several years to maintain security with current technology. He said people should understand that US-VISIT is in its infancy.

"We're not even close to having a full biometric entry-exit system," he said. "It's an archaic system of technology."

Lucrative ‘partnership’
Williams said he is relying heavily on Accenture because the government cannot undertake the complex technological assignment without the expertise of private industry. He said he is proud that the losing bidders have not challenged the award to Accenture and its subcontractors, known as the Smart Border Alliance.

"Accenture was clearly the best value," Williams said.

Accenture was in a strong position even before the bidding began, according to documents and interviews. Its contracting team played a role in shaping the competition. "Limit the number of bidders, and streamline the procurement approach," Accenture officials recommended to Williams in August 2003, three months before the government began requesting bids, according to documents and interviews.

The US-VISIT contract with Accenture and its subcontractors exemplifies a fundamental shift in the arcane world of government contracting, said Steven L. Schooner, a procurement specialist at George Washington University. Increasingly, government is entering into "partnerships" with private companies.

Such partnerships can blur the lines between the government and corporations, Schooner and other contract specialists said.

In this case, the contractor and the government are working together without a clear idea of how the final virtual-border system will work or when it will be completed over the next decade. Such an arrangement is known as an "indefinite delivery-indefinite quantity contract." The government can cancel the project at any point. The contractor is paid for specific tasks along the way, even if the overall system ultimately does not work.

For all those reasons, no one is certain of the final cost.

"Who knows what it will end up being, because the system hasn't been defined yet," said Accenture spokeswoman Roxanne Taylor, adding that the government has the final say. "Isn't that the system of checks and balances?"

Tightening the borders
The US-VISIT program office, officially known as the United States Visitor and Immigrant Status Indicator Technology, started in July 2003. The network it is trying to build is being sold to the public by homeland security officials as the ultimate solution to the nation's chronic border problems.

The US-VISIT system must eventually cover nearly 7,000 miles of borders along Mexico and Canada, including more than 300 land, air and sea ports where travelers make more than 450 million crossings a year.

Copies of an Accenture presentation to US-VISIT officials obtained by The Washington Post describe a futuristic surveillance and intelligence network. The system they envision could rely on databases, digital cameras, face- and voice-recognition systems and electronic-fingerprint readers, all linked by computer. Homeland security officials promised that US-VISIT would communicate quickly and easily with other computer systems.

Eventually all foreign visitors will be required to electronically register their fingerprints and photographs at U.S. embassies and consulates, along with other personal details. That information will then be matched against terrorist, criminal and intelligence files to determine whether the travelers pose threats.

Prospective visitors who flunk the screening process will be denied visas. Those who pass will be allowed into the country and then checked when they leave to make sure they did not overstay their visit. US-VISIT must accomplish its mission without impeding commerce or tourism, according its mission statement.

For now, US-VISIT is relying on several aging and ineffective computer systems that were designed in the 1990s by contractors for the former Immigration and Naturalization Service, which was merged in 2003 into the new Homeland Security Department.

Holes in the system
Not long after the Sept. 11, 2001, attacks, the Senate Judiciary Committee asked the Justice Department's inspector general, Glenn A. Fine, to assess the state of INS's technology programs. Fine told Congress he questioned close to $3 billion worth of projects, saying that his review "revealed significant problems that leave gaps in the INS's attempts to secure the nation's borders." At about the same time, the Government Accountability Office, the investigative branch of Congress, came to a similar conclusion about the INS technology.

Today, some of the same officials who were in charge of that flawed technology are in key positions at the US-VISIT program.

One of the programs targeted for criticism was a computer network known as IDENT, which requires travelers to submit prints of both index fingers at U.S. consulates and embassies overseas. IDENT then collects two index fingerprints from those visitors at the U.S. border and matches them against a database to determine whether they are allowed into the country.

Fine's auditors concluded that the system was flawed because it did not effectively link to such fingerprint databases as FBI files or government terrorist watch lists that rely on state-of-the-art, 10-fingerprint systems.

Scientists at the National Institute of Standards and Technology, under congressional mandate to develop biometric standards for screening foreign visitors, recommended the government use 10 fingerprints. Using all 10 prints provides better matching capabilities and interoperability with other databases, the scientists said in their 2003 report.

US-VISIT officials did not heed the scientists' advice. Officials later told Congress they relied on the old fingerprint technology as a stopgap while they overhauled the entire border-security system. They promised to upgrade the two-fingerprint IDENT system.

Last fall, U.S. Customs and Border Protection Commissioner Robert C. Bonner said authorities had made improvements to the IDENT system so it could communicate more effectively with the FBI's database.

IDENT has fingerprints on 15,000 suspected terrorists and their alleged associates and about 1 million known criminals or deportees overall; the FBI keeps fingerprint records on 47 million people.

"Before, we had a flashlight, and we were only able to see into small areas with IDENT," Bonner said at a press conference on Oct. 7, 2004. By integrating with the FBI system, Bonner said, "we've turned on the overhead, and we can see it all."

But the government's own studies show IDENT is not fully integrated with the FBI system. One study by the Justice Department's inspector general's office, released three months after Bonner's remarks, concluded that progress toward making IDENT fully interoperable with other systems, including the FBI's, has "stalled."

Numbers game
The technology's limits and the government's desire to avoid long delays curbs the number of people who can be thoroughly screened. This year, homeland security officials expect to check about 800 people out of the roughly 118,000 visitors a day who should be screened against the FBI database, the Justice Department's inspector general said.

"The lack of immediate access to the FBI's full criminal master file creates a risk that a terrorist could enter the country undetected," the inspector general found.

Last fall, Stanford University researcher Lawrence M. Wein testified before Congress that US-VISIT, using IDENT, had no more than a 53 percent chance of catching a terrorist who had altered his or her fingerprints, even if that person was on a terrorist watch list. Wein said authorities should not assume the current two-fingerprint system is sufficient to stop terrorists. "It would be naive to think that these people are not trying to defeat the system," he said.

Rep. Norman D. Dicks (D-Wash.), who has repeatedly questioned IDENT's effectiveness, said homeland security officials should have listened to their experts rather than trying to upgrade the old fingerprint technology. Dicks said homeland security officials opted to use the flawed technology already in place to demonstrate they were making progress.

"They wanted to show they were getting something done," Dicks said. "The problem is, they made a mistake."

US-VISIT also incorporates another technology with interoperability problems: border-crossing cards that have been issued for years to Mexicans who want to visit and work in the United States. The cards are designed to encode the visitors' personal data electronically, but they do not work well with the IDENT system because the two technologies were not designed to interact, US-VISIT officials said.

The cards are manufactured at a six-year-old government plant run by a company called Datatrac Information Services Inc. in the congressional district of Rep. Harold Rogers (R-Ky.), the chairman of the House Appropriations homeland security subcommittee.

Controversial cards
In the late 1990s, Rogers had urged government officials to build the card-manufacturing facility in his district, one of the poorest in the nation, according to a congressional aide who spoke on condition of anonymity.

Then, in June 2003, Rogers added language to an appropriations bill emphasizing that new card technology should not be adopted in a TSA pilot program as long as the existing technology is "good enough."

The next month, Datatrac received a 10-year contract extension worth up to $200 million, according to a company press release.

"The cards produced at facilities like the one in Corbin, Ky., are on the cutting edge of technology," Rogers was quoted as saying in the release. "I am pleased the Department has chosen to continue the use of these proven products."

A congressional aide said Rogers did not weigh in on Datatrac's behalf over the contract extension but considered it a "victory" because of the jobs it protected in the district Rogers represents.

The decision to stick with the cards comes with costs. This year, US-VISIT officials requested another $51 million for new technology, including equipment needed to study whether the cards can eventually work well with IDENT, Williams said.

Datatrac's border-crossing cards are often not used as intended, the homeland security department's inspector general reported this year. Border agents are supposed to run the cards through machines that can verify the visitors' identity. Instead, the agents often only eyeball the cards. The machines usually are installed away from the crossing points and used only with visitors who are pulled aside for additional screening.

Datatrac declined to discuss details of its contract.

Rogers declined to be interviewed for this article. He said in a prepared statement: "While the long-term future of the cards is unknown, they currently provide a vital security service along our borders."

'Industry Day'
Datatrac was one of dozens of companies seeking homeland security work on the borders. In 2003, it was part of the Accenture team seeking the contract to create the US-VISIT system.

Homeland security officials running that competition declared their intentions to rely heavily on the private sector. Speaking at a US-VISIT "Industry Day" in July 2003, they called on scores of corporate representatives gathered in suburban Virginia to form teams to address the government's ambitious goals.

US-VISIT officials told the companies they would welcome "direct and candid" comments in the coming months before the formal requests for bids were scheduled to be issued, according to documents that US-VISIT distributed at the session. Those comments could include recommendations for constructing the bid request itself, the document said. The winner would be a government "partner," and together the government and contractor would have shared accountability.

Within weeks, three bidding teams emerged: Computer Sciences Corp., Lockheed Martin Corp. and Accenture. Each had more than a dozen potential subcontractors. The US-VISIT team maintained contact with all three teams over the next few months. But it was Accenture that captured the attention of US-VISIT program director Williams, according to documents and interviews with people involved in the process.

Accenture had once been associated with the now-defunct Arthur Andersen LLP accounting firm. The company, then operating as Andersen Consulting, blossomed during the high-tech boom of the late 1990s, in part by offering governments and businesses solutions to their technology problems.

In 2001, the company renamed itself Accenture. It employed 75,000 people in 47 countries and had revenue of more than $11 billion. Based in Hamilton, Bermuda, the company called itself a "global management consulting, technology services and outsourcing company."

Before long, it was also fashioning itself into a homeland security specialist. In its first three years under its new name, Accenture rose to 24th from 59th in the rankings of the government's prime information technology contractors, its contracts surging to $427 million from $81 million, according to Eagle Eye Publishers Inc., a private company that sells data on federal contracts.

Blurring the lines
In August 2003, at the same time Accenture executives were offering advice to Williams, they were lobbying Rogers, the chairman of the House Appropriations homeland security subcommittee, documents and interviews show. That committee has a strong say over funding for US-VISIT and other homeland security programs.

Accenture, with help from its subcontractor, Datatrac, secured a meeting with Rogers's chief of staff, according to officials at Rogers's office and Accenture. The Accenture officials downplayed the importance and timing of the meeting, saying in an e-mail "that all the bidders were actively lobbying members of Congress on US-VISIT, so our actions were not unique."

Accenture also raised its profile by hiring former government officials who had personal or professional ties to US-VISIT managers. One of the people Accenture hired as a lobbyist and consultant was Steve Kelman. As chief of procurement policy for the Clinton administration, he helped create rules that eased the outsourcing of government work to private companies. Kelman had worked closely on that project with Williams, who was then at the Internal Revenue Service.

In his role as a consultant, Kelman helped Accenture draft a document urging Williams's US-VISIT team to give contractors great latitude in designing the system and to limit the number of bid competitors to "2 or 3" as a way to speed the process of choosing a victor. Kelman said his advice focused on linking the winning bidder's pay to its performance.

Williams, who was one of several officials responsible for awarding the contract, recently said he was unaware of Kelman's role. Kelman said in an interview: "I would have thought [Williams] would have known" about Kelman's involvement.

The lines between the government and Accenture continued to blur. On Nov. 28, 2003, the US-VISIT program requested bids from the three teams. Two months later — and four months before the contract was awarded — Accenture's team moved into the 13th-floor of a Rosslyn office building, just below the floors occupied by US-VISIT officials.

"The space came available, and someone on the team saw it and realized this would be convenient space if we eventually won the project," said Taylor, the Accenture spokeswoman.

Bait and switch?
In February 2004, Accenture's team put on a demonstration for Williams in the suburban Virginia parking lot of another Accenture subcontractor. Accenture set up a make-believe checkpoint to simulate a border-crossing post. Williams was told to drive through to test Accenture's technical savvy. He accelerated to 40 miles per hour and passed through electronic sensors.

As Williams drove past the sensors, playing the role of foreign visitor, the system scanned a chip embedded in a mock passport. Moments later, an electronic sign proclaimed that "James Williams" was the man behind the wheel of the car. The show was a rousing success, Williams said.

But Accenture said that the demonstration had little to do with what will eventually be built.

Peter Soh, another Accenture spokesman, said in an e-mail that the "simulation Accenture staged was for demonstration purposes only. It was not a recommended solution or a technology offering, and in no way did it represent what the final US-VISIT solution will look like."

Accenture's team won the contract in May 2004. Company officials said the division working on US-VISIT is Accenture LLP, based in Northern Virginia.

Williams said Accenture officials are playing an important role in shaping the vision for US-VISIT by helping him and his team understand how to buy and organize such a complex system. He said such a role is increasingly common in federal contracting. Of the three bidders, he said, Accenture was consistently the most helpful and convincing.

"Accenture listened well to the approach the government wanted to take and said: 'You're taking the right approach,' " Williams said.

Oversight from afar
In each of the past three years, numerous questions have been raised about US-VISIT's management, oversight and costs.

In 2003, GAO auditors reported that the costs could rise far above the official $7.2 billion estimate — likely "in the tens of billions." The report concluded that US-VISIT was a financially "very risky endeavor" because there were not enough government officials to properly manage the program.

In 2004, another GAO analysis said the government's US-VISIT team had not moved quickly enough on its earlier findings, chiding the government for failing to correct "fundamental limitations in the program office's ability to manage US-VISIT." That was in part because the US-VISIT office had only about half the 115 employees that officials said were needed to run the project.

In February, another audit reported that the current US-VISIT system has trouble tracking "the entry and exit of persons entering the United States at air, land, and sea ports of entry." The report said the homeland security department "has not employed rigorous, disciplined processes typically associated with successful programs."

Last week, homeland security officials said the fledgling system has blocked the admission of nearly 600 people and led to the arrest of 39.

"US-VISIT works," Williams said. "The results have shown that it works. We are working hard to meet the congressional and presidential mandates to complete the system."

The US-VISIT program now has 100 government employees. The program has turned to contractors for administrative and clerical support — 94 people from Mitre Corp. and PEC Solutions Inc.

Today, an official responsible for oversight of the US-VISIT contract works out of an office in her home in Bradenton, Fla.

Dana Schmitt is the director of the Office of Acquisition and Program Management for US-VISIT — which is responsible for "support, oversight, and control" of Accenture and its subcontractors. Schmitt, a former immigration service official who earns $114,344 a year, said she visits the US-VISIT offices in Rosslyn once every six weeks or so.

She and her supervisors said she can capably handle the job from about 950 miles away. But she said that her program management office has only nine of the 40 government employees she deemed necessary.

US-VISIT officials were interested in Schmitt because of her experience working with large technology projects at the immigration service. She agreed to work on US-VISIT, she said in an interview, as long as she could stay in Florida.

She said she has become good at working with contractors and her colleagues from afar, using conference calls and e-mails. She said she has no trouble monitoring the contract and overseeing the work of her colleagues.

"I can actually tell by tone of voice if people are getting agitated," she said. "It's basically an oversight function. . . . Being in Florida doesn't hamper it."

D. Kent Goodger, a veteran contracting officer for several federal agencies who now teaches procurement rules to government officials, said oversight managers need regular, face-to-face interaction to do their jobs.

"I don't see how she can have such a very important, visible role without having daily contact," he said.

Williams, the US-VISIT program director and Schmitt's boss, described her as immensely talented and an important asset to the project. He said he initially had doubts about allowing her to work from Florida.

"I absolutely had those worries," Williams said. "To me, it became kind of an experiment. So far, it is an experiment that's working very well."