Building a 21st Century Fence
AMERICA’S EMERGING BORDER SECURITY PLANS resemble two sides of a technological fence. On one side of the fence, the Department of Homeland Security (DHS) wants to welcome legal visitors and make it easy for them to come and go as they please. On the other side of the fence, however, DHS wants to deny access to illegal immigrants.
On the welcoming side of the fence, the $10 billion U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program will clear foreign visitors entering and exiting the United States with digital finger-scans, digital photographs, database scans of terrorist and criminal watch lists and some kind of advanced access control technology to log people in and out.
Then there is the other side of the fence. Over the last eight years, three programs have been implemented to use technology to lock down the borders between the United States, Mexico and Canada. The third and current approach is the newly introduced secure border initiative (SBI).
Why has the United States not gained control of its borders in the five years since Sept. 11? The most important reason may be the scale or size of the problems involved — every year 450 million people, including 200 million foreign nationals, legally enter the United States through one of 330 ports of entry located along 7,000 miles of land borders with Canada and Mexico and several more thousand miles of coast line. Millions more stream in across unprotected stretches of land borders and coastal areas.
“Securing the borders poses big problems,” says Bruce Walker, director of Homeland security with Northrop Grumman Corp.’s Washington, D.C. offices and part of the Northrop team planning to bid on SBI. “It is not that the problems are technically difficult to solve; it is that they are so big that it becomes difficult to scale technology and procedures to fit a solution that is equally big.”
US-VISIT: The friendly fence
Nearly 200 million foreign nationals enter the United States through air, sea and land ports every year. In operation for more than two years, the US-VISIT system currently records the arrival of about 52 million visitors at 115 airports, 15 seaports and 154 land ports. A US-VISIT exit system now operates at 12 airports and two seaports. US-VISIT hopes to increase those numbers by automating most arrival and departure credential checks.
At a port of entry or overseas at a U.S. consular office that issues visas, foreign nationals planning to visit the United States provide their names and other personal information, make digital fingerprint scans and sit for photographs. Visitors’ information is then compared against watch lists of criminals and terrorists, and those that clear receive visas.
Visitors with current visas may move with relative freedom in and out of U.S. ports of entry. A returning visitor, for example, offers a digital fingerprint that is compared to the fingerprint stored in the US-VISIT database. A match verifies that this is the person to whom a visa was issued. Upon departing from an airport, a foreign national offers another fingerprint. A match leads to an approved exit and produces a record that this individual left the country within the period of time allowed on the visa.
Departing by land — driving back to Mexico or to Canada — raises problems for the US-VISIT system, however.
“Our mandate is to facilitate legitimate travel and trade, improve the immigration process, maintain the privacy of individuals moving through the system — without causing arriving and departing lines to grow longer,” says P.T. Wright, Jr., director for mission operations management for the US-VISIT program.
At some land border crossings, the speed of departure is controlled by toll bridges that require vehicles to stop. During the stop, officials can check fingerprints and record a departure.
Other border crossings, however, allow exits at highway driving speeds of 45 to 50 miles per hour. How can US-VISIT record those departures without slowing travel and commerce?
Wright says the answer may involve giving radio frequency identification (RFID) tags to foreign visitors. “Our preliminary tests determined that an RFID system can read RFID tags in cars at exit speeds up to 50 miles per hour,” Wright says. “The system can also capture large numbers of tags being held by individuals inside single vehicles. For example, a busload of tourists departing the United States and carrying RFID tags would not have to stop.”
Ports of entry participating in the test include Alexandria Bay, N.Y.; Blaine, Wash., with the Peace Arch Crossing and the Pacific Highway Crossing; and Nogales, Ariz., also with two crossings — at Diconcini Grand Avenue and at Mariposa.
Upon arrival at a U.S. port of entry, foreign visitors must fill out form I-94, the standard arrival and departure record issued at ports of entry to most non-immigrant visitors.
At the test ports, visitors are now completing an RFID-enabled “I-94a,” the size of an index card. The border officer activates the card by holding it up to a scanner. The system records a randomly generated number on the card. The number ties to the visitor’s record, which is stored inside US-VISIT’s secure database. This is a privacy technique. Because personal information is recorded only in the database and not on the I-94a, it is not possible to skim information from the I-94a.
Different I-94a forms will accommodate different visitor needs. One version will handle single visits. Another is for multiple visits. As long as a visitor has a valid I-94 or I-94a, he or she may enter and exit directly from the primary screening point and need not check in at secondary screening. For vehicles traveling 50 miles per hour through a port of entry, antennas at the booths will read the cards and update the records.
A problem is figuring out if the person that just drove by and was logged out by the system was the person that was issued the I-94a. “If we decide to go with an RF solution, we would implement an interim system of data traps that can call out fraudulent trends in documentation and travel,” Wright says
A final solution is several years down the road, Wright adds. It would involve attaching a biometric fingerprint reader to the I-94a. The chip on the I-94a would look for the fingerprint of the person to whom it was issued before responding to a signal sent by a reader.
U.S. citizens may use a different form of RFID access control when moving through land ports of entry between the United States, Canada and Mexico. Smart card maker Axalto of Austin, Texas, has proposed issuing identification cards shaped like driver’s licenses and equipped with chips — as an alternative to passports at these land ports. “We could put the same kind of information on the chip as goes onto an electronic passport — including the photo and biometric data,” says Neville Pattinson, Axalto’s director of governmental affairs. “This way, a reader would pull the information off the card, and you would not need a database to store information. What happens at a border crossing, for example, if the database goes down?”
If DHS eventually decides to go with a database, Axalto will propose a system based on contactless smart cards. “We believe contactless smart cards offer a stronger alternative than a simplistic RFID system,” Pattinson adds. “With a smart card, we can encrypt any information on the card. Even if it is just a number tied to a database entry, we think it is more secure to encrypt it.”
The wrong side of the fence
Estimates suggest that between 4 million and 12 million illegal immigrants are now living in the United States. One of the goals of the US-VISIT program is to ensure that the number of illegal immigrants does not grow because once-legal visitors stay beyond the expiration of their visas.
The Secure Border Initiative or SBI aims to stop illegal immigrants from pouring into the United States, whether they are holding expired visas or not.
SBI is the third try in eight years to gain control of the nation’s land borders and coastline. The first attempt came with the Integrated Surveillance Intelligence System (ISIS) that positioned sensors and cameras along stretches of the border. When a 2004 General Services Administration audit reported inadequate contract management and oversight and other problems, the program was replaced with America’s Shield Initiative (ASI). That program sought to continue the ISIS emphasis on surveillance technology, but with better administrative and cost controls.
Eventually, DHS decided that ASI was too limited in scale and turned to SBI, which aims to control the borders, enforce immigration within the United States and to set up a temporary worker program.
The $2 billion SBI program will extend the surveillance concepts of ASI by adding next-generation detection technology and unmanned aerial vehicles to the technological mix. It will also add border patrol agents, expand detention and removal capabilities, improve physical infrastructure at the borders and boost worksite and interior enforcement efforts.
Customs and Border Protection (CBP) will manage a key component of SBI called SBInet. “SBInet is technology and process integration,” Walker says. “When you look at the premise of operational security, what you are really looking at is a set of connected processes. For example, it is not just surveillance and apprehension on the border; it is also detention and removal and other associated immigration processes that come into play.”
DHS will manage the overall SBI program. “SBI is like the other end of the lens from SBInet,” Walker says. “For example, DHS will have to figure out how to credential all 14.5 million of the nation’s first responders and law enforcement agents at the state, local and tribal levels so that they have access to DHS data.”
How is it possible to credential millions of people working in hundreds of different organizations to use sensitive DHS databases? Who has permission to see what data? Can a police officer from Miami have access to files held by Georgia’s Homeland Security office? What about Miami’s Chief of Police? But how can the chief do what needs to be done without waiting days or weeks for an authorization to work its way through the bureaucracy?
The scale of this problem may call for a huge paradigm shift, Walker adds. “Suppose I am a state policeman and my credential was issued by the state police,” he says. “If there is a trust relationship between an application that generated that ID at the state level and the systems at DHS, I do not have to worry about authenticating the ID. We can set up a system that says it is valid because of the trust relationship between the two applications.”
If that is possible, then it is also possible to provide permissions for classes of users instead of individuals: All police chiefs may access Georgia’s Homeland Security data or data in a DHS Customs and Border Protection database.
“Frankly, the problem is not that technology cannot do SBI jobs, but that we still have not worked our way through the public policy issues with all the stakeholder organizations,” Walker adds. “In other words, to make systems that are national in scope work, we are going to have to change policies, processes, and cultures about how people interact with each other across organizations” that have never allowed that kind of interaction.
In other words, DHS will have to tear down walls between agencies and departments at all levels of government in order to build this new 21st century fence.