Border Security

Security of New Passports and Visas Enhanced, but More Needs to Be Done to Prevent Their Fraudulent Use Gao ID: GAO-07-1006 July 31, 2007

Travel documents are often used fraudulently in attempts to enter the United States. The integrity of U.S. passports and visas depends on the combination of well-designed security features and solid issuance and inspection processes. GAO was asked to examine (1) the features of U.S. passports and visas and how information on the features is shared; (2) the integrity of the issuance process for these documents; and (3) how these documents are inspected at U.S. ports of entry. We reviewed documents such as studies, alerts, and training materials. We met with officials from the Departments of State, Homeland Security, and Commerce's National Institute of Standards and Technology, and U.S. Government Printing Office, and with officials at seven passport offices, nine U.S. ports of entry, two U.S. consulates in Mexico, and two Border Crossing Card production facilities.

The Department of State (State) has developed passports and visas, including border crossing cards (BCC), that are more secure than older versions of these documents; however, older versions have been fraudulently used and remain more vulnerable to fraud during their lifespan. For example, earlier versions valid until 2011, of which there are more than 20 million in circulation, remain vulnerable to fraudulent alteration by such means as photo substitution. Although State has updated or changed the security features of its travel documents, State does not have a structured process to periodically reassess the effectiveness of the security features in its documents against evolving threats and to actively plan for new generations. State has taken a number of measures to ensure the security and quality of passports and visas, including establishing internal control standards and quality assurance measures, training of acceptance agents, and initiating new visa policies and procedures. However, additional measures are needed in the passport issuance process to minimize the risk of fraud. State lacks a program for oversight of the thousands of passport acceptance facilities that serve an important function in verifying the identity of millions of passport applicants each year. Officers in primary inspection--the first and most critical opportunity to identify fraudulent travel documents at U.S. ports of entry--are unable to take full advantage of the security features in passports and visas. These officers rely on both their observations of travelers and visual and manual examination of documents to detect fraudulent documents. However, the Department of Homeland Security (DHS) has not yet provided most ports of entry with the technology tools to read the new electronic passports and does not have a process in place for primary inspectors to utilize fingerprints collected for visas, including BCCs, at all land ports of entry. Moreover, DHS has provided little regular training to update its officers on the security features and fraud trends in passports and visas.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


GAO-07-1006, Border Security: Security of New Passports and Visas Enhanced, but More Needs to Be Done to Prevent Their Fraudulent Use This is the accessible text file for GAO report number GAO-07-1006 entitled 'Border Security: Security of New Passports and Visas Enhanced, but More Needs to Be Done to Prevent Their Fraudulent Use' which was released on July 31, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Requesters: United States Government Accountability Office: GAO: July 2007: Border Security: Security of New Passports and Visas Enhanced, but More Needs to Be Done to Prevent Their Fraudulent Use: GAO-07-1006: GAO Highlights: Highlights of GAO-07-1006, a report to congressional requesters Why GAO Did This Study: Travel documents are often used fraudulently in attempts to enter the United States. The integrity of U.S. passports and visas depends on the combination of well-designed security features and solid issuance and inspection processes. GAO was asked to examine (1) the features of U.S. passports and visas and how information on the features is shared; (2) the integrity of the issuance process for these documents; and (3) how these documents are inspected at U.S. ports of entry. We reviewed documents such as studies, alerts, and training materials. We met with officials from the Departments of State, Homeland Security, and Commerce‘s National Institute of Standards and Technology, and U.S. Government Printing Office, and with officials at seven passport offices, nine U.S. ports of entry, two U.S. consulates in Mexico, and two Border Crossing Card production facilities. What GAO Found: The Department of State (State) has developed passports and visas, including border crossing cards (BCC), that are more secure than older versions of these documents; however, older versions have been fraudulently used and remain more vulnerable to fraud during their lifespan. For example, earlier versions valid until 2011, of which there are more than 20 million in circulation, remain vulnerable to fraudulent alteration by such means as photo substitution. Although State has updated or changed the security features of its travel documents, State does not have a structured process to periodically reassess the effectiveness of the security features in its documents against evolving threats and to actively plan for new generations. State has taken a number of measures to ensure the security and quality of passports and visas, including establishing internal control standards and quality assurance measures, training of acceptance agents, and initiating new visa policies and procedures. However, additional measures are needed in the passport issuance process to minimize the risk of fraud. State lacks a program for oversight of the thousands of passport acceptance facilities that serve an important function in verifying the identity of millions of passport applicants each year. Officers in primary inspection”the first and most critical opportunity to identify fraudulent travel documents at U.S. ports of entry”are unable to take full advantage of the security features in passports and visas. These officers rely on both their observations of travelers and visual and manual examination of documents to detect fraudulent documents. However, the Department of Homeland Security (DHS) has not yet provided most ports of entry with the technology tools to read the new electronic passports and does not have a process in place for primary inspectors to utilize fingerprints collected for visas, including BCCs, at all land ports of entry. Moreover, DHS has provided little regular training to update its officers on the security features and fraud trends in passports and visas. Figure: Key Elements of a Secure Travel Document: [See PDF for Image] Source: State Department (passport photo). [End of figure] What GAO Recommends: GAO recommends that State and DHS better plan for new generations of passports and visas, address potential vulnerabilities in the acceptance process of U.S. passport applications, utilize the electronic features of the new e-passport, better use the biometric feature of BCCs, and provide inspectors with systematic training prior to the issuance of new travel documents. State and DHS agreed with our recommendations. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-1006]. To view the full product, including the scope and methodology, click on the link above. For more information, contact Jess T. Ford at (202) 512- 4268 or fordj@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: New Passports and Visas Have Been Enhanced, but Prior Generations of Travel Documents Remain More Vulnerable to Fraud, and Document Designs Are Not Periodically Reassessed: Steps Taken to Secure Passports and Visas in the Issuance Process, but Additional Measures Are Needed to Address Weaknesses in Oversight of Passport Acceptance Facilities: Limitations in Technology and Training Affect Inspection Officers' Ability to Fully Utilize Security Features in Passports and Visas: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Scope and Methodology: Appendix II: Types of Passports: Appendix III: Testing Conducted in Development of E-Passport Design: Appendix IV: Issuance Process for Passports and Visas: Passport Issuance Process: Visa Issuance Process: Appendix V: Primary Inspection Processes at Air, Sea, and Land Ports of Entry: Appendix VI: Comments from the Department of State: GAO Comments: Appendix VII: Comments from the Department of Homeland Security: GAO Comment: Appendix VIII: GAO Contact and Staff Acknowledgments: Tables: Table 1: Number of Fraudulent U.S. Passports and Visas Detected at U.S. Ports of Entry, Fiscal Year 2006: Table 2: Validity Period and Numbers in Circulation, by Passport: Table 3: Validity Period and Numbers in Circulation, by Visa: Figures: Figure 1: Key Elements of a Secure Travel Document: Figure 2: Timeline for Development of E-Passport: Figure 3: Timeline for Development of Lincoln Visa: Figure 4: Overview of the Process, Tools, and Technology for Primary Inspection of Travel Documents at U.S. Air, Sea, and Land Ports of Entry: Figure 5: Overview of US-VISIT Procedures at Air, Sea, and Land Ports of Entry: Figure 6: Overview of the Process, Tools, and Technology for Secondary Inspection of Travel Documents at U.S. Ports of Entry: Figure 7: Application and Issuance Process for Passports: Figure 8: Application and Issuance Process for Visas: Figure 9: Inspection Process for Entry into the United States: Abbreviations: APIS: Advanced Passenger Information System: BCC: border crossing card: CBP: Customs and Border Protection: CCD: Consolidated Consular Database: DHS: Department of Homeland Security: FDL: Forensic Document Laboratory: GPO: Government Printing Office: ICAO: International Civil Aviation Organization: NIST: National Institute for Science and Technology: PIERS: Passport Information Electronic Retrieval System: RFID: radio frequency identification: TECS: Treasury Enforcement Telecommunications System: US-VISIT: U.S. Visitor and Immigration Status Indicator Technology: USCIS: U.S. Citizenship and Immigration Services: United States Government Accountability Office: Washington, DC 20548: July 31, 2007: The Honorable Lamar S. Smith: Ranking Member: Committee on the Judiciary: House of Representatives: The Honorable Ileana Ros-Lehtinen: Ranking Member: Committee on Foreign Affairs: House of Representatives: The Honorable Darrell Issa: The Honorable F. James Sensenbrenner Jr. House of Representatives: U.S. travel documents are often used fraudulently in connection with other crimes, including narcotics trafficking, alien smuggling, and even terrorism. In fiscal year 2006, more than 21,000 fraudulent U.S. passports and U.S. visas[Footnote 1] were intercepted by U.S. Customs and Border Protection (CBP) at U.S. ports of entry,[Footnote 2] and over 3,500 new cases of passport and visa fraud, including application fraud, were investigated by the State Department (State) in fiscal year 2005, resulting in the arrests of over 500 people. Preventing, detecting, and responding to the fraudulent use of passports and visas is essential to protect U.S. citizens and interests at home and abroad. The integrity of these travel documents is dependent upon the combination of security features in the document and solid issuance and inspection processes. State's Bureau of Consular Affairs issues passports and visas, CBP, in the Department of Homeland Security (DHS), inspects these documents at ports of entry, and State's Bureau of Diplomatic Security together with State's Office of the Inspector General are responsible for investigating passport or visa fraud. In response to your request, this report focuses on travel documents issued by State, including passports, passport cards,[Footnote 3] visas, and border crossing cards (BCC);[Footnote 4] it examines (1) fraud prevention features in the documents, the process for addressing potential risks, and how information on these features is shared; (2) the integrity of the issuance process; and (3) how these documents are inspected at U.S. ports of entry. We will be issuing a separate report on the security of travel documents issued by DHS in early 2008. To examine the fraud prevention features in passports and visas, the process for addressing potential risks, and how information on these features is shared, we reviewed documentation on passports and visas, including materials on their security features, available counterfeit deterrence and durability studies, fraud bulletins and alerts, and relevant laws and regulations. We interviewed officials at State's Bureau of Consular Affairs and Diplomatic Security, DHS's Forensic Document Laboratory (FDL), Department of Commerce's National Institute of Standards and Technology (NIST), and the U.S. Government Printing Office (GPO). We also attended the International Civil Aviation Organization (ICAO) machine-readable travel document symposium in Montreal, Canada. To examine the integrity of the issuance process for these documents, we reviewed documentation, including reports and audits of internal controls, production and issuance procedures, and passport fraud referral statistics. We also interviewed officials at State's Consular Affairs Bureau, GPO, and DHS's U.S. Citizenship and Immigration Services (USCIS) and interviewed officials at seven domestic passport offices, two U.S. consulates in Mexico, and two USCIS production facilities. To examine how these documents are inspected at U.S. ports of entry, we reviewed various documents, including CBP inspections program policies, procedures, and related memorandums and relevant laws and regulations. We interviewed officials at CBP, FDL, and the U.S. Visitor and Immigrant Status Indicator Technology (US- VISIT) program. We also conducted nine site visits to air, land, and sea ports of entry to interview CBP officials and observe the inspection process of passports and visas. Appendix I contains additional details on our scope and methodology. We conducted our review from June 2006 through May 2007 in accordance with generally accepted government auditing standards. Results in Brief: State has developed passports and visas that are more secure than older versions of these documents because they contain a variety of enhanced security features that, in combination, are intended to deter alteration or counterfeit attempts. Prior generations of these documents have been fraudulently used and remain more vulnerable to fraud for the duration of their life span. For example, the 1994 generation of the passport--issued until 2001 and valid for travel until 2011--remains vulnerable to alteration by such means as photo substitution. More than 20 million of these older passports are in circulation. State has made enhancements to strengthen new generations of passports and visas, changing the design of these documents in response, in part, to detected attempts to counterfeit or alter these documents. Although State has updated or changed the security features of its travel documents, it does not have a structured process--such as long-term or "life-span" planning--to periodically reassess the effectiveness of the documents' security features against evolving threats and to plan for new generations of travel documents. Moreover, the process for designing a new document takes several years. Given the long validity period of these documents and the time it takes to complete a new document design, a structured process for periodically reassessing documents currently issued is critical to ensuring the security of these documents against evolving fraudulent threats. While State has taken several measures to ensure the security of its travel documents, additional measures are needed in the passport issuance process to minimize the risk of fraud. About 8,500 passport acceptance facilities nationwide serve an important function in establishing the identity (identifying a match between the individual, identification document, and submitted application photo) for millions of passport applicants each year--a vital link in preventing the issuance of genuine passports to criminals or terrorists under false identities resulting from the receipt of a fraudulent application. We found that State lacks a program for oversight of these passport acceptance facilities nationwide. Although State has taken some steps to address weaknesses identified in the training of acceptance agents, additional measures are needed to ensure adequate controls over the application acceptance process. For example, although State officials told us there have been some cases of fraud associated with passport acceptance facilities or the individuals working at these facilities, there is no national system for conducting routine audits of acceptance facilities' performance and practices. Oversight of the acceptance facility program is critical to ensure adequate controls over the application acceptance process and to protect against vulnerabilities, such as the issuance of passports to criminals or terrorists under false identities. For visas issued by State to foreigners seeking to travel to the United States, State has made improvements to the visa issuance process in the last several years and is working to address identified weaknesses. For example, State has taken actions to improve internal controls over visa issuance in response to our and State Inspector General reviews, and it acknowledges that these actions require constant vigilance. In addition, to address the high imposter fraud associated with the BCC, State has recently implemented measures to secure this travel document. Officers in primary inspection--the first and most critical opportunity at U.S. ports of entry to identify individuals seeking to enter the United States with fraudulent travel documents--are unable to take full advantage of the security features in passports and visas due to (1) limited availability or use of technology at primary inspection and (2) lack of timely and recurring training on the security features and fraudulent trends for passports and visas. These officers rely on both their observation of travelers and visual and manual examination of documents to detect fraudulent passports and visas. However, DHS has not yet provided most ports of entry with the technology tools that can make use of the electronic chips in electronic passports.[Footnote 5] Further, CBP does not have a process in place for primary inspection officers to utilize the fingerprint features of visa holders, including BCCs, at all land ports of entry. For example, although BCC imposter fraud is high, primary officers at southern land ports of entry are not able to use the available fingerprint records of BCC holders to confirm the identity of travelers and do not routinely refer BCC holders to secondary inspection, where officers do have the capability to utilize fingerprint records. As a result, the officers must rely on other inspection techniques to detect BCC imposter fraud. Moreover, training materials provided to officers were not updated to include exemplars-- genuine documents used for training purposes--of the e-passport and the emergency passport in advance of the issuance of these documents. As a consequence, inspection officers were not familiar with the look and feel of security features in these new documents before inspecting them. Without updated and ongoing training on fraudulent document detection, officers told us they felt less prepared to understand the security features and fraud trends associated with all valid generations of passports and visas. Although CBP faces an extensive workload at many ports of entry and has resource constraints, there are opportunities to do more to utilize the security features in passports and visas during the inspection process to detect their fraudulent use. We are making recommendations to the Secretary of State to better plan for the new generations of travel documents and address vulnerabilities in the passport application process. We also are making recommendations to the Secretary of Homeland Security to make better use of the security features in passports and visas in the inspection process and improve training for inspection officers on the features and fraud trends for these travel documents. Specifically, we are recommending that: * State develop a process and schedule for periodically reassessing security features in the design of its travel documents; * State establish a formal oversight program of passport acceptance facilities; * DHS develop a deployment schedule for providing e-passport readers to U.S. ports of entry; * DHS develop a strategy for better utilizing the biometric features of the BCCs in the inspection process; and: * DHS and State identify a process for updating training materials for inspection officers that reflect changes in passports and visas in advance of issuance, including the provision of exemplars of the new documents prior to issuance. We provided a draft of this report to the Departments of State and Homeland Security, U.S. Government Printing Office, and the Department of Commerce's National Institute of Standards and Technology. We received written comments from State and DHS, which we have reprinted in appendixes VI and VII, respectively. GPO and NIST provided technical comments. State and DHS concurred with the findings and recommendations of the report. State agreed with our recommendations and described the actions it is taking to implement them. State also provided additional information on the Consular Consolidated Database (CCD), recent visa fraud cases, and the ways in which State identifies fraudulent passports and visas. DHS concurred with all of our recommendations and described the actions it is taking and plans to take to implement them. DHS believes it has already implemented our recommendation that it develop a strategy for better utilizing the biometric features of BCCs in the inspection process. We agree that DHS's US-VISIT capability enables primary inspectors at air and most sea ports of entry to use fingerprint biometrics to compare and authenticate the document and holder of visas and BCCs. However, at land border ports this capability is not available in primary inspection. Travelers with BCCs at southern land border ports--the ports where BCC imposter fraud is most significant--are not routinely referred to secondary inspection, where they do have the capability to utilize the fingerprint records for comparison, and all BCCs are not machine-read for access to the biographic data during inspection at these ports of entry. As a result, inspectors are not making full use of the biometric information available for BCCs. To more fully utilize the available fingerprint biometric in the BCC and mitigate imposter fraud, we are suggesting that DHS develop a strategy to better use both the fingerprint biometric of the BCC and increase card reads of the BCC in primary inspection at southern land border ports of entry. State and DHS also provided technical comments, which we incorporated, as appropriate. Background: Travelers to the United States are generally required to present documentation verifying their identity and nationality and, for non- U.S. citizens, their eligibility to enter the United States. Acceptable travel documents for entry into the United States include, among others, passports, visas, and U.S military identity cards. In 2004, Congress, in an effort to further secure U.S. borders, mandated the development and implementation of a plan that requires U.S. citizens to have a passport or other document that demonstrates their identity and citizenship when entering the United States. State and DHS implemented this requirement for air ports of entry on January 23, 2007, and are to implement the requirement for land and sea ports before June 1, 2009.[Footnote 6] State's Bureau of Consular Affairs is responsible for the design and issuance of passports for U.S. citizens and visas for all foreign aliens requiring a visa for entry into the United States. CBP is responsible for inspecting these documents and permitting entry to travelers at designated air, land, and sea U.S. ports of entry. In addition, State's Bureau of Diplomatic Security, in collaboration with State's Office of Inspector General, DHS and other U.S. agencies, and foreign law enforcement entities, is responsible for investigating suspected fraud of passports and visas. The security of passports and visas and the ability to prevent and detect their fraudulent use are dependent upon a combination of well- designed security features, solid issuance procedures for the production of the document and review of the application, and solid inspection procedures that utilize available security features. Figure 1 below presents the key elements of a secure travel document. A well- designed document has limited utility if it is not well-produced or inspectors do not utilize the security features to verify the authenticity of the document and its bearer. Figure 1: Key Elements of a Secure Travel Document: [See PDF for image] Source: State Department (passport photo). [End of figure] Travel Documents Issued by State: In fiscal year 2006, about 12 million passports and almost 6 million visas were issued, according to State. As of April 2007, there are 74 million valid passports and almost 34 million visas, including 9 million BCCs, in circulation. Passports: A passport is not only a travel document required of U.S. citizens for international travel and re-entry into the United States by air, but also an official verification of the bearer's origin, identity, and nationality. Under U.S. law, the Secretary of State has the authority to issue passports, which may be valid for up to 10 years. Only U.S. nationals may obtain a U.S. passport, and evidence of citizenship or nationality is required with every passport application. Federal regulations list those who do not qualify for a passport, including those who are subjects of a federal felony arrest warrant. See appendix II for additional information on the types of U.S. passports. In addition, State is currently developing a passport card that will serve as an alternative travel document for re-entry into the United States by U.S. citizens at land and sea ports of entry.[Footnote 7] Visas: A visa is a travel document for people seeking to travel to the United States for a specific purpose, including to immigrate, study, visit, or conduct business; the document allows a person to travel to a United States port of entry and ask for permission to enter the country. While consular officers within State are responsible for determining a person's eligibility to enter the United States for a specific purpose, CBP officers have the ultimate authority to permit entry into the United States. State issues two types of visas: (1) a visa foil attached to the visa pages of a foreign passport, for nonimmigrant or immigrant travel to the United States; and (2) the BCC for limited travel by Mexican citizens within the United States' southern border. Visas can be issued for a validity period of up to 10 years. Passports and Visa Fraud: Threats to the security of travel documents include counterfeiting a complete travel document, construction of a fraudulent document, photo substitution, deletion or alteration of text, removal and substitution of pages, theft of genuine blank documents, and assumed identity by imposters. Features of travel documents are assessed by their capacity to secure a travel document against the following: * counterfeiting: unauthorized construction or reproduction of a travel document. * forgery: fraudulent alteration of a travel document. * imposters: use of a legitimate travel document by people falsely representing themselves as legitimate document holders. Most reported passport and visa fraud is imposter-related fraud. In fiscal year 2006, CBP detected 21,292 fraudulent U.S. passports, visas, and BCCs presented by travelers attempting to enter the United States through a U.S. port of entry. (See table 1.) Nearly 80 percent of these documents were genuine documents presented by imposters. The most frequent fraudulent attempts were by imposters attempting to use a legitimate BCC, while the fraudulent use of passport and visa more often involved attempts to counterfeit or alter the document. The following cases illustrate attempts to fraudulently use U.S. travel documents to enter the United States: * In November 2005, CBP officers intercepted a Ghanian citizen with an altered U.S. visa. The visa photo was manually retouched to bear closer resemblance to the photo substituted into the biographical page of the passport. * In June 2006, a Chinese citizen was found in possession of a counterfeit U.S. passport. Printing and other errors on the biographic page and another page alerted authorities that the passport was counterfeit. * In January 2007, a Brazilian citizen, using a genuine U.S. visa, attempted to enter the United States as an imposter. CBP officers confirmed the traveler was an imposter and was attempting to enter the United States to seek employment. Table 1: Number of Fraudulent U.S. Passports and Visas Detected at U.S. Ports of Entry, Fiscal Year 2006: Travel document: U.S. passport; Imposter: 971; Counterfeit/altered: 458; Total: 1,429. Travel document: U.S. nonimmigrant visa foil; Imposter: 173; Counterfeit/altered: 2,865; Total: 3,038. Travel document: BCC; Imposter: 15,911; Counterfeit/altered: 914; Total: 16,825. Travel document: Total; Imposter: 17,055; Counterfeit/altered: 4,237; Total: 21,292. Source: GAO analysis of Department of Homeland Security data. Note: Data for U.S. immigrant visas not available. [End of table] Applicants commit passport application fraud through various means, including submitting false claims of lost, stolen, or mutilated passports; child substitution; and counterfeit citizenship documents. According to State's Bureau of Diplomatic Security investigators, imposters' use of assumed identities, supported by genuine but fraudulently obtained identification documents, is a common and successful way to fraudulently obtain a passport. This method accounted for about 65 percent of 3,703 total confirmed passport fraud cases investigated by the bureau in fiscal year 2006, according to Diplomatic Security documentation. Document Security Features: To combat document fraud, security features are used in a wide variety of documents, including currency, identification documents, and bank checks. Security features are used to prevent or deter the fraudulent alteration or counterfeiting of such documents. In some cases, an altered or counterfeit document can be detected because it does not have the look and feel of a genuine document. For instance, detailed designs and figures are often used on documents with specific fonts and colors. While such aspects are not specifically designed to prevent the use of altered or counterfeit documents, inspectors can often use them to identify nongenuine documents. In some cases, security features can be observed with the naked eye. But for others, tools may be necessary to verify the existence of a security feature. For instance, to read microprinting, it may be necessary to have a magnifying glass or a loupe. To see features on pages printed with ultraviolet fluorescent ink, it is necessary to have an ultraviolet light source. In particular, electronic equipment is required to read electronic features such as biometrics or digital signatures from the travel document. While security features can be assessed by their individual ability to help prevent the fraudulent use of the document, it is more useful to consider the entire document design and how all of the security features help to accomplish this task. Layered security features tend to provide better document security by minimizing the risk that the compromise of any individual feature of the document will allow for the unfettered fraudulent use of the document. Individual document security features are known to different levels of people. For instance, some security features are known only by forensic examiners, while other features are more widely known by specialized law enforcement personnel. Passport Application and Issuance Process: GPO produces and delivers blank passports to the domestic passport- issuing offices.[Footnote 8] State operates 17 domestic passport- issuing offices, where most passports are issued each year.[Footnote 9] In addition, in the spring of 2007, State opened a new passport production facility for the personalization of passport books.[Footnote 10] The majority of passport applications are submitted by mail or in person at one of 8,500 passport application acceptance facilities nationwide, which include post offices; federal, state and probate courts; public libraries; and county and municipal offices.[Footnote 11] The passport acceptance agents at these facilities are responsible for, among other things, verifying whether an applicant's identification document, such as a driver's license, actually matches the applicant. Then, at the domestic passport-issuing offices, passport examiners determine--through a process called adjudication--whether they should issue each applicant a passport. See appendix IV for an overview of the passport issuance process. Visa Application and Issuance Process: State manages the visa process, as well as the consular officer corps and its functions at 219 visa-issuing posts overseas. The process for determining who will be issued or refused a visa contains several steps, including documentation reviews, in-person interviews, collection of biometrics (facial image and fingerprints), and cross- referencing an applicant's name against the Consular Lookout and Support System (CLASS)--State's name-check database that posts use to access critical information for visa adjudication. In some cases, a consular officer may determine the need for a Security Advisory Opinion, which is information provided from Washington to the post regarding whether to issue a visa to the applicant. See appendix IV for an overview of the visa issuance process. Passport and Visa Inspection Process: In general, at ports of entry, travelers seeking admission to the United States must present themselves and a valid travel document, such as a passport or a U.S. visa,[Footnote 12] for inspection to a CBP officer. The immigration-related portion of the inspections process requires the officer to determine--by questioning the individual and inspecting the travel documents--if the traveler is a U.S. citizen or alien. If the traveler is an alien, CBP officers must determine the purpose of the individual's travel and whether the alien is entitled to enter the United States. During the inspections process, CBP officers must confirm the identity and nationality of travelers and determine the validity of their passports and visas by using a variety of inspection techniques and technology. At the first part of the inspection process--primary inspection--CBP officers inspect travelers and their travel documents to determine if they may be admitted or should be referred for further questioning and document examination. If additional review is necessary, the traveler is referred to secondary inspection--an area away from the primary inspection area--where another officer makes a final determination to admit the traveler or deny admission for reasons such as the presentation of a fraudulent or counterfeit passport or visa. See appendix V for an overview of the inspection process at U.S. ports of entry. New Passports and Visas Have Been Enhanced, but Prior Generations of Travel Documents Remain More Vulnerable to Fraud, and Document Designs Are Not Periodically Reassessed: State has made enhancements to strengthen new generations of passports and visas, which contain a variety of security features that, in combination, are intended to deter attempts to alter or counterfeit the documents; however, prior generations of these documents have been fraudulently used and remain more vulnerable to fraudulent attempts for the duration of their life span. While the process for designing a new document takes several years to complete, State does not periodically reassess the security features of the travel documents it currently issues to identify their effectiveness against evolving counterfeit and alteration threats and to plan for new generations of travel documents. In addition, State shares information on the security features of passports and visas with domestic and international entities. New Generations of Passports and Visas Have Enhanced Security Features, but Older Versions Are Susceptible to Fraud: Passports and visas contain a variety of security features that, in combination, are intended to deter attempts to alter or counterfeit the documents. The design of passports--currently there are three generations valid for travel--contain a range of security features to protect against their fraudulent use. Visa foils--currently there are two generations valid for travel--and the BCC also contain a range of security features to protect against their fraudulent use. Enhancements have been made to strengthen new generations of these documents, but prior generations remain more vulnerable to fraudulent attempts during their life span. Although none of the passports and visas that are currently valid have had all of their security features compromised, some methods of alteration or counterfeiting have been found to be successful enough to fool an initial inspection. In these cases of sophisticated attempts to defeat specific security features, only a more detailed examination of the document can determine that the document is not authentic. Security Features of Passports: According to State, over 74 million passports are currently in circulation, as of April 2007. Currently, there are three valid generations of the passport--the 1994 passport, the 1998 photo- digitized passport, and the 2006 electronic passport (e-passport). See table 2 for validity periods for travel and numbers in circulation of current passports. Table 2: Validity Period and Numbers in Circulation, by Passport: U.S. passport: 1994 passport; First issued: 1994; Last issued: 2001; Valid for travel[A]: through 2011; Number in circulation (as of April 2007): 20 million. U.S. passport: 1998 photo-digitized passport; First issued: 1998; Last issued: 2007[B]; Valid for travel[A]: through 2017; Number in circulation (as of April 2007): 52 million. U.S. passport: e-passport; First issued: 2005; Last issued: Currently issued; Valid for travel[A]: through 2017 or later; Number in circulation (as of April 2007): 2 million. Source: State Department. Notes: About 140,000 passports were issued to U.S. citizens living overseas prior to April 2002 or as an emergency passport prior to August 2006. After April 8, 2002, overseas passport issuance for U.S. citizens residing or traveling abroad was transferred to the National Passport Center in Portsmouth, New Hampshire, and the Charleston Passport Center in Charleston, South Carolina, except for those requiring urgent travel. All passports issued to U.S. citizens living overseas are adjudicated by consular officers at U.S. embassies and consulates. [A] Only for passports issued with a 10-year validity period in the last issuance year. [B] State is issuing the 1998 passport until the inventory supply of these books is diminished, which State expects will occur in August 2007. [End of table] Each generation of the passport has a range of security features to provide protection against the threat of fraudulent use. As each generation of passports is developed, some security features are enhanced, others added, and others dropped from the documents' design to protect against counterfeit and alteration threats. For example, photo substitution, particularly with the 1994 passport, is one technique that has been used to alter passports. State has enhanced subsequent generations to combat this threat. In the 1998 passport, State enhanced the laminate of the passport and introduced a photo- digitized passport that prints scanned photographs on the biographic page of the passport to eliminate the possibility of individuals cutting out and replacing the laminated photos. While the vulnerability to photo substitutions has been reduced in the 1998 passport, it has not been fully eliminated. For the e-passport, although State continues to print the photos in the same way as the prior generation, additional enhancements have been made to the security of the laminate and a proximity radio frequency identification (RFID) chip has been added that provides for electronic storage of biographical and biometric data.[Footnote 13] The information stored on the chip is protected by a digital signature.[Footnote 14] This enhancement, which allows for a comparison of the photo in the passport with the photo in the chip, can provide greater assurance that the photo, as well as the biographic data, has not been altered or counterfeited. In cases where these enhancements may fail to work correctly, it is important to plan for the potential failure of equipment or incidents where the verification system does not correctly match individuals. In addition, the proposed passport card is expected to include laser engraving, tactile features in the photo area and an optically variable devise to address photo substitution techniques. Additional information on the security features in passports and visas issued by the State Department are sensitive in nature and have not been provided in this report. We will be reporting on the security features in these documents in a separate report. Security Features of Visas: According to State, over 34 million visas are in circulation as of April 2007. Currently, there are two valid generations of the visa foil--the Teslin and the Lincoln (the foil is attached inside a foreign passport using an adhesive.[Footnote 15] The only currently valid generation of the BCC--issued to Mexican citizens--is the laser visa, a polycarbonate card with an optical stripe to electronically store information about the BCC holder.[Footnote 16] See table 3 for data on validity periods for travel and numbers in circulation of current visas. Table 3: Validity Period and Numbers in Circulation, by Visa: U.S. visa: Teslin visa[B]; First issued: 1993; Status: Last issued 2003; Valid for travel[A]: through 2013; Number in circulation (as of April 2007): 11 million. U.S. visa: Lincoln visa; First issued: 2002; Status: Currently issued; Valid for travel[A]: through 2017 or later; Number in circulation (as of April 2007): 14 million. U.S. visa: BCC; First issued: 1998; Status: Currently issued; Valid for travel[A]: through 2017 or later; Number in circulation (as of April 2007): 9 million. Source: State Department. [A] Only for visas issued with a 10-year validity period in the last year of issuance. [B] There are three versions of the Teslin visa--type 1, type 2, and the machine-readable visa 2000 (MRV2000). [End of table] As with the passport, when the Lincoln visa was developed, some security features were improved over those in the Teslin visa, others added, and others dropped. Enhancements to the Lincoln visa include more detailed printing features and features such as security fibers and biometric information (digital photograph and fingerprints). The biometric information is collected overseas under State's Biometric Visa Program, to be used by CBP inspectors at ports of entry to verify that the original visa applicant is the person entering the United States.[Footnote 17] For the BCC, State stored the traveler's biographical and biometric information electronically on the optical media of the card. Although Design Development Requires Years to Complete, State Does Not Periodically Plan for New Generations of Passports and Visas: State's process for the development and testing of new travel documents, to enhance their security and reduce vulnerability to sophisticated fraud attempts, varied by document and required several years to complete. While State has made adjustments in the design of passports and visas, its approach has been largely reactive. Despite the length of time required of a document redesign, State does not have a structured process to periodically reassess the security features in its documents and to plan for new generations. The increasing pace of technological change and use of electronics makes State's current approach less viable than it might have been in the past, and best practices in currency design, for example, suggest that periodic evaluation of designs and introduction of new security features are more viable approaches in the management of counterfeit and alteration threats. Development Process for the E-Passport: The process for developing the new e-passport design took almost 3 years. State initiated the redesign of the passport in 2003 in response to new international specifications for electronic travel documents, to meet standards set for nations that participate in the United States' Visa Waiver Program, and to address sophisticated attempts to compromise the document with additional layers and enhancements of security features.[Footnote 18] In February 2005, State presented the proposed design for the new passport, which was intended to comply with ICAO standards. From 2005-2006, State, together with GPO, utilized government expertise at FDL and the NIST to test the durability of the book and certain security features of the e-passport and emergency passport. In response to security and privacy concerns regarding the inclusion of RFID chip technology, NIST was also requested to evaluate the passport's skimming vulnerability.[Footnote 19] Based on the results of NIST's tests, material was added to the front cover and spine of the book to mitigate the threat of skimming. Separately, durability testing conducted at NIST also revealed that some of the security features were adversely affected by humidity. State and GPO reviewed the results of NIST's tests and determined that the overall integrity of the passport remained sufficient and did not make any immediate changes to the design, according to State and GPO officials. A State official did note that these results would be considered in the future. In January 2006, State and DHS conducted pilot tests for the new passport, using diplomatic versions of the e-passport. See figure 2 for a timeline of the development process for the e-passport. Appendix III provides additional information on the testing that was conducted in the development of the e-passport design. Figure 2: Timeline for Development of E-Passport: [See PDF for image] Source: GAO analysis of State Department data. [A] According to State, all passport agencies and centers have fully converted to e-passport production, but the National Passport Center also continues to print legacy passport books until the inventory supply of these books is diminished, which State expects will occur in August 2007. [End of figure] Development Process for the Lincoln Visa: The development of the Lincoln visa design took about 4 years. The visa was developed in response to advanced attempts to counterfeit and alter the Teslin visa, according to State. To quickly address the sophisticated alteration attempts to the Teslin visa while the Lincoln visa was under development, State developed a new version of the Teslin visa--the MRV-2000--as a short-term solution for addressing the counterfeit threat. The MRV-2000 was tested in 1999 and issued in 2000. State was able to make minor changes on short notice, such as additional coding, to distinguish the MRV-2000 for inspection purposes and provide a short-term solution during the several years it took for the redesign of the visa to be completed. From 1998 to 1999, State requested industry experts to help in the development of the design and conducted studies of available security papers and ink jet printers. Various paper suppliers and NIST conducted vulnerability tests, demonstrating the durability of features on available papers. According to State officials, after identifying currently advantageous security features, State then moved into the selection of paper, glue, release liner process offset, and florescent inks. FDL provided forensic testing, such as chemical sensitivity testing, for the selected design. See figure 3 for the timeline of development for the Lincoln visa. Figure 3: Timeline for Development of Lincoln Visa: [See PDF for image] Source: GAO analysis of State Department data. [End of figure] Development of Passport Card: The development of the new passport card is expected to take a little more than 2 years, according to current State and DHS plans. State, in consultation with DHS, has been developing a new passport card since early 2006. In January 2006, State and DHS announced the development of the passport card. On May 25, 2007, the solicitation request for proposal for the passport card was released. According to State and DHS plans, from July until December 2007, the proposals will be reviewed and testing will be conducted, including durability testing. State expects to begin issuing the new cards in 2008. State Does Not Have a Structured Process for Periodically Reassessing and Planning for New Generations of Passports and Visas: State updates or changes the security features of its passports and visas in response, in part, (1) to detected attempts to counterfeit or alter these documents and (2) to recommended international standards for secure travel documents. State also made improvements to the passport to match requirements for enhanced security features in the passports from countries in Visa Waiver Program. State obtains information on the detected attempts to counterfeit or alter passports and visas from a variety of sources in the United States and other nations, according to State officials. For example, State occasionally receives information gathered from DHS regarding the seizures of fraudulent passports and visas. Specifically, FDL provides forensic analysis of identified alterations and counterfeit attempts and CBP's Fraudulent Document Analysis Unit provides trend analysis on the types of fraudulent attempts intercepted at the border. The unit forwards these seized documents--primarily passports--to State, according to Fraudulent Document Analysis Unit and State officials. However, the information that State receives on passport and visa fraud is not centrally collected or analyzed by State for purposes of planning or reassessing the document's security. According to State, information received on the fraudulent use of passports and visas is reviewed largely on a case-specific basis. Moreover, data on this information are not collected or analyzed by State in order to identify counterfeit or alteration trends. U.S. currency faces threats similar to those of passports and visas. According to the National Academies, life-cycle planning can be an effective way to reassess document security and plan for new documents by providing a structured process for re-evaluating the features of the document against evolving counterfeit and alteration threats.[Footnote 20] The National Academies found that, for bank notes, advances in reprographic technology have made securing currency more challenging, necessitating regular assessments of technologies and threats. According to the National Academies, by continuously evaluating currency designs and introducing new security features, the government does an effective job of staying ahead of counterfeiting threats. In addition, the U.S. Department of the Treasury's Bureau of Engraving and Printing has reported that protecting U.S. currency is an ongoing process. According to the bureau, it plans to introduce new currency designs every 7 to 10 years. Although State has recently enhanced some of the security features and introduced new security features to the passport, State, for the documents it issues, does not have a policy for reassessing the design's resistance to evolving counterfeit and alteration threats and planning for new generations of travel documents. For example, although the BCC has been in circulation for almost 10 years, State has not had any formal plans to reassess the current document or develop a new BCC until recently. In responding to a draft copy of this report, State noted that they are currently redesigning the next generation of the BCC for deployment in 2008, when the current BCCs begin to expire. A structured process for periodically reassessing the security features in documents and planning for new generations should include a policy for reassessing the ability of the document design to resist compromise and fraudulent attempts to the documents. For example, to meet acceptable standards for the use of driver's licenses and identification cards for official purposes, DHS has proposed establishing a policy for annual review of the card design of such documents. This proposed review would address the cards' ability to resist counterfeit and alteration attempts in several areas, including photo substitution, modification of data, duplication, and reproduction, among others. Such a review of the security features in the passport design, such as long-term vulnerability testing of the chip technology and print durability, could identify potential vulnerabilities in these features before they could be exploited. State Shared Information on Design of Passports and Visas: State shares information on the security features and fraud attempts of passports and visas with U.S. entities, including CBP, FDL, and state and local law enforcement, as well as with State's overseas counterparts, according to agency documents and officials. Specifically, State's Fraud Prevention Program distributes newsletters identifying detected attempts to counterfeit, alter, or fraudulently obtain visas and related fraud to DHS entities and U.S. missions overseas. State also bilaterally shares information on the security features of passports and visas to deter the fraudulent use of these travel documents overseas. For example, State conducts fraud prevention training for host government law enforcement and immigration authorities and also works with host governments on U.S. passport and visa fraud investigations and prosecutions. In addition, State participates in the multilateral organization ICAO to promote travel document security and global interoperability. While State has shared information on the security features and activities related to the travel documents it issues, including the e- passport, State is only beginning to share information that is necessary to verify the authenticity of the electronic data stored in the chip of the e-passport. The international community, through ICAO, has established a directory for international validation of digital signatures of e-passport chips. The United States is currently taking steps to join the directory and share its public key. Steps Taken to Secure Passports and Visas in the Issuance Process, but Additional Measures Are Needed to Address Weaknesses in Oversight of Passport Acceptance Facilities: State and GPO have enacted several measures to ensure the security and physical quality of passports and are working to address weaknesses identified in the passport issuance process; however, additional measures are needed to strengthen the process and minimize vulnerabilities. Specifically, State's lack of an oversight program for about 8,500 passport acceptance facilities nationwide continues to present a significant fraud vulnerability. State has made recent improvements to the visa issuance process and is working to address identified weaknesses. GPO Has Undertaken Measures for Ensuring Physical Security and Quality in Passport Manufacturing Process: GPO has established measures to safeguard the physical security and integrity of the passport book and materials and continues to review and strengthen these measures.[Footnote 21] In the manufacturing process, GPO has identified measures to secure production materials and blank passport books and to ensure the quality of the books. Specifically, GPO has identified control measures in place for the materials used in the production of passports, including the paper, ink, design, binding, and chip and for the blank books. A 2004 GPO Inspector General security review found vulnerabilities in the physical controls of the blank passport, including the delivery of blank books to passport agencies. GPO has taken steps to improve its internal controls for passport production as a result of this review and other recent GPO Inspector General reviews, according to GPO Inspector General officials. In addition, GPO has established quality assurance measures for the production of the 1998 passport and e-passport to ensure the books are manufactured to proper specifications. For example, GPO staff inspects the quality of the product at stages throughout the manufacturing process, including inspections of the supply materials. GPO has also established procedures to inspect, analyze, and document metrics associated with quality of the passport. In addition, GPO is also instituting an independent inspection entity that will be responsible for conducting unannounced and random inspections at points in the manufacturing process to verify that quality standards are met. For the e-passport, GPO has identified procedures for inspecting the quality of the chip at several steps along the manufacturing process, while additional measures to further ensure the quality of electronic technology in the e-passport book are under development. According to GPO officials, the established automated system for inspecting the quality of the chip is satisfactory, but the physical quality assurance process is still being developed. Specifically, GPO officials said they are studying international technology standards and lessons learned from international counterparts to develop additional quality assurance procedures for the e-passport manufacturing process. State Has Established Measures for Ensuring Integrity in the Passport Issuance Process: State has taken several steps to ensure the integrity of the passport throughout the issuance process--including establishing internal control standards, conducting periodic audits and other internal reviews, and establishing quality assurance measures for passport processing.[Footnote 22] For example, State has identified control measures at its passport offices to safeguard passport applications, passport books, and other production supplies. Specifically, State's internal controls handbook for domestic passport offices provides guidance for ensuring the integrity of passport operations, including guidance for (1) employee integrity and conduct, (2) applications receipt, (3) counter applications, (4) cashiering, (5) adjudication, (6) blank book control, (7) duty officer program, and (8) protection of the premises and information. According to State officials, the handbook is currently being updated to further strengthen controls and address identified weaknesses. The handbook identifies and provides procedures for areas of identified vulnerability, including the accountability of passport books, money, and adjudicative decision making, but it does not include internal controls for the passport- related functions performed at the acceptance facilities. To ensure compliance with these measures, State conducts periodic management assessments and internal control reviews for each domestic passport office as well as periodic audits and other internal reviews of its passport issuance process. These reviews cover general management, use of facilities, adjudication, customer service, fraud prevention, passport book processing, and internal controls, as well as provide recommendations for the improvement of operations. In addition, State also conducts periodic audits and other internal reviews of its passport issuance process. * First, the management at the domestic passport offices conducts weekly and biweekly audits of adjudicated applications to review compliance with adjudication guidelines. * Second, State's passport service management in Washington, D.C., has recently taken steps to conduct periodic validation studies, which are large-scale audits of passport applications, at all passport offices. According to State officials, a pilot validation study was conducted in 2006, reviewing over 20,000 adjudicated applications. These officials indicated that they are currently developing the methodology and implementation plan for future validation studies. * Third, another management-led effort took place in the summer of 2006, when State's Passport Office convened a number of working groups in Washington, D.C., to improve passport operations and address recommendations raised by prior GAO and State Inspector General reports. Specifically, these working groups focused on areas such as the national fraud prevention program; internal controls; and fraud metrics, statistics, and trend analysis. As a result of the recommendations of these working groups, State's passport management plans to implement several initiatives in the next year to improve overall operations. State also has measures in place to ensure the quality and accuracy of passports issued to applicants. For example, passports are inspected after the applicant's information has been added to the blank passport book to verify the information has been correctly printed and, for e- passports, stored onto the chip. In addition, each e-passport is tested at the issuing passport agency to ensure that the personalized chip can be read by an e-passport reader. In addition to the efforts described above, State occasionally modifies the regulations governing passport operations. For example, State revised its regulations in 2001 to require that both parents consent to the issuance of a passport for children under age 14 and, in 2004, further amended the regulation to further require that children under age 14 also appear personally when applying for a passport. These changes were made, in part, to improve State's ability to combat international parental child abduction, but the measures have also helped prevent or deter identity theft-related fraud in passport applications, according to State officials. In commenting on a draft copy of this report, State indicated that these changes were also made to comply with related statutory requirements. Weaknesses Exist in State's Oversight of Passport Acceptance Facilities: We previously reported that the acceptance agent program was a significant fraud vulnerability.[Footnote 23] State has addressed some weaknesses identified in the training of acceptance agents; the agents serve a critical role in establishing identity, which is critical to preventing the issuance of genuine passports to criminals or terrorists under false identities as a result of receipt of a fraudulent application. However, we found that many of the problems with the oversight of passport acceptance facilities we identified in 2005 persist. Specifically, State lacks an internal control plan for its acceptance facilities to ensure that effective controls are established and monitored regularly.[Footnote 24] An internal control plan should identify the roles and responsibilities of all individuals whose work affects internal control; lay out specific control areas; cover risk assessment and mitigation planning; and include monitoring and remediation procedures. Moreover, ICAO guidance for the issuance of travel documents recommends several procedures to combat fraudulent applications, including (1) regular training to individuals who accept applications to increase their awareness of potential fraud risks and (2) processes to ensure random access between the acceptance agent and applicant. Numerous passport officials and Diplomatic Security investigators told us that the acceptance agent program remains a significant fraud vulnerability. State passport officials told us there have been investigated fraud cases associated with passport acceptance facilities or the individuals working there; however, they did not provide us with additional information on these cases. Examples of acceptance agent errors that were brought to our attention include important information missing from documentation, such as evidence of birth certificates and parents' affidavits concerning permission for children to travel, as well as photos that were not properly attached to the application. One passport specialist also cited a case where the photo submitted with the application did not match the identity of the applicant. In another example, another passport specialist told us of a case where an acceptance facility had accepted a passport application for an individual without the person being present and, therefore, did not verify the applicant's identity. In addition, managers at two passport offices said their offices often see the same mistakes multiple times from the same acceptance facility. These problems are of particular concern given the persistent attempts to fraudulently obtain legitimate passports using stolen identity documents. Although resources and other tools are available to passport examiners at domestic passport offices to verify citizenship evidence and potentially detect false claims of identity, there are a number of indicators in the inspection of applicants that enhance the ability to detect efforts to use a false identity to obtain a genuine passport. Moreover, passport examiners and other officials at passport offices told us it is easier to detect application fraud when interviewing applicants directly at the passport counter. However, the majority of passport applications that passport examiners adjudicate are accepted by individuals at passport acceptance facilities. State has taken action to address some weaknesses we previously identified with the acceptance facility program. These actions include the following: * In mid-2006, State began to develop a system to track the names and signatures of authorized acceptance agents, the training status of these agents, and the level of proficiency achieved in the training. According to State officials, this system is expected to be fully implemented by the end of 2007. * In May 2007, State implemented an online training program for use by nonpostal passport acceptance agents. This program was adapted from a computer-based training program previously developed by State and the U.S. Postal Service to train passport acceptance agents at postal service facilities. * In the spring of 2007, State began to discuss a system for tracking accepted passport applications by acceptance facility. In addition, State's Bureau of Consular Affairs is proposing to update and amend some of its passport regulations. These amendments would, among other things, codify the requirement that passport acceptance agents be U.S. citizens, permanent employees, and 18 years or older, and have successfully completed the training as detailed by guidance provided by State. While these requirements are already State policy, the proposed changes would make them formal regulations. In addition, another change would require passport acceptance facilities within the United States to maintain a current listing of all passport acceptance agents. If enforced, these regulations would strengthen the application acceptance process. State officials attribute problems with applications received through acceptance agents to the limited oversight of acceptance agents. For example, accountability for the number of passport agents authorized to accept passport applications remains unclear. Officials at two passport offices confirmed that their passport offices now maintain records of the names of individuals accepting passport applications at designated acceptance facilities in their region. However, they expressed reservations about relying too heavily on the accuracy of this information given the absence of a program to audit or verify the performance of acceptance agents. In addition, State makes a limited number of oversight visits to acceptance facilities. Primarily due to the large number of acceptance facilities in each passport office region, these offices concentrate their training and oversight visits on acceptance facilities geographically close to the passport office or those acceptance facilities identified to have problems. In the absence of a formal mechanism for monitoring the performance of acceptance agents, officials at two of the passport offices we visited had developed individual systems for tracking the passport acceptance facility or agent with an application detected to be fraudulent by passport examiners. State Continues to Address Vulnerabilities in the Visa Issuance Process: GPO and State have measures for ensuring the quality of visas, including BCCs. In recent years, State has taken a number of steps to strengthen the visa issuance process, as well as a more recent measure to secure BCCs. Measures for Ensuring the Security and Quality of Visas and Border Crossing Cards: GPO and State have identified measures to ensure the physical security and quality of visas. GPO has measures in place to secure the production of visa foils manufactured by a vendor. GPO approves the vendor's security control plan and conducts, with State, an on-site inspection of the vendor's facility prior to the award of the contract and sharing of a detailed description of the security features in the visa design, according to GPO. State receives the blank visa foils directly from the vender using a secured carrier. For the production of BCCs, DHS's U.S. Citizenship and Immigration Service (USCIS) has established a number of automated checks within the production system to ensure that the cards are produced within specifications. One check is a quality assurance examination of the card to ensure that the photo is clear and the fingerprint image is complete and clear. USCIS has inventory control checks to account for all BCCs and to ensure the information printed onto the BCCs corresponds to the data provided by State. For example, the check would ensure that a male's photograph is matched with the correct gender identification. Personalized cards are delivered to the U.S. consulates in Mexico, where the cards are checked for accuracy and quality before being delivered to the applicants. State Has Taken Actions to Improve the Integrity of the Visa Issuance Process: State, along with Congress and the Department of Homeland Security have initiated new policies and procedures since the September 11 attacks to strengthen the security of the visa process, particularly as an antiterrorism tool. Such changes include the following: * Beginning in fiscal year 2002, State began a 3-year transition to remove visa adjudication functions from consular associates.[Footnote 25] All nonimmigrant visas must now be adjudicated by commissioned consular officers.[Footnote 26] * Personal interviews are now required for most foreign nationals seeking nonimmigrant visas.[Footnote 27] * As of October 2004, consular officers are required to scan visa applicants' right and left index fingers through the DHS Automated Biometric Identification System before an applicant can receive a visa.[Footnote 28] In 2005 we reported that consular officers are receiving clear guidance on the importance of addressing national security concerns through the visa process.[Footnote 29] In addition, we also reported that State has established clear procedures on visa operations worldwide, as well as management controls to ensure that visas are adjudicated in a consistent manner at each post. State has also increased hiring of consular officers; increased hiring of foreign language proficient Foreign Service officers; revamped consular training with a focus on counterterrorism; strengthened fraud prevention efforts worldwide; and improved consular facilities. In addition, consular officers now have access to more information from intelligence and law enforcement databases when conducting name checks on visa applicants. In addition, in a separate report in 2005, we found that while State's Bureau of Consular Affairs has a set of internal controls to prevent visa malfeasance, and has taken actions to improve them, these internal controls were not being fully and consistently implemented.[Footnote 30] State has a program of internal controls for visa issuance detailed in the Foreign Affairs Manual and supplemented by standard operating procedures. Examples include controls to ensure random access between applicants and adjudicators, to minimize the risk of malfeasance; controls for its accountable items; and daily supervisory review of all visa refusals and a sample of visa issuances. As we reported, State has taken a number of steps to strengthen its efforts to protect against malfeasance in the issuance process. For example, to prevent the issuances of nonimmigrant visas to unqualified applicants, Consular Affairs has strengthened its efforts to limit employee access to automated systems that issue visas and has taken steps to ensure that visa applicants cannot predict which officers will interview them. It has also strengthened its criteria for applicants referred by post employees for favorable consideration in obtaining a visa and expedited processing by consular officers. Further, Consular Affairs has increased its emphasis on both headquarters and post supervisory oversight--particularly by ambassadors, deputy chiefs of mission, and principal officers--including by providing training and other tools. It also requires posts to certify in writing annually their compliance with key internal controls. Consular Affairs has issued guidelines on reporting suspicious behavior that may involve malfeasance. It has also enhanced its malfeasance prevention efforts. However, we found some of these controls were not always being followed at the posts we visited in 2005. State officials told us they continue to emphasize the importance of full compliance with internal controls. In addition, State recently took action to secure BCCs in response to the high number of BCCs reported by Mexican citizens as lost or stolen. State officials felt that the ability to obtain another BCC to replace a reportedly lost or stolen BCC was facilitating imposter fraud. In January 2007, State implemented a policy requiring BCC holders who report their BCC stolen to be issued a subsequent BCC in the form of a visa foil inserted in their passport. As of April 2007, about 131,000 BCCs have been issued in the form of a visa foil, according to State. The visa category is marked on the visa foil, indicating the traveler is traveling to the United States under the restrictions of the BCC. State officials told us that the reports of lost or stolen BCCs dropped significantly following the implementation of this initiative. Limitations in Technology and Training Affect Inspection Officers' Ability to Fully Utilize Security Features in Passports and Visas: The inspection of U.S. passports and visas at ports of entry is a key element in ensuring the security of these documents. Officers are often faced with limited time to process travelers and rely on both the inspection of select features and their interview of the traveler to detect fraudulent use of passports and visas. Limitations in available technology tools at some ports and a lack of timely and continual information on the security features in these documents affect the inspection officers' ability to fully utilize the security features in passports and visas. Specifically, primary inspection officers are unable to utilize the chip technology in the e-passport to verify document authenticity because e-passport readers are not available at 83 air ports of entry and are not designated for U.S. citizen inspections at 33 other airports of entry. Further, primary officers are not able to utilize the available fingerprint records of BCC holders to verify the authenticity of the documents and travelers at southern land ports of entry, and they also do not routinely refer BCC holders to secondary inspection, where they do have the capability to utilize the fingerprint records. In addition, limited training materials and training opportunities also impede officers' ability to learn of the security features and fraudulent trends associated with new and older generations of passports and visas. For example, in advance of State's issuance of the e-passport and the emergency passport, State did not provide a sufficient quantity of exemplars and CBP did not update its training for all inspection officers to include information on the security features of these new travel documents. Inspection Officers Rely on Observations of Travelers and Examinations of Documents to Detect Fraud: Primary officers are often faced with limited time to process travelers--especially at ports that have a continuous high volume of traffic--and rely on both the observation of travelers' behavior and the examination of travel documents to detect fraudulent use of passports and visas. Specifically, southern land borders face the largest constraints on inspection time due to the high volume of traffic. Many officers at most ports we visited told us they have detected imposters by observing travelers' demeanor, questioning them regarding their travel, and visually comparing the travelers' identities with the biographic data and photo on the travel document. These officers told us they make limited use of the security features in travel documents because of time constraints and often rely on behavioral and other indicators to detect fraudulent use of travel documents. For the inspection of the travel document itself, many officers at most ports we visited told us they generally rely on a few security features, such as watermarks and intaglio printing, and will look for signs of alteration; compare the photo and traveler; examine data on the biographic page, such as the expiration date; and examine the look and feel of the document itself to determine whether the passport or visa is valid and is not fraudulently used by an imposter. Primary officers also utilize a variety of tools and technology to assist in their inspection of security features in passports and visas. These include visual inspection tools, such as ultraviolet viewing equipment and handheld magnifying devices, to assist primary officers in identifying signs of alteration and counterfeiting that would not be detected otherwise. Primary officers can also query records of travelers by using the Treasury Enforcement Telecommunications System (TECS)--an interagency database containing lookout information relating to the fraudulent use of travel documents, such as records of U.S. passports reported lost or stolen--or by using DHS's U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) system to compare visa holders' biometric records at entry with their records collected at issuance or prior entry.[Footnote 31] US-VISIT is currently available at primary inspection at 116 air and 15 sea ports of entry, and in the secondary inspection areas at 154 land ports. Many primary officers who have visual inspection tools available told us they utilize these tools to check additional security features when their inspection of the two or three features they typically rely on was not satisfactory. In addition, officers who use the databases to inspect State-issued travel documents told us that access to information on visas issued by State has greatly improved their ability to reliably confirm the validity of visas and detect their fraudulent use. Limited Availability and Use of Technology Limit Use of Security Features in Inspection of U.S. Passports and Visas: CPB officers at primary inspection are not fully able to exploit the security features in U.S. passports and visas due to the limited availability or use of tools and technology considered critical to ensuring the integrity of travel documents (see fig. 4). As a result, they do not always conduct checks against available records before admitting travelers to the United States. If the tools are not available, and the CBP officer determines additional scrutiny of travelers and documents are necessary, travelers will be referred to the secondary inspections area. At secondary inspections, CBP officers have more time and greater access to inspection-related technologies and equipment and, thus, are more capable of confirming the fraudulent use of U.S. passports and visas identified at primary inspection. Figure 4: Overview of the Process, Tools, and Technology for Primary Inspection of Travel Documents at U.S. Air, Sea, and Land Ports of Entry: [See PDF for image] Source: GAO analysis of CBP data. [End of figure] Technology and Equipment to Assist Primary Inspection of U.S. Passports and Visas Are Not Fully Utilized: Though officers have various tools and technology available to them, the availability and use of equipment to conduct records and identity checks of travelers during primary inspection differ based on whether they arrive at air, sea, or land ports. In addition, these and other critical tools and technology are not consistently used at air, sea, and land ports of entry. For example, although CBP guidance states that visual inspection tools should be used and are extremely valuable for detecting counterfeit or altered passports and visas, CBP has provided tools to many, but not all, primary inspection workstations at air, sea, and land ports of entry. Moreover, use of these tools is a matter of port policy. At the air, sea, and land ports we visited, some officers told us they used these tools consistently, while other officers said they rarely used them. Due in part to the large volume of travelers, primary officers at southern land ports only machine read--access a database that queries travelers' records--travel documents or manually enter travelers' biographic data to query records in TECS when deemed appropriate for the inspection situation, given the local traffic flow and traveler wait times. For example, at the southern land border ports we visited, CBP officers stated that currently only about 40 percent of travel documents that are machine readable are actually machine read during primary inspections, although this percentage has been rising in the last several years. CBP supervisor and inspection officers told us that officers are not restricted in their inspection of travel documents and are able to machine read a document should they deem it necessary. In addition, CBP policy requires that all non-BCC visa holders be referred to secondary inspection at land ports of entry, according to CBP. In contrast, CBP told us that officers on the northern border are required to read all machine readable documents, and at air ports, officers consistently query travelers' records to identify lookout information on U.S. passports and visas. Most travelers presenting BCCs at southern land ports are generally not subject to US-VISIT requirements, although primary inspection officers can refer BCC holders to secondary inspection for US-VISIT screening.[Footnote 32] However, only a small percentage of travelers with BCCs are referred for a US-VISIT screening (see fig. 5)- -in particular, only if a primary officer determines travelers are traveling beyond their geographic limits or exceeding the number of travel days allowed, or if there are concerns about the traveler. Without the use of US-VISIT systems, officers observe and interview travelers and compare the photo and data in the BCC with the bearer of the document, but do not have the benefit of looking for discrepancies between the information provided by the travelers and the fingerprint data in the system. CBP officials stated there are no current plans to expand the use of biometric checks on travelers presenting BCCs due, in part, to concerns about extending the inspections processing time at primary inspection and space constraints at land ports. However, CBP acknowledges the use of biometric checks of travelers presenting BCCs, when available, provides additional verification that travel documents are valid and belong to travelers presenting the documents, helping to address imposter fraud--the most significant type of fraud associated with BCCs. CBP officers intercepted nearly 16,000 BCCs used by imposters in fiscal year 2006. Figure 5: Overview of US-VISIT Procedures at Air, Sea, and Land Ports of Entry: [See PDF for image] Sources: GAO (analysis); MapArt (map). [End of figure] In addition, DHS is not fully exploiting at primary inspection a key security feature of the new U.S. e-passport--the chip. Specifically, because DHS has not fully deployed e-passport readers at all primary inspection areas, officers cannot routinely read and authenticate the chip in e-passports, which would better enable officers to detect many forms of passport fraud, including photo substitution and imposters.[Footnote 33] Without an e-passport reader, inspection officers do not have the benefit of comparing the traveler with the photograph and biographic information stored in the RFID chip of the e- passport. DHS deployed, in response to a legislative requirement, a total of 212 of these readers for use on foreign e- passports at 33 out of 116 air ports of entry. These 33 air ports were chosen because they process the largest volume of travelers--about 97 percent--from Visa Waiver Program countries.[Footnote 34] The remaining readers are used for training purposes. While the same e-passport readers may also be used to read the chip in U.S. e-passports, U.S. citizens are primarily processed through specific lanes at these air ports that are not equipped with e-passport readers. CBP has no schedule to install e-passport readers to primary inspection lanes for U.S. citizens at air ports or to install e- passport readers at sea and land ports of entry. CBP has also not defined the specific conditions that should be in place to expand the deployment of e- passport readers to additional ports. CBP officials indicated they intend to install e-passport readers at additional ports in the future. These officials noted several factors for why they have not installed additional readers or developed a planned schedule to do so, including the need for additional funding and advancements in the software technology for the readers. CBP officials stated that further funding would have to be allocated to expand the deployment of e- passport readers at air, land, and sea ports of entry and that a request has been made to DHS to include additional funding in the agency's fiscal year 2009 budget. As of June 2007, CBP has been unable to provide additional information on the details of this budget request. CBP officials also said that due to the current software, the new e- passport readers are slower than current inspection machines and could possibly extend the inspection-processing time for U.S. citizens- -negatively affecting land ports already experiencing extensive wait times for inspections. In addition, the e-passport reader software is currently not programmed to validate e-passports' digital signatures, which ensure the data stored on the RFID chip are authored by an issuing authority- -the State Department in the case of U.S. e-passports--and have not been altered. Although DHS officials stated the current reading of the chip in foreign and U.S. e-passports does not fully verify the digital signatures, State and DHS are drafting a memorandum of understanding to govern interagency use of a validation service--DHS's e-passport Validation Service and Repository--to verify the integrity and validity of electronically stored data on e-passports received at ports of entry. Equipment and Technology Available at Secondary Inspections to Confirm the Fraudulent Use of U.S. Passports and Visas: Once a CBP officer at primary inspection intercepts passports or visas that are suspected of being fraudulently used or counterfeit, secondary inspection officers have more time to question travelers, review the validity and authenticity of travel documents, and conduct database checks to confirm the travelers' identities. In addition, officers conducting secondary inspection are more experienced and trained to use support not available at primary inspection, such as tools and equipment for forensic examination of suspected fraudulent U.S. passports and visas, and additional forensic support and intelligence information from outside sources, such as DHS's Forensic Document Laboratory (FDL) (see fig. 6). Figure 6: Overview of the Process, Tools, and Technology for Secondary Inspection of Travel Documents at U.S. Ports of Entry: [See PDF for image] Source: GAO analysis of CBP data. [End of figure] Officers at secondary inspection have access to more tools and equipment and more time with which to examine the security features of suspected fraudulent travel documents than do officers at primary inspection. For example, secondary inspection areas generally have a variety of magnifying devices and microscopes to detect data alterations, photo and page substitutions in passports, and altered or counterfeit visas. In addition, secondary officers generally have access to high-intensity light devices, which allow for the inspection of certain paper disturbances often caused by erasures, for example. Recently, some ports have received a laboratory workstation that secondary officers can use to examine questionable travel documents under different types of lighting and at various magnifications. CBP officers in secondary inspection also have access to additional databases to confirm travelers' identities and verify the authenticity of U.S. passports and visas. For example, secondary officers have access to databases containing lookout information and travelers' biometric data, including photographs and fingerprints. In addition, secondary officers have access to State's databases to confirm data on nonimmigrant visa and passport issuance; State's Consolidated Consular Database (CCD), which stores information about visa applications, issuances, and refusals; and State's Passport Information Electronic Retrieval System (PIERS), which provides similar data on passport issuance to confirm the identity and authenticity of U.S. passports. During secondary inspections, officers can seek support outside the port to assist in confirming travel document fraud. For example, DHS's FDL provides forensic document analysis and law enforcement support services to secondary officers in real time, 7 days a week. Some ports are equipped with photophones to transmit images of documents to FDL experts for verification of altered and counterfeit U.S. passports and visas, and secondary officers can forward suspected fraudulent U.S. passports and visas to FDL experts for a thorough forensic examination. In addition, to inform officers of fraudulent trends concerning travel documents, secondary inspection areas maintain archived intelligence information from a number of sources, including FDL, State, and intelligence officers at the port, that details how U.S. passports and visas have been fraudulently used in the past. Although CBP officers are responsible for reviewing alerts on the fraudulent use of U.S. passports and visas they receive by e-mail and daily briefings, secondary inspection areas maintain hard copies of intelligence information on file for officers to review, as needed. In addition, archived alerts are also available through electronic databases, such as the DHS's intranet, which officers can choose to access in the secondary inspection area. Officers Lack Sufficient Training on the Security Features and Fraudulent Trends of U.S. Passports and Visas: CBP did not update its training program for all officers to include information on the security features in the e-passport before State began issuing this travel document. Between the summer of 2006 and March 2007, State provided exemplars--genuine documents for training purposes--of the e-passport to a variety of entities, including its U.S. missions overseas, foreign governments, FDL, and DHS, according to State documentation. We found that CBP was not provided with exemplars prior to issuance of the new e-passport. Although State began issuing e- passports as early as December 2005, CBP was not provided with e- passport exemplars until March 2007, according to State documentation. According to CBP officials, training on the features of the new e- passport was not provided to officers at basic training until April 2007. In addition, CBP has not provided formal training utilizing e- passport exemplars to officers at all ports of entry, although training with e-passport exemplars was provided to officers at the 33 airports where e-passport readers were installed, according to CBP officials. State officials explained that preparing exemplars is a time-consuming process and that meeting production demands limited the supply of document exemplars. Therefore, according to State, exemplars were provided only to FDL and foreign embassies located in Washington, D.C., prior to the issuance of the e-passport. To provide information on the features of the new documents, FDL prepared an alert for CBP and other law enforcement entities outlining the details of the security features in the e-passport and new emergency passport. Without an official exemplar, a CBP training officer at one port we visited used his own e- passport to provide officers training on the security features of the e- passport. This training officer stated that while he used the FDL alert to train officers, use of the alert alone does not provide officers with an understanding of the look and feel of the actual document. In addition, CBP officers at several ports we visited stated they had inspected e-passports but were not aware of how the security features of the e-passport differed from previous generations and how changes to the security features addressed the types of fraudulent attacks commonly committed against older generations of passports. Lack of Ongoing Training Impedes Officers' Understanding of Security Features of Valid Generations of Passports and Visas at Some Ports: Given evolving fraud trends and the quality of attempts to alter passports and visas, ensuring officers are properly trained to recognize the fraudulent use of these travel documents is essential. Training officers at most of the ports we visited identified the importance of continual training on the security features and evolving fraudulent trends related to all generations of valid passports and visas; however, the extent to which mandatory training is supplemented by refresher training in the subject varied among these ports. For example, two ports we visited provide continual training on fraudulent document detection to all officers yearly, while other ports provided refresher training less frequently. While CBP requires officers to complete courses that include segments in fraudulent document detection relating to passports and visas, CBP officials stated there is currently no program in place to ensure officers receive such training continually. Some senior officers at some of the ports we visited stated they had not been retrained on the security features of passports and visas and fraudulent document detection since basic training. CBP officials explained that the need to balance officers' inspections responsibilities with training limits training opportunities. At most of the ports we visited, port officials explained there is not enough time to provide all officers with additional training on the security features of valid generations of passports and visas due to inspection priorities and limited staffing at ports. To provide greater opportunities for continual document examination training relating to passports and visas, many ports we visited undertook their own training initiatives. For example, four of the ports added segments on fraudulent document detection to mandated courses that did not already include such information. In addition, based on training developed in the field, CBP developed a Web-based course on the security features of visas. Officials at ports undertaking these initiatives said they realized that without continual training, officers often felt less prepared to understand and recognize security features and fraudulent trends. They stated that because passports and visas could remain valid for 10 years, fraudulent attacks committed against older generations of these travel documents often recur, and officers should be reminded of these fraud trends through continuing training. In addition, to identify and adopt best practices on fraudulent document detection training, CBP held a forum in January 2005 that led to the development of a nationwide training effort requiring supplemental training on fraudulent document detection at all ports. However, CBP does not have any plans to hold such forums in the near future, and while CBP encourages ports to adopt initiatives to improve the delivery of refresher training on the examination of passports and visas, it is often not possible to mandate initiatives that are appropriate for all ports because ports differ in the types of fraudulent travel documents they encounter. Conclusions: Ensuring the integrity of passports and visas is an essential part of border security requiring continual vigilance and new initiatives to stay ahead of those seeking to enter the United States illegally. Preventing the fraudulent use of travel documents requires a combination of enhanced document features, solid issuance measures, and an inspection process that utilizes the security features of these documents. A well-designed document has limited utility if it is not well-produced or the inspection does not utilize the available security features to detect attempts to falsely enter the United States. State has added technical features and security techniques to the design and production of these documents that make it much harder to counterfeit or alter new generations of passports and visas. Nonetheless, older documents have been fraudulently used. Further, counterfeit and alteration threats to the security of these documents are always changing, requiring regular reassessments of the security features in the documents' design. In addition, because it takes several years to address a vulnerability that has been identified in a document's design, a structured process for reassessing the features and planning for new generations of these documents is critical. State has also strengthened the issuance process for visas and passports. Despite some improvements, however, the passport issuance process remains vulnerable, especially at the application acceptance stage, where oversight of the thousands of acceptance facilities--responsible for verifying the identity of applicants--remains weak. Finally, many CBP inspectors at U.S. ports of entry face time constraints in processing large volumes of people and therefore rely on a few visual and tactile security features of passports and visas, in addition to their interviews, to identify fraudulent use of these documents. Moreover, CBP officers are unable to take full advantage of the improved technical and security features in passports and visas because of insufficient training and uneven access to equipment. While it would not be possible to remove all risks inherent in issuing and inspecting travel documents, or to foresee all evolving counterfeit and alteration threats, we believe that more systematic testing, planning, oversight, and data analysis practices could enhance border security. Recommendations for Executive Action: We are recommending that the Secretary of State take the following two actions to improve the integrity of its travel documents. * Develop a process and schedule for periodically reassessing the security features and planning the redesign of its travel documents. * Establish a comprehensive oversight program of passport acceptance facilities. In doing so, State should consider conducting performance audits of acceptance facilities, agents, and accepted applications and establishing an appropriate system of internal controls over the acceptance facilities. We are also recommending that the Secretary of Homeland Security take the following two actions to more fully utilize the security features of passports and visas. * Develop a deployment schedule for providing sufficient e-passport readers to U.S. ports of entry, which would enable inspection officials to better utilize the security features in the new U.S. e-passport. * Develop a strategy for better utilizing the biometric features of BCCs in the inspection process to reduce the risk of imposter fraud. Finally, we are recommending that the Secretaries of State and DHS collaborate to provide CBP inspection officers with better training for the inspection of travel documents issued by the State department, to better utilize the security features. This training should include training materials that reflect changes to State-issued travel documents in advance of State's issuance of these documents, including the provision of exemplars of new versions of these documents in advance of issuance. Agency Comments and Our Evaluation: We provided draft copies of this report to the Secretaries of State and Homeland Security and to the U.S. Public Printer at the Government Printing Office for review and comment. We also provided a draft copy to the Department of Commerce's National Institute of Standards and Technology. We received written comments from State and DHS, which are reprinted in appendixes VI and VII, respectively. State, DHS, GPO and NIST provided technical comments which we have incorporated in the report, as appropriate. State and DHS concurred with the findings and recommendations of the report. State agreed with our recommendations and described the actions it is taking and plans to take to implement them. State also provided additional information on the Consular Consolidated Database (CCD), recent visa fraud cases, and the ways in which State identifies fraudulent passports and visas. DHS concurred with our recommendations and described the actions it is taking and plans to take to implement them. DHS believes it has already implemented our recommendation that it develop a strategy for better utilizing the biometric features of BCCs in the inspection process. We agree that DHS's US-VISIT capability enables primary inspectors at air and some sea ports of entry to use fingerprint biometrics to compare and authenticate the document and holder of visas and BCCs. However, at land border ports this capability is not available in primary inspection. Furthermore, travelers with BCCs at southern land border ports--the ports where BCC imposter fraud is most significant--are not routinely referred to secondary inspection, where they do have the capability to utilize the fingerprint records for comparison, and all BCCs are not machine-read for access to the biographic data during inspection at these ports of entry. As a result, inspectors are not making full use of the biometric information available for BCCs. To more fully utilize the available fingerprint biometric in the BCC and mitigate imposter fraud, we are suggesting that DHS develop a strategy to better use both fingerprint biometric of the BCC and increase card reads of the BCC in primary inspection at southern land border ports of entry. We are sending copies of this report to the Secretaries of State and Homeland Security, the U.S. Public Printer at the Government Printing Office, as well as the Director of the National Institute for Standards and Technology. We will also make copies available to others on request. In addition, the report will be available at no charge on the GAO Web site at http://www.gao.gov. If you or your staff have any questions about this report, please contact me at (202) 512-4128 or fordj@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made contributions to this report are listed in appendix VIII. Signed by: Jess T. Ford: Director, International Affairs and Trade: [End of section] Appendix I: Scope and Methodology: To examine the features in passports and visas, we reviewed relevant documentation, including materials on the security features, available counterfeit deterrence and durability studies, fraud bulletins and alerts, and regulations. We also interviewed officials at Department of State's Consular Affairs Bureau, Department of Homeland Security's (DHS) Forensic Document Laboratory (FDL), the Department of Commerce's National Institute of Standards and Technology (NIST), and the Government Printing Office (GPO). To identify required and recommended standards for international travel documents, we reviewed documentation from the International Civil Aviation Organization and attended the organization's machine-readable travel document symposium in Montreal, Canada. To identify the process for addressing potential risks, we reviewed documentation and interviewed officials at State's Consular Affairs Bureau, FDL, and NIST. To identify how State obtains, analyzes, and shares information on the features and fraudulent use of these documents, we reviewed relevant documentation, including fraud bulletins and alerts, and met with State officials from the Diplomatic Security and Consular Affairs Bureaus, including the fraud prevention units of passport and visa services, as well as with DHS officials from CBP and FDL. To examine the integrity of the issuance process for these documents, we reviewed relevant documentation, including reports and audits of internal controls and production and issuance procedures, and interviewed officials at State's Consular Affairs Bureau. We also conducted site visits and interviewed officials at seven domestic passport offices and two U.S. consulates in Mexico. To examine how passport fraud is committed during the issuance process, we reviewed State Department Bureau of Diplomatic Security and Bureau of Consular Affairs statistics on passport fraud. We also met with officials at State's Diplomatic Security Headquarters Criminal Division and at Diplomatic Security's Field Offices in Los Angeles, Seattle, Miami, Chicago, Boston, and Portsmouth, New Hampshire. We visited State's passport-issuing offices in Los Angeles, Seattle, Miami, Chicago, Boston, Portsmouth, and Washington, D.C. We chose the Portsmouth office because it is one of the two passport "megacenters" responsible for adjudicating applications from other regions. We chose these locations to gain an appropriate mix of geographic coverage, workload, and levels and types of passport fraud. We did not select these locations to be generalizable to all passport offices, but rather to obtain an appropriate mix of geographic coverage and workload. We analyzed fraud referral statistics from State's office of passport services and Diplomatic Security for fiscal years 2002 through 2006. Together with passport services officials, we identified the methods used to capture and compile the data and determined that the data were sufficiently reliable and generally usable for the purposes of our study. At five of the seven offices we visited, we conducted interviews with various officials and interviewed passport examiners chosen by office management, although we provided input into the selection of examiners and interviewed these individuals without the presence of management. We also met with Diplomatic Security agents attached to field offices responsible for investigating fraud suspected at the offices we visited. In addition, we interviewed relevant State officials at Passport Services, Diplomatic Security, and the Office of the Inspector General. To examine the measures taken to ensure the integrity of blank passports, we visited the GPO production facilities in Washington, D.C., and observed the production of blank passports; interviewed relevant GPO and GPO Inspector General officials about the measure taken throughout the production and delivery processes; and reviewed GPO Inspector General reports on audits of the security aspects of blank passport production and transportation. To examine the measures that have been taken to strengthen the issuance process for visas, we reviewed past GAO reports and interviewed State officials in the Visa Office. To identify the measures taken to ensure the integrity of blank visa foils prior to delivery to State custody, we interviewed GPO officials and reviewed relevant GPO documents. To examine the measures taken to ensure the integrity of the border crossing card (BCC), we visited two production facilities in Vermont and Nebraska where BCCs are produced. We interviewed production and management staff at both of these facilities. We identified and reviewed past GAO and Inspector General reports on the internal controls and audits in place for the visas process. For BCCs, we identified the internal controls and measures that differ from the normal visa process, but did not assess compliance with these controls. To examine the inspection measures and processes for travel documents issued by the State Department at U.S. ports of entry, we reviewed relevant documentation and interviewed officials at DHS's U.S. Customs and Border Protection (CBP), FDL, and U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program, and conducted site visits to ports of entry. We reviewed CBP inspections program policies, procedures, and related memorandums and relevant laws and regulations. At headquarters, we met with CBP officials responsible for field operations, information technology, training and development, intelligence, and information technology. We also interviewed officials from the Federal Law Enforcement Training Center and FDL about issues relating to document examination training, and we discussed with FDL officials the types of forensic document analysis and operational support services provided to CBP. In addition, we interviewed US-VISIT officials and reviewed relevant documentation on the deployment and use of inspections-related technologies. To observe inspections processes and measures, we conducted site visits to nine U.S. ports of entry. Due to differences in travel document inspections processes and measures among air, sea, and land ports, we selected three ports of each type. Air ports of entry included Chicago O'Hare, Dallas/Fort Worth, and Miami. Sea ports of entry included Los Angeles/Long Beach, Miami, and Port Everglades, Florida. Land ports of entry included Laredo, Texas; Limestone/Houlton, Maine; and San Ysidro, California. We selected a nongeneralizable sample of air, sea, and land ports that ensured we included a range of the characteristics that can cause variation in the inspections process. Using CBP inspections program performance data, we selected ports that had high and medium levels of fraudulent documents, based on the total and average number of fraudulent travel documents intercepted, and the ratio of total travelers inspected to total fraudulent documents intercepted for fiscal years 2000 through 2005. We also selected ports based on a geographic mix, to include land ports on the Mexican and Canadian border, and a mix of ports in the northern, eastern, southern, and western regions of the United States. At each of these ports we met with port directors, CBP officers responsible for intelligence information and training, observed CBP officers conducting primary inspections, and reviewed procedures and the equipment available in primary and secondary inspection areas to examine State Department- issued travel documents. At some ports, no travelers were referred for secondary inspections for the fraudulent use of State Department-issued travel documents at the time we observed inspections; however, CBP officers provided us with an overview of secondary inspection procedures and resources. In addition to the nine ports of entry we selected, we conducted preliminary site visits to the Nogales, Arizona, land port of entry, and the Los Angeles and Washington Dulles air ports of entry. During these preliminary site visits, we observed primary and secondary inspection processes and equipment and interviewed CBP officials. We conducted our work from June 2006 through May 2007 in accordance with generally accepted government auditing standards. [End of section] Appendix II: Types of Passports: State issues four types of passports: tourist, official, diplomatic, and emergency. * A tourist passport, for individuals 16 years or older, is valid for 10 years from the date of issuance; it is valid for 5 years for younger applicants. * An official passport, for federal employees traveling on official government business, is valid for 5 years from the date of issuance. * A diplomatic passport, for government officials with diplomatic status, is valid for 5 years from the date of issuance. * An emergency passport, for individuals overseas who no longer possess a valid passport, may be valid for up to 1 year or, in cases of repatriations, limited to direct return to the United States. In conjunction with the rollout of the new e-passport, State also began issuing a new emergency passport in August 2006, representing the first time that U.S. embassies and consulates issued a standard-design emergency passport. Prior to the emergency passport, U.S. embassies and consulates used the 1994 or earlier versions to issue a passport for emergency purposes. The emergency passport resembles the e-passport except that it is personalized using a foil that is stuck in the book in a manner similar to a visa foil. The passport card is expected to be valid for 10 years from the date of issuance for individuals 16 years or older and valid for 5 years for younger applicants. State plans to issue the passport card in 2008. [End of section] Appendix III: Testing Conducted in Development of E-Passport Design: To test the passport design, State requested expertise from FDL and NIST. Specifically, FDL conducted counterfeit deterrence studies on the security features of the diplomatic and tourist e-passport in 2005. FDL had conducted similar studies for State in the past on the 1998 tourist passport. In addition, State asked FDL to test the physical security of the e-passport using the diplomatic e-passport. Results of FDL tests were incorporated into the design prior to the issuance of the tourist passport. NIST also conducted tests, such as durability testing, to evaluate the technical merits of passport books and to inform GPO and State's decisions for awarding contracts to suppliers. While there is a provision in the awarded contracts to conduct long-term durability testing, NIST has not been asked to provide these tests. In addition, in response to security and privacy concerns, NIST was requested to evaluate the vulnerability of the e-passport chip to remote access by an unauthorized party. Additional tests were also conducted at airports to assess the performance of the new e-passport in an actual inspection environment. For example, tests were conducted with airlines in which holders of U.S. diplomatic and official e-passports presented their e-passports for inspection when arriving in the United States at select airports. These tests were conducted to gather information on the accuracy and speed in reading the chip to support the development and implementation of the e-passport. State incorporated the results from the tests to improve the design. [End of section] Appendix IV: Issuance Process for Passports and Visas: Passport Issuance Process: Once a passport application has been received by one of the 17 domestic passport-issuing offices, each application must be examined by a passport examiner who determines, through a process called adjudication, whether the applicant should be issued a passport. Adjudication requires the examiner to scrutinize identification and citizenship documents presented by applicants to verify their identity and U.S. citizenship.[Footnote 35] When examiners detect potentially fraudulent passport applications, they refer the applications to their local fraud prevention program for review, with potential referral to State's Bureau of Diplomatic Security for further investigation. Once an applicant has been determined eligible for a passport by a passport examiner, the passport is personalized with the applicant's information at one of the domestic passport-issuing offices or the production facility and then delivered to the applicant. For an overview of the passport process, see figure 7. Figure 7: Application and Issuance Process for Passports: [See PDF for image] Sources: GAO analysis of State Department data; Nova Development (clip art). [End of figure] Visa Issuance Process: DHS is responsible for establishing visa policy, reviewing implementation of the policy, providing additional direction, and reviewing petitions for immigration. State manages the visa process, as well as the consular corps and its functions at 219 visa-issuing posts overseas, and provides guidance, in consultation with DHS, to consular officers regarding visa policies and procedures.[Footnote 36] GPO overseas the production of blank visa foils. Visas foils are personalized at posts overseas with the applicant's personal information, attached to the foreign passport, and delivered to the applicant. DHS's U.S. Citizenship and Immigration Services produces and personalizes BCCs once an applicant has been determined eligible by a consular officer and delivers the cards to State for distribution by the U.S. mission in Mexico. For an overview of the visa process, see figure 8. Figure 8: Application and Issuance Process for Visas: [See PDF for image] Sources: GAO analysis of State Department data; Nova Development (clip art). [A] Visa foils are manufactured by contractor under supervision of GPO and State. [End of figure] [End of section] Appendix V: Primary Inspection Processes at Air, Sea, and Land Ports of Entry: The primary inspection process for passports and visas varies at air, sea, and land ports of entry due to differences in ports' environments and the risk each type of port faces with regard to fraudulent travel documents. In addition, the mode of travel and how travelers bearing passports and visas enter dictate the primary inspection procedures. For example, while at each port, primary officers question travelers regarding their identity and purpose of travel, and examine their passports or visas, the availability and use of equipment to conduct identity and records checks of travelers during primary inspection differ based on whether travelers arrive by plane, sea vessel, vehicle, or on foot. If the primary officer determines that further review is needed, the officer will refer the traveler to secondary inspection. In secondary inspection, an officer makes a final determination to admit the traveler or deny admission for reasons such as the presentation of a fraudulent or counterfeit passport or visa. Once a CBP officer in secondary inspection has determined a document is fraudulent or is being presented by a traveler other than the rightful holder, the officer processes the traveler as inadmissible and ensures that information about the document is distributed promptly. Information about seized fraudulent and counterfeit passports and visas is regarded as possible intelligence that may have a connection to other criminal activities and national security concerns, such as terrorism. See figure 9 for an overview of the inspection process at U.S. ports of entry. Figure 9: Inspection Process for Entry into the United States: [See PDF for image] Sources: GAO analysis of Immigration and Naturalization Service data; Nova Development (clip art). [End of figure] * Air Ports of Entry: Prior to travelers' arrival, for flights to the United States, commercial airlines are required to submit passenger and crew manifests containing first and last names, dates of birth, nationalities and passport numbers to CBP through the Advanced Passenger Information System (APIS). With information from APIS, CBP officers conduct queries of lookout records for each traveler in the Treasury Enforcement Telecommunications System (TECS). TECS queries provide officers with lookout information on travelers, including alerts of lost and stolen travel documents that may be used fraudulently. In addition, primary officers query records of U.S. visas to verify the State Department's visa information. For a traveler with a U.S. nonimmigrant visa subject to processing in DHS's U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) systems, primary officers collect scans of the traveler's two fingerprints (the right and left index fingers) and take a digital photograph of the traveler. The computer system compares the two fingerprints against existing records collected at issuance to confirm that the traveler is the person to whom State issued the U.S. visa. * Sea Ports of Entry: At sea ports of entry, commercial carriers are required to submit passenger manifests to CBP through APIS prior to docking, and CBP officers analyze TECS data using APIS to identify passengers requiring further examination when they enter the United States. Some seaports have automated terminals with computer systems equipped with TECS and US-VISIT systems, and the inspections process is similar to that of an air port. Other sea ports have nonautomated terminals that are not equipped with computer systems. At these terminals, primary inspections occur onboard or dockside, where officers rely on the advanced TECS checks and do not conduct US-VISIT biometric checks. Officers at the sea ports we visited stated the risk of travelers presenting fraudulent travel documents at seaports is not as significant as at air and land ports of entry, as most cruise ship passengers begin and end their trips in the United States, and crew members often make several entries and are inspected each time. Land Ports of Entry: CBP has established procedures to inspect travelers expeditiously at land ports due to the large volume of travelers arriving on foot and in vehicles at land ports of entry--more than 85 percent of all entries into the United States. Primary officers perform pedestrian and vehicle inspections usually with no advanced passenger information and do not consistently conduct record checks in TECS. In addition, primary inspection procedures differ for pedestrians and vehicles. For pedestrians, if TECS is available, the traveler's name can be machine read from the travel document or manually keyed in by the primary officer. For vehicles, officers frequently inspect multiple travelers entering in a single vehicle, and the TECS queries are conducted primarily on the vehicle data to refer the vehicle and travelers for secondary inspection. Documents and names of the vehicles' occupants are generally checked randomly or when the officer suspects something is wrong. In addition, travelers with nonimmigrant visas or border crossing cards requiring additional US-VISIT processing are sent to secondary inspections areas. In general, at land ports, officers rely on visual observation, interviewing skills, and a quick check of document security features and facial identification to identify imposters and determine secondary referrals. [End of section] Appendix VI: Comments from the Department of State: United States Department of State: Assistant Secretary for Resource Management and Chief Financial Officer: Washington, D.C. 20520: Jul 24 2007: Ms. Jacquelyn Williams-Bridgers: Managing Director: International Affairs and Trade: Government Accountability Office: 441 G Street, N.W. Washington, D.C. 20548-0001: Dear Ms. Williams-Bridgers: We appreciate the opportunity to review your draft report, "Border Security: Security of New Passports and Visas Enhanced, but More Needs to Be Done to Prevent Their Fraudulent Use," GAO Job Code 320440. The enclosed Department of State comments are provided for incorporation with this letter as an appendix to the final report. If you have any questions concerning this response, please contact Phil Linderman, Team Leader, Bureau of Consular Affairs, Office of Fraud Prevention Programs at (202) 647-0732. Sincerely, Signed by: Bradford R. Higgins: cc: GAO - Monica Brym: CA - Maura Harty: State/OIG - Mark Duda: Department of State Comments on GAO Draft Report Border Security: Security of New Passports and Visas Enhanced but More Needs to Be Done to Prevent Their Fraudulent Use (GAO Code 320440, GAO 07-1006SU): Thank you for the opportunity to comment on your draft report entitled Border Security: Security of New Passports and Visas Enhanced but More Needs to Be done to Prevent Their Fraudulent Use. Recommendation #1: State should develop a process and schedule for periodically reassessing security features in the design of its travel documents. Comment: The State Department has an informal process in place for periodically reassessing security features in the design of its travel documents and is developing a schedule for periodically reassessing security features in the designs of passports and visas. Under this schedule, at least one assessment will take place every five years. Recommendation #2: State should establish a comprehensive oversight program of passport acceptance facilities. Comment: Prior to this recommendation, State had already initiated a plan to establish better oversight of passport acceptance facilities. A Program Analyst (GS-13) with considerable project management experience was recently hired to design and implement this comprehensive Acceptance Agent oversight program. This oversight program will improve the performance, integrity, and accountability of the Acceptance Agent Program. The oversight program will: * Create standards for acceptance agent designation; * Manage, track, document, train, and better communicate with the Acceptance Agents; * Improve the quality of incoming passport application packets; and: * Work with the U.S. Postal Service to make passports more trackable by expanding the tracking system to the intake stage. Recommendation #3: DHS and State collaborate to provide CBP inspection officers with better training for the inspection of travel documents issued by the State department, to better utilize the security features. Comment: For future travel documents, the State Department will ensure that exemplars and information on all security features are available to both the ICE-FDL and CBP-FDAU so that these DHS offices will have sufficient time to produce training materials before the new documents start appearing at ports-of-entry. In addition, State's Foreign Service Institute (FSI), housed at the George P. Shultz National Foreign Affairs Training Center, offers a full range of in-person and distance-learning training courses on passport and visas that may also respond to this concern. DHS officers, and indeed all officers of the foreign affairs community, can enroll in FSI consular courses, including some that address passport and visa security feature issues. Such interaction is not only a vehicle for DHS officers to receive the latest information on passports and visas, it can also foster more contact between DHS and State officers. Footnote 6 on p. 8-9: "DHS and State have indicated that they will begin to implement the [passport] requirement for land and seaports as early as January 2008. " Comment: On June 20, 2007, DHS and State jointly announced the next phase of "TI, governing land and sea ports of entry through a Notice of Proposed Rulemaking (NPRM). The exact implementation date will be determined based upon a number of factors, including the progress of DHS and State actions to implement WHTI and the availability of WHTI- compliant documents on both sides of the border. We expect the date of full implementation will be as early as the summer of 2008. The precise date will be formally announced with at least 60 days notice to the public. The State Department expects to begin issuing passport cards in Spring 2008. Sentence on p. 14: "State operates 17 domestic passport-issuing offices, where most passports are issued each year." Comment: While it is true that the vast majority of passports are issued in the domestic passport agencies, it should be noted that consular officers also issue to American citizens abroad the Emergency Photo- Digital Passport (EPDP), which went into service in June 2006. The EPDP is a twelve-page emergency U.S. passport intended to replace the previous generation of emergency passports. Although the EPDP is not an "E-passport" and it has no circuitry in it, it brings a new standard of security to emergency passports issued abroad. The EPDP incorporates a digital image of the bearer, biodata, and a machine- readable zone (MRZ) printed on a foil inserted and laminated into a blank book. Footnote "b" to Table 2 on p. 18: "Validity Period and Numbers in Circulation, by Passport" "About 140, 000 passports were issued to U.S. citizens living overseas prior to April 2002 or as an emergency passport prior to August 2006. After April 8, 2002, overseas passports issuance for U.S. citizens residing or traveling abroad requiring issuance of a U.S. passport was transferred to the National Passport Center in Portsmouth, NH, except for those requiring urgent travel." Comment: The footnote should clarify that all overseas passport applications are adjudicated by consular officers at U.S. embassies and consulates. Both the National Passport Center in Portsmouth as well as the Charleston Passport Center in Charleston, South Carolina, are responsible for printing the non-emergency regular passport books and ensuring that they are sent to the original issuing U.S. posts overseas for distribution. Emergency passport books - the EPDPs - are adjudicated and printed overseas by the issuing posts. Footnote 16 on p. 20: "State began the Biometric Visa Program on October 2004. " Comment: The first overseas post issued a biometric visa in September 2003. All posts were issuing them by October 2004. Heading on p. 25: "State Does Not Have a Structured Process for Periodically Reassessing and Planning for New Generation of Passports and Visas " Sentence on p. 26: "Although State has recently enhanced some of the security features and introduced new security features to the passport, State, for the documents it issues, does not have a policy for reassessing the design's resistance to evolving counterfeit and alteration threats and planning for new generations of travel documents. " Sentence on p. 26-27: "A structured process for periodically reassessing the security features in documents and planning for new generations should include a policy for reassessing the ability of the document design to resist compromise and fraudulent attempts to the documents. " Comment: The three passages quoted above are indicative of a theme of the draft report that a lack of a systematic and formal review process of travel document security features is a border security weakness that needs to be addressed. As a broad response, State recognizes the usefulness of having a more structured process in place to respond to specific compromises and challenges to security features in travel documents. However, it should be noted that the Bureau of Consular Affairs has a long history of analyzing counterfeit and forged passports and visas with a view toward creating more resistant future versions. A robust, but informal, process is in place whereby consular officers in the Passport Office and the Office of Fraud Prevention Programs (FPP) track reports from the field of attempts to alter and counterfeit U.S. travel documents. One of the most effective tools that consular officers have is the power to instantly verify any U.S. passport or visa through the Consolidated Consular Database (CCD). A worldwide network of Consular Fraud Prevention Managers regularly pass information and samples (as the report acknowledges on pages 25-26) to State on the latest fraud trends that impact passport and visa security features. FPP also directly identifies new types of fraudulent documents. In 2001, for example, the first very high quality Passport '94 counterfeit- page book was intercepted on the U.S. southern border. Port-of-Entry officers mistakenly identified the passport as a routine photo- substitution, and passed it to the local Diplomatic Security office. Eventually, the passport was forwarded to FPP. At that point, it was recognized as a significant fraudulent document. Both FPP and the Forensic Document Laboratory produced alerts on this forgery. FDL-ICE and CBP-FDAU are indeed important sources of intelligence on fraudulent documents as noted in the draft report. A third source, documents intercepted overseas by foreign immigration services or airlines, is just as important. FPP periodically reminds overseas posts to request that foreign governments return any U.S. travel documents confiscated from mala fide travelers. These documents are eventually passed to FPP for review and some have yielded important intelligence. For instance, the first known version of a Passport '98 counterfeit- page book was the result of an interception in Japan. More recently, versions used by Chinese of an improved counterfeit of the same document surfaced. These books contained a counterfeit data page, and often one or more completely counterfeit internal pages. The first book that had all fraudulent internal pages was detected in 2006. This document was intercepted overseas but not identified as being particularly significant until FPP examined the passport. Again, FPP passed this information (and an exemplar) to the FDL which generated an intelligence alert based upon CA's information. While State agrees there is value in a mandated regular review procedure of document integrity, the creation of such a process is not a substitute for constant vigilance and for responding to vulnerabilities quickly and effectively as they are discovered, or in detecting and preventing fraudulent applications before any passport or visa is wrongly issued. Sentences on p. 26: "According to a State [sic], information received on the fraudulent use of passports and visas is reviewed largely on a case specific basis. Moreover, data on this information is not collected or analyzed by State in order to identify counterfeit or alteration trends in attacking the design of the documents. " Comment: Significant counterfeiting or alteration attempts against passport and visa integrity are closely monitored and analyzed by FPP. Because the quality and methods of these attacks often vary enormously in effectiveness, they do not easily lend themselves to statistical summary. However, State acknowledges the usefulness of keeping trend data. A major challenge in border security is not only in the protection of the integrity of the travel documents against counterfeiting or alteration, but also the fight to ensure that mala fide travelers do not obtain genuinely issued documents. The draft report rightly acknowledges that most reported passport and visa fraud is tied to imposters who attempt to use genuine documents, not to the physical integrity of the travel documents per se (p. 12). Indeed, imposters and mala fide travelers who have obtained genuine documents may be our greatest challenge, as an analysis of the travel records of the 9/11 terrorists and most other foreign terrorists indicate. In this context, State believes the report does not provide much consideration to the value of the "forward defense" provided by a system of Fraud Prevention Managers (FPMs) that the Bureau of Consular Affairs has deployed in virtually all domestic passport agencies and consular sections overseas. These FPMs are in regular coordination with the Department through the Passport Services Directorate and the Office of Fraud Prevention Programs. Yet, the report makes little reference to the considerable number of cases these FPMs have foiled through aggressive fraud prevention work. With regard to visas, the data below indicate how many fraud cases FPMs have dealt with through the third quarter of FY 2007. (It should be noted that these statistics reflect a recently introduced metric function feature in the CCD that is still being technically refined. If anything, it understates worldwide fraud prevention activity.) Visa Fraud Prevention Data in FY 2007 (through 6/30): Non-Immigrant Visas (NIV) applications: Total Suspected Fraud Cases: 11,846: Fraud Confirmed: 3,024: Fraud Not Confirmed: 7,067: Pending Cases: 1,755: Immigrant Visas/Diversity Visas (IV/DV) applications: Total Suspected Fraud Cases: 7,062: Fraud Confirmed: 1,335: Fraud Not Confirmed: 1,869: Pending Cases: 3,858: Few, if any, of these cases involved an attack against the integrity of the document security features, but represented attempts to obtain a genuinely issued U.S. visa. Sentence on p. 26: "For example, although the BCC has been in circulation for almost 10 years, State currently does not have any plans for reassessing the BCC's features or planning for a new BCC, according to State officials. " Comment: The comment in the draft report is inaccurate. State is currently redesigning the next generation of the BCC for deployment in 2008 when the current BCCs begin to expire. The new BCC will be modeled after the passport card under development by the Department and will contain a vicinity-read Radio Frequency Identification chip to meet the operational needs of DHS at ports of entry. The next generation BCC will have entirely new artwork design and will incorporate the same cutting-edge security features, including laser engraved photos, as the passport card to mitigate the risk of counterfeiting and forgery. This generation of BCCs will be produced by the Department. Sentence on p. 31: "These changes were made to improve State's ability to combat international parental child abduction, but the measures have also helped prevent or deter identity theft-related fraud in passport applications, according to State officials. " Comment: State also made these changes to comply with related statutory requirements. Sentence on p. 33: "Although resources and other tools are available to passport examiners at domestic passport offices. " Comment: State notes that the same fraud prevention tools are available to consular officers at overseas posts. Sentence on p. 40: "In addition, officers who use the databases to inspect State-issued travel documents told us that access to information on visas issued by State has greatly improved their ability to reliably confirm the validity of visas and detect their fraudulent use. " Sentence on p. 41: "At secondary inspection, CBP officers have more time and greater access to inspection-related technologies and equipment, and thus are more capable of confirming the fraudulent use of U.S. passports and visas identified at primary inspection. " Comment: State believes the text cited above, while accurate, should more fully detail the value of the Consular Consolidated Database (CCD) to CBP officers in the fight to maintain border security. The CCD contains not only the Department's worldwide visa records, but the Passport Information Electronic Retrieval System (PIERS), enabling CBP officers at secondary to verify any visa or passport issued within the past decade. CCD records also provide detailed individual biographic application information and applicant photos. Updated around the world every five minutes, the CCD typifies the maxim that "information is power," demonstrating again why data sharing is one of the best tools in the U.S. Government's arsenal to protect our borders. The CCD is particularly useful in helping to detect forgeries and altered travel documents. Biometric features in the CCD are also useful in countering imposters who are using genuine documents. Sentence on p. 48: "Some ports are equipped with photophones to transmit images of documents to FDL experts for verification of altered and counterfeit U.S. passports and visas, and secondary officers can forward suspected fraudulent U.S. passports and visas to FDL experts for a thorough forensic examination. " Comment: The process described in the sentence above does not reflect the state of the art at secondary inspection in confirming fraud. As noted above, during secondary inspection, CBP officers can confirm a suspect visa or passport's authenticity through a fast check in the CCD. Sentences on p. 49: "Although State began issuing e -passports as early as December 2005, CBP was not provided with epassport exemplars in March 2007, according to State documentation. According to CBP officials, training on the features of the new epassport was not provided to officers at basic training until April 2007. " Comment: State's Passport Services Directorate is developing a program for the issuance and distribution of passport exemplars. Previously, distribution responsibilities were shared between Passport Services and FPP. With regard to the new e-passport, Passport Services and FPP divided the duties. Passport Services distributed exemplars to the foreign embassies in Washington, and FPP distributed them to domestic partner agencies and to overseas Foreign Service posts for use with foreign governments. FPP officers traveled to the Federal Law Enforcement Training Center (FLETC) in Georgia in October 2006 and February 2007 to provide training to the DHS Fraud Detection and National Security officers. On both those occasions, new passport exemplars were given to host DHS training officials for use in their own training. It is worth noting that in basic principle, the concept of a passport is primarily to communicate information from the issuing government to other governments of countries to which the bearer may travel. The passport also serves as a means of communication from one agency of the issuing government to another. It is not inappropriate to prioritize the distribution of information about a new passport design to representatives of foreign governments. It should also be noted that the Department began issuing the e-passport to the public in August 2006. The Department issued only diplomatic and official e-passports prior to August 2006 to test them in the DHS/CBP operational environment at select ports-of-entry with the full knowledge and cooperation of DHS/CBP. GAO Comments: 1. We believe there is value in a mandated regular review procedure for document integrity and recommend that State develop a process and schedule for periodically reassessing security features in the design of its travel documents. We recognize that an informal process is important for responding to vulnerabilities and counterfeit or altered passports and visas, as they are discovered. It is not our intention to inhibit or replace the informal process already in place. However, we believe that an informal process by itself is not an effective way to re-evaluate the security features of passports and visas against evolving counterfeit and alteration threats. While State has made adjustments in the design of passports and visas, its approach has been largely reactive. A structure process for reassessing the features and planning for new generations of passports and visas is critical because counterfeit and alteration threats to the security of these documents are always changing, many passports and visas have a long lifespan, and it takes State several years to fully implement a new document design. The increasing pace of technology change and use of electronics makes State's current approach less viable than it might have been in the past, and best practices, such as for currency design, suggest that periodic evaluation of designs and introduction of new security features are more viable approaches in the management of counterfeit and alteration threats. We welcome State's recent steps to develop a schedule for periodically reassessing security features in the design of passports and visas. 2. We welcome State's recent steps to hire an analyst to design and implement a comprehensive program for the oversight of passport acceptance agents. During the course of our review, we were informed that the acceptance agent program remained a significant fraud concern and that efforts were under way to implement actions to address identified vulnerabilities in this program. However, State officials were unable to provide us with documentation identifying these vulnerabilities or a plan for addressing them. After our draft report was provided to the agency for review and comment, we were provided with a draft document identifying initiatives to improve oversight of the passport acceptance agent program. State has identified the vulnerabilities in this program and proposed reasonable oversight measures to address these vulnerabilities. 3. We revised the text of this report to reflect this information. 4. During the course of our review, we were informed by Consular Affairs officials in the Office of Fraud Prevention Programs that State did not have a formal process for reassessing the security features in visas or for planning the redesign of the documents in the future. According to these officials, formal plans for redesigning the BCC did not exist, although they did indicate that State was considering the use of the new passport card design to develop the next BCC. We welcome the decision to model the new BCC after the passport card design and issue the next generation of this card in 2008, when the current cards will begin to expire. Furthermore, we believe it is important to periodically reassess the security features in the design of the new BCC to manage future counterfeit and alteration threats. [End of section] Appendix VII: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, DC 20528: July 20, 2007: Jess Ford: Director, International Affairs and Trade: U.S. Government Accountability Office: Washington, DC 20548: Dear Mr. Ford: Thank you for the opportunity to review and comment on the Government Accountability Office's (GAO) report titled "Border Security: Security of New Passports and Visas Enhanced, but More Needs to Be Done to Prevent Their Fraudulent Use" GAO-07-1006SU. The report addresses 1) the features of U.S. passports and visas and how information on these features is shared; 2) the integrity of the issuance process; and 3) how these documents are inspected at U.S. ports of entry. The following is our response to the recommendations that pertain to the Department of Homeland Security (DHS). Recommendation 3: Develop a deployment schedule for providing sufficient e-passport readers to U.S. ports of entry, which would enable inspection officials to better utilize the security features in the new U.S. e-passport. Response: Concur. CBP is working to make US Passport issuance data and photographs available during the primary inspection process to improve the security of not only US e-passports but also all US issued passports. By allowing CBP Officers expanded use of the Consular Consolidated Database (CCD), access to US passport application and issuance information can be done directly from the system of record. This enhancement would provide CBP Officers, at time of inspection, the passport photograph and associated biographic data that can be directly compared to the photograph and biographic data printed within the passport. It is important to note that the Department of State has already made US Passport information accessible to CBP for use in CBP secondary locations. CBP fully intends to develop and deploy e-passport readers to all U.S. ports of entry to ensure our ability to verify e-passports from all countries. However, the e-passport technology is still new and the readers are not yet ready for full deployment. DHS is continuing to work with vendors to improve e-passport technology and to incorporate it into all lanes once the readers are technically ready and funding is available. Due Date July 2008: Recommendation 4: Develop a strategy for better utilizing the biometric features of the BCC in the inspection process to reduce risk of imposter fraud. Response: Concur. CBP agrees with the goal of increasing biometric verification for foreign nationals. The US-VISIT capability available today at airport and seaport on primary and at secondary for land enables CBP officers to biometrically compare and authenticate travel documents issued to non-US Citizens by DHS and State (e.g. Border Crossing Cards (BCC), Nonimmigrant (NIV) and Immigrant (IV)Visas, Permanent Resident Cards, Reentry Permits, Refugee Travel Documents). CBP is reviewing the requirements and cost of deploying this US-VISIT capability at all pedestrian primary locations as well. Today, CBP Officers, after swiping the Machine Readable Zone (MRZ), are presented biographic issuance data and a photograph that they compare against the document presented and the traveler. The photograph and biographic data display provide immediate document alteration identification, which directly reduces the risk of imposter fraud. In addition, CBP Officers collect fingerprints that are being compared by the system to the fingerprints on file, using automation to ensure the individual presenting the document is the one to whom it was issued. Fingerprints are currently collected routinely for those presenting NIVs (including those using a BCC as a B 1/B2 visa) or those traveling under the Visa Waiver Program. US-VISIT has published a proposed regulation that would expand the current biometric collection procedures to all classes of aliens, other than Canadian B1/B2. CBP is developing a strategy whereby RFID-enabled travel documents, including future RFID-enabled BCC, can be used to pre-position biographic issuance and photographic information to CBP officers processing travelers in possession of such documents - eliminating the need to swipe the card on the land borders. As a final note, CBP has recently re-issued to all field personnel our passenger primary inspection procedures to ensure uniform and consistent processing. Due Date Complete: Recommendation 5: We are recommending that the Secretaries of State and DHS collaborate to provide CBP inspection officers with better training for the inspection of travel documents issued by the State department, to better utilize the security features. This training should include: Training materials that reflect changes to State-issued travel documents in advance of State's issuance of these documents, including the provision of exemplars of new versions of these documents in advance of issuance. Response: Concur. CBP will initiate discussion with the State Department to ensure all future new or revised State-issued travel documents are made available to CBP in sufficient quantity for field officer training prior to introduction for public use. CBP will follow with production of a training module to be provided to CBP field offices with exemplars of the new document. Specifically, planning efforts are already underway to ensure that CBP officers will receive training on the proposed Passport Card, due for issuance by State beginning in 2008, in a timely manner. In addition, CBP will formulate a working group with the State Department Offices of Passport Services and Consular Affairs, to include representation from their Fraud Prevention Program. The purpose of the group will be to evaluate recent fraud trends in State Department issued documents and to prepare training material for dissemination to field offices. Due Date: The working group will meet a minimum of every six months, with the initial meeting taken place by August 31, 2007. The proposed Passport Card is due for issuance by State in the beginning of 2008. Sincerely, Signed by: Steven J. Pecinovsky: Director: Departmental GAO/OIG Liaison Office: GAO Comment: 1. We agree that DHS's US-VISIT capability enables primary inspectors at air and some sea ports of entry to use the fingerprint biometric to compare and authenticate the document and holder of visas and BCCs. However, at land border ports this capability is not available in primary inspection. Travelers with BCCs at southern land border ports- -the ports where BCC imposter fraud is most significant--are not routinely referred to secondary inspection, where they do have the capability to utilize the fingerprint records for comparison. In addition, at southern land border ports, all BCCs are not machine-read for access to the biographic data and photo during primary inspection and vehicle lanes do not have the capability to access the photograph for comparison. As a result, inspectors are not making full use of the biometric information available for BCCs. To more fully utilize the available fingerprint biometric in the BCC and mitigate imposter fraud, we are suggesting that DHS develop a strategy to better use both fingerprint biometric of the BCC and increase card reads of the BCC in primary inspection at southern land border ports of entry. [End of section] Appendix VIII: GAO Contact and Staff Acknowledgments: GAO Contact: Jess T. Ford, (202) 512-4268 or fordj@gao.gov: Staff Acknowledgments: In addition to the contact named above, John Brummet (Assistant Director), Claude Adrien, Monica Brym, Joe Carney, Richard Hung, and Bradley Hunt made key contributions to this report. Technical assistance was provided by Kate Brentzel, Aniruddha Dasgupta, Etana Finkler, Elisabeth Helmer, Sona Kalapura, Chris Martin, Jose Pena, and Marisela Perez. FOOTNOTES [1] In this report, we use "passport" to refer to passports issued to U.S. citizens and "visa" to refer to immigrant and nonimmigrant visas issued to foreign nationals seeking to travel to the United States. [2] A port of entry is an officially designated location (airport, seaport, and land border locations) where CBP officers clear travelers for entry into the United States. There are 326 ports of entry. [3] The passport card is currently under development as an alternative travel document for entry by U.S. citizens into the United States at land and sea ports of entry. [4] The State Department issues the BCC, which permits limited travel by Mexican citizens, without additional documentation 25 miles inside the border of the United States (75 miles if entering through certain ports of entry in Arizona) for fewer than 30 days. [5] DHS deployed e-passport readers to meet its legislative requirements under the Visa Waiver Program. The 33 airports to which the readers were deployed process the highest volume of travelers from Visa Waiver Program countries. Citizens of countries participating in the Visa Waiver Program are not required to obtain a U.S. visa to enter the United States for business or tourist purposes for 90 or fewer days. [6] On June 8, 2007, State and DHS announced that U.S. citizens traveling to Canada, Mexico, the Caribbean, and Bermuda who have applied for but not yet received passports can nevertheless temporarily enter and depart from the United States by air with a government-issued photo identification and Department of State official proof of application for a passport through September 30, 2007. DHS and State have indicated that they will begin to implement the requirement for land and sea ports in 2008. In commenting on a draft of this report, State noted that the exact implementation date will be determined by a number of factors, including the progress of DHS and State actions to implement the Western Hemisphere Travel Initiative and the availability of compliant documents on both sides of the border. [7] The passport card is being developed as a substitute for a passport and as a lower-cost means of establishing identity and nationality for American citizens, as a part of the Western Hemisphere Travel Initiative. This document is not designed to be a globally interoperable travel document as defined by ICAO. [8] GPO produces blank passports for State as agreed under a memorandum of understanding with State. [9] State operates passport-issuing offices in Aurora, Colorado; Boston; Charleston, South Carolina; Chicago; Honolulu; Houston; Los Angeles; Miami; New Orleans; New York; Norwalk, Connecticut; Philadelphia; Portsmouth, New Hampshire; San Francisco; Seattle; and two offices in Washington, D.C.--a regional passport agency and a special issuance agency that handles official U.S. government and diplomatic passports. [10] While the majority of passports are issued by domestic passport agencies, consular officers in U.S. embassies and consulates also issue passports in the form of an emergency passport. [11] This number is as of April 2007. State officials noted that this number changes frequently as new acceptance facilities are added and others are dropped. [12] Currently, U.S. citizens are not required to present passports if they re-enter the United States at a land or sea port of entry. In general, aliens must present their passport and a valid U.S. visa. [13] Technologies called biometrics can automate the identification of individual travelers by one or more of their distinct physical or behavioral characteristics. For more information on biometrics, see GAO, Technology Assessment: Using Biometrics for Border Security, GAO- 03-174 (Washington, D.C.: Nov. 14, 2002). [14] A document or file may be protected using a cryptographic process that effectively generates a "digital signature" stored in the document. Validating the digital signature not only confirms who generates it, but also ensures that there have been no alterations to the document since it was signed. For more information about digital signature technology, see GAO, Information Security: Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology, GAO-01-277 (Washington, D.C.: Feb. 26, 2001). [15] The Teslin visa used a Teslin synthetic substrate, while the Lincoln visa, so named because of the image of President Lincoln on the visa, is made of paper. [16] The Illegal Immigration Reform and Immigrant Responsibility Act of 1996 (IIRIRA), as amended, mandated the expiration of previous versions of the BCC on September 30, 2001. [17] State implemented the Biometric Visa Program in October 2004. [18] At the same time that the e-passport was under development, the emergency passport was developed to provide U.S. missions overseas, for the first time, with a designated passport book for emergency issuance overseas. [19] Skimming is the unauthorized use of a reader to read the data stored on the RFID chip without the authorization or knowledge of the owner of the chip or the individual in possession of the chip. [20] National Academies Press, Is That Real? Identification and Assessment of the Counterfeiting Threat for U.S. Banknotes, ISBN-0-309- 10124-7 (Washington, D.C., 2006). [21] GAO's Standards for Internal Control in the Federal Government recommends that agencies establish physical controls to secure and safeguard vulnerable assets. [22] GAO's Standards for Internal Control in the Federal Government require that agencies establish internal controls sufficient to ensure that transactions and other significant events are authorized and executed only by persons acting within the scope of their authority. The standards also require that the agencies establish internal controls sufficient to ensure that access to resources and records is limited to authorized individuals and that accountability for their custody and use is assigned and maintained. [23] GAO, State Department: Improvements Needed to Strengthen U.S. Passport Fraud Detection Efforts, GAO-05-477 (Washington, D.C.: May 20, 2005). [24] GAO guidance on internal controls recommends that internal control monitoring assess the quality of performance over time and ensure that the findings of audits and other reviews are promptly resolved. [25] Consular associates are U.S. citizens and relatives of U.S. government direct-hire employees overseas who, following a successful completion of the required Basic Consular Course, are hired by the consular section at post. Up until September 30, 2005, consular associates at some posts were allowed to assist consular officers in adjudicating visas. [26] The Intelligence Reform and Terrorism Prevention Act of 2004 required that consular officers adjudicate visas. See P.L. 108-458. As defined by the State Department, consular officers are generally active Foreign Service officers but may also include commissioned civil service employees or retirees of the Foreign Service. [27] Every alien applying for a nonimmigrant visa who is between the ages of 14 and 79 must submit to an in-person interview with a consular officer unless the interview is waived under certain circumstances by either the consular officer or the Secretary of State. There are also circumstances under which the interview cannot be waived. [28] The Automated Biometric Identification System is a DHS database that includes some 5 million people who may be ineligible to receive a visa. For example, the Automated Biometric Identification System data include, among other records, FBI information on all known and suspected terrorists, selected wanted persons, and previous criminal histories for individuals from high-risk countries. See GAO, Border Security: State Department Rollout of Biometric Visas on Schedule, but Guidance Is Lagging, GAO-04-1001 (Washington, D.C.: Sept. 9, 2004); and GAO-03-174. [29] GAO, Border Security: Strengthened Visa Process Would Benefit from Improvements in Staffing and Information Sharing, GAO-05-859 (Washington, D.C.: Sept. 13, 2005). [30] GAO, Border Security: More Emphasis on State Consular Safeguards Could Mitigate Visa Malfeasance Risks, GAO-06-115 (Washington, D.C.: Oct. 6, 2005). [31] To obtain a U.S. nonimmigrant visa, most foreign nationals are required to submit two fingerprint scans and a digital photo with their visa application. When visas are issued, applicants' biographical data are shared with DHS's US-VISIT, creating electronic records that can be checked against the data at the time of entry. [32] BCCs can be machine-read at primary inspection in southern land ports, displaying the biographic data and photograph for the CBP officer to compare to the presented document. [33] CBP officers use e-passport readers to access the biographic information and digitized photo stored on the RFID chip of e-passports. To read e-passports, officers place the biographical page of the e- passport on the reader's glass plate. The reader then electronically scans the biographical information--including the document type, issuing country code, document number and bearer name, bearer nationality, date of birth, gender, and document expiration date--to access the biographical data and digital photograph embedded in the e- passport's RFID chip. Once the biographical data and photograph are displayed on the primary inspection computer screen, the officer compares the information displayed with the passport photo and information on the biographic page and verifies the data extracted from the RFID chip are valid and not fraudulent. [34] The Enhanced Border Security and Visa Entry Reform Act of 2002 requires, for Visa Waiver Program countries, that passports be machine readable, tamper resistant, and incorporate biometrics and document authentification identifiers and that DHS deploy equipment and software necessary to biometrically compare and authenticate these documents. DHS has interpreted this provision to require applicants for admission under Visa Waver Program who are traveling on a passport issued on or after Oct. 26, 2006 to present an e-passport, and DHS deployment and use of e-passport readers as of that same date, according to DHS. [35] The passport adjudication process is facilitated by computer systems, which automatically check the applicant's name against several databases. In addition, examiners scrutinize paper documents and other relevant information, watch for suspicious behavior and travel plans, and request additional identification when they feel the documents presented are insufficient. [36] The 1952 Immigration and Nationality Act, as amended, is the primary body of law governing immigration and visa operations (P.L. 82- 414, 8 U.S.C. 1101 et seq.) The Homeland Security Act of 2002 (P.L. 107-296) generally grants DHS exclusive authority to issue regulations on, administer, and enforce the Immigration and Nationality Act and all other immigration and nationality laws relating to the functions of U.S. consular officers in connection with the granting or denial of visas. State retains authority in certain circumstances as outlined in the act. A September 2003 memorandum of understanding between State and DHS further outlines the responsibilities of each agency with respect to visa issuance. GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548:

The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.