The mandate facing U.S. immigration officials in the wake of the 2001 terrorist attacks on New York City and Washington, D.C., was clear: Secure the country's entry points and improve the government's understanding of who was coming and going across the borders. Congress wanted those processes automated, quickly.

The U.S. Immigration and Naturalization Service, which had responsibility for those tasks, was one of several agencies folded into the newly created Department of Homeland Security in late 2002. Soon afterward, in April 2003, then-Secretary of DHS Tom Ridge announced one of the new super-agency's first big projects: the U.S. Visitor and Immigrant Status Indication Technology system, a.k.a. US-VISIT. The plan was to create a database of photographs and biometric information, including ocular scans and fingerprints, that would be used to check people in and out of the country by matching their information against watch lists maintained by the government.

Homeland Security announced that the new system would meet Congressional requirements, and said it would start to come on line by the end of 2003. The challenge was huge. DHS was trying to integrate 22 component offices and agencies, and the hodgepodge of technology they used, on the fly. The program began bringing together disparate networks and data centers from previously independent agencies, along with various mainframes and client-server and Web-based environments. Beyond the legacy systems at INS and U.S. Customs, connections were needed to systems at the State Department.

In addition to the immigration and watch-list data to be shared, DHS needed to make itself into a unified entity. More than 3,000 desktop computers in offices across the newly formed agency had to be refreshed in order to work together. And all the while the new agency was trying to meld different cultures, training regimens, development strategies—work that is still going on in some broad areas across DHS.

US-VISIT's primary integrator, Accenture, didn't come on board until June 2004, when the project was already underway. "They were off and running on a number of things, especially the entry capability," says Stolarski. "The government retained a tremendous amount of the decision-making. We tried to support their decision-making with our best analysis."

The GAO had concerns from the start. In a 2003 report, the agency said it had "concluded that the program is a very risky endeavor. Some risk factors are inherent to the program, such as its mission criticality, its size and complexity, and its enormous potential costs. Others, however, arise from the program's relatively immature state of governance and management. For example, although the program has governmentwide scope, an accountable governance structure to direct and oversee the program that reflects this scope is not yet established."

Part of the complexity involved the dive into an alphabet soup of government systems. US-VISIT would replace a program called NSEERS (National Security Entry Exit Registration System) run by the INS; overall, seven legacy systems would be cobbled together and given new, enhanced functionality. Included on the list: the Arrival Departure Information System, or ADIS, for information on individual travelers; the Advance Passenger Information System, or APIS, for information from air and sea carriers; the Computer Linked Application Information Management System 3, or Claims 3, which dealt with benefit requests by foreign nationals; the Interagency Border Inspection System, or IBIS, a watch system for known domestic and international bad guys; the Automated Biometric Identification System, or Ident, for information on visitors to the U.S.; the Student and Exchange Visitor Information System, or SEVIS; and the Consular Consolidated Database, or CCD, which stores visa information.

Three years later, the biometric check-in system is operational, and add-ons such as RFID-readers to scan new-model passports are being tested. Few deny there's been some success. "There is some demonstrable value in what's been put out there," says Hite. In 2005, a successor to the 9/11 Commission, the 9/11 Public Discourse Project, gave US-VISIT a B in its grading system, the best such mark given to a DHS effort.

But the checkout system is still missing, and the GAO worries it may never work as intended. It has recommended that dhs, which it says has "taken actions to expand the scope and time frames of the pilot," reassess its plans for the exit capability. The watchdog agency cited a $33.5 million budget for 2006 for testing a pilot version of the exit system, even as development of a comprehensive plan went on at the same time. "Until the US-VISIT program office adequately evaluates the exit alternatives and knows whether the alternative to be selected will be effective, the program office will not be in a position to select the solution that is in the best interest of the program," says one GAO report.

None of the strategies under consideration for an exit-tracking system look very effective, says the GAO, and not all the problems have to do with technology. For example, no enforcement mechanisms for noncompliance with exit rules have been formally evaluated or benchmarked for success. Meanwhile, Mocny points to factors beyond US-VISIT's reach as part of the problem: The United States does not have a mandatory checkout rule for people leaving the country, and DHS has to scramble for space for any checkout facilities at airports, to which it must pay rent for the square footage it uses. "We're still in pilot mode," he concedes. The exit system is being tested now at twelve airports and two seaports.

The deployed systems have had their share of problems. Documents obtained under the Freedom of Information Act by Wired News show that the US-VISIT system succumbed to problems related to a virus in 2005, leading to long delays at several large airports. DHS officials had a security patch that could have prevented the problem, but delayed using it for fear of glitching the scanners, cameras and other devices attached to the aging Windows 2000 workstations used by US-VISIT. The workstations have been criticized internally at DHS as weak points in the network's security, while the lack of a comprehensive security plan for the system was singled out by the GAO.

Personnel issues have also plagued the program. In September, project CIO Scott Hastings resigned for health reasons. Preceding him out the door were Cooper, who moved on in April 2005, and Asa Hutchinson, the one-time congressman who served as the first undersecretary of Border and Transportation Security Directorate at the agency and was a champion of the project.

Hite says he sees some signs of progress on the deeper management issues GAO has raised from the start. "I do believe that the leadership of the program has taken our recommendations on things like scheduling to heart. We hope to see the results in terms of explicit measurements and commitment to goals." Mocny says several specific goals have been met, such as hitting the target date for interoperability of some systems with the Boston Police Department, thus better securing a major port of entry. When it comes to finishing the exit systems, though, he says, "We don't have a date."

Next page: A New Way of Doing Business?

1 | 2 | 3 | 4