Robert A. Mocny, Director, US-VISIT Program, Department of Homeland Security; Paul Morris, Director of Admissibiluty and Passenger Program, Office of Field Operations, U.S. Customs and Border Protection
Foreign Press Center Briefing
Washington, DC
November 20, 2007
MODERATOR: Good afternoon, everyone. Welcome to the Washington Foreign Press Center and today’s briefing about the US-VISIT 10-Fingerprint Collection Program. Just a few announcements before we get started. Please make sure all cell phones are on silent or off. We are going to be joined today via DVC from the New York Foreign Press Center so we may have some questions from them as well.
This briefing is on the record and on camera. When we go to questions and answers, if I can just ask that you wait for a microphone and then state your name and news organization before you ask your question. So now it’s my pleasure to introduce our two briefers today.
First we have Robert Mocny, who’s director of the Department of Homeland Security’s US-VISIT program; and second, we have Mr. Paul Morris, who is executive director of the Admissibility and Passenger Programs with the U.S. Customs and Border Protection Office. Let me turn it over first to Mr. Mocny.
MR. MOCNY: Thank you very much, and good afternoon everybody, and thank you for spending a bit of your afternoon with us so we can talk about what is a very important program for us and it is about the US-VISIT program. We’re here today, and I’m pleased to be joined by Mr. Paul Morris, where we’re going to be making some changes to the biometric program that you’ll be seeing at our ports of entry over which Mr. Morris has the lead on.
It’s a simple message that we’re moving from the current process where we collect the left and right index finger to where we’ll be collecting all 10 fingers. So this is a natural transition from where we started about four years ago, and perhaps for those of you who aren’t familiar with the program, let me briefly just describe the US-VISIT program. It is a program under Department of Homeland Security in partnership with the Department of State where we use biometrics to identify individuals by linking those biometrics to their visa or to their passport. So anybody who has to go and get a visa at a consulate or an embassy overseas will go through a two-finger scan process, first the left and then the right. And then when they get to the port of entry, the same left and right index finger is taken to verify that that’s the rightful owner of that particular visa.
Well, in the four years now that we’ve been around, we have built our database to be about 90 million fingerprints, and it’s now time for us to transition from the two to the 10. There’s two main reasons why we’re making this transition, and the first reason is accuracy. As the database grows in size we need more information. The system needs more information to differentiate individuals. So we have a process that deals with what we call false matches, people are incorrectly identified because the system thinks that maybe these two fingers match somebody that we’re looking for. That person has to go back into the secondary area and is quickly resolved, but it’s inconvenient to the traveler. By taking all 10 fingers, that makes that person unique, no one else. So that person is now fully identified and there will be much less sending back to secondary, much less false matches, and so accuracy is one main reason why we’re doing this.
The other reason, of course, is by just collecting the two fingers we’re missing the other eight, and we have been collecting overseas in war zones and other locations and just from law enforcement sources, latent prints that, of course, are other than just the index fingers. And so by capturing all 10 fingers we’ll be able to identify more individuals who are trying to sneak into the country for whatever reason they may be doing so.
We will be testing this starting at Dulles Airport next Friday, the 29th of November.* So we’ll roll this out at Dulles Airport, and then over the course of the next several months, we’ll roll it out to nine more locations. It’s going to go to places like Boston, New York, San Francisco and others, and I believe if you look in the brochures that we provided for you, you’ll see a list of all the airports that we’re going to.
Quite simply we have been taking biometrics. Of course others are starting to do this as well. The U.K. has a program where they’re using biometrics as part of the visa issuance process for the U.K. The EU is building a system to accommodate 10 prints for anybody requiring a visa to go to the EU, and of course Japan starts its biometrics today. They’re starting with two, but they are using biometrics, and the reason that we’re all using biometrics now as part of the immigration and border control process is it works.
We’ve identified about 2,000 individuals who have tried to use a different name, a different date of birth, a different passport than the one they’re the rightful holder of, and the biometrics is what trips them up. They try to lie their way into the U.S. or lie their way to getting a visa. The State Department, again our partner, an agency with whom we share this information, has identified tens of thousands of individuals who are not eligible for visas and have some kind of deportation issue or criminal issue to deal with. So we use it because it works and we’ll continue to refine this.
We have a device up here. You’re welcome to take a look at it. We’re working very closely with industry to make sure that we have the latest technologies, that we have very fast and efficient use of technology because at US-VISIT we have four goals. The first two goals are not in conflict with one another. They are to enhance the security of our citizens and our visitors, but also to facilitate legitimate travel and trade. So we recognize that we have to make sure it’s easy for the good people to get through the process, but very intimidating and difficult for those who are trying to do us harm.
The other point I’d like to make, though, is given that information that we’re taking from individuals, we are committed to privacy. We have a privacy officer within the US-VISIT program, and this month, in fact, is privacy month at US-VISIT where every employee must go through mandatory privacy training for the month of November, each and every year. And we take that privacy charge very, very seriously because we are taking information from individuals that is deemed to be very personal in nature, i.e. fingerprints and, of course, other biographic information.
And the last point I’d make, before I turn this over to Paul, is our commitment to outreach. We appreciate the opportunity to do this. We appreciate the State Department in making this available to us because it’s important for us to get the word out and that’s why I appreciate you being here today so that you can get the word out to our foreign friends and families across the globe. We are committed to the safety and security of the United States. We’re also committed to a prosperous nation, but also making it as easy for people to come into the country as we possibly can.
So, again, with the employment of technologies and outreach such as this we hope to send the message to people: come to the U.S. We want you to be here. We want you to come to the United States. We’re informing you today about this change and we’ll test this over the next couple of months. We’ll roll it out at all ports of entry by the end of December of 2008, at all 311 points of entry by air, land, and sea.
To talk about the effects at the ports of entry, Paul is going to come up here and describe how this will be working at the various ports of entry and what the impact will be on operations so I’ll turn this over to Paul.
MR. MORRIS: Thank you, Bob. I think this is some very exciting and important progress that we’re making with the rollout of this additional technology. As Bob said, we have been collecting two fingerprints at the ports of entry for some time now. It’s been very successful in helping us to positively identify each and every non-immigrant traveler that comes to the United States.
So taking that next step to get this additional information, the additional biometrics collected on this group of individuals, will allow us really to do several different things. It will provide us with that additional security preventing those that may cause the U.S. harm, those that may have some kind of issue that we wish to prevent them from entering the United States from coming here. It will allow us to facilitate the valid travelers to the United States.
By being able to concentrate better on those few individuals that are of interest to us, we can better facilitate those that are of no interest to us, the legitimate trade, the legitimate travelers coming to the United States. And we see the collection of biometrics as just one more tool in our security tool box. We have provisions in place overseas where we monitor flights before their departure to the United States so we can prevent the boarding of certain individuals.
We have the collection of biometrics at the ports of entry and, really, we have a layered approach to enforcement and providing security for our homeland. Combine that with some additional documentary requirements under the Western Hemisphere Travel Initiative, combing a more secure document with more biometrics, we have really the ability to tie three things together: the individual that’s before us, the document that’s being presented, and the biometrics that are being collected. That security package then allows us to positively identify and again facilitate individuals into the U.S.
As we deploy this new technology to the ports of entry, we’re going to do it in a very measured way. We’re going to work with US-VISIT in making sure that the technology has been fully vetted and there are no technological issues that are yet to be addressed with us before we go to full deployment. We are going to have full training for our officers. We fully expect that, in the end, after the repeat customers to the United States have been registered with 10 fingerprints that we’ll start to see some facilitation in that we are actually reducing the amount of time for biometric collection on the subsequent trips. In addition to that fact that we will simply have a better idea of who’s in front of us and be able to more quickly process them.
Most importantly, obviously, this provides an additional layer of security. It gives us the ability to prevent those that would pose a harm to the United States from entering. So I would thank you at this point and Bob and I would be happy to answer any questions you may have.
QUESTION: Ruben Barrera with the Mexican news agency Notimex. The first speaker said that one of the things that you’re looking for with this new program is to have more precise information when you collect, I mean, this information from the people who enter the country. I was wondering if, would these new improvement in this system, that will mean that, among other things, we will see less or maybe no cases where some people had been subjected to a second and sometimes even a third inspection, just because the fact that he happened to have the same name or last name that someone else were appearing in the security list.
I mean, I can give you examples of people who went to get a new visa and they encountered this problem. And, you know, this is something that not only happened to those who are seeking to get visas, but also to people who want to travel. So could you say that, you know, how this program will affect that problem?
MR. MOCNY: Thanks for the question. The beauty of biometrics is just that, there are no two biometrics, no two people with the same set of fingerprints. There are many people with the same name. And so what the biometric does is once we have that individual and identify and then lock that identity with the name, that John Smith with these fingerprints versus John Smith with those fingerprints, then he’s just that one John Smith, not the bad guy.
So over time, biometrics does allow for us to have a better sense of security and identity both from our standpoint, but also from the individual’s standpoint. And one of the things that it does that’s kind of ancillary to your question is it does help protect the identity, because once I have my fingerprints attached to that visa or to that passport no one else can use that visa, no one else can use that passport, I can’t sell or lose my passport and have my name now be thought to be somebody else’s because my fingerprints don’t match that. So biometrics does help with privacy protection, with identity protection, and it will help prevent a situation like the one you just raised.
QUESTION: That doesn’t mean that, you know, I mean this is the problem, mostly you have cases like that.
MR. MOCNY: Well, you’re going to have, you know, again, over a period of time, you’re going to have people who are going to be misidentified by the name, but the point I’m trying to make is once we establish who that person is, if that person is mistaken to be somebody else, once we have the fingerprints and certainly identify that he’s not the bad guy, not the bad John Smith, then the next time he’s identified he’s identified as the good John Smith because his fingerprints have already identified who that person is.
Again, names will change and I can’t say that officers won’t look twice at if a name comes up at a separate hit biographically, but certainly by having the fingerprints and if we’ve seen that person before and if we’ve adjudicated that individual to be the good John Smith then there should not be any issue with that.
Do you want to comment at all?
MR. MORRIS: And we do have processes in place so that if at a port of entry an individual has been repeatedly identified by our systems as potentially a match to a record that we can remove that match so that on subsequent entries into the United States it will not occur. And we can do that on just biographic information.
QUESTION: Hi, Tim Harper. I’m with the Toronto Star, so here comes the Canadian question. There’s always been confusion in Canada as to which class of Canadian traveler, which Canadians are subjected to US-VISIT. The second part of the question is when will it be installed at pre-screening at Canadian airports, and the third question is, sir, you tied it in with WHTI and mentioned land-border crossings. With the enhanced drivers’ licenses and/or passports under WHTI and 10 fingerprints under this program, how does that not slow traffic crossing the Canada-U.S. border?
MR. MORRIS: Let me see if I can extract the several questions that were in there. First of all any Canadian citizen who’s required to obtain a visa, which is a very limited amount, would have to be registered as part of the US-VISIT process, and in that case would have to provide the 10 fingerprints.
With respect to the Western Hemisphere Travel Initiative, the more secure a travel document becomes and the fewer documents that are actually presented for admission to the United States and that have to be recognized by our CBP officers, the more facilitation we are going to see. We currently see something in the vicinity of 8,000 different potential documents that are presented to establish identity. With a single document, a passport issued to international standards that positively identifies the individual and their citizenship, again we can better facilitate. And at our land-border ports of entry, yes, we will have this kind of technology. It will be for those individuals that are traveling under the visa waiver program, and those small quantity of individuals that come in that are required a visa through our land border ports, including the very few Canadians.
QUESTION: Does that include student visas?
MR. MOCNY: Let me add to what Paul said. Right now, today, the only Canadians who have to go through the US-VISIT program are those that they call treaty trade investors, “E” visas, or anybody as a fianc�e, “K” visa. So Es and Ks. When we publish, when and if we publish the final rule, for which we did an NPRM, a Notice of Proposed Rule Making, last August we’ll add to that Canadians who are students, Canadians who are nurses, and other categories, and you can look at the NPRM to see what was in the proposed rule. The final rule is still going through its clearance process. So there are additional Canadians that will be going through US-VISIT, now two print and soon to be 10 print based on, again, this final rule that might be coming out. But right now it’s only two categories, fianc�es of U.S. citizens and treaty trade investors.
QUESTION: I have a quick follow-up. I asked about the schedule for prescreening of Canadian airports, but the basic question is if it’s only those two categories, I hold an “I” visa so why do I get fingerprinted when I fly here from Toronto?
MR. MOCNY: Do you have a visa and a passport?
QUESTION: Yeah.
MR. MOCNY: Yeah, then as Paul said, if you get a visa, I mean, anybody can be fingerprinted, but most cases don’t have to have visas. So if you have an “I” visa then you go through the visa process, then you go through the fingerprinting process. It’s that simple in as far as if you get a visa no matter what your nationality is you will go through the US-VISIT process. There are lots of Canadians that don’t have to have a “B” visa, some of the other tourist visas they have up there, but if you get an “I” visa then you’re going to have to go through that process.
QUESTION: And the prescreening schedule?
MR. MOCNY: Yeah, again, we’re going to roll out to nine ports of entry. Toronto’s not one of them by springtime. Post-spring we will finish all ports of entry by December of 2008. I don’t think we have the schedule in the book just because, you know, we’re going to see how it works out at Dulles and other locations, but by December of 2008 Toronto will have it.
QUESTION: Jinsook Leeof MBC Television Korea. You were talking about why you extended from two fingers to 10 fingers, but obviously well, with my common knowledge, obviously, by two fingers it would not be so difficult to identify an individual’s identification, so if there have been cases, what happened, numbers or in terms of percentage, how many cases have been there so far in which you have had difficulties in identifying the individuals, and my second question is in terms of time, how much longer time would an individual need to fingerprint 10 fingers? Thank you.
MR. MOCNY: The false match rate, I’ll throw a technical number here for you, the false match rate right now is one-tenth of 1 percent. That translates to about 70 a day that go back to secondary, who should be going back to secondary. And it’s a technical issue. You’ve got a database of 90 million fingerprints, and when you’re searching against those fingerprints, sometimes the system isn’t as precise as it needs be. That’s why we always have human fingerprint examiners to do that final adjudication, which in fact does happen.
So when the system says that might be the same person, a human fingerprint examiner looks at the two fingerprints and says, no it’s not. And they can make that very definitive call. That just takes a little bit of time to do. That person has to wait in the secondary area while that adjudication takes place. It takes about two to three minutes frankly. And that’s just a vagary of the technology as we build it. We’re going to work with the IT industry to see how we can improve upon that but that’s the way the system is. That’s where the state of technology is right now. And the second question was?
QUESTION: How much longer?
MR. MOCNY: How much longer? Well, stay tuned. That’s why we’re piloting at Dulles. We’re going to test two different ways of doing this. There’s going to be a three- slap process and a four-slap process. And we’ll get these terms down. Left hand, right hand, two thumbs; and left hand, left thumb, right hand, right thumb. That’s the four-step process.
So we’re going to try that and just see ergonomically. We’re going — this will be on the CBP officer’s desk like this, in some places it’ll be like this because it’s a little easier just to angle that way so that’s why we’re piloting it at Dulles and these other nine other locations to say what’s the best methodology — is it three or four slap, is it angled, is it not, do we have to lower the booth height or what. So that’s why we’re testing. We always test, test, test to make sure before we roll it out. We don’t want to have long lines at Paul’s ports of entry, so we want to make sure we get the ergonomics, the technology and all those pieces right before we go for a nationwide roll-out.
QUESTION: Hello. Rosalea Barker from Scoop Media New Zealand. For people from visa waiver countries, the first time they’ll encounter this is at the port of entry. Is the information collected at the port of entry sent back to any departments or law enforcement agencies or anybody in the country of origin?
MR. MOCNY: Yes, all visa waiver participants will go through a 10-print process the first time when they get to the port of entry. We have the ability to share law enforcement information with other law enforcement agencies. We publish our privacy impact assessment and we notify the public of that ability to share with foreign governments in some cases. We’re not currently sharing with the government of New Zealand at this point, but we have the ability to share with law enforcement entities within the U.S. and we have the ability to share that outside the United States as well.
QUESTION: (Gregoria Meraz, Televisa, Mexico) Will that be the case with Mexico? Excuse me.
MR. MOCNY: We don’t have a current — we don’t have a data-sharing agreement with
Mexico at this point.
QUESTION: Frank Herrmann of Rheinische Post, Germany. Can I just follow up on the time question? How long does it take? You didn’t answer that. I mean, how long does it really take to get all your, as far as I understood it, one thumb of each hand, two thumbs all together and one hand — doesn’t it, the end of it, doesn’t it deter for the, you know, tourists who are already hesitant to come to the United States and you only see fingerprints, more fingerprints and why should I come and you are competing in an international tourism market.
MR. MOCNY: Well, we hope not. We hope people don’t look at it that way. In fact when we first rolled out the two prints we had a lot of fear that that would happen and people wouldn’t be coming and, in many cases, we asked people after they walked away from the primary booth, what did you think about it, and they said what do we think about what? It was such a non-event for most individuals — and I’m not overselling that.
I’m sure they’re — I know there are some detractors of the program, but the fact of the matter is that with the four years of two prints and 90 million fingerprints having taken so far we have not had any appreciable delays based on that fingerprinting process going through. So it’s a rather quick and painless process. There’s obviously no ink involved. It’s very quick. The test lab showed somewhere in the range of 11 to 15 seconds thereabouts in taking — this is a very, very rapid way of taking prints here.
Again, we’re working with the IT industry. We said, yes, we’re going to be taking more fingerprints but we need less time to have that processed, and so it can be sub-10 seconds depending on how good you are with this whole thing. And one thing to keep in mind, once we have the 10, it’s kind of like “never again.” We have your 10 fingerprints. The next time we see you it’s going to be four slap. That’s it. So you can just kind of imagine if, right now, I go through a two-finger process, 1001, 1002, 1003, 1004, okay fine, now shift. Okay, 1001 — and so you have to shift the hands.
As we build this database of the 10 prints the first time we see you, we don’t need the 10 prints again. We just need a verification. And so you’ll be walking up to the booth and simply once — one tap — and I wish I could turn this on for you because it takes it in that amount of seconds. As I put my finger down it takes the fingerprint and captures that. So it’ll be one hand slap in any kind of verification, any, like the next time that we see you.
So over time, I think as Paul alluded to, we believe that we’re going to see actually facilitation and that even though we have more information you’re going to see a faster processing as the CBP officers get used to this and as the travelers get used to this. I don’t want to set false expectations and that’s, again, why we’re testing this to see what’s the best way to deploy this, but we hope to — our goal is not to create long lines.
Our goal is create a fast, efficient, and secure process for people to come into the United States and that’s always been our goal. That will remain our goal. We have what we call service level agreements with CBP. I have to get a response back to Paul’s officer within 10 seconds. We’re down to about six to get that response back. So after we take the prints we send them off to a database with about 3.2 million criminals, potential terrorists, deported felons, and we have to respond back to that CBP officer within 10 seconds.
We’ll always be committed to that very fast turnaround time because I’ve been there myself. They are long lines sometimes, summertime, holiday time. We have to move people efficiently. So that’s why we’re doing the test to make sure that we can be as efficient as possible.
MODERATOR: We have time for just two more questions.
QUESTION: (Inaudible) World Journal. Do people have to leave their fingerprints when they leave the country like they leave the I-9 form, and if not, how do you track people or does it matter?
MR. MOCNY: We’re here today to talk about entry. I think exit will be a topic of another day. We are going to propose, I’ve testified as much to ask the airlines to participate in an exit process that will involve the use of biometrics. The Congress has mandated that. Today’s briefing really is about what happens at the entry, at the ports of entry rather than at departure — but stay tuned. Your very pressing question will be answered at some point in the very near future.
QUESTION: Hi, Heloisa Villega-Castro from TV Record Brazil. I didn’t understand, if you’re only going to collect the prints here in the airports that the person is in, or are you going to collect that also when you’re issuing the visa in the country of origin, and in that case, a lot of people with long-term visas, like five-year visas, these people are going to have to go back and do the fingerprinting now?
MR. MOCNY: Excellent question. Thank you for that. Yes, the State Department in fact is already rolling out 10 print to most of their embassies. They’re going to complete their rollout by the end of this year, December of 2007, so they’re almost complete. So, yes, when you get a visa wherever you are, you’re going to go through the 10-print process — where they have it — and then we’re going to know that when you arrive at the port of entry. So all we’re going to need for those people is again that very quick four-slap process.
Like I said, once we have the 10 we don’t need them again. So when you get a visa and it’s a 10-print issued visa that will verify that individual when they get to the port of entry. And yes, those people who do have two-print visas and a five-year visa they just got today, they will go through a 10-print process when we see them at the port of entry.
Again the system will identify them as such — this person has a two-print visa but we now need to upgrade that to the 10 prints — so we’ll take the 10 prints as we would a visa waiver individual. Again we’ll have it that one time and then once captured it’s saved and then we just need the verification with the four slap.
Mikko Hypponen, cybersecurity expert, speaks during TEDGlobal 2011 in Edinburgh, Scotland. “Stuxnet shows that the PLCs that control our entire infrastructure, everything that we rely on, can be infected.” (Source: James Duncan Davidson / TED Conferences)
Use the following command to read the chip:
./mrpkey.py "M3V0NJ33Kxxxx000000xx999999xxxxxxxxxxxxxxxxx"
Use the following command to read the chip:
./mrpkey.py "M3V0NJ33Kxxxx000000xx999999xxxxxxxxxxxxxxxxx"
Go to the parent page: Magnetic stripe reader/writer.
