With input from Coleen Rowley
Let's suggest that the United States has a gaping hole in its Homeland Security (DHS) and Immigration and Customs Enforcement (ICE) monitoring, and it is not on our southern borders. There has been little to no public discussion of a program that allows up to 19 million visitors to pass through ports of entry with minimal to no screening. Travelers who entered the United States under this program represented 40 percent of all overseas visitors in 2012.
Thirty-eight countries participate in the Visa Waiver Program (VWP). Only 72 hours before traveling to U.S. by sea or air, participants must fill out an Electronic System for Travel Authorization form (ESTA) online. It costs $14 and assumes that the applicant is telling the truth about previous visa denials and run-ins with the law.
The questions on the very short application form require demographic and contact information. Once the applicant has the ESTA application completed, he/she needs no other paperwork other than a valid passport from one of the participating countries.
The only barrier to entrance to the United States using the VWP is the Customs and Border Protection officer at the port of entry, who stamps the passport, with or without a few questions asked, and with no means of verification. Unless a name is flagged in the ESTA system, the VWP traveler is free to enter for up to 90 days or vanish underground.
In 2010, 364,000 travelers were able to travel under the VWP program without even the minimum verified ESTA approval by airlines, according to the Government Accountability Office (GAO). No one knows to what extent these passengers presented a security risk or if they left the country after the required 90 day limit on their stays.
The National Review Online ran a story this week in which Border Patrol Agent Ronald Colburn called out the VWP as a conduit for terrorists. "Members of Hamas, Hezbollah, and potentially in the near future, if not already, ISIS, [could come] over on visa waivers from places like Great Britain," Colburn was quoted.
In fact, terrorists have already used the VWP to gain access to soft targets. Whether additional security measures would have prevented their entry is the $64 million question.
Zacarias Moussaoui traveled on the VWP before he enrolled in a Minneapolis flight training school prior to 9-11. Richard Reid, the "Shoebomber," along with Ahmed Ajaj, also traveled on the VWP. In December 2001 Reid used an Amsterdam-issued British passport to board an American Airlines flight from Paris to Miami. In a separate incident Ajaj was caught by border agents with bomb making materials and a cheat sheet explaining how to lie to border officials. Ajaj was using a Swedish passport on the VWP.
Then there is Ramzi Yousef, one of the main perpetrators of the 1993 World Trade Center bombing and a co-conspirator in the Bojinka (airline bombing) plot to blow up 11 American jumbo jets, who used the VWP on a fraudulent British passport.
A 2004 OIG evaluation of the VWP found significant problems and asked for reforms in 14 areas. One reform involved development of a process to check all Lost and Stolen Passport (LASP) data provided by VWP governments against entry and exit data in U.S. systems.
Yousef had boarded in Peshawar with a fraudulent British passport, presumably with no U.S. visa, and when he arrived at JFK, presented an Iraqi passport in his own name, with no visa. Yousef was sent to secondary inspections where he requested political asylum; he was released on his own recognizance and went on to finish organizing the WTC bombing.
A 2014 report, prepared for Congress by the Congressional Research Service, says the 2008 reform mandates, which were required because of the 2004 OIG evaluation, are not complete.
DHS has completed the pilot programs, but according to the Government Accountability Office (GAO), "DHS cannot reliably commit to when and how the work will be accomplished to deliver a comprehensive exit solution to its almost 300 ports of entry.
I asked friend and fellow Huffington Post blogger Coleen Rowley to weigh in. In May of 2002, Rowley brought some of the pre 9-11 security lapses to light and testified to the Senate Judiciary Committee about the endemic problems facing the FBI and the intelligence community.
Rowley said using Moussaoui, Reid, Youssef and Ajaj as the main examples of terrorists who have been discovered entering the U.S. via the Visa Waiver Program is not enough. "This would seem pretty weak justification for abrogating the VWP since their travel occurred years ago: Youssef's and Ajaj's in 1992; Moussaoui's and Reid's in 2001. These are all mostly pre 9-11 and long before "Top Secret America" had gathered trillions of pieces of identifying data, including the NSA's massive communication interception program."
Rowley said that despite the fact that both Youssef and Ajaj were caught in 1992 with numerous false passports, Youssef was not even detained, but was released in the U.S., and Ajaj was also later released.
Rowley asked, given the hundreds of millions of dollars spent on the massive data being collected since 9-11, "whether name checks are already conducted of key databases in connection with the ESTA process?"
(Federal Computer Week says Homeland Security Department's Office of Biometric Identity Management has a $33 million contract with the firm Accenture to expand international data sharing capabilities.)
"The subsequent task of then checking the various bits of information that may exist, to find matches, especially with relatively common names, could itself be daunting and very time-consuming. But if it's not being done, one can wonder why all this info has been collected in the first place," Rowley said.
Rowley raised a good question, considering that 2012 testimony to the GAO by Rebecca Gambler, Acting Director of Homeland Security and Justice revealed that data is being collected by some VWP countries but not shared by any.
As of January 2011, 18 of the 36 Visa Waiver Program countries had met the PCSC (Preventing Combating Serious Crime) and information-sharing agreement requirement, but the networking modifications and system upgrades required to enable this information sharing to take place have not been completed for any Visa Waiver Program countries.
Would complete data sharing make a difference?
Rowley says it is impossible to conduct a meaningful data check against trillions of bits of information. Computers cannot do a name check without either missing a flagged name or getting some false positives.
Think about doing a Google search or even a Facebook search on a name. If it is a common name, you can get dozens of hits.
After photojournalist James Foley was murdered by an ISIL jihadist believed to reside in the United Kingdom, Prime Minister David Cameron announced that the threat level for terrorism was "severe " in his country and that jihadists returning from Iraq and Syria and holding British passports suggested that a terrorist attack is "highly likely."
Foreign Policy Magazine called out France, Belgium and Sweden as home bases for Islamic extremists who have joined ISIL. If you are a resident of a Visa Waiver program country (France, Belgium and Sweden are) it is relatively easy to enter the U.S. if you are not flagged in the system.
Proponents of the VWP say it reduces workloads and encourages tourism. A 2014 Congressional Research Services report (RL32221) quotes travel industry executive William S. Norman. He said it would take "hundreds of new consular staff and tens of millions of dollars to issue visas to visitors currently entering under the VWP."
There is no doubt that the Visa Waiver Program merits a national discussion free from partisan politics. As an American who applied for and received a Global Entry Pass, I had to undergo a rigorous background check and personal interview. I was fingerprinted, photographed, and questioned about past and future travel plans. It is doubtful that a homegrown American terrorist who joined the jihad and then traveled back to the U.S. would try to apply for a Global Entry Pass. He/she would simply wait in the long lines at the port of entry, answer few questions and pass through customs.
But Rowley offered another challenge. "Do Americans fully understand the implications of Security Theater?"
"Security Theater" is a term coined by security expert and author Bruce Schneier in 2003. Rowley says the key question is how the trillions of pieces of data that are vacuumed up by the NSA, TSA, Homeland Security, FBI and other entities connect with the Visa Waiver Program.
I wonder what independent security expert Bruce Schneier would say. Rowley suggested linking to his website in this post.
"Data collection, even with biometric identifiers added, is far less useful for preventing terrorism or any crime, than it is in identifying a perpetrator, i.e. solving a crime after it's been committed. That's essentially how the FBI's fingerprint repository works," Rowley says.