Employment Verification
Federal Agencies Have Taken Steps to Improve E-Verify, but Significant Challenges Remain
GAO-11-146, Dec 17, 2010
Additional Materials:
Contact:
(202) 512-8816
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
E-Verify is a system to electronically verify work eligibility and operated by the Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS) and the Social Security Administration (SSA). GAO testified in June 2008 that ensuring accuracy and combating fraud were challenges facing E-Verify. As requested, GAO examined the extent to which USCIS and SSA took efforts to (1) reduce tentative nonconfirmations (TNC) and E-Verify's vulnerability to fraud, (2) safeguard employee personal information, and (3) prepare for possible mandatory use by all employers nationwide. GAO reviewed key policy and procedural documents, interviewed relevant DHS and SSA officials, and conducted site visits to three states selected, in part, based on employer types.
Since GAO last testified in June 2008, USCIS has taken several steps to improve the accuracy of the E-Verify system, including expanding the number of databases queried through E-Verify and instituting quality control procedures. As a result, USCIS data indicate that E-Verify immediately confirmed about 97.4 percent of almost 8.2 million newly hired employees as work authorized during fiscal year 2009, compared to 92 percent from fiscal year 2006 to the second quarter of fiscal year 2007. However, E-Verify errors persist. Also, if an authorized employee's name is recorded differently on various authorizing documents, the E-Verify system is to issue a TNC for the employee. Because such TNCs are more likely to affect foreign-born employees, they can lead to the appearance of discrimination. USCIS has not disseminated information to employees advising them of the importance of consistently recording their names on documentation provided to employers, and doing so could help USCIS reach its goal to ensure data accuracy. Furthermore, E-Verify remains vulnerable to identity theft and employer fraud. Resolving these issues will be important in combating fraud in the employment verification process. USCIS has taken steps to minimize risks to the privacy of personal information for new employees who are processed through E-Verify by, among other things, publishing privacy notices for the E-Verify program. However, employees are limited in their ability to identify the source of and how to correct information in DHS databases that may have led to an erroneous TNC. To identify and access the source of the incorrect data, employees must use methods such as Privacy Act requests, which, in fiscal year 2009, took on average 104 days. DHS officials acknowledged that the current process for employees to correct their personal records could be improved and said they are discussing ways to provide employees with better access to relevant information. By developing procedures that could enable employees to effectively correct any inaccurate personal information, DHS components could help employees avoid receiving erroneous TNCs. USCIS and SSA have taken actions to prepare for possible mandatory implementation of E-Verify for all employers nationwide by addressing key practices for effectively managing E-Verify system capacity and availability and coordinating with each other in operating E-Verify. However, USCIS's lifecycle cost estimates for E-Verify do not reliably depict current costs (i.e., do not include all costs associated with maintaining and operating E-Verify) and SSA's estimates do not consider the risk associated with changes in SSA's E-Verify workload. Without DHS developing reliable life cycle cost estimates for E-Verify, and SSA assessing the risk associated with its E-Verify workload, the agencies are at increased risk of not securing sufficient resources to effectively execute program plans in the future. GAO recommends, among other things, that USCIS disseminate information to employees on the importance of consistently recording their names, DHS components develop procedures to help employees correct inaccurate personal information, USCIS develop reliable cost estimates for E-Verify, and SSA assess risks associated with its E-Verify workload costs. DHS and SSA generally agreed with most of GAO's recommendations. SSA disagreed that it should assess risks associated with its workload costs because it believes it already does so. GAO believes the recommendation is valid because SSA's risk estimate has limitations as discussed in the report.
Status Legend:
Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
- In Process
- Open
- Closed - implemented
- Closed - not implemented
Recommendations for Executive Action
Recommendation: To ensure that USCIS has a sound basis for making decisions about resource investments for E-Verify and securing sufficient resources to effectively execute defined program plans, the Director of USCIS should ensure that a life cycle cost estimate for E-Verify is developed in a manner that reflects the four characteristics of a reliable estimate consistent with best practices--comprehensive, well-documented, accurate, and credible.
Agency Affected: Social Security Administration
Status: Open
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To help ensure that SSA will be able to meet the capacity demands of the E-Verify program and provide USCIS with continuous service in the future, the Director of USCIS and the Commissioner of SSA should finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a timeframe and milestones for its completion.
Agency Affected: Social Security Administration
Status: Closed - Implemented
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To help ensure that SSA will be able to meet the capacity demands of the E-Verify program and provide USCIS with continuous service in the future, the Director of USCIS and the Commissioner of SSA should finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a timeframe and milestones for its completion.
Agency Affected: Department of Homeland Security: Bureau of Citizenship and Immigration Services
Status: Closed - Implemented
Comments: We found that that U.S. Citizenship and Immigration Services (USCIS) and the Social Security Administration (SSA) had not met one of the six effective practices for capacity management and planning as established by the Software Engineering Institute's best practices for capacity management: defining and documenting service-level requirements. We reported that (1) USCIS officials told us that USCIS had developed a draft service-level agreement and had submitted it to SSA for review; and (2) SSA officials told us that SSA was reviewing the agreement, but did not identify a date for when the agreement would be reviewed and approved by both agencies. As a result, we recommended that the Director of USCIS and the Commissioner of SSA finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify. SSA officials notified us that a service level agreement had been established for the E-Verify program and had been in effect as of May 31, 2011. SSA provided us a copy of its service-level agreement with the Department of Homeland Security. The service-level agreement is consistent with our recommendation.
Recommendation: To decrease the potential for recurring erroneous nonconfirmations, the Director of USCIS should develop procedures for management program analysts to document the basis for their work authorization decisions.
Agency Affected: Department of Homeland Security: Bureau of Citizenship and Immigration Services
Status: Open
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To improve the accuracy of the source data used to make employment eligibility decisions and decrease the potential for recurring erroneous nonconfirmations, the Secretary of Homeland Security should direct the heads of DHS components to coordinate with one another to develop procedures to correct inaccurate or inconsistent information in their records and systems that may have led to erroneous TNCs or financial nonconfirmation (FNCs).
Agency Affected: Department of Homeland Security: Bureau of Citizenship and Immigration Services
Status: Open
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To ensure that employees have the ability to access and correct inaccuracies or inconsistencies in personal information within DHS databases that may have led to erroneous TNCs and minimize the potential for employees receiving repeated erroneous TNCs, the Director of USCIS should develop procedures that enable employees to access personal information and correct inaccuracies or inconsistent personal information in DHS databases.
Agency Affected: Department of Homeland Security: Bureau of Citizenship and Immigration Services
Status: Open
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To better target USCIS's education efforts and ensure employer compliance with the E-Verify program, the Director of USCIS should develop an analysis plan for the mastery test and use the analysis results to make fact-based decisions about whether and how to revise the test, the tutorial, or both.
Agency Affected: Department of Homeland Security: Bureau of Citizenship and Immigration Services
Status: Open
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To reduce the likelihood of name-related erroneous TNCs for employees with multiple or hyphenated surnames, the Director of USCIS should disseminate information to employees, for example, through Office for Civil Rights and Civil Liberties (CRCL's) instructional videos for employees, in DHS's A Guide to Naturalization, and at naturalization ceremonies, on the potential for name mismatches and how to record their names consistently when providing name information to employers, SSA, and DHS.
Agency Affected: Department of Homeland Security: Bureau of Citizenship and Immigration Services
Status: Open
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To ensure that SSA can accurately project costs associated with its E-Verify workload, as well as estimates for potential mandatory implementation of E-Verify, the Commissioner of SSA should assess the risk and uncertainty within SSA's E-Verify workload estimate as well as the limitations associated with the assumptions used to create it, in accordance with best practices, to ensure that SSA can provide the required level of support to USCIS and E-Verify operations.
Agency Affected: Social Security Administration
Status: Open
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.