Employment Verification:

Federal Agencies Have Taken Steps to Improve E-Verify, but Significant Challenges Remain

GAO-11-146: Published: Dec 17, 2010. Publicly Released: Jan 18, 2011.

Additional Materials:

Contact:

Rebecca S. Gambler
(202) 512-6912
gamblerr@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

E-Verify is a system to electronically verify work eligibility and operated by the Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS) and the Social Security Administration (SSA). GAO testified in June 2008 that ensuring accuracy and combating fraud were challenges facing E-Verify. As requested, GAO examined the extent to which USCIS and SSA took efforts to (1) reduce tentative nonconfirmations (TNC) and E-Verify's vulnerability to fraud, (2) safeguard employee personal information, and (3) prepare for possible mandatory use by all employers nationwide. GAO reviewed key policy and procedural documents, interviewed relevant DHS and SSA officials, and conducted site visits to three states selected, in part, based on employer types.

Since GAO last testified in June 2008, USCIS has taken several steps to improve the accuracy of the E-Verify system, including expanding the number of databases queried through E-Verify and instituting quality control procedures. As a result, USCIS data indicate that E-Verify immediately confirmed about 97.4 percent of almost 8.2 million newly hired employees as work authorized during fiscal year 2009, compared to 92 percent from fiscal year 2006 to the second quarter of fiscal year 2007. However, E-Verify errors persist. Also, if an authorized employee's name is recorded differently on various authorizing documents, the E-Verify system is to issue a TNC for the employee. Because such TNCs are more likely to affect foreign-born employees, they can lead to the appearance of discrimination. USCIS has not disseminated information to employees advising them of the importance of consistently recording their names on documentation provided to employers, and doing so could help USCIS reach its goal to ensure data accuracy. Furthermore, E-Verify remains vulnerable to identity theft and employer fraud. Resolving these issues will be important in combating fraud in the employment verification process.

USCIS has taken steps to minimize risks to the privacy of personal information for new employees who are processed through E-Verify by, among other things, publishing privacy notices for the E-Verify program. However, employees are limited in their ability to identify the source of and how to correct information in DHS databases that may have led to an erroneous TNC. To identify and access the source of the incorrect data, employees must use methods such as Privacy Act requests, which, in fiscal year 2009, took on average 104 days. DHS officials acknowledged that the current process for employees to correct their personal records could be improved and said they are discussing ways to provide employees with better access to relevant information. By developing procedures that could enable employees to effectively correct any inaccurate personal information, DHS components could help employees avoid receiving erroneous TNCs.

USCIS and SSA have taken actions to prepare for possible mandatory implementation of E-Verify for all employers nationwide by addressing key practices for effectively managing E-Verify system capacity and availability and coordinating with each other in operating E-Verify. However, USCIS's lifecycle cost estimates for E-Verify do not reliably depict current costs (i.e., do not include all costs associated with maintaining and operating E-Verify) and SSA's estimates do not consider the risk associated with changes in SSA's E-Verify workload. Without DHS developing reliable life cycle cost estimates for E-Verify, and SSA assessing the risk associated with its E-Verify workload, the agencies are at increased risk of not securing sufficient resources to effectively execute program plans in the future.

GAO recommends, among other things, that USCIS disseminate information to employees on the importance of consistently recording their names, DHS components develop procedures to help employees correct inaccurate personal information, USCIS develop reliable cost estimates for E-Verify, and SSA assess risks associated with its E-Verify workload costs. DHS and SSA generally agreed with most of GAO's recommendations. SSA disagreed that it should assess risks associated with its workload costs because it believes it already does so. GAO believes the recommendation is valid because SSA's risk estimate has limitations as discussed in the report.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: To reduce the likelihood of name-related erroneous TNCs for employees with multiple or hyphenated surnames, the Director of USCIS should disseminate information to employees, for example, through Office for Civil Rights and Civil Liberties (CRCL's) instructional videos for employees, in DHS's A Guide to Naturalization, and at naturalization ceremonies, on the potential for name mismatches and how to record their names consistently when providing name information to employers, SSA, and DHS.

    Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

    Status: Closed - Implemented

    Comments: Our report recommended that in order to reduce the likelihood of name-related erroneous tentative non-confirmations (TNCs) for employees with multiple or hyphenated surnames, United States Citizenship and Immigration Services (USCIS) should disseminate information to employers on the potential for name-related mismatches and how to record names consistently when providing such information to employers, SSA, and DHS. To address this recommendation, in August 2012, USCIS posted "Tips to Preventing a TNC" on its E-Verify website, and in February 2012, USCIS included information on the importance of entering names consistently on identity and government records in the Questions and Answers (Q&A) section of the Self Check web site. USCIS also reported that in fiscal year 2011, it shared information about complex names and recording names consistently at conferences organized by various worker and immigrant advocacy organizations, including the American-Arab Anti-Discrimination Committee and the League of United Latin American Citizens. We believe that USCIS has taken appropriate steps to address our recommendation.

    Recommendation: To better target USCIS's education efforts and ensure employer compliance with the E-Verify program, the Director of USCIS should develop an analysis plan for the mastery test and use the analysis results to make fact-based decisions about whether and how to revise the test, the tutorial, or both.

    Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

    Status: Closed - Implemented

    Comments: Our report recommended that USCIS develop an analysis plan for the E-Verify mastery test and use the results to make decisions about whether and how to revise the test, the tutorial, or both. USCIS reported that it began analyzing the results of revisions to the June 2010 mastery test to assess what questions may need to be further revised and to determine what concepts may require greater explanation. USCIS identified three questions needing revision and made these changes in June 2011. USCIS provided extensive documentation of the data analyses it has conducted in response to this recommendation. Specifically, USCIS analyzed millions of responses to the E-Verify knowledge mastery tests administered in July 2011, January 2012, April 2012, and July 2012; and over 700,000 responses to an E-Verify tutorial administered in November 2010. USCIS also developed an E-Verify Training Analysis Plan with the intent to regularly measure the effectiveness of E-Verify user tutorial content and knowledge tests and other E-Verify educational tools. USCIS reported that the analysis of the E-Verify data will be an ongoing effort and that it will continue to monitor reports to determine changes for future releases. We believe that USCIS's actions have addressed the intent of this recommendation.

    Recommendation: To ensure that employees have the ability to access and correct inaccuracies or inconsistencies in personal information within DHS databases that may have led to erroneous TNCs and minimize the potential for employees receiving repeated erroneous TNCs, the Director of USCIS should develop procedures that enable employees to access personal information and correct inaccuracies or inconsistent personal information in DHS databases.

    Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

    Status: Open

    Comments: In November 2013, USCIS developed a corrective action plan that outlines procedures that will enable employees to access personal information and correct inaccuracies or inconsistent personal information in DHS databases. The plan has three phases and according to USCIS, the first phase was initiated in July 2013. USCIS expects to complete the three-phased approach in fiscal year 2015.

    Recommendation: To improve the accuracy of the source data used to make employment eligibility decisions and decrease the potential for recurring erroneous nonconfirmations, the Secretary of Homeland Security should direct the heads of DHS components to coordinate with one another to develop procedures to correct inaccurate or inconsistent information in their records and systems that may have led to erroneous TNCs or final nonconfirmation (FNCs).

    Agency Affected: Department of Homeland Security

    Status: Open

    Comments: USCIS appears to be taking several steps to develop procedures to correct information in databases used by USCIS, CBP, and/or ICE that have resulted in new hires receiving an erroneous work authorization decision. For example, in 2012, USCIS launched E-verify Self Check, a feature that enables employees to confirm their own eligibility to work in the United States and see any data mismatches found. In addition to the Self Check feature, USCIS plans to implement MyE-Verify in September 2014. MyE-Verify will be a self-service feature that will allow employees to create a secure account in Self Check and engage with the E-Verify Program. USCIS also combined the Tentative Nonconfirmation (TNC) Notice and Referral Letter into one document -- the Further Action Notice (FAN). Moreover, USCIS has developed a Final Nonconfirmation (FNC) letter to provide a formal process by which individuals can request a review of their FNC in order to help reduce erroneous FNCs. A limited FNC review process is currently available to employees, and USCIS is working on fully deploying the FNC review process. USCIS officials expect to fully deploy this process in fiscal year 2015. To close the recommendation, DHS should provide evidence that such departmentwide procedures have been deployed and implemented.

    Recommendation: To decrease the potential for recurring erroneous nonconfirmations, the Director of USCIS should develop procedures for management program analysts to document the basis for their work authorization decisions.

    Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

    Status: Closed - Implemented

    Comments: Our report noted that USCIS did not require management program analysts (MPA) to document the process they used to resolve tentative nonconfirmations that were contested by employees. USCIS officials said they recognized the importance of making and documenting accurate decisions and planned to revise the standard operating procedures to require this of management program analysts. USCIS issued revised standard operating procedures (SOPs) in fiscal year 2012. The revised procedures require MPAs to document the systems and information used to arrive at work authorization decisions. The procedures note that MPAs should list the specific systems they checked (for example, the actual screen within the system that is used to resolve a case). The information entered is to be detailed enough to enable another MPA to understand the decision. We believe that USCIS's revised operating procedures are responsive to the intent of our recommendation.

    Recommendation: To help ensure that SSA will be able to meet the capacity demands of the E-Verify program and provide USCIS with continuous service in the future, the Director of USCIS and the Commissioner of SSA should finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a timeframe and milestones for its completion.

    Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

    Status: Closed - Implemented

    Comments: In our December 2010 report on E-Verify, we reported that USCIS and the Social Security Administration (SSA) had met five of the six effective practices for capacity management and planning as established by the Software Engineering Institute's best practices for capacity management. However, the agencies had not met the sixth practice defining and documenting service-level requirements to help ensure that SSA will be able to meet E-Verify capacity demands and provide USCIS continuous service in the future, or provided timeframes for when the agreement will be completed. Service-level agreements are widely accepted by Information Technology experts, and are integral to effective information technology planning. We reported that (1) USCIS officials told us that USCIS had developed a draft service-level agreement and had submitted it to SSA for review; and (2) SSA officials told us that SSA was reviewing the agreement, but did not identify a date for when the agreement would be reviewed and approved by both agencies. We recommended that the Director of USCIS and the Commissioner of SSA finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify. In response, on June 7, 2011, we received notification from SSA officials that a service level agreement had been established for the E-Verify program and had been in effect as of May 31, 2011. SSA provided us a copy of its service-level agreement with DHS. The agreement included information on the services that SSA would provide, including SSA's service availability schedule, service scope (for example, average response times to queries and SSA's problem reporting process), and service monitoring, tracking, and reporting procedures. As a result, USCIS and SSA have established a common understanding of how to meet current and future E-Verify system demands, and are better positioned to ensure that SSA will be able to provide continuous E-Verify service and meet increased demands for system capacity in the future.

    Recommendation: To help ensure that SSA will be able to meet the capacity demands of the E-Verify program and provide USCIS with continuous service in the future, the Director of USCIS and the Commissioner of SSA should finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a timeframe and milestones for its completion.

    Agency Affected: Social Security Administration

    Status: Closed - Implemented

    Comments: In our December 2010 report on E-Verify, we reported that U.S. Citizenship and Immigration Services (USCIS) and the Social Security Administration (SSA) had met five of the six effective practices for capacity management and planning as established by the Software Engineering Institute's best practices for capacity management. However, the agencies had not met the sixth practice: defining and documenting service-level requirements to help ensure that SSA will be able to meet E-Verify capacity demands and providing USCIS continuous service in the future, or provided timeframes for when the agreement will be completed. Service-level agreements are widely accepted by information technology experts, and are integral to effective information technology planning. We reported that (1) USCIS officials told us that USCIS had developed a draft service-level agreement and had submitted it to SSA for review; and (2) SSA officials told us that SSA was reviewing the agreement, but did not identify a date for when the agreement would be reviewed and approved by both agencies. We recommended that the Director of USCIS and the Commissioner of SSA finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify. In response, on June 7, 2011, we received notification from SSA officials that a service level agreement had been established for the E-Verify program and had been in effect as of May 31, 2011. SSA provided us a copy of its service-level agreement with the Department of Homeland Security. The agreement included information on the services that SSA would provide, including SSA's service availability schedule, service scope (for example, average response times to queries and SSA's problem reporting process), and service monitoring, tracking, and reporting procedures. As a result, USCIS and SSA have established a common understanding of how to meet current and future E-Verify system demands, and are better positioned to ensure that SSA will be able to provide continuous E-Verify service and meet increased demands for system capacity in the future.

    Recommendation: To ensure that USCIS has a sound basis for making decisions about resource investments for E-Verify and securing sufficient resources to effectively execute defined program plans, the Director of USCIS should ensure that a life cycle cost estimate for E-Verify is developed in a manner that reflects the four characteristics of a reliable estimate consistent with best practices--comprehensive, well-documented, accurate, and credible.

    Agency Affected: Department of Homeland Security: United States Citizenship and Immigration Services

    Status: Open

    Comments: USCIS reported in November 2013 that it is developing a comprehensive life cycle cost estimate.

    Recommendation: To ensure that SSA can accurately project costs associated with its E-Verify workload, as well as estimates for potential mandatory implementation of E-Verify, the Commissioner of SSA should assess the risk and uncertainty within SSA's E-Verify workload estimate as well as the limitations associated with the assumptions used to create it, in accordance with best practices, to ensure that SSA can provide the required level of support to USCIS and E-Verify operations.

    Agency Affected: Social Security Administration

    Status: Closed - Not Implemented

    Comments: As noted in our report, SSA did not agree with the recommendation. SSA stated that it routinely assesses the risk and uncertainty when developing assumptions for E-Verify workload estimates and administrative costs related to proposed legislation. SSA also stated that if E-Verify were to become mandatory, SSA would adapt its budget models and recalculate estimated costs based on the new projected workload volume. As discussed in the report, SSA does not conduct a risk and uncertainty analysis that uses statistical models to quantitatively determine the extent of variability around its cost estimate or identify the limitations associated with the assumptions used to create the estimate. We continue to believe that SSA should adopt this best practice for estimating risks to help it reduce the potential for experiencing cost overruns for E-Verify, but we are closing this recommendation because SSA did not plan to implement it.

    Jul 23, 2014

    May 15, 2014

    Apr 9, 2014

    Mar 5, 2014

    Jan 23, 2014

    Dec 20, 2013

    Dec 6, 2013

    Dec 2, 2013

    Nov 4, 2013

    Jul 19, 2013

    Looking for more? Browse all our products here