Employment Verification: Federal Agencies Have Taken Steps to Improve E-Verify, but Significant Challenges Remain
Highlights
E-Verify is a system to electronically verify work eligibility and operated by the Department of Homeland Security's (DHS) U.S. Citizenship and Immigration Services (USCIS) and the Social Security Administration (SSA). GAO testified in June 2008 that ensuring accuracy and combating fraud were challenges facing E-Verify. As requested, GAO examined the extent to which USCIS and SSA took efforts to (1) reduce tentative nonconfirmations (TNC) and E-Verify's vulnerability to fraud, (2) safeguard employee personal information, and (3) prepare for possible mandatory use by all employers nationwide. GAO reviewed key policy and procedural documents, interviewed relevant DHS and SSA officials, and conducted site visits to three states selected, in part, based on employer types.
Since GAO last testified in June 2008, USCIS has taken several steps to improve the accuracy of the E-Verify system, including expanding the number of databases queried through E-Verify and instituting quality control procedures. As a result, USCIS data indicate that E-Verify immediately confirmed about 97.4 percent of almost 8.2 million newly hired employees as work authorized during fiscal year 2009, compared to 92 percent from fiscal year 2006 to the second quarter of fiscal year 2007. However, E-Verify errors persist. Also, if an authorized employee's name is recorded differently on various authorizing documents, the E-Verify system is to issue a TNC for the employee. Because such TNCs are more likely to affect foreign-born employees, they can lead to the appearance of discrimination. USCIS has not disseminated information to employees advising them of the importance of consistently recording their names on documentation provided to employers, and doing so could help USCIS reach its goal to ensure data accuracy. Furthermore, E-Verify remains vulnerable to identity theft and employer fraud. Resolving these issues will be important in combating fraud in the employment verification process.
USCIS has taken steps to minimize risks to the privacy of personal information for new employees who are processed through E-Verify by, among other things, publishing privacy notices for the E-Verify program. However, employees are limited in their ability to identify the source of and how to correct information in DHS databases that may have led to an erroneous TNC. To identify and access the source of the incorrect data, employees must use methods such as Privacy Act requests, which, in fiscal year 2009, took on average 104 days. DHS officials acknowledged that the current process for employees to correct their personal records could be improved and said they are discussing ways to provide employees with better access to relevant information. By developing procedures that could enable employees to effectively correct any inaccurate personal information, DHS components could help employees avoid receiving erroneous TNCs.
USCIS and SSA have taken actions to prepare for possible mandatory implementation of E-Verify for all employers nationwide by addressing key practices for effectively managing E-Verify system capacity and availability and coordinating with each other in operating E-Verify. However, USCIS's lifecycle cost estimates for E-Verify do not reliably depict current costs (i.e., do not include all costs associated with maintaining and operating E-Verify) and SSA's estimates do not consider the risk associated with changes in SSA's E-Verify workload. Without DHS developing reliable life cycle cost estimates for E-Verify, and SSA assessing the risk associated with its E-Verify workload, the agencies are at increased risk of not securing sufficient resources to effectively execute program plans in the future.
GAO recommends, among other things, that USCIS disseminate information to employees on the importance of consistently recording their names, DHS components develop procedures to help employees correct inaccurate personal information, USCIS develop reliable cost estimates for E-Verify, and SSA assess risks associated with its E-Verify workload costs. DHS and SSA generally agreed with most of GAO's recommendations. SSA disagreed that it should assess risks associated with its workload costs because it believes it already does so. GAO believes the recommendation is valid because SSA's risk estimate has limitations as discussed in the report.
Recommendations
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
United States Citizenship and Immigration Services | To reduce the likelihood of name-related erroneous TNCs for employees with multiple or hyphenated surnames, the Director of USCIS should disseminate information to employees, for example, through Office for Civil Rights and Civil Liberties (CRCL's) instructional videos for employees, in DHS's A Guide to Naturalization, and at naturalization ceremonies, on the potential for name mismatches and how to record their names consistently when providing name information to employers, SSA, and DHS. |
Our report recommended that in order to reduce the likelihood of name-related erroneous tentative non-confirmations (TNCs) for employees with multiple or hyphenated surnames, United States Citizenship and Immigration Services (USCIS) should disseminate information to employers on the potential for name-related mismatches and how to record names consistently when providing such information to employers, SSA, and DHS. To address this recommendation, in August 2012, USCIS posted "Tips to Preventing a TNC" on its E-Verify website, and in February 2012, USCIS included information on the importance of entering names consistently on identity and government records in the Questions and Answers (Q&A) section of the Self Check web site. USCIS also reported that in fiscal year 2011, it shared information about complex names and recording names consistently at conferences organized by various worker and immigrant advocacy organizations, including the American-Arab Anti-Discrimination Committee and the League of United Latin American Citizens. We believe that USCIS has taken appropriate steps to address our recommendation.
|
United States Citizenship and Immigration Services | To better target USCIS's education efforts and ensure employer compliance with the E-Verify program, the Director of USCIS should develop an analysis plan for the mastery test and use the analysis results to make fact-based decisions about whether and how to revise the test, the tutorial, or both. |
Our report recommended that USCIS develop an analysis plan for the E-Verify mastery test and use the results to make decisions about whether and how to revise the test, the tutorial, or both. USCIS reported that it began analyzing the results of revisions to the June 2010 mastery test to assess what questions may need to be further revised and to determine what concepts may require greater explanation. USCIS identified three questions needing revision and made these changes in June 2011. USCIS provided extensive documentation of the data analyses it has conducted in response to this recommendation. Specifically, USCIS analyzed millions of responses to the E-Verify knowledge mastery tests administered in July 2011, January 2012, April 2012, and July 2012; and over 700,000 responses to an E-Verify tutorial administered in November 2010. USCIS also developed an E-Verify Training Analysis Plan with the intent to regularly measure the effectiveness of E-Verify user tutorial content and knowledge tests and other E-Verify educational tools. USCIS reported that the analysis of the E-Verify data will be an ongoing effort and that it will continue to monitor reports to determine changes for future releases. We believe that USCIS's actions have addressed the intent of this recommendation.
|
United States Citizenship and Immigration Services | To ensure that employees have the ability to access and correct inaccuracies or inconsistencies in personal information within DHS databases that may have led to erroneous TNCs and minimize the potential for employees receiving repeated erroneous TNCs, the Director of USCIS should develop procedures that enable employees to access personal information and correct inaccuracies or inconsistent personal information in DHS databases. |
Our report recommended that USCIS procedures that enable employees to access personal information and correct inaccuracies or inconsistent personal information in DHS databases. USCIS has implemented several corrective actions to provide greater transparency to E-Verify employees receiving Tentative Nonconfirmations (TNCs) who may need to correct their immigration records. Examples include publishing multilingual guidance on how to correct their records on both the E-Verify website and TNC letters; sending TNC notices directly to employees who provide their email address to ensure that they are aware of the TNC; and expanding the Self Check into a new feature called myE-Verify, which allows employees to set up an account where they can lock their Social Security number so it cannot be used by others in E-Verify. In FY 2015, USCIS plans to develop the ability for an employee to track their case status in E-Verify, pending availability of funds. In FY16, USCIS plans to develop an email notification for employees informing them that they need to update their immigration records.
|
Department of Homeland Security | To improve the accuracy of the source data used to make employment eligibility decisions and decrease the potential for recurring erroneous nonconfirmations, the Secretary of Homeland Security should direct the heads of DHS components to coordinate with one another to develop procedures to correct inaccurate or inconsistent information in their records and systems that may have led to erroneous TNCs or final nonconfirmation (FNCs). |
In response to our recommendation, USCIS took several steps to develop procedures to correct information in databases used by USCIS, CBP, and/or ICE that had resulted in new hires receiving an erroneous work authorization decision. For example, in 2012, USCIS launched E-verify Self Check, a feature that enables employees to confirm their own eligibility to work in the United States and see any data mismatches found. In April 2015, USCIS implemented MyE-Verify, a self-service feature that allows employees to create a secure account in Self Check and engage with the E-Verify Program. USCIS also combined the Tentative Nonconfirmation (TNC) Notice and Referral Letter into one document -- the Further Action Notice (FAN). Moreover, USCIS has developed a Final Nonconfirmation (FNC) letter to provide a formal process by which individuals can request a review of their FNC in order to help reduce erroneous FNCs. The actions taken by the agency meet the intent of the recommendation. Updated August 2015.
|
United States Citizenship and Immigration Services | To decrease the potential for recurring erroneous nonconfirmations, the Director of USCIS should develop procedures for management program analysts to document the basis for their work authorization decisions. |
Our report noted that USCIS did not require management program analysts (MPA) to document the process they used to resolve tentative nonconfirmations that were contested by employees. USCIS officials said they recognized the importance of making and documenting accurate decisions and planned to revise the standard operating procedures to require this of management program analysts. USCIS issued revised standard operating procedures (SOPs) in fiscal year 2012. The revised procedures require MPAs to document the systems and information used to arrive at work authorization decisions. The procedures note that MPAs should list the specific systems they checked (for example, the actual screen within the system that is used to resolve a case). The information entered is to be detailed enough to enable another MPA to understand the decision. We believe that USCIS's revised operating procedures are responsive to the intent of our recommendation.
|
United States Citizenship and Immigration Services | To help ensure that SSA will be able to meet the capacity demands of the E-Verify program and provide USCIS with continuous service in the future, the Director of USCIS and the Commissioner of SSA should finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a timeframe and milestones for its completion. |
In our December 2010 report on E-Verify, we reported that USCIS and the Social Security Administration (SSA) had met five of the six effective practices for capacity management and planning as established by the Software Engineering Institute's best practices for capacity management. However, the agencies had not met the sixth practice defining and documenting service-level requirements to help ensure that SSA will be able to meet E-Verify capacity demands and provide USCIS continuous service in the future, or provided timeframes for when the agreement will be completed. Service-level agreements are widely accepted by Information Technology experts, and are integral to effective information technology planning. We reported that (1) USCIS officials told us that USCIS had developed a draft service-level agreement and had submitted it to SSA for review; and (2) SSA officials told us that SSA was reviewing the agreement, but did not identify a date for when the agreement would be reviewed and approved by both agencies. We recommended that the Director of USCIS and the Commissioner of SSA finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify. In response, on June 7, 2011, we received notification from SSA officials that a service level agreement had been established for the E-Verify program and had been in effect as of May 31, 2011. SSA provided us a copy of its service-level agreement with DHS. The agreement included information on the services that SSA would provide, including SSA's service availability schedule, service scope (for example, average response times to queries and SSA's problem reporting process), and service monitoring, tracking, and reporting procedures. As a result, USCIS and SSA have established a common understanding of how to meet current and future E-Verify system demands, and are better positioned to ensure that SSA will be able to provide continuous E-Verify service and meet increased demands for system capacity in the future.
|
Social Security Administration | To help ensure that SSA will be able to meet the capacity demands of the E-Verify program and provide USCIS with continuous service in the future, the Director of USCIS and the Commissioner of SSA should finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify, including the steps needed to complete the agreement in a manner that is acceptable to both parties and a timeframe and milestones for its completion. |
In our December 2010 report on E-Verify, we reported that U.S. Citizenship and Immigration Services (USCIS) and the Social Security Administration (SSA) had met five of the six effective practices for capacity management and planning as established by the Software Engineering Institute's best practices for capacity management. However, the agencies had not met the sixth practice: defining and documenting service-level requirements to help ensure that SSA will be able to meet E-Verify capacity demands and providing USCIS continuous service in the future, or provided timeframes for when the agreement will be completed. Service-level agreements are widely accepted by information technology experts, and are integral to effective information technology planning. We reported that (1) USCIS officials told us that USCIS had developed a draft service-level agreement and had submitted it to SSA for review; and (2) SSA officials told us that SSA was reviewing the agreement, but did not identify a date for when the agreement would be reviewed and approved by both agencies. We recommended that the Director of USCIS and the Commissioner of SSA finalize the terms of the service-level agreement that defines the requirements for SSA to establish and maintain the capacity and availability of its system components for E-Verify. In response, on June 7, 2011, we received notification from SSA officials that a service level agreement had been established for the E-Verify program and had been in effect as of May 31, 2011. SSA provided us a copy of its service-level agreement with the Department of Homeland Security. The agreement included information on the services that SSA would provide, including SSA's service availability schedule, service scope (for example, average response times to queries and SSA's problem reporting process), and service monitoring, tracking, and reporting procedures. As a result, USCIS and SSA have established a common understanding of how to meet current and future E-Verify system demands, and are better positioned to ensure that SSA will be able to provide continuous E-Verify service and meet increased demands for system capacity in the future.
|
United States Citizenship and Immigration Services | To ensure that USCIS has a sound basis for making decisions about resource investments for E-Verify and securing sufficient resources to effectively execute defined program plans, the Director of USCIS should ensure that a life cycle cost estimate for E-Verify is developed in a manner that reflects the four characteristics of a reliable estimate consistent with best practices--comprehensive, well-documented, accurate, and credible. |
In January 2016, USCIS provided us with a Life Cycle Cost Estimate (LCCE)and supporting documentation. According to USCIS, the review and assessment was performed according with the DHS LCCE scoring criteria derived from GAO's Cost Estimating and Assessment Guide. We reviewed the documentation and believe that USCIS's actions have addressed the intent of this recommendation.
|
Social Security Administration | To ensure that SSA can accurately project costs associated with its E-Verify workload, as well as estimates for potential mandatory implementation of E-Verify, the Commissioner of SSA should assess the risk and uncertainty within SSA's E-Verify workload estimate as well as the limitations associated with the assumptions used to create it, in accordance with best practices, to ensure that SSA can provide the required level of support to USCIS and E-Verify operations. |
As noted in our report, SSA did not agree with the recommendation. SSA stated that it routinely assesses the risk and uncertainty when developing assumptions for E-Verify workload estimates and administrative costs related to proposed legislation. SSA also stated that if E-Verify were to become mandatory, SSA would adapt its budget models and recalculate estimated costs based on the new projected workload volume. As discussed in the report, SSA does not conduct a risk and uncertainty analysis that uses statistical models to quantitatively determine the extent of variability around its cost estimate or identify the limitations associated with the assumptions used to create the estimate. We continue to believe that SSA should adopt this best practice for estimating risks to help it reduce the potential for experiencing cost overruns for E-Verify, but we are closing this recommendation because SSA did not plan to implement it.
|