Follow-up Review of the Status of IDENT/IAFIS Integration

E & I Report No. I-2005-001
December 2004


Results of the Review - Part I


    Existing FBI IAFIS capacity is sufficient to handle the projected workload increase that will result from the DHS’s expedited deployment of Version 1.2 of IDENT/IAFIS workstations. However, that conclusion is based on current DHS workload projections which assume that less than one percent of visitors will be subjected to direct IAFIS fingerprint searches at the ports of entry. Current and planned IAFIS capacity through October 1, 2005, is not adequate to support a significant expansion of the number of visitors searched. In addition to having adequate current capacity, the FBI requires that the IAFIS system be available to users at least 99 percent of the time. Between November 2003 and April 2004, IAFIS failed to meet system availability requirements. Because there is no backup system, during scheduled or unscheduled maintenance IAFIS must be taken out of service and cannot complete fingerprint searches. As a result, responses to DHS’s fingerprint search requests were delayed, resulting in aliens’ fingerprints not being checked against IAFIS at all. The FBI is working to improve system availability and provide more timely notification to customers when the system is unavailable.

Existing FBI IAFIS Capacity is Sufficient to Handle the Projected Workload Increase That Will Result From the DHS’s Expedited Deployment of Version 1.2 of IDENT/IAFIS Workstations

On March 4, 2004, DHS Secretary Ridge testified before Congress that the DHS would expedite the deployment of Version 1.2 IDENT/IAFIS workstations. The DHS committed to completing deployment of the new workstations to all its Border Patrol stations and to the 179 ports of entry included in the first two phases of US-VISIT (the 115 air ports of entry, 14 sea ports of entry, and the 50 busiest land ports of entry) by December 31, 2004. As of September 21, 2004, the DHS completed deployment of Version 1.2 workstations to all 136 of its Border Patrol stations. DHS officials told us that they are on track to deploy Version 1.2 workstations to the 179 ports of entry by the end of 2004.

The deployment of Version 1.2 integrated workstations will increase the number of IAFIS queries submitted by the DHS. The DHS conducted an analysis to estimate the potential increase in TPRS queries that would be sent to IAFIS from all Border Patrol stations and all US-VISIT air, land, and sea ports of entry through December 31, 2005 (when the DHS is scheduled to complete deployment of the Version 1.2 workstations). As part of the analysis, the DHS included information on low and peak times of day and year. For January through April 2004, the DHS-projected number of daily transactions for the Border Patrol ranged from a low of 2,553 to a high of 5,230. For the ports of entry, the DHS-projected number of daily TPRS transactions ranged from a low of 629 to a high of 829.39 Based on the DHS data, we estimated that the daily range of TPRS IAFIS queries after December 31, 2005, could be between 3,182 and 6,059 queries per day.

For other data on IAFIS workload and preparations to meet DHS requirements, we contacted CJIS Division officials. They told us that, as of May 25, 2004, the DHS was submitting approximately 2,200 to 3,000 TPRS search requests each day; 1,300 CAR bookings; and 3,000 fingerprint image requests to IAFIS (Table 2). At that time, IAFIS was capable of processing 8,000 TPRS requests per day.

Table 2 - IAFIS Daily Capacity and Usage
Query TypesCURRENT
Capacity
CURRENT
Queries
(All sources)
CURRENT
Queries
(DHS Only)
Planned
Version 1.2
Capacity
(10/1/2005)
Projected
Queries
(All sources)
(10/1/2005)
Projected
Queries
(DHS Only)
(10/1/2005)
TPRS queries
(DHS only)
8,000 2,200-3,00020,000 3,182 -
6,059(a)
CAR bookings30,00020,5001,30060,00035,000up to 3,900(b)

IRQ
7,0006,0003,000(c)7,0006,0003,000

Latents
635(d)35025635450up to 158(e)
Name checks/III/
Criminal histories
850,000425,000187,000850,000470,000Unknown

(a) Provided by the DHS. The DHS projection is based on workload data for January through April 2004.
(b) The FBI plans to support up to 1 million additional annual CAR bookings from the DHS after October 1, 2005.
(c) The CJIS Division limits the DHS to 3,000 IRQs per day to ensure that other entities have access to fingerprint image retrievals.
(d) All federal agencies except the FBI have been allocated 25 percent of IAFIS’s latent fingerprint search capacity.
(e) The DHS allocation is 158; in the past the DHS has not submitted latent requests up to its allocation.

Source: CJIS Division, except where noted as from the DHS.

According to the CJIS Division’s FY 2005 Budget Enhancement Request, as of May 2004 the CJIS Division had implemented $2.7 million worth of IAFIS improvements, including upgrades of the IAFIS server platform and network, expanded storage capacity, and increased bandwidth. After October 1, 2005, the CJIS Division expects to implement enhancements that will increase IAFIS capacity from the current 8,000 daily TPRS search requests to 20,000 daily TPRS search requests.40 The CJIS also plans to increase its capacity to process CAR bookings from the current 30,000 to 60,000 per day. The increased CAR capacity will accommodate up to 1 million additional CAR submissions per year from the DHS. The capacity for fingerprint image requests and name checks will remain the same for FY 2005. The CJIS Division plans to hire additional fingerprint examiners (above the 12 requested in the FY 2005 budget request) to supplement the approximately 250 examiners already on board and support anticipated retirements.

In addition, the Budget Enhancement Request indicated that the CJIS Division is implementing several IAFIS upgrades in FY 2004 and FY 2005 to enable the FBI to better support the DHS. For example, the CJIS Division was planning to:

  • Reduce the guaranteed IAFIS processing time for TPRS responses from 10 minutes to 2 to 3 minutes by prioritizing TPRS transactions; and

  • Provide additional software and hardware upgrades to support these enhancements, including requesting an additional $12.4 million in IAFIS system enhancements for FY 2005 (that would represent the bulk of the FBI’s FY 2005 IDENT/IAFIS budget of $16 million).

Based on the existing IAFIS capacity of 8,000 TPRS transactions per day, the FBI appears to be capable of handling the increased volume of TPRS searches projected to occur as a result of the DHS’s expedited deployment of Version 1.2 of IDENT/IAFIS workstations through December 2004. The current capacity also appears capable of supporting a decision by the DHS to conduct a TPRS check on all of the aliens not admitted to the United States each day at the ports of entry. The planned IAFIS upgrades will increase the TPRS transaction capacity to 20,000 searches per day by October 1, 2005, and will give the system a surplus capacity of at least 13,000 TPRS transactions over the 6,059 maximum expected daily workload from the DHS.

DHS Workload Projections Assume That Less Than One Percent of Visitors Will Be Subjected to Direct IAFIS Fingerprint Searches at the Ports of Entry

Although we concluded that the FBI is prepared to meet the expected increase in IAFIS workload through October 1, 2005, we noted that DHS workload projections assume that the number of visitors who receive IAFIS fingerprint searches will be sharply limited. The DHS is not planning to use IAFIS TPRS searches to screen all, or even many, visitors at ports of entry, but plans to limit TPRS queries to a small percentage of those who are referred to secondary inspection and not admitted to the United States.41 According to the DHS, in 2005 approximately 43 million visitors to the United States (an average of 118,000 each day) will be subject to US-VISIT requirements at ports of entry nationwide. The DHS estimates that, once full deployment of all IDENT/IAFIS workstations is complete, it will request direct TPRS IAFIS queries on about 800 aliens each day (0.7 percent of the visitors subject to US-VISIT). Although the 800 a day projection is significantly lower than the average of 1,800 individuals a day who were determined inadmissible between July 1, 2003 and June 30, 2004, present IAFIS capacity could handle an additional 1,000 queries a day.42 The other 99.3 percent of aliens requesting entry into the United States will be checked against US-VISIT, but will not be checked against the IAFIS Criminal Master File.

If the number of visitors who are subjected to IAFIS fingerprint searches is expanded, the current and planned IAFIS capacity through October 1, 2005, may be exceeded. Although we concluded that current and planned IAFIS capacity is sufficient to meet the DHS’s projected requirements, the DHS workload projections assume that only about 800 visitors will be subjected to IAFIS fingerprint searches at the ports of entry each day. That represents only 0.7 percent of the 118,000 total projected daily visitors in 2005 that are denied admittance each day. According to data provided by US VISIT officials, between July 1, 2003, and June 30, 2004, an average of about 22,350 individuals referred to secondary inspection each day, and 1,811 of the individuals were not admitted to the United States for law enforcement or administrative reasons.43 The vast majority of visitors subject to the provisions of US-VISIT (99.3 percent) will be checked against the US-VISIT watch list, which contains a limited number of records extracted from the IAFIS database such as the Wants and Warrants file, but the visitors will not be checked directly against the full IAFIS Criminal Master File.

Although by October 1, 2005 IAFIS will have surplus capacity of between 13,000 and 16,000 TPRS transactions over current projected requirements, the number of visitors checked directly against IAFIS could increase significantly if the population of visitors subjected to the IAFIS TPRS searches is expanded. For example, a decision to check all visitors referred for secondary inspection – which averaged 22,350 each day between July 1, 2003, and June 30, 2004 – could exceed the current and planned IAFIS capacity of 20,000 TPRS searches per day through October 1, 2005. Although such an expansion is not currently planned, this could change based on the results of a proposed study discussed later in this report that would determine how many criminal visitors missed by US-VISIT could have been detected by checking IAFIS.

Between November 2003 and April 2004, IAFIS Failed to Meet System Availability Requirements.

In addition to having the capacity to process its expected workload, the IAFIS system must be continually operational in order to respond to fingerprint search requests 24 hours a day, 7 days a week. However, the IAFIS system consists of several components that do not have redundant backup systems, so when any of the components is out of service for software or hardware upgrades (scheduled downtime), or due to unforeseen system problems (unscheduled downtime), the FBI cannot continue to fully process fingerprint search requests.44 Availability requirements call for the entire IAFIS system to be available to users 99 percent of the time and for each IAFIS component to be available 99.5 percent of the time.

According to CJIS Division data, IAFIS has not been meeting these system availability requirements. We found that during the six months from November 2003 through April 2004, IAFIS was down a total of 161 hours, resulting in an average monthly availability of approximately 96 percent (Chart 1). Of the 161 hours of downtime, about 60 percent was scheduled and 40 percent was unscheduled (Table 3). During this six-month period, IAFIS had 24 scheduled outages and 46 unscheduled outages of 30 minutes or more.

Excessive downtime makes it possible for aliens with a criminal record in IAFIS but with no criminal record in IDENT to be released. The impact is most acutely felt at Border Patrol stations that are processing large numbers of apprehended aliens. If Border Patrol agents do not receive a response from IAFIS within 10 minutes or shortly thereafter, decisions on whether to detain or release the alien will be made based only on the results of an IDENT query. Visitors at ports of entry already will have been checked against the US-VISIT watch list, and, if they are referred to secondary inspection, officers can query the IAFIS criminal history database by the visitors’ name and make a decision based on checks of other immigration databases. However, there is still the risk of not having the right name and missing information that would be available through a fingerprint match.

Chart 1 shows the percentage of time that IAFIS was available each month from November 2003 to April 2004. Availability is as follows: November - 96.3%, December - 98.1%, January - 98.2%, February - 96.1%, March - 91.9%, April - 97.1%.
Source: FBI CJIS Division

TABLE 3
FBI IAFIS Availability for Six-Month Period November 2003 - April 2004
DateHours in
Month
DowntimeIAFIS
Availability
Unscheduled DowntimeScheduled Downtime
(Hours)(Percent)(Percent)(Hours)(Percent)(Hours)(Percent)
November-0372026:263.8%96.2%10:4040.4%15:4659.6%
December-0374413:501.9%98.1%2:5020.5%11:0079.5%
January-0474413:271.8%98.2%8:47065.3%4:4034.7%
February-0469627:103.9%96.1%8:3631.7%18:3468.3%
March-0474459:598.1%91.9%36:2260.6%23:3739.4%
April-0472020:582.9%97.1%4:5023.1%16:0876.9%

TOTAL

4,368

161:50

3.7%

96.3%

72:05

40.4%

89:45

59.6%
Source: FBI CJIS Division

CJIS Division officials told us that they schedule downtime periods of about eight hours to accomplish necessary software updates and other installations at least four times per year, typically in March, June, September, and December. In addition, they stated that there are "small outages" at least six times per year. Scheduled downtime is generally planned for times when the CJIS Division expects minimal customer activity (e.g., early morning hours). As shown in Table 3, IAFIS experienced scheduled downtime on a monthly basis for the six-month period that we reviewed (November 2003 through April 2004). CJIS Division officials acknowledged the frequent downtime and told us that they are working to limit scheduled downtime to the expected four times per year, but that it is "not one of their highest priorities." They stated that the CJIS Division is currently researching methods of installing software faster to reduce scheduled downtime from eight hours to approximately one hour, and is considering including a “hot maintenance concept” in the Next Generation IAFIS in which some software upgrades could be accomplished without taking the system out of service.45

Customer notification procedures. During IAFIS downtime, responses to DHS requests for fingerprint searches may be delayed.46 Unscheduled delays, in particular, can present a significant problem for the Border Patrol, which relies on quick response times in order to process apprehended aliens. The CJIS Division policy is to notify customers if IAFIS cannot respond to queries within 10 minutes for the DHS, and 2 hours for other customers. However, CJIS Division officials stated that, particularly during March 2004, the CJIS Division was unable to notify the Border Patrol of the IAFIS problems in a timely manner. The CJIS Division later provided the DHS with written explanations of the problems, but a Border Patrol senior agent told us that he was frustrated by the extended IAFIS downtime (specifically during March), lengthy repair time, and an inability to directly contact the CJIS Division help desk.

To improve customer notification, on May 5, 2004, the CJIS Division modified the "call tree" that it uses to notify IAFIS users (and other CJIS Division system customers) of unscheduled downtime and other system problems to include the DHS help desk. In addition, the CJIS Division now sends a message to a designated individual at the US-VISIT Program Management Office, who then notifies locally designated area coordinators of the downtime via e-mail. The US-VISIT Program Management Office confirmed to us that it is now receiving better notice of such outages.

Lack of backup increases risk of service loss. In addition to causing downtime when components are out of service, the lack of backup systems for IAFIS means that, if a catastrophe severely damages the IAFIS system, there is no backup that can continue to provide electronic fingerprint identification services to law enforcement authorities. Copies of IAFIS data are sent to an off-site location regularly, however.47 In February 2004, at the request of the Department, the IAFIS contractor (Lockheed Martin) prepared two reports that describe options for developing a disaster recovery site to ensure continuation of CJIS Division operations (including IAFIS, the NCIC, the National Instant Criminal Background Check System, and other services) in case of a catastrophe at the CJIS facility.48 The reports confirm that "If the data the CJIS division maintains were destroyed, law enforcement services throughout the United States would be severely degraded." The reports recommend developing a "mirror" site that would cost an estimated $174 million and take up to eight years to complete.

Although it was not originally a requirement, CJIS officials told us, during an October 2004 follow-up interview, that the backup site is now required to ensure continual IAFIS availability during normal downtime, as well as in the event of a disaster. They also told us that the CJIS Division awarded a contract for an Enterprise Storage Area Network, which will replicate IAFIS data, in real-time, to an off-site location. While such a system would more effectively safeguard IAFIS data, it would not be capable of processing search requests during downtime. The CJIS Division is also considering developing an interim disaster recovery site and is evaluating the projected costs.


Footnotes

  1. The DHS projection assumed there would be 71 TPRS transactions for every 100 IDENT search and enroll transactions.

  2. CJIS Division representatives met with the IAFIS contractor, Lockheed Martin, to ensure that they would be able to support 20,000 TPRS transactions per day. Operations and maintenance functions are managed by FBI staff and executed by FBI and Lockheed Martin staff.
  3. Visitors are referred to secondary inspection if a search in any of the law enforcement/immigration databases queried at primary inspection results in a hit or if they raise the suspicion of the primary immigration officer. DHS data for the period from July 1, 2003, to June 30, 2004, shows that 8,156,638 of the 260,863,839 visitors to the United States (8.9 percent) were referred by immigration agents for secondary inspection. Of these, 661,072 (0.3 percent of all visitors), or about 1,811 per day, were subsequently not admitted to the United States due to administrative, immigration, or criminal issues.
  4. DHS inspection policy states that "all subjects who are suspected of being inadmissible to the United States shall be queried through IDENT/IAFIS."
  5. Visitors are referred to secondary inspection if a search in any of the law enforcement/immigration databases queried at primary inspection results in a hit or if they raise the suspicion of the primary immigration officer.
  6. Depending on the specific component that is out of service, queries can sometimes be partially processed by the available IAFIS components and queued until the remaining components are available.
  7. Next Generation IAFIS is discussed in more detail later in this report.
  8. Delays in response time may also be due to problems at the DHS site or with other FBI systems.
  9. US-VISIT and IDENT have redundant search capability with databases residing in Rockville, Maryland and Dallas, Texas.
  10. Final Report on the Analysis of Alternative Concepts for Disaster Recovery, February 26, 2004; and Final Report on the Methodology to Plan, Design, Develop, and Implement CJIS Disaster Recovery.