Navigating Through The Maze of Security Checks: Issues Affecting Consular Processing in 2004
by Tien-Li Loke Walsh and Bernard P. Wolfsdorf*
Since 9/11, numerous measures designed to enhance security and streamline visa processing have been implemented to identify and eliminate vulnerabilities in the visa processing system. The passage of the USA PATRIOT Act of October 2001,[1] followed in May 2002 by the Enhanced Border Security and Visa Entry Reform Act of 2002 (“Border Security Act”)[2] and the November 2002 Homeland Security Act,[3] accelerated these efforts by mandating increased coordination of law enforcement and intelligence agencies, inter-agency data sharing, implementation of an integrated entry and exit control system, establishment of terrorist lookout committees, foreign student monitoring and intensified security check measures. These latest laws have introduced a new era of restrictive consular practice and “zero-tolerance,” making consular practice a daunting exercise. The combination of these statutory provisions together with the steady stream of regulatory changes including the introduction of additional security clearance procedures for “List of 26” nationals from predominantly Muslim countries,[4] restrictions on the “Terrible 7” countries,[5] changes to the automatic revalidation provision, increasing applicability of the Technology Alert List (“TAL”),[6] enforcement of export controls, and a growing scrutiny of unauthorized employment issues and even minor criminal convictions have completely changed the playing field. In response to 9/11 and threats to U.S. security, the United States has vigorously shifted its policy from a precise “surgical approach” targeted at removing visa offenders and meeting security threats, to a broad-based “blanket approach” targeting aliens from predominantly Muslim countries, aliens involved in sensitive technologies, and aliens with criminal histories. Although some of the security measures were expected, visa applicants are faced with an entirely new visa framework, often encountering completely unpredictable surprises that can cause unexpected and lengthy delays in visa issuance. The inevitable problems associated with a major restructuring are compounded by a new restrictive attitude on the part of DOS and USCIS. While many attorneys are familiar with USCIS change-of-status issues, some neglect to address the issues inherent in consular processing in the planning stages of a nonimmigrant visa application. The issuance of a Form I-797 Notice of Action approval from CIS is supposed to constitute prima facie evidence of entitlement to a visa in most nonimmigrant classifications; however, in reality, this is the equivalent of reaching first base.
WHAT ARE ALL THESE SECURITY CHECKS?
Since 9/11, DOS and other U.S. government agencies, including the CIA, FBI, and NSA have consulted in an extensive and ongoing review of visa issuing procedures. Over 8 million records from the FBI’s National Crime Information Center (NCIC) have been incorporated into the Consular Lookout and Support System (CLASS)[7] name check database, more than doubling the records on file to 18 million.[8] Additional name check records from the intelligence community through TIPOFF,[9] along with data from the U.S. Marshals Service, were also incorporated into CLASS.[10] In addition, the CLASS and TIPOFF databases interface with the Interagency Border Inspection System (IBIS), the Treasury Enforcement and Communications System (TECS II), the National Automated Immigration Lookout System (NAILS) and the Nonimmigrant Information System (NIIS). DOS also relies on the Terrorist Screening Center (TSC) and the Terrorist Threat Integration Center (TTIC), which integrates and maintains the terrorist watch lists and is accessible to consular officers. All of this information, which is constantly updated, includes information on terrorists and foreign warrants, but also extensive information about any criminal convictions or arrests including relatively minor offenses for DUI’s or shoplifting, and provides consular officers with access to critical information during the visa interview process. Consular officers also use the Consular Consolidated Database (CCD), which includes over 75 million records of visa applications, which are used to screen visa applicants. Since February 2001, the CCD stores photographs of all visa applicants in electronic form, and most recently, has started to store fingerprints. In addition to interfacing with other databases, the CCD also indicates the outcome of any prior visa applications.
In conjunction with improvements to efforts at database sharing, the DOS has also designed a system of Security Advisory Opinion (SAO), that require consular posts to refer selected visa cases, identified by law enforcement and intelligence information, for enhanced review. All of these SAO procedures involve close cooperation with other government agencies that are experts in law enforcement, counter-terrorism and high technology. In FY 2003, the DOS estimates that there were approximately 212,000 SAO cases processed, accounting for about 2.2% of all visa applications.[11] The following are some of the SAO related security clearances implemented in the last two years.
“Visas Condor” Security Checks
The Condor check, initiated on January 26, 2002, was created to focus on potential terrorism applicants. It is triggered primarily by information provided on the Supplemental Nonimmigrant Visa Application Form DS-157, which is submitted as part of the visa application process. The DS-157 requests extensive information about the applicant’s travel and educational history, employer information, and military service. This data is used to assess whether a visa applicant requires a Condor or other security check. DOS is applying a “native” standard such that additional security measures are being initiated for applicants born in one of the “List of 26” or “Terrible 7 countries,” and not just to citizens of those countries.[12]
It appears that citizens or nationals from these countries where there are few surnames or name similarity is common (e.g. Patel, Mohammad Ali, Mohammad Siddiqui, etc.), create the most problems for consular posts. If there is a “hit” in the system and if there is no clarifying information such as a date-of-birth, a consular officer has no choice but to initiate a Condor security check. Additionally, any individual who has spent time, whether for short visits or extended assignments or periods as a minor (a common scenario involves the children of European “colonials” who were born in or spent part of their childhood in former Commonwealth colonies such as Malaysia, or where parents worked in the oil business and a child grew up in Saudi Arabia despite having European citizenship), in a “country of concern,” will likely be subject to a Condor check.
At the end of 2003, DOS provided consular posts with additional factors and guidelines to consider when faced with potential Condor situations, but the guidance remains classified.
The DOS requires all posts to wait for an affirmative response from all participating agencies prior to issuing a visa.[13] In order to improve the overall process, the DOS has since made a number of technical changes in coordination with other agencies, which includes a shift in the clearance of “Condor” cases to the National Visa Center in New Hampshire, where the FBI performs all necessary checks.[14]
The Condor security checks initially resulted in extensive delays, often as long as four to six months, because none of the federal agencies involved in the clearing process were technically equipped to handle the volume of data that was received when the Condor program began. However, the DOS currently reports that the average processing times for Condor security checks is thirty days. To date, there is no system to expedite these security checks. However, if a security check has been pending for over 60 days, counsel may call the VO public inquiries number at (202) 663-1246 or email legalnet@state.gov [15]
NCIC Checks and “Hits” in the Database
Consular posts have been inundated with “hits” from the millions of names added to the NCIC database, revealing criminal convictions including minor offenses such as simple DUIs and shoplifting. The NCIC check is now integrated into the CLASS name check that is run on every visa applicant. Since DOS is not a law enforcement agency, consular posts do not have access to detailed information explaining the reason underlying the “hit.” If an applicant’s name is identified as a “hit,” posts will request an appearance by the applicant in order to obtain a full set of fingerprints, which are submitted for further analysis to the FBI.[16] The FBI is currently taking approximately two to four weeks to complete these checks. Although attorneys have attempted to be pro-active and expedite the process by submitting court-certified documentation of arrest records and attorney-initiated FBI results at the initial visa application, consular officers are required to obtain fingerprints in any case of a NCIC name check “hit” under 22 CFR §41.105 (b)(2).[17] Once a post has received a response from the FBI via the National Visa Center, it may at the consular officer’s discretion, accept documentation from the applicant that matches the extract provided by the FBI.[18] However, consular posts will not accept submission of all related documents in lieu of initiating required security checks and fingerprinting.
“False hits” are the biggest headaches for unsuspecting visa applicants. Unfortunately, anecdotal reports confirm that there have been an alarming number of false hits caused by similar or identical names, especially when the applicant is from a country where there are few surnames and name similarity is quite common. Approximately half of the names in the NCIC database are Latino and this has resulted in an alarming number of false hits for individuals with common Latino names. Applicants with such hits are not provided with an opportunity to show that they are not the same person as that on the database.[19] To date, there is no way to initiate the security check in advance of a visa application.[20]
The Technology Alert List (TAL)
and Visas Mantis security checks
The “Visas Mantis” program is an SAO procedure designed to ensure that sensitive technology is not stolen or inappropriately shared with those who would use it to harm the United States and its allies. In assessing these threats, the DOS relies primarily on the Technology Alert List (TAL) [21] to make its determinations. The TAL cable is also designed to specifically provide guidance for use in cases that may fall under the purview of INA§212 (a)(3)(A), which renders aliens inadmissible where there is reason to believe they are seeking to enter the United States to violate or evade U.S. laws prohibiting the export of goods, technology, or sensitive information from the United States. The TAL guidance cable describes the specific purpose of the Mantis program, instructs consular officers what to look for when reviewing an application that may result in a Mantis cable and provides details on what information to include in a cable.
In August 2002, the DOS significantly updated the TAL and issued a cable providing updated guidance to consular posts on the use of the TAL Mantis security checks.[22] The TAL was designed to assist in the effort to prevent the transfer of sensitive technology or material, (e.g., controlled nuclear or biotechnical information), from falling into the wrong hands and being used by hostile individuals or regimes. The increasing sophistication of off-the-shelf technology, dual-use technologies (technologies which have both civilian and military applications), allegations of lack of sufficient information about and controls on foreign students in the United States, recent tensions in the Middle East, and the 9/11 terrorist attacks have combined to renew concern among the law enforcement and intelligence communities that controlled U.S.-origin goods and information are vulnerable to theft.
The revised TAL consists of two parts: a “Critical Fields List” (CFL) of major fields of technology transfer concern, including those subject to export controls for nonproliferation reasons; and the DOS’ list of designated State Sponsors of Terrorism, also known as the “Terrible 7” countries.[23] While restrictions on the export of controlled goods and technologies applies to scientific and technical visitors from all countries, DOS instructs posts that applicants from the “Terrible 7” countries seeking to engage in one of the critical fields warrant special scrutiny and mandatory security advisory opinion (“SAO”) checks.[24]
In comparison to the previous version, the updated TAL includes a vastly expanded list of associated technologies within each critical field, which details virtually every potential “dual use” application, where seemingly benign technologies have potential military applications. For example, the updated TAL includes a Chemical, Biotechnology and Biomedical Engineering critical field—an all-encompassing list that includes almost every possible associated technology or skill involving chemistry, biochemistry, immunology, microbiology, pharmacology, genetic engineering, and chemical engineering to name a few. With such an all-inclusive list, nearly every research scientist, physician or academic, or engineer involved in any of these fields in commercial research laboratories, educational institutions and universities, or private industry may be subject to a TAL security check by a post erring on the side of caution.[25]
As further indication of the all-encompassing nature of the TAL, the updated list also adds a new field to the TAL—Urban Planning (expertise in construction or design of systems or technologies necessary to sustain modern urban societies)—indicating the government’s “special” interest in skills and technologies associated with architecture, civil engineering, community development, environmental planning, geography, housing, landscape architecture, land use and comprehensive planning, and urban design.
In all cases, consular officers must determine whether an applicant proposes to engage in advanced (doctoral, postdoctoral, or research scholar) research or studies, or business activity involving any of the scientific/technical fields listed in the Critical Fields List. The cable instructs posts that information in the public domain, i.e. widely available to the public and information presented in an academic course generally is not relevant for U.S. technology transfer control purposes. Although the cable urges consular officials to use their judgment, it cautions officers to err on the side of caution if there are any doubts that any of the applicant’s planned activities raise questions of possible ineligibility under INA §212 (a)(3)(A). If in doubt, consular officers must submit an SAO in the form of a Visas Mantis.[26] If a determination is made that the technology involved presents a security risk, the applicant may be permanently barred under INA §212(a)(3)(A), which is nonwaiverable.
Despite this guidance, it appeared that the cable failed to provide consular posts and attorneys with clear direction[27] as to when an SAO is required and in fact, seemed to signal a bureaucratic shift towards initiating TAL SAO requests for all cases unless posts are absolutely sure the applicant will not be engaged in any of the technologies or skills listed on the TAL. In response to concern and criticism about the lack of clear guidance about the TAL, the DOS confirmed that the TAL guidance has been significantly revised and shared with the field via cable on October 1, 2003, but it remains classified.[28] Despite this general guidance, anecdotal reports continue to indicate that there has been a marked increase in the number of TAL security checks initiated by consular posts in China,[29] India, Israel, Pakistan, and Russia because of concerns that applicants are involved in activities with “dual use” applications.[30]
a.
The Visas Mantis Process
If a Mantis SAO is required, consular posts will transmit the request by cable simultaneously to the Visa Office (VO) at the DOS, the FBI and interested agencies.[31] After the FBI name check unit runs the names of the subjects of SAO’s through their name check system, the responses are uploaded onto a CD containing updated clearance information, which the Visa Office receives twice a week.[32] The CD is an historical record of more than 500,000 responses provided to DOS by the FBI.[33] The information from the CD is uploaded into the DOS’ own FBI Response database, as well as into an automated system known as VISTA, which is the Visa Office’s tracking system for SAO’s.[34] Unfortunately, for various technological reasons, VISTA does not always capture all of the clearance information.[35] Therefore, if analysts do not find an updated response to a case in VISTA that is due, they must check the FBI Response database to see if in fact, the FBI has cleared the case, because the DOS does not complete processing of the visa until they have the FBI response.[36] In some cases, it can delay a case by a week or longer between the time the FBI responds to a clearance request and when the Visa Office analyst is able to send out the clearance response to the post.[37]
The other clearing agencies are given 15 working days to respond to SAO’s, but notify the Visa Office when they need additional time to clear a specific case.[38] Additionally, the Visa Office may have a clearance from the FBI, but may be waiting for another clearing agency to complete a review of a specific case.[39] One of the agencies may also ask a consular post to obtain more information from an applicant, which can also take time and delay a final response to post.[40] At other times, the Visa Office must wait to receive a report from another clearing agency that may contain derogatory information pertaining to the applicant.[41] According to the DOS, waiting for highly classified reports through appropriate channels can be another reason for delay in responding to a consular post.[42] Once the DOS receives all agency responses pertaining to the applicant, it summarizes them and prepares a response to the consular posts.[43] A cable is then transmitted to the post which indicates that DOS does or does not have an objection to issuing the visa, or that more information is needed.[44]
When initially introduced, there was extensive concern that delays in Mantis checks were impacting the business, academic and scientific communities, and causing disruptions to on-going research and commercial activities.[45] The recent GAO Report (“Improvements Needed To Reduce Time Taken to Adjudicate Visas for Science Students and Scholars”) also found that interoperability problems among the systems that the DOS and FBI use contributed to the delays in processing.[46] Since many different agencies, bureaus, posts and field offices are involved in processing Mantis SAO’s, and each has different databases and systems, Mantis SAO’s were often delayed or lost[47] at different points in the process.[48] In addition, feedback from officers at consular posts confirmed that they were unsure whether they were adding to the lengthy waits by not having clear guidance on when to apply the Visas Mantis process and not receiving any feedback on the amount of information they provided in their Mantis requests. In addition to processing delays, it appears that many applicants also experience significant delays in scheduling appointments for interviews, which adds to the delays in visa issuance.[49]
The DOS acknowledges that backlogs occurred based on the overburdened system, which required extensive cooperation between multiple government agencies not yet equipped to cope with the Mantis procedures. As part of the efforts to streamline Mantis procedures, the DOS created a special Mantis team of five full-time employees in the Visa Office, exclusively dedicated to technology transfer cases.[50] According to the DOS, they now have procedures for expediting individual cases when appropriate.[51] When an expedited clearance is needed, DOS faxes such requests to the FBI, which routinely responds in a timely manner.[52]
The DOS reports that the average processing times for Mantis checks is approximately 30 days unless a government agency places a processing hold on the check. At any given moment, DOS has approximately 1,500 to 2,000 Mantis checks pending from the interagency review process.[53] Consular posts may not issue the visa until they receive an affirmative response from all participating agencies. If a Mantis clearance has been pending for over 60 days, counsel may either call the Public Information office at (202) 663-1246 or email legalnet@state.gov.[54]
In October 2003, after interagency consultation, the DOS agreed to extend the validity of the Visas Mantis clearance to one year. Based on this guidance, posts will no longer need to seek an additional Mantis clearance within a 12-month period after initial clearance has been given provided certain conditions are met, including that the applicant must be returning to a program or activity and will perform the same duties/functions at the same facility or organization that was the basis of the original Mantis authorization.[55] According to this guidance, consular officers may issue visas to applicants who have received Mantis clearance according to the applicant’s reciprocity table, but in no case, for longer than 12 months.[56] Visas for Chinese and Russian Mantis applicants can only be issued single-entry visas valid for three months.[57]
b. Documents An Applicant Should
Bring To An Interview
Applicants involved in any activities that have potential “dual use” applications should carry a detailed letter from their employer, explaining the nature of the work, specific job duties, project descriptions and if possible and provide details distinguishing how the work has no possible military applications. It is also helpful to provide recommendations from U.S. sources, documentation to show that the information is in the public domain or found in academic courses (where applicable).
It also appears that many NIV applicants who are subjected to a Mantis security check are now considered “persons of interest” when they arrive in the United States. There have been several anecdotal reports that the FBI has made follow-up visits to universities, as well as private companies to check up on such individuals to ensure that they are in full compliance with the terms of their nonimmigrant status.
The “Chameleon” Security Check
It appears that
the DOS has initiated a new security clearance procedure, known as the Visa
Chameleon. Although still classified, this new database includes an estimated
1.4 million names of aliens previously removed. Any aliens in this database who
are able to overcome the grounds of ineligibility must submit a full set of
fingerprints, complete Form I-146 and pay the $85 fee at the consular post. If
an alien is issued a new visa or otherwise attempts entry without the
designated clearance, admission will be denied. The guidance is still partial
and consular posts are waiting for further refinement from DOS.
DOS
Improvements To the SAO Process
Based on the
widespread problems encountered by participating government agencies in
performing the various security checks, DOS has made major changes in its use
of automation by developing a cable-less SAO process called the SAO Improvement
Project (SAO IP).[58]
DOS will spend approximately $1 million to eliminate telegrams from overseas
consular posts as the vehicle for disseminating cases to federal government
agencies in the security advisory opinion process.[59]
The program will use real-time data-sharing, allowing for seamless electronic
data transmission from posts, eliminating virtually all manual manipulation of
data.[60]
The other agencies will no longer receive a telegram (which is prone to cable
formatting errors), but a reliable data transmission through an interoperable
network that begins with the Consular Consolidated Database (CCD), which is expected
to improve data integrity, accountability of responses in specific cases and statistical
reporting.[61] It hopes that posts will be able to forward
cases to intelligence and law enforcement agencies as quickly as possible and
eliminate any time period that a case awaits processing by administrative
staff. DOS began field testing this pilot project in November 2003 for nonimmigrant
visas in Riyadh and Kuwait; and for immigrant visas in December 2003 in Naples.[62]
The pilot has since been concluded and the software approved for worldwide use
– the DOS began to release the SAO IP software to posts in late January 2004
and expects full implementation of the program to take place as 2004
progresses.[63]
The SAO IP will operate through an interagency network known as the Open Source Information System (OSIS), which will provide interoperable data transmission.[64] However, the FBI’s systems are currently not interoperable with the DOS system.[65] The FBI is still working on connectivity to OSIS in order to make full use of SAO IP.[66] In the meantime, the Visa Office is still sending case specific information to the FBI via cable.[67]