Witnesses: E-Verify system can't detect ID theft

Flaw could allow dishonest workers to thwart the system

The Homeland Security Department’s E-Verify employment verification system cannot detect identity theft and fraudulent applications, according to testimony before a Senate Judiciary Committee subcommittee.

The Internet-based E-Verify system allows employers to check Social Security numbers for their employees and prospective employees to determine whether the numbers are valid and the employees are therefore eligible to work. However, it is not designed to detect borrowed or stolen Social Security numbers.

“E-Verify is not without its flaws, including one fundamental problem: its inability to detect identity theft,” Lynden Melmed, former chief counsel for U.S. Citizenship and Immigration Services (USCIS), told the committee's Immigration, Border Security and Citizenship Subcommittee on July 21. “Unlawful workers can beat E-Verify by using another individual's valid identification.”

USCIS has been expanding its database of photographs to be used as a back-up checking tool to ensure that the images of applicants presenting their Social Security numbers to E-Verify match in appearance the images in photos existing in current government systems linked to the same Social Security number. However, the photographic matching is limited in scope, Melmed added.

Melmed endorsed the idea of strengthening E-Verify to include possible fingerprint collection.

“Congress should therefore give consideration to using E-Verify as a platform and expanding photo-tool for currently issued documents and/or incorporating a new biometric identification document,” Melmed said.

Former USCIS Commissioner James Ziglar told the panel, "If someone has stolen an identity and presents legitimate documents connected to that identity, or presents fraudulent documents which make use of stolen identity data, the purpose of the employment eligibility verification exercise can be defeated.”

“In my opinion, it would border on irresponsible not to seriously analyze the possibility of incorporating a biometric identification and verification module into the E-Verify system,” Ziglar said.

E-Verify is a voluntary system used by about 134,000 employers, though it is mandatory to some degree in 12 states. Under an executive order from the Bush administration, federal contractors were supposed to begin mandatory use of E-Verify in January. However, that deadline has been pushed back to Sept. 8 due to a lawsuit. Homeland Security Secretary Janet Napolitano recently said the Sept. 8 deadline would be firm.

The E-Verify system has been controversial due to alleged high error rates in the databases used. USCIS acknowledges a 3.1 percent rate of initial non-matches in the system.

The Migration Policy Institute on July 20 issued a report recommending that DHS test several options to strengthen E-Verify, including use of personal identification numbers and biometric scans.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader comments

Mon, Aug 3, 2009 RD

Why not link e-veriy to the major credit reporting agencies to flag reported instances of ID theft. It would be simple enough to report this flag to the employer who could then decide if the correct person is sitting in front of them. Frauds will leave as soon as the question is asked.

Wed, Jul 29, 2009 femtobeam

Personal Identifying Information PII should never be anonymous. Biometrics using retinal scanners involves light that can be harmful to vision. No digital photo of a fingerprint is any safer from hackers than data on a disk drive. Identity theft is a much deeper issue and the why is simply to steal and commit other crimes upon people and get away with it. It is only a brain scan that will identify a person in a way which cannot be easily duplicated or altered. Even then, information can be changed en route on the networks. The problem lies with the network owners and they do not want anyone to know who their "sources" are nor how they obtain the information, let alone what types of two way interactive entertainment applications they are using. Your identity and who you are are as a person are important not only to your abilities to support yourself, but to the future as well. What is in the records about you? Will your grandchildren read false information about you long after you are gone? In the future, will we all die from hearsay because we did not get it right about identity?

Tue, Jul 28, 2009 AJ Pensacola, FL

Biometric identification is a strong authentication method. Finger printing being the least secure and retina scanning being the most. However, retina scanning is the most expensive to implement and finger printing is the least expensive biometric authentication. Disney users fingerprinting authentication to check for wanted fugitives and sexual offenders. E-Verify should start using fingerprint biometrics. It should provide the most cost effective personal authentication that can be widely disseminated.

Fri, Jul 24, 2009 TW

Westat fully informed the government of this E-Verify flaw over 7 years ago - hardly breaking news! After years of raiding businesses where evidence of identity fraud was rampant, the government still pumps tens of millions of dollars into this system. Someone should be held accountable within the government for this policy failure and inadequate job performance.

Thu, Jul 23, 2009 Tony W

E-Verify is a purported solution to a problem that simply creates more problems. The government has knowingly ignored the ID fraud problem for OVER 7 YEARS and has failed to work with employer representatives to refine the system, as required by statute. Then, they give this kind of BS in front of Congress? How in the world do these people keep their jobs. E-Verify is a policy failure and those responsible for the system should pay with their jobs.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above