This post is part of "CDT Fellows Focus,"  a series that presents the views of notable experts on tech policy issues. This month, CDT Fellow Annie I. Antón  is our guest contributor (see Antón's website The Privacy Place ). The post is based on Antón's recent testimony on behalf of the Association for Computing Machinery’s Council on U.S. Public Policy at a Congressional hearing regarding the verification of employment eligibility. Posts featured in "CDT Fellows Focus" don't necessarily reflect the views of CDT; the goal of the series is to present diverse, well-informed views on significant tech policy issues.
Last month, I testified before the House Ways and Means Social Security Subcommittee hearing on the Social Security Administration’s Role in Verifying Employment Eligibility. My testimony focused on the E-Verify pilot system, and the operational challenges the system faces. According to the U.S. Citizenship and Immigration Services website , E-Verify "is an Internet-based system that allows businesses to determine the eligibility of their employees to work in the United States." The goal of E-Verify - to ensure that only authorized employees can be employed in the U.S. - is laudable. However, the E-Verify pilot system is still in need of major improvements before it should be promoted to a permanent larger-scaled system.
In 2010, Westat Corporation, a research company that conducted an evaluation of the E-Verify system, found  that 54% of the undocumented immigrants checked through E-Verify were incorrectly deemed eligible to work primarily due to identity fraud. The Westat evaluation coupled with the E-Verify pilot results  from the Social Security Administration Inspector General do not instill a sense of confidence that the pilot is ready for more widespread use. In its current state, E-Verify remains vulnerable to, and incentivizes the use of, identity fraud.
Three issues are especially critical as Congress moves forward on E-Verify. First, E-Verify must accurately identify and authenticate the individuals and employers authorized to use the system in a trustworthy manner before it is widely deployed. Second, proof of success with a pilot is required before extensively scaling any software system. Third, complex systems (such as E-Verify) are fallible and often misused or prone to “mission creep” in ways that violate sound principles of security and good software engineering.
The E-Verify self-check pilot system is particularly concerning because it authenticates individuals by requesting information that can easily be obtained via the white pages and public tax records by individuals other than the holder of a given Social Security number. The current requested information is not sufficient for proper authentication. Insufficient authentication provides unauthorized individuals and fraudsters access to the system, allowing them to check stolen information and determine if it can be used to craft a new, fraudulent identity or to obtain employment. Mandated use of E-Verify would basically mandate an increase in computer fraud, abuse, and identity theft.
To protect the innocent, employers who take action on non-confirmation returns without informing applicants or providing them an opportunity to appeal and correct mistaken records must face strong penalties. Exceptions for cases of natural disaster or emergency should also be built in - under such circumstances, requirements should be waived or suspended when seeking new employment.
It is critical to eliminate the weaknesses in E-Verify and objectively audit the pilot before it is scaled up or extended to verify individuals for anything other than employment. Lack of proper system validation and verification will inevitably lead to cost and schedule overruns, system breakdowns, intrusions and perhaps obsolescence. In addition, it is imperative that vulnerabilities be examined and risks addressed to protect the system as well as the identities of the individuals whose information is managed within E-Verify. Finally, adopting biometric technologies as a solution to the E-Verify authentication problem would be premature.