The US Government Accountability Office has once again taken the Department of Homeland Security to task for delays and cost overruns in its program to upgrade its biometric identity management system.
Dubbed “Biometric Identity System: DHS Needs to Address Significant Shortcomings in Program Management and Privacy”, the report concerns the DHS’s Homeland Advanced Recognition Technology (HART) program, which aims to replace the outdated biometric identity management system used by DHS. Here are its key findings:
- Schedule Delays: Since 2019, the HART program has experienced significant schedule delays. It declared a second schedule breach in 2020, leading to a reevaluation of the program’s schedule. The 2022 rebaseline further extended the schedule for delivering initial capabilities by an additional 33 months beyond the 2019 plan. The complete program schedule had not been planned as of 2022.
- Cost Overruns: The HART program’s estimated costs increased by $354 million in its 2022 rebaseline. This was due to various factors, including higher than expected software defects and performance issues. The program had not provided a reliable estimate for completing the program.
- Inadequate Cost and Schedule Estimation: The cost and schedule estimates for the HART program did not fully follow GAO’s best practices for reliable estimates. Both the cost and schedule estimates fell short in meeting key criteria for reliability. These shortcomings make it difficult for senior leadership to make informed decisions regarding the program’s future.
- Privacy Concerns: DHS had implemented only five of the 12 selected Office of Management and Budget privacy requirements. For example, encryption settings for information at rest and in transit were demonstrated. However, gaps existed in the remaining seven requirements. The program’s privacy impact assessment lacked essential information, including details about individuals whose data would be stored in the system and the partners with whom data would be shared. It also lacked assurances that partner organizations would appropriately retain and dispose of personally identifiable information.
Based on these findings, the GAO made nine recommendations to DHS to address these issues, including revising cost and schedule estimates, improving privacy compliance, and establishing timelines and plans for addressing deficiencies. DHS concurred with these recommendations.
The report comes after Congress demanded at the start of this year that the DHS perform an internal audit, citing “mismanagement of the program and the program’s failure to achieve initial operating capacity”. In July, the GAO issued a report indicating that the DHS had not adequately been tracking government labor costs for the program, offering a hint of what was to come from its further scrutiny.
September 13, 2023 – by the FindBiometrics Editorial Team