Auxiliaries must contend with important new requirements
BY ANDY WILLIAMS
CONTRIBUTING EDITOR
The ability to better track foreign visitors within the U.S. has become a priority of the Immigration and Naturalization Service. One manifestation of this is the SEVIS system designed to enable efficient tracking of foreign students attending U.S. institutions.
SEVIS affects ID offices and other campus enterprises in several ways. To begin to fully understand these potential impacts, it’s necessary to understand SEVIS, its origins, and requirements.
What is SEVIS?
SEVIS, short for the Student and Exchange Visitor Information System, is up and running at most schools but it is not without glitches. It’s also not as secure as one would expect, if the recent experience at the University of Kansas is any indication.
SEVIS is supposed to allow INS to track foreign students attending U.S. educational facilities faster and more accurately.
CIPRIS, the Coordinated Interagency Partnership Regulating International Students, the forerunner to SEVIS, was born in 1996 as a result of the 1993 bombing of the World Trade Center when it was discovered that several of the bombers entered the U.S. with student visas.
Implementation was sluggish at best, primarily due to inadequate funding, and it wasn’t until the Sept. 11, 2001 attacks on the Pentagon and World Trade Center and the subsequent passage of the U.S. Patriot Act, that CIPRIS became SEVIS and efforts began to earnestly track foreign students. It helped that Congress allocated $36.8 million to jump-start the program.
The American Council of Education’s Terry Hartle, in testimony before Congress last year, called SEVIS “an extraordinarily large and complex information technology system.”
Its ambitious goal, said Mr. Hartle, is to “link all U.S. embassies, consulates, all INS (Immigration and Naturalization Service) ports of entry in this country, the State Department’s Office of Exchange Coordination and Designation, the Bureau of Educational and Cultural Affairs, every institution of higher education that sponsors international students, and every exchange visitor program.”
For example, notification of the following events must be made within 21 days:
One university’s experience
with SEVIS
“We’re trying to make this as invisible as possible,” said Joy Ira, SEVIS coordinator at Florida State University. “By the fall or next spring we hope to have all this information at our fingertips so they (the students) needn’t do anything.”
FSU was SEVIS-certified on January 28, 2003 by the INS but was still testing its batch processing software. There were delays because the INS testing site for batch processing had program bugs. January 30th was the deadline to “be a SEVIS-certified school,” but that was later moved up by the INS to February 15th.
“They changed batch processing (procedures) last September 20th for the third time,” she said, which accounted for some of the delays in certification and the expanded deadline.
“The testing site only became stabilized a couple weeks ago,” said Ms. Ira. “If nothing further goes wrong, we hope to be online by the middle of March. It’s an evolving system. There will be changes all the time.” FSU has 1,200 students in its SEVIS database and 100 scholars. When entered in the SEVIS database, each student is given an ID number (similar to Social Security numbers used by American students). The SEVIS number is 11 digits.
The Tallahassee, Florida-based university looked at various software vendors to help it manage the SEVIS database. They selected Synergylink, Mountain View, Calif., and its SEVISLink Homeland Security Solution software.
“It was the most compatible software for our system,” said Ms. Ira.
SEVISLink, according to its web site, “fully supports use of Oracle database and application server products, such as Oracle9i Database and the Oracle9i Application Server.”
“Our alliance with Oracle validates the power of SEVISLink to enable universities with complex information systems to meet the aggressive SEVIS-compliance deadline,” said SynergyLink’s COO, David Tom. SEVISLink “is intelligent software to recognize when the database needs to be updated and to support the transfer of that data,” added Mr. Tom.
Concerns surround the massive nationwide undertaking
It’s not the big universities and colleges that concern SEVIS critics; it’s the small, independent schools. According to a recent Washington Post article, lack of enforcement in the past has led to a situation “such as that in California, where a small group of English-language schools brings a disproportionate number of students into the county but operates with virtually no oversight.”
According to the Post, in the past five years in the Los Angeles area alone, more than 33,000 foreigners have been granted visas to attend small English language schools, some with nothing more than office suites for classrooms. Yet, these schools can, and do, issue documents allowing students to stay in the U.S. for up to four years, even though their classes last six months or less. One school closed down in 2000, yet INS records show the school had 51 students enrolled in 2001 and another 22 in 2002. The INS didn’t know the school was closed nor where its students were currently located, says the Post.
SEVIS is supposed to correct these deficiencies. Whether it succeeds or not is still open to conjecture.
Like any system, it is also subject to hacking. One such incident was recently reported at the University of Kansas. An individual made his or her way into a file server containing records of 1,450 students, most of them international. The hacker utilized a “temporary hole” that had been created in existing security protocols for the university’s SEVIS system after a security update was installed in the operating system. That hole has since been patched.
“Although serious, this incident has not affected our ability to comply with the federal mandate to maintain a SEVIS database,” said Robert Hemenway, University of Kansas chancellor. “Our experience may serve as a warning to other universities about the potential that exists for criminal access.”
Implications for campuses today and in the future
An advantage—or disadvantage, depending on your perspective—is the potential that programs like SEVIS offer for the future.
Mr. Tom of SEVISLink, believes that if anything leads the way for a national ID card or advanced smart card technology, it starts here with SEVIS. “If we’re going to see a (national) smart card, it will happen first with foreigners,” he said.
Since 9-11, privacy issues have taken a back seat to security. SEVIS regulations already override certain privacy protections outlined in the Family Educational Rights and Privacy Act of 1974 (FERPA) which regulates the kinds of information schools can make available on students.
There are already pending in Washington bills that would incorporate biometric data into SEVIS, said Mr. Tom. “This whole thing is only going to grow.”
Whether schools use the SEVIS number as the unique identifier for international students in administrative uses beyond the INS reporting will be up to the institution. Major student system information systems, such as Peoplesoft, have released modules to aid in the implementation of SEVIS. An example can be found at the Peoplesoft site, http://www.peoplesoft.com/go/sevis.
Will ID system databases require modification? Likely not. Some may require an additional source of data to be merged or accessed to pull student files for the badging or access system. Conversely, some of card and access systems may be looked to as an indicator of attendance, enrollment, or participation in required activities.
The rapid nature of the SEVIS implementations are likely to result in continued glitches and delays, however the issue is so important to our national and international security that these must be seen as only minor inconveniences. With SEVIS our administrative offices, applications, and databases can help to form a part of the wall that protects us all in the years to come.