With Qatar having become the first Gulf State to be admitted into the US Visa Waiver Program (VWP) in September, some U.S. lawmakers once again have begun to question whether the VWP unnecessarily exposes the United States to security threats, despite implementation of strict security requirements for participating VWP countries.
At the same time, however, because of long-standing congressional interest in promoting US travel and tourism – the reason for the VWP to begin with – other lawmakers support admitting still more countries into the VWP.
Before traveling to the US, every VWP traveler must obtain preclearance to board a flight to the US through the Electronic System for Travel Authorization (ESTA), which is managed by the Department of Homeland Security (DHS). To do this, every VWP traveler must submit their biographical information into ESTA, which is a web-based application that checks the traveler’s information against relevant law enforcement and security databases to determine eligibility for travel under the VWP. ESTA alerts the foreign national whether he or she has been approved to travel, and if not approved, the individual must obtain a visa prior to coming to the US.
Under the current system, when a foreign national submits an ESTA application, he or she is screened against the Terrorist Screening Dataset; TECS, a system used by Customs and Border Protection (CBP) officers to screen arriving travelers; the Automated Targeting System; and INTERPOL’s Lost and Stolen Passport database.
Criticisms of allowing Qatar into the VWP primarily center around concerns about potential security risks due to the nation’s complex geopolitical situation, including its ties to certain groups considered terrorist organizations, and the possibility that the ESTA system may not adequately screen all potential travelers from Qatar, potentially allowing individuals with concerning backgrounds to enter the US without further scrutiny.
Critics worry that Qatar’s support for certain groups like Hamas could facilitate the entry of individuals with ties to terrorism into the US, even with the ESTA system in place. While ESTA is required for VWP travelers, it is primarily based on self-reported information and may not effectively identify individuals with potentially dangerous backgrounds.
“Despite its close partnership with the United States, Qatar is a known host and supporter of Islamist organizations, including Hamas, the Taliban, and the Muslim Brotherhood,” the Foundation for Defense of Democracies said in response to Qatar being admitted into the VWP.
US lawmakers’ concern over Qatar’s relationship with Hamas in particular is reflected in the Senate Committee on Armed Services’ draft of the 2025 National Defense Authorization Act. Specifically, section 1287 of the bill would require the secretary of defense to “submit a report and provide a briefing to the congressional defense committees on the operational value of Al-Udeid Air Base in Qatar, taking into consideration the relationship of the Government of Qatar with Hamas and other terrorist organizations.”
The Al-Udeid Air Base is the largest US military base in the region. However, since October 7, several US lawmakers have encouraged the Biden administration to downgrade US-Qatar relations given Doha’s support for Hamas. On May 1, Republican Rep. Ann Wagner and Democrat Rep. Jared Golden introduced the bipartisan Reviewing Qatar’s Major Non-NATO Ally Status Act. A companion bill was introduced in the Senate by Sen. Ted Budd. The legislation never made it out of the respective committees they were assigned to upon introduction in the House and Senate.
Conversely, in October 2022, a group of 20 House Democrats called on the Biden administration to keep Israel out of the VWP, to which it was admitted the following year, but not after concessions by the US. Prior to Israel’s designation into the VWP, Israeli officials had been vocal about wanting to enter the program, but faced challenges meeting certain criteria. For instance, Israel’s Biometric Database Law prohibits sharing fingerprint data with foreign authorities. So, the US struck a deal with Israel to share fingerprint data only for those with a criminal background.
And that gets into something the Congressional Research Service (CRS) highlighted in a report for congressional requestors this month. CRS said security concerns regarding ESTA include the potential for individuals to provide false information on their applications, the possibility of not adequately identifying high-risk travelers through the online system, and privacy concerns related to the collection and storage of personal data, especially when using social media information for vetting purposes.
DHS implemented ESTA in August 2008. It was supposed to add a significant layer of security to the VWP by enabling CBP to conduct security vetting of prospective VWP travelers to determine if they pose a law enforcement or security risk before they board aircraft destined for the United States.
However, as CRS noted in its briefing document, Adding Countries to the Visa Waiver Program: National Security and Tourism Considerations, “ESTA only screens against biographical security databases; VWP travelers do not submit biometric information until they reach a US port of entry, at which point their biometrics are run through multiple security databases.”
“Additionally, ESTA is a name-based system and cannot be used to run checks against biometric databases, such as the Automated Biometric Identification System and Next Generation Identification,” the CRS briefing says, adding, however, that “when VWP travelers arrive at a US port of entry, CBP takes their fingerprints and photographs and checks them against these biometric systems.”
Lawmakers and critics say the problem therein is obvious. If there are not already required biometric identifiers in a VWP country’s systems, there will not be a “hit.”
“ESTA only screens against biographical security databases; VWP travelers do not submit biometric information until they reach a US port of entry, at which point their biometrics are run through multiple security databases,” CRS said.
A key goal of the VWP was to improve standards for aviation security and travel documents and to improve information-sharing by law enforcement in countries around the world. To qualify for the VWP, countries must issue biometric e-passports and tamper-resistant, machine-readable visa documents which are verifiable at the country’s port of entry, and to certify that it has in place mechanisms to validate machine-readable passports and e-passports at each port of entry. They also must report information on all lost and stolen passports to the International Criminal Police Organization and share information on travelers who may pose a terrorist or criminal threat.
“Supporters of the VWP see admission into the program as an incentive for foreign countries to increase their security infrastructure and information-sharing with the United State,” CRS said, noting, however, that “a competing view is that despite security improvements, including generally disallowing individuals to travel under the VWP if they had traveled to a country known as a terrorist sanctuary, the program remains a national security vulnerability.”
These measures though are only as good as the information that is entered. The CRS briefing pointed out that “in 2022, congressional interest in the parameters of information-sharing agreements increased” after a 44-year-old British Pakistani man, Malik Faisal Akram, traveled to the US under the VWP and took four hostages at the Congregation Beth Israel Synagogue in Colleyville, Texas.
During a March 2022 Senate Committee on Homeland Security and Governmental Affairs hearing, Stephanie Dobitsch, then Deputy Under Secretary for Intelligence Enterprise Operations in DHS’s Office of Intelligence and Analysis, testified that Akram “had several criminal and potentially terrorist related interactions with the UK government. However, none of these resulted in information that rose to the threshold for passing to the United States. And so, [DHS] is looking to reevaluate the information sharing agreements we have under the Visa Waiver Program and looking for opportunities to close any gaps.”
And lawmakers have been looking to close these gaps ever since.
Among these gaps, critics say, is that ESTA allows for the potential to provide false information. Individuals may deliberately provide inaccurate information on their ESTA application to gain entry to the US despite potential security risks. ESTA also has limited vetting capabilities. The online system may not be comprehensive enough to identify all potential threats, potentially allowing individuals with concerning backgrounds to enter the country under the VWP.
There’s also the matter of “Selfie” verification. While using a selfie for identity verification adds a layer of security, there is a risk of someone submitting a photo of another person to gain authorization.
There also are concerns regarding the possibility of travel agents submitting ESTA applications on behalf of clients, potentially introducing inaccuracies in the information that is provided.
And there are privacy concerns with the data collection itself. The ESTA application collects extensive personal information, including passport details, travel history, and potentially social media information, which could raise privacy concerns regarding data storage and access. There is a risk that CBP might use social media information collected through ESTA applications for purposes beyond security screening, potentially leading to overreach.
As it stands, CRS said, “debate remains as to whether the VWP sufficiently vets individual travelers prior to arrival at a US port of entry.”
Article Topics
biometric identification | border security | DHS | identity verification | national security | travel and tourism | U.S. Government | visa waiver program