The GAO has released an update on their recent investigation on US passport vulnerabilities: Addressing Significant Vulnerabilities in the Department of State’s Passport Issuance Process. This report dated April 13, 2009 was sent to Jon Kyl, the ranking member of the Subcommittee on Terrorism and Homeland Security and Committee on the Judiciary and to Senator Dianne Feinstein. Expect somebody from the Consular Bureau to be grilled at one committee or another on this subject. Brief excerpts from the GAO report below:
In the case of our most egregious application—in which we fraudulently obtained a passport using the SSN of a man who died in 1965—State officials said that the lack of an automated check against SSA death records has been a long-standing vulnerability of the passport adjudication process. In an attempt to provide automatic death record information for all cases reviewed during adjudication, Passport Services represented that it has recently purchased a subscription to the Death Master File which includes weekly updates of deaths recorded by SSA. Passport Services intends for the Death Master File check to supplement the other checks in the adjudication process and not replace the current returns from SSA.
State officials also told us that they took several actions in direct response to our undercover investigation, including the following:
- State suspended the adjudication authority of the four passport specialists responsible for approving our fraudulent applications pending additional training. It is auditing all work completed by these specialists.
- State suspended the authority to accept passport applications at the USPS facilities that accepted our applications pending additional antifraud training.
- State revised performance standards for passport specialists to eliminate the production targets for 2009. In addition, State implemented a temporary requirement that supervisors review all adjudicated applications prior to approval. All other aspects of performance standards were left intact for quality and fraud prevention purposes.
- State identified additional tools and systems that would help address vulnerabilities within the issuance process.
- State officials added that Passport Services will be conducting a study and working with the union to develop new production targets. These targets will not be in place until 2010.
Footnote to this report indicates that between June 20, 2008, and December 22, 2008, a total of 71,982 applicants received passports without supplying their SSN.
The GAO elucidates on the SSA angle and adjudication:
“State officials told us that a combination of human error and a lack of access to information resulted in the failures identified by our undercover tests. According to State, passport specialists did not wait for the results of a required SSA database check before approving our fraudulent applications. In all four of our tests, State failed to identify the fraudulent birth certificates we used. State officials attributed these failures to a lack of access to state-level vital records data that would have allowed passport specialists to verify the authenticity of the birth certificates. State officials indicated they were exploring ways to access vital records and department of motor vehicle records nationwide to address the lack-of-access issues. Further, we note that State issues passports to some individuals who do not provide SSNs, meaning that State cannot rely on an SSN check to identify all fraudulent applications.”
The GAO report concludes:
“State officials have known about vulnerabilities in the passport issuance process for many years but have failed to effectively address these vulnerabilities. Although State has proposed reasonable oversight measures for passport acceptance facilities in response to our July 2007 recommendations, it is too early to determine whether these measures will be effective. Our most recent investigation reveals passport specialists also face challenges. State has indicated that it takes the results of this investigation seriously, and officials have said that they are taking agency wide actions. The fact that our undercover investigator obtained a genuine U.S. passport
using the SSN of a man who died in 1965 is particularly troubling given that a simple check of SSA’s publicly available Death Master File would have disclosed the fraud.”
The vulnerabilities of US passports are in no small part systemic. The 2005 GAO report has pointed out the weaknesses in State’s information sharing with other federal agencies. For example, State and SSA signed a memorandum in April 2004 that gave State access to SSA’s main database to help verify passport applicants’ identity but it did not include access to the SSA’s death records!
So the fault here is assigned to a combination of human error and lack of access to relevant information. And the adjudication authority of four employees were suspended, their previous approvals audited — even if the systems in placed were partly to blame. I feel a tad sorry for the adjudicators. Sure, if they did not follow the required procedures, they should be accountable, but what if the procedures have holes in them? Isn’t that kind of like walking the police beat without a gun, and getting slapped with a suspension when a suspect beats you up and run away?
I could not understand either why the audit is limited to the four adjudicators. Is this not a systemic failure — this and the fact that four years after the first GAO report was issued, this remains a “challenge” with no real resolution? How many adjudicators have done exactly as these four did with applications from people who submitted real docs for their fraudulent applications? Doesn’t this incident indicate to passport adjudicators that your tooshie is on the line, more than what you might reasonably expect?
And These Are Genuine US Passports …
- GAO-09-583R: Addressing Significant Vulnerabilities in the Department of State’s Passport Issuance Process (Washington, D.C.: April 13, 2009)
- GAO-09-447: Department of State: Undercover Tests Reveal Significant Vulnerabilities in State’s Passport Issuance Process, (Washington, D.C.: Mar. 13, 2009).
- GAO-07-1006: Border Security: Security of New Passports and Visas Enhanced, but More Needs to Be Done to Prevent Their Fraudulent Use (Washington, D.C.: July 31, 2007)
- GAO-05-477: State Department: Improvements Needed to Strengthen U.S. Passport Fraud Detection Efforts, (Washington, D.C.: May 20, 2005)