An internal State Department investigation has found that employees have accessed the passport information files of dozens of well-known Americans an “excessive” number of times and that the department lacks policies to prevent and detect unauthorized snooping.
In a sample of 150 names of politicians, entertainers, athletes and other high-profile citizens, the probe discovered that the files of 127 had been accessed at least once between September 2002 and March 2008, with a total of 4,148 hits, said a report by the department’s inspector general released Thursday.
“Although an 85 percent hit rate appears to be excessive, the department currently lacks criteria to determine whether this is actually an inordinately high rate,” the report said.
Still, it is unlikely that all of those hits were authorized, Florence Fultz, managing director of Passport Services at the State Department, told reporters. She added that her office is trying to determine which of the attempts to access the computerized files in question were improper.
The Washington Times reported in March that Passport Services employees had been snooping on the files of the three remaining presidential candidates at the time, Sens. Barack Obama, Hillary Rodham Clinton and John McCain, prompting an apology from Secretary of State Condoleezza Rice.
Three employees were fired after the revelation, and two more have been terminated since then, Ms. Fultz said.
Sen. Joseph R. Biden Jr., Delaware Democrat and chairman of the Senate Foreign Relations Committee, called the report “deeply disturbing.”
“This is unacceptable,” he said. “The report makes it clear that the private information of over 100 million Americans is vulnerable to unauthorized access. I urge Secretary Rice to act promptly on the inspector general’s recommendations and correct these systemwide failures.”
The inspector general’s report, which was completed weeks ago but was not released until late afternoon before the long July Fourth weekend, “found many control weaknesses.” Those include “a general lack of policies, procedures, guidance and training relating to the prevention and detection of unauthorized access to passport and applicant information.”
“In some cases, department officials stated that the lack of resources contributed to the lack of controls and to the department’s ability to assess vulnerabilities and risk,” it said.
The report also said there are no “subsequent response and disciplinary processes” when unauthorized access is discovered. It recommended introducing “a table of disciplinary actions and penalties,” but the idea was rejected by consular officials who said they have sufficient policies in that area.
“There is no guidance that details the disciplinary actions that should be taken against a user who inappropriately accesses passport records,” it said. “Disciplinary actions … have been left to the discretion of the supervisor and, as such, were inconsistently applied.”
The report also recommended that the State Department’s Bureau of Consular Affairs consider controls used by the Internal Revenue Service and the Social Security Administration “to protect electronic personally identifiable information” and develop a strategy for “proactively preventing and detecting incidents of unauthorized access.”
As of April, the passport system “contained records on about 192 million passports,” the report said. As of May, there were 20,500 users of the Passport Information Electronic Retrieval System or PIERS. They included both government employees and contractors.
Half of those users have since been “eliminated,” said Michael Kirby, principal deputy assistant secretary of state for consular affairs. Accounts that had been inactive for 90 days were closed, he said.
Mr. Kirby said his bureau has quadrupled to eight the number of employees monitoring the system for any improper attempts to open files.
Ms. Fultz said the department has expanded its list of high-profile names to be flagged in case of unauthorized access from 38 to more than 1,000.
Please read our comment policy before commenting.