Shostack + Friends Blog Archive

 

Passport-peeking probably pervasive

Back in March, we wrote about unauthorized access to Barack Obama’s passport file.
At the time, a Washington Post article quoted a State Department spokesman:

“The State Department has strict policies and controls on access to passport records by government and contract employees”

The idea was that, while snooping might occur, it would be caught by controls put in place specifically to detect accesses to the records of high-profile people.
Well, as it turns out the State Department may not be quite as good at detecting such accesses, or at following up (shocking, I know).
In a July 4 article [link to http://www.chicagotribune.com/news/nationworld/chi-la-70408-passport-files-celebrities,0,3143773.story no longer works], the Los Angeles Times reports:

A federal investigation of unauthorized snooping into government passport files has found evidence that such breaches may be far more common than previously disclosed, and the State Department inspector general is calling for an overhaul of the program’s management.
In a report issued Thursday, the inspector general found “many control weaknesses” in the department’s administration program, including what investigators said was a lack of sound policies on training staff, accessing electronic records and disciplining workers who break privacy rules.

According to the article, passport files may be viewed by over 20,000 government workers and contractors. In a sample of 150 celebrities chosen for examination by investigators, 85% had been accessed at least once. One was accessed over 100 times (!) in the last six years.
Amusingly, at a press conference held on July 4, State said that half of those who had access in March no longer have it. They also were unable to say whether spot-checks on detected accesses were taking place in the past. Put those together and you have a system where at least twice as many people have access as need it, and privileged operations are recorded but the folks in charge do not know if the audit trail is used.
The redacted report [link to http://www.c-span.org/pdf/Final%20Passport%20Report.pdf no longer works] is available at the C-SPAN web site, but not at the State Department’s near as I can tell. Draw your own conclusions.

One comment on "Passport-peeking probably pervasive"

  • Even if “high profile” people have their files flagged for auditing, that just points the way, ironically, for a right to privacy that is positively correlated with celebrity. The rest of us normal people are subject to the whims of 20,000 gov’t workers and contractors, in addition to their contractors and anyone that can convince them to share the data.

Comments are closed.