July 29, 2010 — -- A decade after the Sept. 11, 2001, terror attacks brought to light the dangers of fake IDs, federal undercover agents are still able to easily obtain genuine U.S. e-Passports using clearly fraudulent information that should have raised red flags at the State Department.
Gregory Kutz, an investigator for the Government Accountability Office, is set to testify Thursday to a Senate panel about how his team was able to get the State Department this spring to issue five of the seven e-Passports it requested using fraudulent information.
The government failed to detect such basic red flags as a fake driver's license, a 62-year-old using a recently obtained Social Security number, and the name of a dead applicant using faked identification, Kutz plans to tell the Senate Judiciary Subcommittee on Terrorism and Homeland Security.
"State's passport issuance process continues to be vulnerable to fraud," Kutz said in prepared testimony obtained by the Center for Public Integrity.
Kutz plans to tell senators that State only detected two of the seven fraudulent applications "despite multiple indicators of fraud and identity theft in each application."
The sting marks the second time in two years that Kutz's office has demonstrated e-Passport problems at the State Department. Government officials had promised in 2009 to tighten up their e-Passport issuance process after the GAO obtained four genuine e-Passports through fraudulent means in 2008.
Sen. Benjamin Cardin, D-Md., chairman of the subcommittee, is introducing legislation Thursday to correct some of the vulnerabilities uncovered by GAO in its two security tests.
"The U.S. passport is the gold standard for identification. It certifies an individual's identity and U.S. citizenship, and allows the passport holder to travel in and out of the United States and to foreign countries, obtain further identification documents, and set up bank accounts," Cardin said. "We simply cannot issue U.S. passports in this country on the basis of fraudulent documents. There is too much at stake."
Cardin's legislation would give State Department Bureau of Consular Affairs officials who screen e-Passport applications the legal authority they've been lacking to access information in sensitive federal, state and other databases that would help them verify identities and catch fraudulent applicants.
Brenda S. Sprague, deputy assistant secretary of state for passport services, plans to tell the committee her department has made "significant improvements" in rooting out fraud but that the latest sting showed there was still room for improvement.
The Bureau of Consular Affairs "is dedicated to deterring and detecting passport fraud," she said, "but the fact is that we did not catch all seven fraudulent applications."
"Human error and the volume of documents that we produce annually - 13.5 million passport books and passport cards in FY 2009 - will always represent a challenge for combating fraud in the passport issuance process," Sprague cautioned.
The GAO's latest sting resulted in five genuine passports being issued based on fraudulent information and mailed to the addresses used by the undercover investigators. When State finally realized it had been the victim of a GAO sting for the second time in two years, it managed to retrieve two of the fraudulent e-Passports from the Postal Service, according to Kutz's testimony.
After the Sept. 11, 2001 attacks, the government created a new digital version of the traditional paper passport, hoping to foil identify theft and fraud by terrorists and criminals by encrypting biometric information on a tiny computer chip embedded in the passport book cover.
The new e-Passports, which became the official travel identification of the United States in 2007, are supposed to be one of the crown jewels of the American border security system.
But a recent investigation by the Center for Public Integrity and ABC News published in June revealed that the government has failed to deploy the electronic machines needed to read e-Passports at most ports of entry, rendering their new protections useless.
In addition, the Center found that U.S. officials for years had lax security over its e-Passport production line, which allowed sensitive components to be assembled in volatile countries like Thailand. U.S. officials raised concerns for years that the lack of security and the outsourcing posed serious security risks. Officials are now taking action to shore up those weaknesses, including moving all assembly of e-Passports into the United States.
The GAO sting raises yet another vulnerability that could compromise the promised protections of e-Passports - terrorists and criminals might be able to easily dupe the State Department into giving them genuine passports.
Kutz plans to tell senators that a major concern is that the State Department isn't routinely using tools that could easily detect fraudulent applications. "Our most recent tests show that State does not consistently use data verification and counterfeit detection techniques in its passport issuance process," his testimony states.
The GAO investigator lays out in his testimony how many signs of fraud were missed by State in the latest sting.
In one application made directly to the passport office in Washington D.C., GAO investigators used a counterfeit Florida birth certificate and a fictitious West Virginia driver's license, submitted contradictory information, and had a 62-year-old applicant claiming he was a lifelong U.S. citizen but using a Social Security number issued in 2009.
"If State had confirmed the legitimacy of these documents, it would have easily discovered that they were bogus and thus, not representative of the true identity of the bearer," Kutz plans to tell senators.
In Georgia, the undercover GAO investigators were able to use the identity of a dead man to get State to issue an e-Passport, but it was retrieved from the mail before it was delivered after State officials realized they had been the victim of an undercover sting by GAO.
"State officials never questioned why the application was filed in Georgia yet listed a mailing, permanent, and driver's license address from West Virginia and phone number from the District of Columbia," the investigator noted.
"State also failed to identify the misspelling of the city in our West Virginia license and discrepancies with the zip code information on our passport application. According to State, these were fraud indicators that should have been questioned prior to the issuance of the passport," he added.
John Solomon is a reporter with the Center for Public Integrity, a nonprofit investigative journalism organization.