State Department workers ignored passport data access warnings
Privacy breach at agency was a failure of misplaced trust, not a technology breakdown

By Patrick Thibodeau
March 21, 2008 12:00 PM ET

Computerworld – WASHINGTON — The contract workers at the U.S. Department of State who viewed the passport records of U.S. Sen. Barack Obama ignored privacy warnings built into the agency’s systems that the information could only be accessed on a “need-to-know” basis.

The scope of the privacy breaches escalated today, as State Department officials acknowledged that the electronic passport files of Sens. Hillary Clinton and John McCain were also accessed by workers. Secretary of State Condoleezza Rice apologized for the bipartisan breach, but the State Department is facing a political maelstrom over how it protects private data. The agency may also be the subject of probes by Congress and the Department of Justice.

Questions are being posed on a rapid-fire basis: Why weren’t key State Department officials notified about the incidents, which were flagged by the agency’s security monitoring system? How extensive were the breaches? And what is being done to keep it from happening again?

But the breakdown likely wasn’t technical in nature. The internal trust that the federal government tries to establish, through often-elaborate security background checks, is what was broken in this case.

And that is a blow to an agency that over the past 10 years has developed an IT system that links 50,000 employees worldwide, while following a risk management approach that balances security and access to data. The need to keep data accessible is one of the legacies of the 9/11 terrorist attacks, which were blamed partly on a lack of information sharing within the federal government.

The State Department is a huge organization on the level of a Fortune 50 company, with an IT department that processes 25 million e-mails and instant messages weekly. When Susan Swart, the agency’s CIO, testified on information security issues before a Senate subcommittee earlier this month, the focus of her written testimony was on external threats. That includes “over a million anomalous external probes to our network” on a weekly basis, she wrote.

However, where the agency fell down on the passport records was on the most basic, fundamental type of security: the trust it places in its workers, whether they’re full-fledged employees or contractors.

“The integrity of the system still depends on the integrity of the individuals involved,” said Yogi Benjamin, an independent security consultant in San Francisco.

When Obama’s records were accessed three separate times in January, February and this month, a supervisor was notified in each instance, and a record was generated within the State Department’s systems because the senator’s file was set to flag whenever the data was accessed.

That may be, in effect, an after-the-fact notification system. But it can’t be done any other way, said Kevin McDonald, executive vice president at Alvaka Networks Inc., a network services provider in Irvine, Calif.

McDonald said a big question that still has to be answered is whether the contractors had the right to access any passport data. If they did, he added, it’s impossible to prevent someone with access privileges from abusing the trust given to them. “There is no human way to manage data to the point where you can give access and not give access at the same time,” he said.

Building systems that could control access without making it too difficult to get at information is financially out of reach for federal agencies, said Ray Bjorklund, a vice president at consulting firm Federal Sources Inc. in McLean, Va. “It would cost a whole lot of money to ensure that you had proper controls, a priori, to prevent these things from happening,” Bjorklund said.

A State Department spokesman has termed the agency’s initial finding of why the passport records were accessed as “imprudent curiosity” on the part of the workers who looked at the files.

But the incidents still raise privacy issues, said Richard Colven, an executive vice president at Input, a consulting and market research firm in Reston, Va. “The fact that somebody walked out of that facility at least with that information in their head, that they didn’t have the need to know — is that a compromise or a breach? Probably.”