Losing “the keys to the kingdom”

By Patricia H. Kushlis

This is the second time in two weeks that American passports, the keys to the kingdom, have been compromised. Bill Gertz of The Washington Times, of all newspapers, broke both stories. These are two separate instances of gross mismanagement and perhaps even malfeasance. Both relate to the outsourcing epidemic for which our current administration is famous.

Two separate Congressional oversight committees have begun investigations. The passport file snooping problem clearly lands on the heads of the State Department’s beleaguered Bureau of Consular Affairs and Passport Division. That Congressional investigation is being conducted by Congressman Berman, the new head of the House International Affairs Committee. Since Consular Affairs Bureau chief Maura Harty retired in February and Wanda Nesbitt, her principal deputy during last summer’s fiasco, has moved on to become Ambassador to Madagascar, two of the responsible officials at State for at least part of the time are – well – removed from the picture.

Meanwhile, leave it to the Consular Bureau and its public affairs chief to duck the issue – letting State’s Under Secretary for Management Patrick Kennedy and Deputy Head of Public Affairs Sean McCormack take last week’s passport story heat.

This makes me feel really secure

But the breaches of etiquette or evidences of voyeurism on the part of three contract employees and apparently a Department new hire - whether politically motivated or not - are likely to pale in comparison to the passport production rip-off/compromise story that Gertz broke in a three part investigative journalism series just days thereafter. (Part I, Part II, and Part III) Not only did the GPO – the federal government’s printing press – grossly overcharge the State Department for the production of passports when GPO is supposed to undertake the work at cost, but it also outsourced the work to Smartrac, a European company with production facilities in Thailand. “Smartrac,” according to Gertz, “divulged in an October 2007 court filing in The Hague that China had stolen its patented technology for e-passport chips, raising additional questions about the security of America's e-passports.” That makes me feel really secure.

I like Thailand. It was a fascinating place to serve in the Foreign Service at the end of the Vietnam War. I also enjoy Ayutthaya, the country’s ancient capital where the plant in question, according to Gertz, is located. Ayutthaya’s temples are a favorite tourist destination about a two hour boat trip up river from Bangkok’s steaming center.

Ayutthaya is also the same city where Hambali (Ridwan Isamuddin), the instigator of the 2002 Bali nightclub bombing and apparent member of Al Qaeda’s inner circle, was finally caught by a joint CIA-Thai security services team in 2003 after being on the lam since late 2001. The prize money – or pay-off - that went to the Thai for their efforts, according to Sidney Morning Herald reporter Ray Bonner shortly thereafter, was on the order of $10 million. I guess the US government, that time at least, outbid Osama Bin Laden - but think of the number of potential implications.

Thailand also has a history of – well – forging documents, manufacturing fake antiques and copious narcotics smuggling and of police and security forces that too often look the other way. It has a simmering and lengthy Muslim insurgency in the country’s south near the border with Malaysia, and Thailand’s domestic politics fluctuate between unstable democracy and equally unstable military rule. What helps keep this country on course is its wise octogenarian monarch who is revered by the people, the Thai ability never to take anything too seriously, a bend-with-the-wind foreign policy, and a cohesive, deeply held national identity of Thai-ness.

Thailand, however, is also not the only Asian or other country where forgers manufacture vital documents with amazing accuracy, rapidity and finesse.

In my view, it is simply not in America’s national security interests to farm out the production of its citizens’ most precious documents to the lowest bidder. And the longer the supply chain and the more questionable the factory location the greater the security risk.

Far more than sleaze

This, therefore, is more than sleaze. It’s more than about a few politically connected former Republican Hill staffers enriching themselves at the public trough. True, that’s part of the story. I hope that Congress nails those involved: House Commerce Committee Chair John Dingell has already announced his committee will investigate the GPO mess. This is particularly important since the GPO answers to Congress, not the White House although State was very much involved in the final choice of E passport producing companies so there’s a State culpability component wrapped in here too.

The issue, too, is far more than privatizing yet another function of the US government supposedly so that the agency in question turns a profit. It is about privatizing a function that, in my view, shouldn’t be relegated to any country's private sector for reasons of national security if nothing more. Period.

If the production of passports is such important work to the GPO as Benjamin Brink, Assistant Public Printer for Security and Intelligent Documents, testified before the Congressional Subcommittee on Government Management, Organization and Procurement on October 18, 2007 – less than six months ago – then revelations of this latest outsourcing fiasco worsen the situation. How Brink could have told Congress with a straight face that “We produce these documents (E passports) in a trusted, Government-controlled environment, using a secure supply chain, secure technology, and secure personal information.” . . . is beyond me.

Please tell me how “computer chips purchased in Europe and then shipped to Thailand for outfitting with a wire antenna that transmits personal data to an electronic scanner at US border entry points,” is a government-controlled environment. Yeah, right. . . which government controls the environment?

I’d also like to know why US plants and companies were unable to compete successfully in manufacturing this kind of information technology.

Raised security red flags

I’m not alone. According to Gertz, GPO Inspector General J. Anthony Ogden, the agency's internal watchdog, doesn't share that confidence (either). He warned in an internal Oct. 12 report that there are "significant deficiencies with the manufacturing of blank passports, security of components, and the internal controls for the process." Other security experts who Gertz interviewed for his expose also raised red flags.

The same inspector general's report also said that the GPO claimed it could not improve its security because of "monetary constraints." “But the inspector general recently told congressional investigators he was unaware that the agency had booked tens of millions of dollars in profits through passport sales that could have been used to improve security, congressional aides told The (Washington) Times.”

Clearly there’s a lot more to this e-passport security story than meets the eye. And here’s just one more facet which may, or may not be relevant: According to an April 10, 2007 article in the National Law Journal, the GPO is being sued by a “chip maker who was not awarded a contract to provide chips for the new passport filed a bid protest in the Court of Federal Claims” The chip maker (OTI Innovations) lost the case and appealed it.

But even if OTI Innovations did not fill State’s bill, were there no other American companies – or even non-American companies with plants in these United States that could have done the job? Is this kind of US information technology that far behind the Europeans? And if so, why?

Photo credits: (right side) James E. Hogin (1974) Ayutthaya, Thailand: Reclining Buddha; (left side) Patricia H. Kushlis (1974) Ayutthaya, Thailand: Sign in tree reads "+Proclaim+ Everybody tourist buy art objects at own risk. . . .Abbot . . ."

Comments

The reason that the chips could not be produced domesticially is that no manufacturers existed that meet the standards for passport RFID that is set by the United Nations agency known as the ICAO. Why the United States has decided that they must meet the RFID standard of a foreign entity is debatable. If you feel you need to use computer chips, you could use a chip that requires a contact plate, thus avoiding any unsecure wi-fi like transfer of data in the first place. Some will say international standards for passports need to be created. But other countries are requiring iris scans, fingerprinting, and other standards we are not using in the United States. Using technology or biometrics that are counterproductive or not ready for prime time make things worse, not better.

RFID though is good window dressing, so they can appear they are doing something productive, when all they are doing is lining the pockets of technology producers who have solutions in search of problems, and want to meet up with politicians who have tax dollars they are willing to exchange to try to show they are doing something (or maybe the company is a constituent in their back yard). For the sake or argument, lets assume RFID in documents is a good thing (debatable). But assuming it is, it is obvious that the US should not have done so until we were prepared to produce them here.

Does the federal government really care about keeping the cost of passports down? They have created new laws that have caused demand to outstrip their supply, but are now over their heads. A high price discourages people from getting them, decreasing demand and giving them a breather. This is ECON 101. With the push the feds are making for states to turn their drivers licenses into "enhanced drivers licenses" with Canada and Mexico (by getting them to add RFID), this is also a move by the feds to outsource passports to the states entirely. They do not care that this destroys state level ID, and creates some sort of new frankenstein state/federal hybrid that gives the illusion of keeping state ID. Its just one less passport they have to make, and one less Congressional hearing they have to go to get yelled at. In some ways this is very practical. If you wanted to create a true national ID card, it would be much cheaper to take advantage of state staff and architecture, a parasite on their system, then say trying to expand the social security card from the ground up. Apparently they view it as cheaper than even maintaining the passport systems status quo as well.

Posted by: Hawk | Saturday, 29 March 2008 at 03:04 PM

Excellent article, calling my attention to an example of bad governance and lax security (in the name of security). I have commented on "Losing the keys to the kingdom" here:

http://avuncularamerican.typepad.com/blog/2008/04/outsourcing-border-controls-american-passports.html

Posted by: Gerald Loftus | Thursday, 03 April 2008 at 10:11 AM