By Patricia H. Kushlis
This is the second in a WV series on US passport production security breaches. Link to the first "Losing the Keys to the Kingdom" is here.
Wasn’t it less than two years ago that private sector US technology security specialists warned the State Department that the implantation of RFID chips in American passports was, in and of itself, a security risk for US citizens because the personal data encoded in the chips could be read without the individual’s knowledge or consent by, for instance, “a government trying to track your movements, a criminal trying to steal your identity or someone just curious about your citizenship?” This according to Washington Post security writer Bruce Schneier, September 16, 2006.
So why did the State Department pooh-pooh the specialists’ advice and forge ahead with an insecure technology regardless? Talk about enabling breaches in both national and personal security.
I’m surprised that Bill Gertz didn’t include this not-so-old story in his provocative three part series last week on the perils of outsourcing US passport production, but Brussels-based ex-FSO Jerry Loftus does sound that alarm in his excellent post “Outsourcing Border Controls” on his blog Avuncular American.
Seems to me the House of Representatives Commerce Oversight Committee investigators should revisit this little fly in the ointment as a part of the larger passport mismanagement security/financial fiasco that now embroils Robert Tapella, head of GPO, and State’s Bureau of Consular Affairs.
Was this all to make Americans think they were more secure six years after 9/11 – when, in fact, those who use RFID infected passports – have become less secure regardless of whether Chinese intelligence – or any one else – has stolen technology from a factory in Thailand? Or could it, hmmm, have more to do with personal gain on the part of certain Republican high level administration appointees with too much power in their pockets?
Follow the $
Gertz’ series focused to a large extent on money. In it, he pointed out that GPO had profited by over $1 million by overcharging the State Department for passport production and that certain GPO officials involved in the overcharge decision personally benefited from related performance pay increases, expensive overseas trips and, in the instance of Tapella, expensively framed photos that grace his office suite’s walls.
Aside from lavish overseas trips and a few well-framed pix, however, the financial rewards that Gertz has documented are simply not large enough to make the whole endeavor all that lucrative for the individuals involved. This is, frankly, penny-ante stuff and even in this day-and-age of deregulation and poor “waste, fraud and abuse” oversight, it should not have been worth the effort.
The iceberg’s tip?
But I do think what Gertz turned up behooves the Committee investigators to search for more insidious financial irregularities that might have also transpired.
Tapella and company, after all, are part of the revolving-door-outsource-the-government-to-our-private-sector-pals Republican political machine. They - in a matter of months - will be looking for other ways to support themselves in the manner to which they have become accustomed.
As Loftus opines: “My guess is that someone is on a fast track to some lucrative future business with Smartrac or some other outsourcers, and who cares if the next administration has to clean up the mess?”
Or perhaps, Tapella, their cousins and their aunts have already made a healthy profit.
I think it’s worth noting that Smartrac, the small Dutch technology company that received the US government contract for e-passport chips issued its first IPO in July 2006. According to ID World International Congress, Smartrac’s “successful IPO netted $59.8 million in gross receipts.”
It might be interesting to find out whether any of the GPO officials, their relatives or their friends, cited in Gertz’s report “GPO profits go to bonuses and trips” themselves profited from Smartrac’s IPO.
Gertz tells us that six GPO officials – including Tapella - traveled to Paris in June 2006 for an electronic passport forum. This was approximately a month before the Smartrac IPO was issued. It’s inconceivable to me that, at the very least, they would have been ignorant of the forthcoming IPO – first announced in March of that year - and the implications for the rise in value of Smartrac stock particularly in the event it received the huge US passport order. Since then, Smartrac also received GPO's contract for RFID chips for all US “Smart cards” to be required of frequent border crossers beginning later this year so who knows how much Smartrac’s initial stock is worth now. But I’ll bet Tapella and his friends do.