Process, Not Technology, Threatens Passport Security

Not that we need reminding, but a report recently released by the Government Accountability Office on the security of passports and border crossing cards illustrates, yet again, that most security vulnerabilities are not caused by something lacking in the technology. Rather, it's an organization's business processes, such as a lack of training, that pose the gravest threats.

In its report "Border Security: Security of New Passports and Visas Enhanced, but More Needs to Be Done to Prevent Their Fraudulent Use," GAO concludes that the State Department "has added technical features and security techniques to the design and production of [electronic passports, introduced in 2005, and advanced visas, introduced in 2002] that make it much harder to counterfeit or alter new generations of passports and visas."

The threat, GAO reports, comes from government employees. For example, State Department passport acceptance agents, employees who accept the documents needed to apply for a passport or visa, have committed serious errors, such as:

important information missing from documentation, such as evidence of birth certificates and parents’ affidavits concerning permission for children to travel, as well as photos that were not properly attached to the application. One passport specialist also cited a case where the photo submitted with the application did not match the identity of the applicant. In another example, another passport official told us of a case where an acceptance facility had accepted a passport application for an individual without the person being present and, therefore, did not verify the applicant’s identity. In addition, managers at two passport offices said their offices often see the same mistakes multiple times from the same acceptance facility. These problems are of particular concern given the persistent attempts to fraudulently obtain legitimate passports using stolen identity documents.

Lack of training for Customs and Border Patrol (CBP) officers on the new high-tech travel documents also threatens security, GAO reports.

While CBP requires officers to complete courses that include segments in fraudulent document detection relating to passports and visas, CBP officials stated there is currently no program in place to ensure officers receive such training continually. Some senior officers at some of the ports we visited stated they had not been retrained on the security features of passports and visas and fraudulent document detection since basic training.

CBP officials say there just isn't any time to train officers because the ports of entry are understaffed.

As any security expert will tell you, strong security programs include managing the people, processes and technology. The saying "two out of three ain't bad" doesn't cut it for security.