Significant Vulnerabilities in the Passport Issuance Process
GAO-09-681T: Published: May 5, 2009. Publicly Released: May 5, 2009.
This testimony highlights the results of our March 2009 report on undercover investigative tests, which confirmed the continued existence of significant fraud vulnerabilities in this process. We also provided a letter to you in April 2009, describing our recent work on passport fraud and summarizing actions the Department of State (State) has taken to address the prior weaknesses related to fraud vulnerabilities we identified. We have found that these vulnerabilities stem from people, process, and technology. For example, the lack of training and resources provided to people contributes to vulnerabilities in the detection of fraudulent applications and counterfeit documents. The limitations in the access to inter-agency information contribute to vulnerabilities related to processes. Finally, the lack of databases and information-sharing technologies contribute to vulnerabilities in the verification of passport applicants' records. A U.S. passport not only allows an individual to travel freely in and out of the United States, but also can be used to obtain further identification documents, prove U.S. citizenship, and set up bank accounts, among other things. Because passports issued under a false identity help enable individuals to conceal their movements and activities, there is great concern that passport fraud could facilitate acts of terrorism. Further, passport fraud facilitates other crimes such as illegal immigration, money laundering, drug trafficking, tax evasion, and alien smuggling. Malicious individuals may seek to exploit vulnerabilities in State's current passport issuance process, such as a lack of due diligence on the part of examiners who screen applications, by using counterfeit or fraudulently obtained documents as proof of identity and U.S. citizenship to obtain genuine U.S. passports.
In March 2009 we reported on the results of our investigation into the vulnerabilities of State's passport issuance process. Specifically, we reported our undercover investigator was easily able to obtain four genuine U.S. passports using counterfeit or fraudulently obtained documents. For this investigation, we designed four test scenarios that would simulate the actions of a malicious individual who had access to another person's identity information (a practice commonly known as identity theft). We then attempted to obtain four genuine U.S. passports by using counterfeit or fraudulently obtained documents, such as birth certificates and drivers' licenses, and the Social Security Numbers (SSN) of fictitious or deceased individuals. In the most egregious case, our investigator obtained a U.S. passport using counterfeit documents and the SSN of a man who died in 1965. In another case, our undercover investigator obtained a U.S. passport using counterfeit documents and the genuine SSN of a fictitious 5-year-old child--even though his counterfeit documents and application indicated he was 53 years old. The results of our investigation confirmed that State continues to struggle with reducing fraud risks we have previously identified at both the application point and the adjudication point. In 2005, we reported weaknesses in State's information sharing with federal and state agencies. For example, we reported that State did not receive information on U.S. citizens listed in the federal government's consolidated terrorist watch list and State does not routinely obtain the names of other individuals wanted by both federal and state law enforcement authorities. We also found that the information that State received from the Social Security Administration (SSA) was limited and did not include access to SSA's death records, although State officials said they were exploring the possibility of obtaining these records in the future. A little over 2 years later, in July 2007, we reported that many previously identified problems in the oversight of the acceptance facilities persisted and noted that State lacked a formal oversight program for its acceptance facilities to ensure effective controls are established and monitored regularly. We concluded more needed to be done because of the critical role acceptance agents play in establishing the identity of passport applicants, which is critical to preventing the issuance of genuine passports to criminals or terrorists as a result of receipt of a fraudulent application.