U.S. contract workers involved in Obama passport breach

Private contract employees working at the U.S. Department of State have repeatedly accessed U.S. Senator Barack Obama’s passport records over the past three months — a breach flagged by the State Department’s in-house computer system but subsequently downplayed by the supervisors of the offices in which the breaches occurred.

Two of those workers have since been fired by their employers, the Obama campaign is seeking answers as to how it happened, and a broader investigation is in the works.

The actions of these three separate workers, employees of two different contractors, were described by State Department spokesman Sean McCormack as “imprudent curiosity.” But he said that is only an “initial finding” and said the department’s inspector general has been asked to investigate. The details came out in a late night, hastily called press conference.

McCormack said the department “is not being dismissive of any other possibility,” meaning that it hasn’t closed the door to motives other than simple curiosity.

None of the people or employers have been identified. A third contractor was disciplined, but hasn’t been fired for viewing the records and is reputed to still be contracted for State Department work.

The breaches happened on Jan. 9, Feb. 12 and March 14, but senior State Department officials weren’t aware of them until a reporter sent an e-mail query to the department’s press office on Thursday.

In explaining what happened, the department also provided details about how its security monitoring system works to protect record privacy. But it’s a system that identifies breaches after the fact.

The state department has “strict policies and controls” to passport records, said McCormack. Employees and contractors are trained on the use of the system, and each time an employee logs on to the system “he or she acknowledges that the records are protected by the Privacy Act and they are only available on a need to know basis.”

“In each of these three cases the system that was set up to detect any authorized access of these kinds of records worked — these unauthorized accesses were detected by the state department and immediately acted on,” said McCormack.

Undersecretary Pat Kennedy said some records have “what computer people call flags — we put flags on certain records that trigger a report to a supervisor that the record has been accessed,” he said.

Not all 18 million passport records have flags, said Kennedy. The department’s Bureau of Counsel Affairs determines what records to flag, he said.

For those records that aren’t flagged, Kennedy described a system — part of an IT upgrade several years ago — that appears to have business intelligence capability. As Kennedy explained it, there are “other patterns of activities” that are used to determine whether a record has been accessed inappropriately.

Related content:

Passport Online breach adds to privacy chief’s audit list

Security feature: Getting defensive

Privacy experts push for breach law

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now