United States Senator
July 10, 2008
Statement of Senator Patrick Leahy (D-Vt.),
Chairman, Senate Committee on the Judiciary,
Hearing on "Passport Files: Privacy Protection Needed For All Americans"
July 10, 2008
Today, the Committee holds an important hearing on the unauthorized access of Americans' passport files. Millions of Americans entrust their personal information to the State Department in order to obtain passports and other services, and our government has a duty to protect the private information of its citizens. But, sadly, the State Department has failed to honor this duty, leaving millions of ordinary Americans vulnerable to privacy violations, identity theft and other crimes.
Last week -- while Americans were celebrating Independence Day - the State Department's Acting Inspector General issued a report finding that State Department workers and contractors repeatedly accessed the passport files of entertainers, athletes and other high-profile Americans without proper authorization. This disturbing revelation of passport snooping comes after press reports in March that the passport files of three presidential candidates - Senators Obama, Clinton and McCain -- were improperly accessed by State Department contractors.
The Inspector General's findings raise serious concerns about possible violations of the Privacy Act and other Federal laws meant to protect Americans' privacy. According to the report, 85 percent of the passport records included in a sample of high-profile Americans had been searched at least once -- and many files were searched multiple times -- during a five and a half year period. In fact, one individual's passport records were searched 356 different times by 77 different users, according to the report.
More significantly, the Inspector General's report reveals that the records of millions of ordinary Americans are also vulnerable to privacy breaches. There are no checks in the system to even determine if the passport files of ordinary Americans are accessed. Although these passport files contain sensitive personal information, including name, date and place of birth, and Social Security numbers, the Inspector General's report found widespread control weaknesses at the State Department -- including a general lack of policies, procedures, guidance and training -- to prevent and detect the unauthorized access of Americans' passport files. According to the report, the Department's Passport Information Electronic Records System (PIERS) contains the passport records for approximately 127 million passport holders. As more Americans need a passport just to travel to visit family and friends in our neighboring countries, like Canada, due to the Western Hemisphere Travel Initiative, the number of passport files to protect grows.
The State Department could not readily identify the universe of government workers and contractors who have access to this information. The Inspector General estimates that this figure exceeds 20,000 government employees from various agencies and outside contractors. The tip of the iceberg in this report is the fact that passport information is shared with other agencies and we have no idea what procedures are followed to protect information once it leaves the State Department. The State Department Inspector General has referred this serious matter to the Justice Department, and I hope the Department's Criminal Division will investigate this thoroughly.
The lax data security at the State Department is not unique. A week does not go by without reports of personal data privacy breaches at government agencies and private businesses. Just recently, front page headlines have delivered news about the theft of sensitive medical information from the National Institutes of Health, and earlier reports of data breaches have involved virtually every department of our Federal Government. The Inspector General's report is just the latest example of why swift action is needed on the Leahy-Specter Personal Data Privacy and Security Act - a comprehensive privacy bill that would help to prevent data security breaches and provide further protections in the handling of American's private data by Federal agencies and government contractors. I hope that the Senate will promptly consider and pass this bill, so that we can help make a difference for all Americans.
Data privacy and security at our federal agencies is a serious and growing problem that Congress must address. To do so, we must not only understand what went wrong at the State Department, but also look forward to how best to prevent these kinds of privacy violations in the future. I am pleased that the Department's Acting Inspector General and Assistant Inspector General for Audits are here to share their findings. We also have a distinguished panel of privacy experts to address this issue. I thank all of our witnesses for coming and I look forward to a productive discussion.
# # # # #