http://www.washingtontimes.com/apps/pbcs.dll/article?AID=/20080320/NATION/541139809/1001 By Bill Gertz The Washington Times March 20, 2008 Two State Department employees were fired recently and a third disciplined for improperly accessing electronic personal data on Democratic presidential candidate Sen. Barack Obama, Bush administration officials said today. The officials, all contract workers, used their authorized computer network access to look up files within the department's consular affairs section, which processes and stores passport information, and read Mr. Obama's passport application and other records, in violation of department privacy rules, State Department spokesman Sean McCormack said. Secretary of State Condoleezza Rice was notified of the security breach today, and responded by saying security measures used to monitor records of high-profile Americans worked properly in detecting the breaches. Mr. McCormack said the officials did not appear to be seeking information on behalf of any political candidate or party. "As far as we can tell, in each of the three cases, it was imprudent curiosity," Mr. McCormack told The Washington Times. A similar data breach took place in 1992 when State Department officials looked up data on presidential candidate Bill Clinton, in an attempt to find out information from the late 1960s, amid unfounded political campaign rumors that Mr. Clinton had sought to renounce his citizenship to dodge the draft during the Vietnam War while a Rhodes Scholar at Oxford. That incident triggered a three-year investigation by a special prosecutor, who found that no laws were violated but officials exercised poor judgment. The 1992 search of Mr. Clinton's passport records was part of an effort to speed up Freedom of Information Act requests. The Obama campaign denounced the accessing as "an outrageous breach of security and privacy, even from an Administration that has shown little regard for either over the last eight years." Spokesman Bill Burton said "our governments duty is to protect the private information of the American people, not use it for political purposes. This is a serious matter that merits a complete investigation, and we demand to know who looked at Senator Obamas passport file, for what purpose, and why it took so long for them to reveal this security breach." One administration official said the FBI is conducting a preliminary inquiry into the officials involved in the unauthorized access incidents related to Mr. Obama, Illinois Democrat. An FBI spokesman could not be reached for comment. Government records of political candidates are tightly restricted because of concerns they could be used against candidates or the data could be altered as part of campaign dirty tricks. In this case, it does not appear that records were copied or altered, Mr. McCormack said. Passport application data includes such details as date and place of birth, e-mail address, mailing address, Social Security number, former names and travel plans. Mr. Obama was born in Honolulu in 1961 to a Kenyan father and American mother. He lived in Jakarta, Indonesia, from age six to 10. Computer-monitoring equipment detected the activities by the three employees on Jan. 9, Feb. 21 and March 14, triggering alarms in each case, Mr. McCormack said. Mr. McCormack said the officials accessed Mr. Obama's records "without a need to do so." "In each case, we immediately contacted our contractors, their employer, and two were fired and one was disciplined," he said. "We have strict rules restricting access to passport records," Mr. McCormack said. Each time an employee logs on to the passport-records network, they are informed that the records are protected by the Privacy Act and are "available only on a need-to-know basis," he said. But no technical bar prevents a person, once he is in the system, from gaining access to Privacy Act-protected records to which he has no "need-to-know" rights. But the network has an electronic monitoring system that is tripped when an employee accesses a record of a prominent person, like Mr. Obama. The alarm then triggers an inquiry into the incident, and "when the answer is not satisfactory, a supervisor is notified." Such records can be accessed when it is part of an official inquiry, but in the case of Mr. Obama, it was not, Mr. McCormack said. Asked whether a political candidate or party is behind the incidents, Mr. McCormack said: "None at this point in time that we have determined." Mr. McCormack declined to provide the names of the employees or the contract, but he said they were hired by the contractor involved in producing, processing and approving passports. "This is supposed to be a transaction between an individual and the government, and this is private information that we take a lot of steps to protect, and we take that responsibility seriously, not only for high profile individuals but for everybody," he said. Mr. McCormack said the incidents took place at consular affairs facilities in the Washington area. Copyright 2007 The Washington Times, LLC. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Fri Mar 21 2008 - 00:18:56 PST