http://www.washingtontimes.com/apps/pbcs.dll/article?AID=/20080326/NATION/840186493/1001 By Bill Gertz The Washington Times March 26, 2008 The United States has outsourced the manufacturing of its electronic passports to overseas companies including one in Thailand that was victimized by Chinese espionage raising concerns that cost savings are being put ahead of national security, an investigation by The Washington Times has found. The Government Printing Office's decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times. The profits have raised questions both inside the agency and in Congress because the law that created GPO as the federal government's official printer explicitly requires the agency to break even by charging only enough to recover its costs. Lawmakers said they were alarmed by The Times' findings and plan to investigate why U.S. companies weren't used to produce the state-of-the-art passports, one of the crown jewels of American border security. "I am not only troubled that there may be serious security concerns with the new passport production system, but also that GPO officials may have been profiting from producing them," said Rep. John D. Dingell, the Michigan Democrat who chairs the House Energy and Commerce Committee. Officials at GPO, the Homeland Security Department and the State Department played down such concerns, saying they are confident that regular audits and other protections already in place will keep terrorists and foreign spies from stealing or copying the sensitive components to make fake passports. "Aside from the fact that we have fully vetted and qualified vendors, we also note that the materials are moved via a secure transportation means, including armored vehicles," GPO spokesman Gary Somerset said. But GPO Inspector General J. Anthony Ogden, the agency's internal watchdog, doesn't share that confidence. He warned in an internal Oct. 12 report that there are "significant deficiencies with the manufacturing of blank passports, security of components, and the internal controls for the process." The inspector general's report said GPO claimed it could not improve its security because of "monetary constraints." But the inspector general recently told congressional investigators he was unaware that the agency had booked tens of millions of dollars in profits through passport sales that could have been used to improve security, congressional aides told The Times. Decision to outsource GPO is an agency little-known to most Americans, created by Congress almost two centuries ago as a virtual monopoly to print nearly all of the government's documents, from federal agency reports to the president's massive budget books that outline every penny of annual federal spending. Since 1926, it also has been charged with the job of printing the passports used by Americans to enter and leave the country. When the government moved a few years ago to a new electronic passport designed to foil counterfeiting, GPO led the work of contracting with vendors to install the technology. Each new e-passport contains a small computer chip inside the back cover that contains the passport number along with the photo and other personal data of the holder. The data is secured and is transmitted through a tiny wire antenna when it is scanned electronically at border entry points and compared to the actual traveler carrying it. According to interviews and documents, GPO managers rejected limiting the contracts to U.S.-made computer chip makers and instead sought suppliers from several countries, including Israel, Germany and the Netherlands. Mr. Somerset, the GPO spokesman, said foreign suppliers were picked because "no domestic company produced those parts" when the e-passport production began a few years ago. After the computer chips are inserted into the back cover of the passports in Europe, the blank covers are shipped to a factory in Ayutthaya, Thailand, north of Bangkok, to be fitted with a wire Radio Frequency Identification, or RFID, antenna. The blank passports eventually are transported to Washington for final binding, according to the documents and interviews. The stop in Thailand raises its own security concerns. The Southeast Asian country has battled social instability and terror threats. Anti-government groups backed by Islamists, including al Qaeda, have carried out attacks in southern Thailand and the Thai military took over in a coup in September 2006. The Netherlands-based company that assembles the U.S. e-passport covers in Thailand, Smartrac Technology Ltd., warned in its latest annual report that, in a worst-case scenario, social unrest in Thailand could lead to a halt in production. Smartrac divulged in an October 2007 court filing in The Hague that China had stolen its patented technology for e-passport chips, raising additional questions about the security of America's e-passports. Transport concerns A 2005 document obtained by The Times states that GPO was using unsecure FedEx courier services to send blank passports to State Department offices until security concerns were raised and forced GPO to use an armored car company. Even then, the agency proposed using a foreign armored car vendor before State Department diplomatic security officials objected. Concerns that GPO has been lax in addressing security threats contrast with the very real danger that the new e-passports could be compromised and sold on the black market for use by terrorists or other foreign enemies, experts said. "The most dangerous passports, and the ones we have to be most concerned about, are stolen blank passports," said Ronald K. Noble, secretary general of Interpol, the Lyon, France-based international police organization. "They are the most dangerous because they are the most difficult to detect." Mr. Noble said no counterfeit e-passports have been found yet, but the potential is "a great weakness and an area that world governments are not paying enough attention to." Lukas Grunwald, a computer security expert, said U.S. e-passports, like their European counterparts, are vulnerable to copying and that their shipment overseas during production increases the risks. "You need a blank passport and a chip and once you do that, you can do anything, you can make a fake passport, you can change the data," he said. Separately, Rep. Robert A. Brady, chairman of the Joint Committee on Printing, has expressed "serious reservations" about GPO's plan to use contract security guards to protect GPO facilities. In a Dec. 12 letter, Mr. Brady, a Pennsylvania Democrat, stated that GPO's plan for conducting a security review of the printing office was ignored and he ordered GPO to undertake an outside review. Questionable profits GPO's accounting adds another layer of concern. The State Department is now charging Americans $100 or more for new e-passports produced by the GPO, depending on how quickly they are needed. That's up from a cost of around just $60 in 1998. Internal agency documents obtained by The Times show each blank passport costs GPO an average of just $7.97 to manufacture and that GPO then charges the State Department about $14.80 for each, a margin of more than 85 percent, the documents show. The accounting allowed GPO to make gross profits of more than $90 million from Oct. 1, 2006, through Sept. 30, 2007, on the production of e-passports. The four subsequent months produced an additional $54 million in gross profits. The agency set aside more than $40 million of those profits to help build a secure backup passport production facility in the South, still leaving a net profit of about $100 million in the last 16 months. GPO was initially authorized by Congress to make extra profits in order to fund a $41 million backup production facility at a rate of $1.84 per passport. The large surplus, however, went far beyond the targeted funding. The large profits raised concerns within GPO because the law traditionally has mandated that the agency only charge enough to recoup its actual costs. According to internal documents and interviews, GPO's financial officers and even its outside accounting firm began to inquire about the legality of the e-passport profits. To cut off the debate, GPO's outgoing legal counsel signed a one-paragraph memo last fall declaring the agency was in compliance with the law prohibiting profits, but offering no legal authority to back up the conclusion. The large profits accelerated, according to the officials, after the opinion issued Oct. 12, 2007, by then-GPO General Counsel Gregory A. Brower. Mr. Brower, currently U.S. Attorney in Nevada, could not be reached and his spokeswoman had no immediate comment. Fred Antoun, a lawyer who specializes in GPO funding issues, said the agency was set up by Congress to operate basically on a break-even financial basis. "The whole concept of GPO is eat what you kill," Mr. Antoun said. "For the average taxpayer, for them to make large profits is kind of reprehensible." Likewise, a 1990 report by Congress' General Accounting Office stated that "by law, GPO must charge actual costs to customers," meaning it can't mark up products for a profit. Like the security concerns, GPO officials brush aside questions about the profits. Agency officials declined a request from The Times to provide an exact accounting of its e-passport costs and revenues, saying only it would not be accurate to claim it has earned the large profits indicated by the documents showing the difference between the manufacturing costs and the State Department fees. Questioned about its own annual report showing a $90 million-plus profit on e-passports in fiscal year 2007 alone, the GPO spokesman Mr. Somerset would only say that he thinks the agency is in legal compliance and that "GPO is not overcharging the State Department." Mr. Somerset said 66 different budget line items are used to price new passports and "we periodically review our pricing structure with the State Department." Public Printer Robert Tapella, the GPO's top executive, faced similar questions during a House subcommittee hearing on March 6. Mr. Tapella told lawmakers that increased demand for passports especially from Americans who now need them to cross into Mexico and Canada produced "accelerated revenue recognition," and "not necessarily excess profits." GPO plans to produce 28 million blank passports this year up from about 9 million five years ago. A State Department consular affairs spokesman, Steve Royster referred questions to GPO on e-passports costs. Congress to weigh in GPO's explanations have not satisfied lawmakers, who are poised to dig deeper. Mr. Dingell, the House Commerce chairman, said The Times' findings are "extremely serious to both the integrity of the e-passport program and to U.S. national security" and he has asked an investigative subcommittee chaired by Rep. Bart Stupak, Michigan Democrat, to begin an investigation. "Our initial inquiry suggests that more needs to be done to understand whether the supply chain is secure and fully capable of protecting the manufacturing of this critical document," Mr. Dingell told The Times. Mr. Stupak said that considering the personal information contained on e-passports, "it is essential that the entire production chain be secure and free from potential tampering." He added: "The GPO needs to make every effort to ensure that future passport components are made in America under the tightest security possible." Michelle Van Cleave, a former National Counterintelligence Executive, said outsourcing passport work and components creates new security vulnerabilities, not just for passports. "Protecting the acquisition stream is a serious concern in many sensitive areas of government activity, but the process for assessing the risk to national security is at best loose and in some cases missing altogether," she told The Times. "A U.S. passport has the full faith and credit of the U.S. government behind the citizenship and identity of the bearer," she said. "What foreign intelligence service or international terrorist group wouldn't like to be able to masquerade as U.S. citizens? It would be a profound liability for U.S. intelligence and law enforcement if we lost confidence in the integrity of our passports." All site contents copyright 2007 The Washington Times, LLC. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Mar 25 2008 - 22:06:16 PST