Passport Files of Presidential Hopefuls Snooped

CNN is reporting on the widening brouhaha that began when Barack Obama's passport file was accessed illegally on three occasions beginning in January. Now it seems that John McCain's file was also snooped; and that last year Hillary Clinton's file suffered the same fate. Ars Technica nails the real importance of these breaches, saying that the Presidential hopefuls are "...currently providing the country with a very public lesson in why the 'privacy advocates' who oppose initiatives like Real ID and the executive branch's domestic surveillance programs should really be called 'democracy advocates.' In short..., the entire incident shows exactly why citizens' privacy is critical in a country where citizens compete with one another for control of the government."

Slashdot. Your source for 3 day old news

This was news a few days ago, and there are sites a lot better than AT that can cover this type of thing.

Time to increase the penalties for this

Government has unprecedented data gathering and search capabilities, and is seeking increases in those capabilities. These capabilities are hard to prevent; even if Real ID and similar programs get turned back increased capabilities are the inevitable result of easy to create networks, increasing computer performance and data storage capacity.

Along with that should go greatly increased penalties for the abuse of these capabilities. Firing a contractor seems hardly sufficient. Anyone performing this sort of act should serve significant jail time, financial penalties, and so on. If repeat offenses occur the company for whom the contractor works should be banned from future government related contracts.

What I want to know..

.. is how terrible Hilary's passport photograph is.

Looking at the wrong records get you caught

According to the article, if they hadn't looked at famous people's records, they wouldn't have gotten caught. In other words it's common for these contractors to look at various people's passport records, only these few were stupid enough to choose to snoop after famous people besides their usual routine of checking on their neighbors, unfaithful spouses, the girl they're stalking, etc.

Re:Looking at the wrong records get you caught

I hope that that statue of limitations in in effect now, but in case it isn't I'll fuzz a few of the facts. A few years back, I was working for a state office that had a disaster recovery aggreement with the department that handles driver's licenses. So, I was alone in their computer room, and there was a terminal logged into the driver's license database. I did a search of my name, and sure enough there were my records. Then I did searches of several other people, including the governor. At the time, the records included your SSN, but this was before anyone had heard of identity theft so I didn't think anything of it. I didn't take any notes of anything I saw, and cleared the screen before anyone got back. I don't think any investigation was done; at least no one contacted me wanting to know why my records might have been the first ones searched.

The biggest issue is being completely missed!

At the beginning of the week, Stanley, the outsourcing services providing who employed the contractors responsible for the snooping, was awarded a $600 million five year contract to continue providing services for the State Department.

Am I the only one who finds it a bit convenient that word of the snooping wasn't released until two days after the contract was awarded, over two months after the first snooping against Obama occurred? You'd almost think they had some friends in high places who made sure it didn't become public, since that's the kind of revelation that could have put a big roadblock on their contract award.

I wonder what those involved in suppressing the information will be receiving from Stanley? A cushy job or consulting contract? Campaign contributions for high ranking State Department staffers who might be thinking about a run for Congress in 2010 should the republicans lose the White House?

Democracy advocates?

OK, one last time, democracy and freedom have no inherent connection to one another. What you want is a liberal, accountable government which would make you a "liberty advocate," not a "democracy advocate."

I could care less about the "state of democracy" in America. What I want is the state of the Constitution, something that often is sacrificed by public approval.

Outrageous and Unfair

How dare they NOT snoop Ron Paul's passport records? He's still running for president, you know. http://ronpaul2008.com/ [ronpaul2008.com]

OK, so you don't care about privacy...

The single most elementary premise upon which a free society is based is that the state has absolutely no right to interfere in any way whatsoever with a citizen who is going about his legal business. None. Any infringement on this standard is the beginning of the end, because it places the welfare of the state above the welfare of the people who are supposed to be its masters.

Yes, sometimes terrorists and common criminals will take advantage of this freedom to inflict damage. That's part of the price you pay. If you aren't willing to pay, or even have your children pay, then pack up and move to Communist China. You and your children will be safe there, as long as you keep your mouths shut.

I can go on for ages with reasons why people who are supposed to be your servants, like politicians, cops and bureaucrats, are always so anxious to persuade you that just a little tiny surrender will save the children and kittens and puppies. It won't, and they'll want more. And more. And more.

And never forget that this one of those cases where mutual accommodation is possible in only one direction. If I impose rigorous privacy laws, I can agree that you don't value privacy and leave you to whatever lifestyle pleases you. You aren't affected in any way, because you can still give as much information as you want to anybody you want to have it. On the other hand, when you impose your anti-privacy laws, there's no room for me to be left alone with my choice.

The real lesson here is...

I do not want some bloated, mis-managed, government agency to have all of my medical records, employment records, or business records. If anybody thinks some sub-contracted flunky at a keyboard will be happy snooping through the passport records of his fellow citizens after their medical records become available as part of some similarly unsecured, poorly engineered, unsupervised federal bureaucracy, you're kidding yourself. This stuff is rapidly spinning out of control and the only way to put the brakes on it is to head back toward what the country started with: a small, tightly focused federal government that keeps records on its citizens to the minimum degree practical.

This situation was bad enough when the idiots in government had our data. It gets worse now that government is outsourcing work to non-government people who will never be properly held to account; it opens the way for outside entities to gain access to the data by hiring people to do temporary data harvesting jobs, injecting those people into those outsourced government positions, then acting shocked and "firing" them when they get caught (with bonuses and options to be re-hired later by another division...) That may not be what happened here, but it will happen as the government gets more of our data and that data becomes more interesting/valuable to outsiders.

Your privacy, like your reputation, is not a physical thing; once you hand it over or damage it, you can never get it back.

Re:What's private about passport records?

The government folks are snooping goverment records all the time anyway. Just ask Hillary about the FBI and IRS records for political foes the last time she lived at the White House.

And that is why you don't want any MORE info in the hands of the feds than the minimum needed. In my opinion the guvmint should be required to send you a letter every time it looks up your personal information. This would sure open some people's eyes I bet.

Re:What's private about passport records?

In my opinion the guvmint should be required to send you a letter every time it looks up your personal information. This would sure open some people's eyes I bet.

If that's your goal, then push for it to cover private contractors working on a government contract.

Otherwise the FBI, DHS, et. al. could just contract out and never provide any notification, since the government agency in question never accessed a citizens personal information (but their contractor did).

Well...

In a twist, it turns out at least one search was performed by a contractor paid by an Obama advisor. It also appears that the records were accessed multiple times, not just the once (with quick reaction) initially stated. Now, I personally think that passport information is personal information and that personal information deserves a very high level of protection. I totally agree with the EU and the UK on that, although I think both have been too willing to compromise on principles in order to get anywhere with the US where there is no meaningful privacy at all.

(I find it sad that in America, private property is often guarded with deadly force, but private property is replaceable, whereas privacy has no protection at all and privacy can never be replaced. Once privacy is lost, it is lost forever.)

You're short some information.

All three people who accessed the information were employees of contractors. Some were fired immediately by the contractor before the State Department learned about it. The others the State Department specifically asked that they NOT be fired so they had some leverage to get them to cooperate with the ensuing investigation. (If they were fired, they wouldn't have to do anything unless actually subpoenaed.) Apparently if the state department had not intervened, the contractor would have fired them already. (The exception being the trainee who looked up Hillary instead of a family member during the training exercise - that was (probably properly) viewed as a training error and that employee just had the error explained.)

Regardless, while this is private information, it's not exactly SENSITIVE private information. There's really nothing in these files that isn't a matter of public record (when you applied, where you lived when you applied, name, birthdate) or isn't going to be terribly interesting for any political reason (SS#).

It's pretty safe to assume these breaches were merely the result of idle curiosity, as there's really no other reason to even bother looking at these files with such uninteresting information. That would also explain the fairly wide access thousands of people have to these files.

And to the GP:

Yes, an Obama campaign supporter (donated $2,300) runs one of the contractors whose employees looked at the files. But a Clinton campaing supporter (donated $1,000) runs the other one. Pretty much a wash, unless you're McCain.

Re:What's private about passport records?

What's private about passport records? Passport records contain your name, your address, your social security number, your place of birth, and a photo of you. With a sufficiently-large selection of data from the passport records, you could find someone who looked similar to you and could genuinely steal their identity in a long-lasting fashion.

What galls me is that, apparently, the database has a flag that can be set for "famous people", which causes a supervisor alert whenever the file is accessed. Where is the special alert for the rest of us? We're the ones whose data could be abused to wreak havoc on our lives and finances.

You are soooo right!

What galls me is that, apparently, the database has a flag that can be set for "famous people", which causes a supervisor alert whenever the file is accessed. Where is the special alert for the rest of us? We're the ones whose data could be abused to wreak havoc on our lives and finances.

Oh God Yes!!! I agree so much with that statement.

I don't know about you, but there's no way in hell I could walk into a bank and say that I'm Barak Obama; regardless of the documentation I have (I'm short and all white.) Or Hillary for that matter - I'm male. But, I could walk in with any one of other hundreds of thousands of identities and wreak havoc. My banker told me that she gets at least one person a week trying to steal someone's identity. Hence the endless questions when opening an account. It's also for the (non) PATRIOT Act bullshit - but that's another topic.

Re:What's private about passport records?

I was following news coverage of passport records on Friday, and apparently they contain WAY more data than your passport, ID, and travel records. Criminal records, details about your interactions with other countries, attempts to change citizenship, etc.

Re:What's private about passport records?

And how does passport records (assuming it is just entry & exit times) relate to Real ID in any fashion?

The issue is not the records, it's who has access to them, and what they do with that access.

You certainly don't have access, but somebody with an axe to grind might. Nixon had his Enemies List. The TSA has the No-Fly List. According to Newsweek, 1.3 million Americans have their bank accounts under the same sort of "special scrutiny" that noticed Eliot Spitzer moving a few thousand dollars around. (Less than the $10,000 banks are required to report.) The bank account monitoring came about due to PATRIOT, by the way.

The government folks are snooping goverment records all the time anyway

Actually that's not as true as you might think, but regardless, it's irrelevant. As this case demonstrates, now the contractor folks are snooping government records too.

My guess is, as more and more data gets collected, we simply won't have privacy any more. The only fix I see is to simply stop collecting (and storing, and making more available, and organizing so intelligently) so much data.

In the Spitzer case, I don't see how his downfall benefits New York. Why are we collecting all this data about people? Whatever good comes of it (if any, can somebody think of any good that's come of it) seems to be completely outweighed by the bad.

Perhaps I'm okay with collecting the data, but it should be abstracted away from the person's identity. You should probably need to convince a judge to issue a search warrant on the basis that User_ID 136137134 is showing a pattern of suspicious activity.

As I recall this is more or less why we have a FISA court in the first place. To prevent exactly the sorts of abuses of surveillance that Nixon, Hoover, et. al. were so fond of.

Re:What's private about passport records?

Real ID is an attempt to eliminate the cartoon-drawing Driver's Licenses that some states hand out.

If that was all that realid did, it would simply have to mandate minimum standards for drivers licenses -- and if that was all it did, I doubt that California would mind joining in on it.

What Realid also does, is force states to combine all of their records together where the federal government can access them, and allows the federal government to join that data with private and government data for whatever purpose it wants.

All of that data in one place is a really big prize for somebody wanting to mess with somebody's life -- especially when you consider that DHS has consistently failed security audits for it's computer networks.

Re:What's private about passport records?

Don't ask why or apply logic, just accept the fact that we got a blow in for whatever we are supposed to support this week.

What are we supporting this week?
Stronger privacy protections? Less intrusive government?
My, what an awful political tool /. has become.

Anyways, the connection is merely someone's loose opinion.

Step 1. Government creates database
Step 2. Databse gets abused
Step 3. Reforms are 'enacted'
Step 4. Go back to step 2

The only reason this case of abuse was noticed is because high profile people have a tripwire attached to their records to alert a supervisor whenever those records are accessed. The people who pass laws have built in special privacy protections for themselves and anyone with money, fame, or notability. You think it would be front page news if a contractor was probing through the passport records of sumdumass (711423)?

If you can't see the relationship between a contractors snooping through a Passport database and the potential for contractors snooping through a Real ID database... you must be willfully blind.

In Soviet Slashdot, groupthink posts you!

Don't ask why or apply logic, just accept the fact that we got a blow in for whatever we are supposed to support this week.

Christ. This comes up often enough it deserves its own saying. Let's make it this: In Soviet Slashdot, groupthink posts you!

No, seriously, this just keeps coming up and it's retarded. Slashdot readers are anything but a representative sample of American (or any) society. Of course we don't reflect it, let alone the full range of the political (left-right) spectrum.

When the editors post a good story, we get between two and five hundred posts discussing how and why this is alarming, what the possible implications may be, etc. Once moderation is applied we end up with a very high signal to noise ratio. Dissenting views are pretty much always modded up, except when they're trolls or flamebait (and even then, people often take the time to read them and reply). Other sources are often quoted or linked to, and those posts get modded up too. In other words, we get a good, interesting (possibly insightful, or informative, sometimes even funny) discussion.

When the editors post something stupid, we get between two and five hundred posts pointing out the error and ripping on the editor that put it on the front page. Occasionally, a thread or two spawns discussing some tangentially related subject that ends up being interesting on its own merrits.

As far as I'm concerned, the system is working as intended. Seriously, who would you rather discuss politics with? The Digg crowd? The people that leave comments on Youtube? Seriously, answer that question and go there. Then come back and tell us what you find.

Haven't you noticed slashdot becoming more of a political "tool" then a place to discuss news for nerds.

No. Most of us are capable of independent thought. That's why we're all here, sharing our thoughts and adding the insights of others to our own. At the very least we're sharpening our ideas by arguing against those we disagree with.

The fact that we often agree in large numbers speaks more to the fact that we're a self-selected group than anything else. The fact that the editors pander to us says more about their lust for precious ad revenue than their political views. Not all herds are made of sheep. And even if they were, kdawson (it's him everyone bitches about, right? I honesty don't pay attention to the editors' names) sucks at playing sheep-dog.

Re:I guess you could spin this into anything

That's awesome, let me try one.

Bribes to congressman should be legal; they're going to take bribes anyway, so if they're illegal it will accomplish making congress look bad, which in turn diminishes the integrity of the government and country which is bad for us all.

Except bribing congress is pretty much legal already, and I'd imagine they came up with a better excuse than that for why :/

Re:I guess you could spin this into anything

One would like to hope that this incident might mean that all 3 candidates now fully understand the importance of protecting everyone's privacy, and will ensure that its kept sacrosanct.

Yes, I don't think that will happen either.

Re:I guess you could spin this into anything

The UK have solved this problem. All MP's (elected officials) get an extra digit added to their tax number (social security number) [telegraph.co.uk]. Consequently, they are not allowed to use online services.

Re:I guess you could spin this into anything

"I wonder what the Ars Technica/privacy zealots who oppose RealID protection will say when the next hijacked airliner is crashed into a building."

I'm sorry, "RealID protection" I fail to see how having an ID is protection at all. The topic of course is about peoples private information being looked at. We currently don't know if it was given to anyone or what purpose the access was done. But I suspect that the passport information contains things like passport number and SSN and other identifying information. Well identity theft is a serious costly issue to all of us, now isn't it. I would imagine that the information in the passport file would contain some lovely information that could be used for identity theft. That of course would be rather dumb for the celebrities this article is about, but it seems that only some of the more important names were flagged for the type of alert that caused this to be exposed. Who knows how many others have had their information comprimised, illegally I might add.

Now lets all get a database of information on everyone. That will solve the problem, require everyone to have an ID that they will be required to carry, that solves the problem doesn't it. Wait a minute what was the problem, identity theft? If someone has a fake ID that looks good, well then they are that person, if they have the background information like the ssn, address, and those little numbers on the back of the card, well then they are that person. Substituting an external tag for a person, substituting a copyable, forgable, piece of identification for a living breathing person, does not solve a problem, it only says we trust and ID more than we do a person, we trust our information database more than a living breathing citizen. If someone wanted to blow up a building, they can forge the documents, and pictures and the building will be history. Better to find out why anyone would want to blow up a building and see to it that the reasons don't exist. In the case of 911, it was our presence in the Middle East that Bin Laden was pissed about. That presence cost us the trade towers. We (the country leaders) of course wanted to be there and had no fear, because we are the super power, so there, bring it on.