GAO Report unveils significant vulnerabilities in the Department of State’s Passport Issuance Process

The United States Government Accountability Office (GAO) conducted an investigation from May 2008 through March 2009 which showed that terrorists or criminals could steal an American citizen’s identity, use basic counterfeiting skills to create fraudulent documentation for that identity, and obtain a genuine U.S. passport from the Department of State (DOS). The GAO conducted their investigation by using “basic counterfeiting skills.”

The same GAO investigator was able to easily obtain four passports issued by the DOS under four different names. The first passport was applied for in a United States Postal Service (USPS) office in Virginia in July of 2008. The investigator used a counterfeit West Virginia driver’s license, and a counterfeit New York birth certificate, along with the passport application form. The first passport was issued 8 days after the application was submitted for review. The GAO investigator applied for the second passport in August of 2008 at the State’s regional Washington, D.C. passport issuing office. The GAO investigator used a genuine District of Columbia (DC) identification card obtained with fraudulent documentation, and a counterfeit New York birth certificate, along with the passport application form. Surprisingly enough, the passport was issued to the investigator that same day. In October of 2008, the investigator applied for another passport in a USPS office located in Maryland. The investigator submitted a counterfeit West Virginia driver’s license, and a counterfeit New York birth certificate. The submitted passport application contained the Social Security Number (SSN) of a fictitious 5-year-old child, which was obtained from a prior investigation. Once again, another passport was issued to the investigator based on the documentation submitted only 7 days later. The final passport issued as a result of this investigation was in December 2008 from a USPS office in Maryland. The investigator submitted a counterfeit Florida driver’s license, and a counterfeit New York birth certificate. The passport form contained the SSN of a deceased individual. And again, the passport was thereafter issued only 4 days after the documentation was submitted for review.

After the investigation, the GAO briefed DOS officials on the results. DOS officials admitted that the findings expose a major vulnerability in DOS’s passport issuance process. According to DOS officials, the department’s ability to verify information submitted by passport applicants is hampered by limitations to its information sharing and data access with other agencies at the federal and state levels. This is the same problem that was identified after the tragic events that took place on September 11, 2001, eight. Additionally, they said that they do not currently have the ability to conduct real-time verification of the authenticity of birth certificates presented by passport applicants, and to make matters worse, there are other difficulties with verifying the authenticity of drivers’ licenses.

The DOS officials stated that to improve the current passport fraud detection capabilities, they would need greater cooperation and support from other agencies at both the federal and state levels, and the ability to access other agencies’ records in real time.

After the GAO briefed the DOS regarding their investigation, the four fraudulently obtained U.S. passports were identified and revoked. The DOS indicated that it would study the matter further to determine what steps would be appropriate to improve passport issuance procedures.