Closing the door on passport fraud requires a multi-pronged, comprehensive approach.  There is no “magic bullet” or any single change in policy, practice or technology that will by itself end the vulnerabilities in the passport issuance process once and for all.  There are solutions to the problem that can and should be implemented now, including changes in passport specialist job performance elements, changes in work culture, additional staffing and resources, better connections to other agency’s databases, and improvements in the tools, training, and technology available to passport specialists.  But what is also needed is constant vigilance and a change in the process used to develop passport fraud prevention and adjudication systems.  Specifically, the input and voice of the passport specialists – the employees who are on the front lines and who actually do the job of passport adjudication and fraud detection – needs to be included in the process. 

Background on Passport Vulnerabilities and Union Efforts

Between July and December 2008, the Government Accountability Office (GAO) applied for and successfully obtained four U.S. passports, out of four attempts, using fraudulent methods in order to test vulnerabilities in the passport issuance process, as reported in the GAO’s March 16, 2009 report #09-447 titled, “Undercover Tests Reveal Significant Vulnerabilities in State’s Passport Issuance Process.”  A State Department spokeswoman told the Washington Post that the test “certainly opened our eyes” to problems in the passport issuance process.  From NFFE’s perspective, the GAO’s tests did not reveal anything – they confirmed what we have been saying for years. 

For over a decade NFFE has been advocating for changes that would enhance the integrity of the passport issuance process.  This is the top concern of the employees we represent in PPT.  These employees do the actual work of passport adjudication and fraud detection.  They are proud of their efforts at maintaining the integrity of the process, but know firsthand that, unfortunately, it can be all too easy for a criminal to fraudulently obtain a passport.  The results of the GAO’s test were not at all surprising to this union or the employees that we represent. 

Criminals and terrorists attempt to commit passport fraud for a variety of reasons and through a variety of means.  It serves no purpose to commit passport fraud as an end unto itself.  Those committing passport fraud often do so either to flee from a past crime or to facilitate an ongoing or planned crime.  They commit passport fraud through a number of means, including submitting counterfeit citizenship or identification documents, by posing as a “look-alike,” or by using genuine documents (e.g., obtaining someone’s genuine birth certificate, and then fraudulently applying for identification and then a passport in that identity). 

Some fugitives have attempted to obtain a passport in their own true identities, without committing fraud in the passport application process, in order to flee from their crimes.  The Consular Lookout and Support System (CLASS) is designed to prevent this from happening.  The GAO examined vulnerabilities in the passport issuance process, including CLASS, in 2004 and 2005, which led to their report # 05-477 issued in June 2005 titled, “Improvements Needed to Strengthen U.S. Passport Fraud Detection Efforts.”  Among other things, the GAO found that 37 out of 67 fugitives’ names that they randomly tested were not included in the CLASS and, indeed, that one of the fugitive’s tested had actually successfully obtained a passport in his true identity despite having been wanted by the Federal Bureau of Investigation (FBI) for 17 months prior to the passport issuance.  The vulnerabilities discussed in that report were also the subject of the Senate Homeland Security and Governmental Affairs Committee’s (HSGAC) June 29, 2005 hearing titled, “Vulnerabilities in the U.S. Passport System can be Exploited by Criminals and Terrorists.”  Prior to that GAO report and HSGAC hearing, there were only 50,000 names of fugitives in the CLASS Namecheck system for passport applications.  As a result of the work leading up to the report and hearing, DOS was able to establish a connection to the FBI and Terror Screening Center (TSC), adding about 1,000,000 names and aliases of fugitives to the CLASS Namecheck system.  NFFE is proud of the fact that the whistle-blowing by our representatives directly led to the closing of this vulnerability. 

What passport specialists experience on the job is a focus on production and meeting quotas, with too little time to diligently adjudicate and prevent passport fraud.  Passport specialists receive too little training and have insufficient resources and tools at their disposal to catch fraudulent attempts to obtain passports.  The employees that NFFE represents, and the management officials that supervise and direct them, all care about the integrity of the process and desire to prevent every fraudulent attempt.  But these good intentions have not been enough.  There are systemic problems that have not been addressed, which create gaps that those committing passport fraud can exploit. 

NFFE made repeated good faith efforts to address concerns directly to PPT and DOS officials.  Those efforts were rebuffed and therefore we requested oversight assistance from Congress in 2004.  The GAO report and HSGAC hearing in 2005 were helpful and did advance the cause of preventing passport fraud, but not enough was done by DOS subsequent to that to truly close the door.  Since then, NFFE has continued to advocate for improvements through collective bargaining and other processes, but with only some success – and not enough to have helped prevent the GAO from successfully obtaining passports in their four test applications or, more importantly, not enough to stop hundreds of real criminals from fraudulently obtaining passports. 

We applaud Senator Dianne Feinstein and Senator Jon Kyl for requesting that the GAO conduct the test of the passport issuance process.  We applaud Senator Ben Cardin for holding this hearing to investigate the vulnerabilities and solutions. 

NFFE’s Analysis of the Vulnerabilities in the Passport Issuance Process

The vulnerabilities in the passport issuance process do include the problems with the Social Security Administration (SSA) database checks and counterfeit document detection discussed by the GAO in their March 16, 2009 report and their April 13, 2009 follow-up letter to Senator Kyl and Senator Feinstein, but the vulnerabilities run much deeper than that.  As the GAO reported in 2005, most fraud is committed by persons using genuine citizenship and identity documents that were fraudulently obtained.  While the problems identified by the GAO must be addressed, it is also important to keep in mind that they are just the tip of the iceberg. 

The vulnerabilities in the passport issuance process include the following:

• Too little focus on fraud prevention in the passport specialists’ performance elements, awards, and overall work culture
• Insufficient fraud detection training, information, and tools
• Insufficient permanent fraud prevention staffing
• Organizational and interagency information sharing roadblocks  
• Insufficient oversight and restrictions on the passport acceptance function
• Failing to adequately seek out and consider employee input, through their union, when making changes to systems, applications, processes, and procedures

Too Little Focus on Fraud Prevention in Job Elements, Awards, and Work Culture

With millions of passport applications submitted each year, and with many citizens often needing their passports on an urgent basis, processing passport applications in a timely manner is a goal shared by employees, the union, supervisors, and managers.  However, the focus on production should not come at the expense of making sure the job is done right.  After all, the passport fee is intended to pay for a rigorous adjudication process.  Yet, passport specialists repeatedly indicated to NFFE that there is too much focus on the quantity of the work at the expense of quality, and that the production quotas (24/hour for the GS-9 and GS-11 levels, for an average of 2.5 minutes per application) required them to rush through applications without enough scrutiny of the evidence and information.  In a February 2009 survey, 95% of specialists responding stated that it was necessary to lower the production quotas in order to improve fraud prevention efforts.  In a March 2007 petition, 85% of non-probationary specialists signed a statement stating that the “current numerical standards make our process too vulnerable to being exploited by frauds” and that “it is all too easy for someone to fraudulently obtain a passport….” In a January 2006 survey, 97% of specialists stated that the focus in adjudication is on the quantity of work instead of the quality, and 96% stated that the numerical standards do not provide enough time for diligent adjudication.  In a smaller July 2005 survey, 96% of specialists stated that the quotas did not give them enough time to catch passport fraud and 94% expressed concern that we would issue a passport to a terrorist or criminal.  The work culture focuses overwhelmingly on production and the job elements and performance awards system are skewed in that direction as well, with some troubling instances of disincentives to spend additional time examining evidence, or to refer them for additional investigatory steps.  Simply put, because of the production quotas, the passport specialists do not have enough time to consistently detect indicators of passport fraud. 

In the past, management at PPT has responded to this with the argument that almost every passport specialist meets the numerical quotas, so they must therefore be adequate.  Yet, those very same employees who are meeting the quotas have repeatedly rejected this circular reasoning, most explicitly in the March 2007 petition and in the July 2005 survey, in which 98% of employees stated that just because they work at the rate required by the quota does not mean that it gives them sufficient time to diligently adjudicate.  The quotas measure how fast the work is produced, not how well it is done.  The employees who approved the 4 GAO test applications – along with the employees who approved the over 100 applications from criminals using deceased identities referenced in that GAO’s March 2009 report – were virtually all meeting or exceeding the quota.  NFFE is hopeful that the welcome decision by Deputy Assistant Secretary Brenda Sprague to suspend the production quotas for 2009 signals a permanent new approach by management.   

Insufficient Fraud Prevention Training, Information, and Tools

In its 2005 report, the GAO recommended that DOS “[e]stablish and maintain a centralized and up-to-date electronic fraud prevention library that would enable passport agency personnel at different locations across the United States to efficiently access and share fraud prevention information and tools.”  PPT has complied with the recommendation to establish a centralized online library, but has not consistently maintained it.  For example, a counterfeit New York birth certificate was used in all 4 GAO test applications.  While New York is the third most populous state in the U.S., there was no exemplar of the genuine New York state birth certificate in the library upon which the counterfeit GAO certificate was modeled and against which it could have been compared. 

In its 2005 report, the GAO recommended that DOS “[e]stablish a core curriculum and ongoing fraud prevention training requirements for all passport examiners, and program adequate time for such training into the staffing and assignment processes at passport issuing offices.”  PPT has made great strides in its introductory training for beginner passport specialists, specifically the two-week long National Training Program (NTP) for new hires.  However, there are now areas where those who went through the NTP adjudicate differently than those who did not.  Also, there is still no established fraud prevention training curriculum for employees advancing through the GS-5/7/9/11 career ladder.  In addition, the amount of fraud prevention training varies from one office to another and is not consistently provided, especially when workload levels are high. 

PPT also relies too heavily on training constructed and taught by the DOS Foreign Service Institute.  The quality of the courses and the caliber of the instructors are both excellent, but the problem is that they are designed by and for those who adjudicate passport applications overseas (Foreign Service Officers) as opposed to focusing on domestic passport adjudication – despite the fact that approximately 95% of passport applications are submitted in the U.S. 

When a traveler goes through security at the airport, a Transportation Security Administration (TSA) employee scans the identification of the traveler, usually using an ultra violet light (black light) to help view the security features in order to verify its authenticity.  Over three years ago, NFFE requested that PPT provide black lights for all passport specialists.  For three of its four tests, the GAO used a counterfeit identification document.  UV lights would help prevent fraud by confirming whether a document is bona fide.  NFFE understands that PPT is obtaining these tools now. 

Implementing effective facial recognition technology would help to detect some forms of passport fraud, but to be truly effective that technology would have to be able to confirm that the person applying for a renewal is the same as the person pictured in a passport from years’ earlier and not a look-alike.  Facial recognition programs could possibly have detected the fact that the same GAO investigator applied for all four test applications. 

Insufficient Permanent Fraud Prevention Staffing

The number of permanent fraud prevention program staffing positions is critical to detecting fraud.  These personnel handle fraud referral casework from passport specialists and provide guidance and training.  NFFE argued unsuccessfully against the decision by PPT to cut permanent fraud staffing positions effective in January 2004.  The need for additional staffing was supported by the GAO, the DOS Office of Inspector General (OIG), and testimony provided at the 2005 HSGAC hearing. 

In its 2005 report, the GAO recommended that PPT “[c]onsider designating additional positions for fraud prevention coordination and training in some domestic passport-issuing offices.”  In addition, the OIG recommended in November 2004, “[t]he Bureau of Consular Affairs should reestablish assistant fraud prevention manager positions in all large passport agencies and centers and determine whether such positions are needed at smaller agencies.”  Despite these recommendations, the permanent fraud prevention staffing in the Passport Agencies and Centers has fallen both in gross numbers and even more so in relative numbers.  From 2002 to 2004, there were 28 permanent fraud staffing positions to provide guidance and training to 450 passport specialists adjudicating a little over 7 million passport applications each year.  In 2007-2009, there were only 26 permanent fraud staffing positions to go along with 1,300 passport specialists handling between 12 million and 18 millions passport applications.  This limits the guidance provided to specialists, hampers fraud casework processing, and contributes to the problem of insufficient training and information. 

Organizational and Interagency Information Sharing Roadblocks  

The most obvious vulnerability confirmed by the GAO’s test is the insufficient database check between PPT and SSA.  The PPT check against the SSA database was not done on a streaming basis.  The policy was to not wait for that check before issuance.  When the check was done, it was not a comprehensive check against all SSA information (including the death database). 

There are additional organizational impediments to closing the door on passport fraud.  For example, PPT is but one part of the Bureau of Consular Affairs (CA), even though PPT is nearly three times the size it was less than a decade ago.  The Foreign Affairs Manual (FAM) contains DOS policies. Volume 8 is now empty – it once held the passport policies promulgated by PPT, but now those policies are subsumed into the 7^th volume, with changes cleared through extra levels of bureaucracy.  The headquarters office in charge of leading the effort against passport fraud has transferred from PPT to CA to PPT and now back to CA again, and the office where it is now has a mixed mission of combating visa fraud and passport fraud.  The Forensic Document Laboratory (FDL), which provides expert analysis of citizenship and identity documents, was part of the old Immigration and Naturalization Service (INS), which is now part of the Department of Homeland Security (DHS).  At that time made sense, because INS employees were charged with examining thousands of varieties of citizenship documents (e.g., birth certificates from states, counties, and cities) for authenticity for travelers entering the U.S.  With the advent of the Western Hemisphere Travel Initiative (WHTI), just a small handful of documents will be accepted as proof of citizenship upon entry into the U.S. (e.g., the U.S. passport book, passport card, etc.).  PPT employees still view those thousands of varieties of citizenship documents while adjudicating passport applications, while the DHS employees at points of entry will look at less than a dozen. 

Another organizational problem is the question of where applications are adjudicated.  A decade ago, PPT relied on a regional system whereby applications, for example, from the eleven states in the northwest would be handled by the Seattle Passport Agency (that was the largest region) – effectively, employees would be responsible for and experts on applications and fraud indicators from that region.  DOS switched to a system of “megacenters” and workload transferred applications.  So, an application from one region could be processed by an agency or center outside of that region – effectively, employees would be responsible for, but not experts on, applications and fraud indicators from all 50 states.  The employees we represent are dedicated and hard working, but when one attempts to become a jack of all trades one often ends up as a master of none.  This policy of workload transfers helped boost PPT’s productivity but had a negative impact on fraud prevention rates, which NFFE documented anecdotally at first and then with hard statistics.  The GAO confirmed this problem in its 2005 report, and recommended that DOS “[a]ssess the extent to which and reasons why workload transfers from one domestic passport-issuing office to another were, in some cases, associated with fewer fraud referrals, and take any corrective action that may be necessary.” 

There are also some federal/state information sharing problems that impede fraud detection efforts.  The GAO submitted four counterfeit birth certificates with the test applications.  How can PPT verify their authenticity?  Only a state’s vital statistics office can do that and while most work with PPT, not all do.  Another concern is birth abstracts issued by California, which are no longer accepted by PPT because they show the place where the birth was filed as the place of birth: someone born overseas that registers the birth in California can receive an abstract showing birth in the U.S.  

When passport fraud is detected by PPT, it is referred to Diplomatic Security (DS) for investigation.  The DS agents do a great job of investigating passport fraud, but they have other missions, such as protecting foreign dignitaries visiting the U.S.  Also, they must rotate through their duty locations every two years, which hurts continuity.  When a passport fraud case is confirmed, it is not always prosecuted because federal prosecutors are understaffed and have to prioritize what cases to bring to trial.  Those convicted of passport fraud too often receive minimal sentences. 

Insufficient Oversight and Restrictions on the Passport Acceptance Function

The function of accepting and executing a passport application is critical – the employee performing this job is the first line of defense against passport fraud, and the only person who meets the applicant face-to-face.  NFFE believes this is an inherently governmental function, as the acceptance agent is determining and verifying the identity of the applicant.  This view was shared by DOS up until the workload crisis of 2007, when DOS contracted out this function.  The DOS then changed Volume 22, Chapter 51 of the Code of Federal Regulations to allow the use of contractors at DOS for this function, but without first providing notice in the Federal Register as required by the Administrative Procedures Act. 

The overwhelming majority of passport applications are submitted through passport acceptance facilities, which are government offices such as post offices, clerks of court, or other state, county, or municipal government entities.  The GAO submitted three of the four passport applications at acceptance facilities, which did not detect the counterfeit driver’s licenses that were presented to them.  Back in 2005, when there were about 7000 acceptance facilities, the GAO recommended that DOS “[s]trengthen fraud prevention training efforts and oversight of passport acceptance agents.”

The number of acceptance facilities has since grown to approximately 9500 (employing tens of thousands of acceptance agents).  We have heard that PPT is considering adding new auditing positions to increase oversight of the acceptance facilities, but four years after the GAO made its recommendation this has still not been realized.  During the workload crisis of 2007, numerous training trips to acceptance facilities were cancelled.  Some improvements have been made, including better quality control in certifying agents.  However, at some point the question has to be asked: are there too many acceptance facilities to properly oversee? 

NFFE has previously called for PPT to restrict or eliminate the use of “hand-carried” applications, which are applications executed at an acceptance facility and then transmitted to PPT by another person, often a private courier company that charges a fee to the applicant.  The applications are of concern because they exit the internal controls employed by PPT, and the security measures in place are not sufficient.  This vulnerability has been exploited by some fraudulent applicants. 

Failing to Adequately Seek Out and Consider Employee Input Through Their Union

Most of the senior managers at PPT have either never adjudicated a passport application or have not done so in many years.  The employees who do the job of adjudication are intimately familiar with the vulnerabilities in the passport issuance process.  They knew about a number of problems with CLASS, they knew about the problems caused by the policy of not waiting for the SSA match check to be completed, they knew about the insufficient training and information, and they knew about the lack of focus on quality.  NFFE has communicated all these concerns to PPT. 

Employee representatives have been included in some efforts by PPT management, including a reshuffling of performance elements in 2008, opportunities to comment on draft changes to the 7 FAM, and an ongoing effort to redesign the passport application form, all with positive effect.  On the other hand, the computer programs and displays used by passport specialists, the passport application, passport policies, and even the passport design itself have all been changed without “user” input, to their detriment.  There have been too many instances where the left hand of PPT doesn’t know what the right hand is doing, but the employees do, and addressing their concerns years ago would have caused some (and perhaps all) of the GAO test applications to have been caught.  More importantly, working with the employee representatives to address passport vulnerabilities would have prevented real passport fraud attempts from succeeding. 

How to Close the Door to Passport Fraud

In order to effectively close the door on passport fraud, NFFE believes the following steps are necessary:

1. Change the process: involve employee representatives in the process of crafting solutions to vulnerabilities, and making changes to applications, systems, and policies. This does not require a role reversal; management would still be management.  NFFE is seeking a seat at the table, not the seat at the head of the table. 
2. Change the performance elements to put more focus on quality work and fraud prevention.  This would help close the door on passport fraud by giving passport specialists the time they need to scrutinize applications and evidence for fraud indicators. 
1. Provide more time for adjudication by lowering production quotas
2. Lower them again as additional checks and tools are added and required
3. Eliminate senseless incentives to not refer applications to the fraud office
4. Eliminate higher rating levels for spending less time on each application
3. Change the work culture to recognize and reward quality work and fraud prevention.  This would help close the door on passport fraud by communicating to employees in very concrete terms that fraud prevention is a priority.  
1. Mandate minimum of 15% of awards dollars go to fraud prevention efforts
2. Mandate minimum of 15% of awards dollars go to other quality work efforts
4. Fully implement the GAO’s recommendations from June 2005 and the OIG’s recommendations from November 2004.  This would help close the door to passport fraud by improving training and information, and increasing permanent fraud staffing. 
1. Create a fraud detection training curriculum for the entire career ladder.  Do not postpone training during busy seasons.  Design training for domestic passport adjudication.  Work with other government agencies to conduct cross-training.  Analyze all applications issued in error and address those mistakes in training. 
2. Update the online fraud prevention library. 
3. Hire additional permanent fraud prevention staffing. 
4. Study the workload transfer issue and craft effective solutions. 
5. Establish connection with SSA so that all passport applicants’ names and SSN’s are checked against the database for a match and for death status. 
6. Establish better interagency communication between PPT and other government entities. 
7. Obtain UV lights (and replacement batteries), and provide training on how to use them.
8. Consider legislation to declare the passport acceptance function inherently governmental.  Bring 22 CFR 51.22(a)(4) into compliance with the APA by eliminating “and contractors.” 
9. Consideration should be given to making PPT its own bureau within DOS – and include the FDL within PPT – with control over training, policy (8 FAM), and fraud prevention. 
10. Consider hiring additional DS agents, and additional Assistant United States Attorneys.  Consider strengthening penalties for passport fraud. 

Conclusion

The vulnerabilities in the passport issuance process have been known for years.  The GAO reported on this issue in 2005.  The GAO is again reporting on this issue in 2009.  DOS and PPT should wait no longer.  Action needs to taken, by DOS or by Congress, to address these concerns now.  Implementing the steps outlined in this testimony will go a long ways toward closing the door on passport fraud.