FRAMINGHAM (10/02/2003) - Despite the government's recent efforts to integrate dozens of terrorist watch list databases, terrorists may still be slipping through major cracks in homeland defenses by stealing identities and using computers to create fraudulent travel documents, officials told Congress Wednesday.
Testifying before the House Select Committee on Homeland Security, Ronald D. Malfi, director of the General Accounting Office's Office of Special Investigations, said that during the past three years, his staff has successfully created fraudulent identities and documents on home computers that allowed officials to do everything from entering the U.S. from foreign countries to buying firearms and gaining unfettered access to government buildings.
"We created fictitious identities and counterfeit identification documents, such as driver's licenses, birth certificates, and Social Security cards ... using inexpensive computer software and hardware that are readily available to any purchaser," said Malfi. "In March 2002, we breached the security of four federal office buildings in the Atlanta area using counterfeit law enforcement credentials to obtain genuine building passes, which we then counterfeited."
"It's relatively easy for a terrorist to pose as someone else," said Rep. Robert Andrews (D-N.J.). "And the impact is that the integrated terrorist watch list and other databases that the (DHS) is sharing with other agencies is ineffective if we're not identifying (people)."
Delegate Eleanor Holmes Norton (D-District of Columbia), a self-proclaimed "card-carrying civil libertarian," said the nature of the vulnerabilities has led her and others to rethink the issue of national ID cards.
However, Keith Kiser, chairman of the American Association of Motor Vehicle Administrators, said a national ID card is not needed and would probably require additional IT infrastructure currently not in place. Instead, Kiser argued that the IT infrastructure used throughout state motor vehicle departments to verify identities and issue valid driver's licenses should be enhanced and standardized.
Rep. Peter DeFazio (D-Ore.) asked biting questions of experts from the Department of Homeland Security (DHS) and the FBI about why retail workers at many U.S. airports are allowed to enter secure areas of the airport without having to pass the same security screening checkpoints that pilots and passengers must go through. In addition, the only security precautions taken to ensure that those workers are who they say they are is a basic name and Social Security number check, often done using driver's licenses that may or may not have been obtained legally, said DeFazio.
"Today, several hundred thousand people, who we don't know if they are the person they said they are, will file into secure areas of airports in the U.S. without even walking through (security) and without putting what they are carrying on a (scanner)," said DeFazio.
"It's clearly a weakness in the system," said Stewart Verdery, assistant secretary for Border and Transportation Security Policy at the DHS. "But it's one of many caused by the weaknesses in the driver's license system."
Lawmakers and federal homeland security experts argued in favor of wider deployment of biometric technologies and standardization of driver's licenses throughout the country. Currently, 21 states don't require proof of legal residence to get a driver's license. In addition, there are 240 variations of driver's licenses used throughout the 50 states. California and New Mexico also issue valid driver's licenses to noncitizens, and Arizona is debating the issue.
"As long as the government is relying on paper documents, it is problematic," said John Pistole, assistant director of counterterrorism at the FBI. "That's where biometrics come in."
Vendery went on to outline plans by the DHS to eventually ensure that all foreign travel documents issued to foreign visitors from overseas include biometric identifiers. To the extreme dissatisfaction of many lawmakers, however, Vendery was unable to answer questions about DHS policy regarding screening procedures for employees of airport retail shops as well as the threat arising from the inability of border-crossing agents to verify the authenticity of driver's licenses. Such licenses remain one of the key identification documents used by most people -- including potential illegal aliens -- to enter the U.S. from Canada and Mexico.
"I think the states have failed to listen ... and have failed to learn the lessons of 9/11," said Joseph Carico, chief deputy attorney general for the commonwealth of Virginia.
"It is my assumption that biometric technologies have progressed to the point where at least in most cases it would solve the problem" now faced by the integrated terrorist watch list, said Andrews. He asked if anyone disagreed with the basic assumption that biometric technologies should be used in all driver's licenses and major travel documents, and only Kiser from the AMVA dissented.
"I don't disagree that a biometric identifier is a great place to be and we should be trying to get there," said Kiser. "But we (conducted) a two-year study of biometrics and our conclusion at this point is that although biometrics work great on a one-to-one match, it's awfully hard to find a technology that works on a one-to-300 million match, which is what we really need to (have) to have an effective biometric identifier."