Friday, March 21, 2008

Snooping in Passport Files

Read somewhere that smart op-ed writers polish up their piece independent of the news, then wait for some event to happen that they can piggyback on, tweaking the piece slightly. As I said, smart.

But I'm not that smart, so the flap over passport files leaves me wishing I was.

From what little I know and have watched, it seems that the cable channels are misstating the facts when they mention "flags"--the State Department system was set up to flag when the files of certain persons were accessed, but it wasn't smart enough to know whether the access was inappropriate. I'm glad we've advanced that far, but sorry we haven't taken another step--set up the system to email the passport holder when someone accesses it. (That's one of my hobbyhorses.)

As for the immediate flap, I'd guess the instances are cases of curiosity gone astray. And it surprises me not at all that the accesses weren't reported up the line. It's just not the way things work. When State put in the system that would show accesses, I bet no one did a trial run to establish how the flags would be handled. At best, the high muckety-mucks were told--hey, remember that flap over Clinton's files in 92, well now we've got a new improved automated system that will flag such accesses. And the HMM's said: "great job", and went on to something more seemingly important.


Anonymous said...

The agency I work for has a name and address record database with in excess of 9 million records.

It includes tax ID numbers or social security numbers and full mailing addresses.

This database obviously has some prominent people listed.

I have never tested whether we have "flags" or not when a record is accessed.

It is my understanding that even when you have "Secret" or "Top Secret" clearance, there is still a threshold of the "need to know".

Obviously these folks at State did not have the "need to know".

I also do not have the "need to know" the mailing address and social security number of "Insert name of prominent person here" but I don't know of any deterrent built into the system to stop me from looking.

Except for my retirement and common sense!

Bill Harshaw said...

Anonymous: I doubt the name and address system for FSA/USDA has any particular protections. It's not a "sexy" issue, not something the Administrator is going to call in people and give them deadlines to do. I expect there's still a gap between the program people who are interested in getting money to farmers and the IT types who are interested in software and databases.