Does the State Dept. Ignore Security?

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

For the second time in four months, a State Department employee has pleaded guilty to accessing the personal information of citizens in the department’s passport records without proper authorization.

According to the Department of Justice, Dwayne F. Cross, 41, of Upper Marlboro, Md., pleaded guilty before Judge John M. Facciola in U.S. District Court for the District of Columbia to one count of unauthorized computer access.

Cross admitted that he logged on to the State Department’s Passport Information Electronic Records System (PIERS) database and viewed the passport applications of more than 150 celebrities, politicians, members of the media between January 2002 and August 2007. He did so because he was curious. He is scheduled to be sentenced on March 23.

The case comes about four months after State Department intelligence analyst Lawrence C. Yontz pleaded guilty to unlawfully accessing hundreds of confidential passport files.

And last March, the department admitted that the private passport files of all
three presidential candidates had been inappropriately accessed.

More prosecutions may be on the way. “Cross is the second former State Department employee to plead guilty in this continuing investigation,” the DoJ said in its statement. DoJ spokesperson Laura Sweeney declined to comment.

Cross admitted to having access to official State Department computer databases when he served as an administrative assistant in the Bureau of Consular Affairs, Overseas Citizens Services, Children’s Issues at the State Department from August 2001 through February 2008.

Warnings ignored

State Department officials said at a press
briefing in March 2008 that anyone accessing PIERS sees a warning on the computer screen saying the system’s records are protected and access to them is on a need to know basis.

But that warning does not seem to be effective, if the frequency of incidents involving unauthorized access is any indication.

Management indifference is partly responsible for incidents like this, Scott Christie, a partner at law firm McCarter & English and a former federal prosecutor, told InternetNews.com.

“Unless and until there are public embarrassments like this that happen, management will not deem appropriate security measures a high enough priority.”

The lack of proper management showed up during an audit looking at access to PIERS in July, the State Department’s Office of the Inspector General (OIG).

“OIG found many control weaknesses – including a general lack of policies, procedures, guidance, and training – relating to the prevention and detection of unauthorized access to passport and applicant information and the subsequent response and disciplinary processes when a potential unauthorized access is substantiated,” the OIG report on the audit said.

This article was first published on InternetNews.com.