By Spencer S. Hsu
Washington Post Staff Writer
Friday, August 3, 2007
The U.S. government's main border control system is plagued by computer security weaknesses, increasing the risk of computer attacks, data thefts, and manipulation of millions of identity records including passport, visa and Social Security numbers and the world's largest fingerprint database, officials said.
U.S. officials have called the US-VISIT system a cornerstone of the nation's efforts to stop terrorists at the borders and stanch the flow of illegal immigrants. It automates the collection of fingerprints and digital photographs, and links border control officers to FBI, border enforcement, immigration and State Department watch lists and databases.
Congress has allocated $1.7 billion for the system since 2002. But in a congressional report to be released today and obtained by The Washington Post, Homeland Security officials said that many vulnerabilities exist throughout the network and the computer stations used at 400 airports, seaports and land crossings. These vulnerabilities could, in turn, spread the risk of cyber-attacks or data losses to some of the government's most sensitive security databases, the officials said.
"Weaknesses existed in all control areas and computing device types reviewed," the Government Accountability Office reported. It called on DHS to "immediately address" problems to avert potentially crippling disruptions or the misidentification of drug smugglers, terrorists and felons trying to enter the country.
"These weaknesses collectively increase the risk that unauthorized individuals could read, copy, delete, add, and modify sensitive information," investigators said.
In a statement, Joseph I. Lieberman (I-Conn.), chairman of the Senate Homeland Security Committee, said the computer vulnerabilities may make Americans less secure, not more. "DHS is spending $1.7 billion of taxpayer money on a program to detect potential terrorists crossing our borders," he said, "yet it isn't taking the most basic precautions to keep them from hacking into and changing or deleting sensitive information."
The report raises the latest red flag over the Bush administration's efforts to secure the borders, already heavily criticized by Congress and conservative critics. It also adds to a growing list of warnings about the vulnerability of key government computer networks.
In May, the Transportation Security Administration reported the loss of a hard drive loaded with personal payroll information on 100,000 workers, including federal air marshals. A computer virus halted processing of international travelers at U.S. airports for several hours in August 2005. And a computer failure in December knocked out for two hours the national computer network used at all 400 customs sites.
U.S. authorities expressed concern over a dramatic increase in computer attacks and warned that they could become more destructive as hackers grow more sophisticated, pointing to a rise in incidents aimed at Pentagon information systems.
US-VISIT Director Robert A. Mocny acknowledged concerns but said that security fixes are underway and that the report raised many hypothetical problems and overstated others, because few outsiders can gain access to the system's computers.
"There have been no attacks on the US-VISIT system," Mocny said. Still, he conceded increased risks as sensitive databases are added. "When you connect more systems, which [DHS] wants to do, you do have the risk of the 'weakest link,' " he said.
US-VISIT has compiled digital facial images and fingerprints of 90 million individuals and is used to vet 54 million border crossings each year. But Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the government has not taken adequate steps to safeguard the privacy of millions of people whose citizenship, immigration, law enforcement and national security records are used in the customs checks.
Staff researcher Madonna Lebling contributed to this report.