The State Department is under fire for the revelation that employees or contractors for the agency were snooping through the passport records of three presidential candidates, Barack Obama, Hillary Clinton and John McCain, at different points over the last year. But at the same time agency workers were breaching the files of those high-profile individuals, it turns out that the Bush Administration was in the process of greatly expanding the number of agencies and foreign governments that have routine access to that same database. Called Passport Records, the sensitive computer system includes all documents, photographs and information attached to passport applications and renewals.
Under new guidelines printed in the federal registry on January 9, the same day Obama's records were first breached, the Bureau of Consular Affairs allows the Department of Homeland Security, the Department of Justice, the Federal Bureau of Investigation, the National Counter-Terrorism Center, "foreign governments, and entities such as Interpol" to link into the same system. The expanded access is designed, according to the notice signed by recently retired head of the Bureau of Consular Affairs Maura Harty, to be used "for counter-terrorism and other purposes such as border security and fraud prevention." The changes went into effect on February 25, after a 40-day review period. The State Department has yet to respond to TIME's requests for comment on the changes.
The expanded access does not appear to be related to the breaches of the candidates' records. But privacy experts are concerned nonetheless, because the move is part of a trend in which more and more of citizens' personal information is being put at the fingertips of a growing number of government employees. Hundreds of such expansions are happening across the government every year, says Jim Harper, director of information policy studies at the Cato Institute. "Federal databases are knitting themselves together into larger databases," says Harper; "we have to worry about the privacy consequences and personal security consequences for average Americans." Administration officials routinely justify linking databases as a key part of rooting out terrorists.
What kind of personal information do these Passport Records actually contain? Contrary to what you might expect, the system doesn't have information about your entries into the U.S. (That's in a separate system run by Immigration and Customs Enforcement, the agency that actually swipes your passport when you come into the country.) The State Department's records do, however, hold every application for a passport and copies of any supporting documents like birth or marriage certificates. That application has your address, Social Security number, phone number, the name and number of your emergency contact and your photograph. The records also have information on any attempts to change the status of your citizenship, which is what employees in the elder Bush Administration were suspected of looking for in Bill Clinton's records in 1992. A search by name or passport number can also dredge up other items that have been attached to the file, such as court orders, arrest warrants, financial reports and even medical reports, according to the public State Department records.
Senior managers at the State Department are rightly embarrassed they weren't notified about the high-profile breaches before a reporter's inquiry. Yet the fact that the software did send a warning to supervisors is considered a step in the right direction. Famous people are flagged in the system, and whenever their records are accessed, a notice pops up on a supervisor's screen. It is then up to the supervisor to determine whether the records were accessed for a proper reason. In the case of Obama's records, the supervisor found the breach to be improper and took action against three employees. However, according to the State Department spokesman, that action was never relayed to senior management.
"The good news here," says Harper of the Obama breach, "is that they were tracking access to data. That's an important practice." That kind of system wasn't in place when a 1997 investigation found that thousands of Internal Revenue Service employees, overcome by their own "imprudent curiosity," had rifled through the tax returns of celebrities, friends and neighbors. A court of appeals ultimately threw out the conviction of an IRS employee in that case because, though he had peeked at the information, he had not shared it with anyone else. We don't know yet if the individuals who engaged in the candidates' browsing passed the information on to someone else. But changes at the State Department have certainly made it easier to access those records, not harder.