1 October 2003
United States General Accounting Office
Testimony Before the Committee on Homeland Security
For Release on Delivery Expected at 1:00 p.m. EDT Wednesday, October 1, 2003
Statement of Ronald D. Malfi Director, Office of Special Investigations
Robert J. Cramer Managing Director, Office of Special Investigations
Mr. Chairman and Members of the Committee:
Thank you for the opportunity to testify today about how homeland security is vulnerable to identity fraud. Today, counterfeit identification is easily produced and used to create fraudulent identities. Tests we have performed over the past 3 years demonstrate that counterfeit identification documents can be used to
enter the United States,
gain access to government buildings and other facilities,
obtain genuine identification for both fictitious and stolen identities, and
obtain social security numbers for fictitious identities.
In conducting these tests, we created fictitious identities and counterfeit identification documents, such as drivers licenses, birth certificates, and social security cards. We did this using inexpensive computer software and hardware that are readily available to any purchaser.
Our work shows how security vulnerabilities can be exploited. From July, 2002, through May, 2003, we counterfeited state drivers licenses and birth certificates, with fictitious names and used them to enter the United States from Western Hemisphere countries, including Jamaica, Barbados, Mexico, and Canada. Bureau of Immigration and Customs Enforcement staff never questioned the authenticity of the counterfeit documents, and our investigators encountered no difficulty entering the country using them.1
1 U.S. General Accounting Office, Counterfeit Documents Used to Enter the United States from Certain Western Hemisphere Countries Not Detected, GAO-03-713T (Washington, D.C.: May 13, 2003).
Second, counterfeit drivers licenses can be used to purchase firearms. Between October, 2000, and February, 2001, used counterfeit drivers licenses with fictitious identifiers to purchase firearms from license dealers in five statesVirginia, West Virginia, Montana, New Mexico, and Arizona. When we purchased the firearms, the majority of the firearms dealers we dealt with complied with laws governing such purchases, including instant background checks required by federal law.2 However, an instant background check only discloses whether the prospective purchaser is a person whose possession of a firearm would be unlawful. Consequently, if the prospective purchaser is using a fictitious identity, as we did, an instant background check is not effective.3
2 18 U.S.C. § 922(t).
3 U.S. General Accounting Office, Firearms: Purchased from Federal Firearm Licensees Using Bogus Identification, GAO-01-427T (Washington, D.C.: March 19, 2001).
Third, counterfeit identification can be used to gain access to federal buildings and other facilities. In March, 2002, we breached the security of four federal office buildings in the Atlanta area using counterfeit law enforcement credentials to obtain genuine building passes, which we then counterfeited. We were also able to obtain building passes that authorized us to carry firearms in the buildings. As a result, several investigators, including one carrying a briefcase suitable for carrying firearms, bypassed the magnetometers and x-ray machines using the counterfeited building passes. They then were able to move freely throughout the buildings during day and evening hours.4 In April and May, 2000, we similarly gained access to numerous federal buildings in Washington, D.C., that contained the offices of cabinet secretaries or agency heads.5
4 U.S. General Accounting Office, Security Breaches at Federal Buildings in Atlanta, Georgia, GAO-02-668T (Washington, D.C.: Apr. 30, 2002).
5 U.S. General Accounting Office, Security: Breaches at Federal Agencies and Airports, GAO/T-OSI-00-10 (Washington, D.C.: May 25, 2000).
Finally, we easily obtained Social Security Numbers (SSN) for fictitious names. We used counterfeit identification documents to obtain valid SSNs from the Social Security Administration (SSA) for two fictitious infants. In addition, we visited two states and obtained authentic but fraudulent drivers licenses using the names, SSNs, and dates of birth of individuals listed on SSAs publicly available Master Death file. The Master Death file contains the names, SSNs, and dates of birth of deceased individuals. The motor vehicle departments in two of the states we visited are among those that rely solely on visual verification of identification documents and do not compare the information on license applications with SSAs Master Death file.6
6 U.S. General Accounting Office, Social Security Numbers: Ensuring the Integrity of the SSN, GAO-03-941T (Washington, D.C.: July 10, 2003).
Our work leads us to three basic conclusions: (1) government officials and others generally did not recognize that the documents we presented were counterfeit; (2) many government officials were not alert to the possibility of identity fraud and some failed to follow security procedures and (3) identity verification procedures are inadequate. While some of the problems revealed in our tests have been addressed by the responsible agencies, much remains to be done. A drivers license is the most commonly accepted document used for identifications. The weaknesses we found during this investigation clearly show that border inspectors, motor vehicle departments, and firearms dealers need to have the means to verify the identity and authenticity of the drivers licenses that are presented to them. In addition, government officials who review identification need additional training in recognizing counterfeit documents. Further, these officials also need to be more vigilant when searching for identification fraud.
Mr. Chairman, this completes my statement. I would be happy to respond to any questions you or other members of the committee may have.