Drew Zahn is a WND news editor who cut his journalist teeth as a member of the award-winning staff of Leadership, Christianity Today's professional journal for church leaders. A former pastor, he is the editor of seven books, including Movie-Based Illustrations for Preaching & Teaching, which sparked his ongoing love affair with film and his weekly WND column, "Popcorn and a (world)view."More ↓Less ↑
Barack Obama’s purported, computer-generated COLB
When it comes to birth certificates, just because it’s official, doesn’t mean its real.
A WND investigation has revealed that over the past three decades, changes to how the 50 states process vital documents have opened wide new avenues for nefarious parties to alter records and thus acquire fraudulent, but official birth certificates to falsely pass as U.S. citizens.
Thanks to the states’ nearly exclusive reliance on digitalized vital records, a foreign terrorist, for example, wishing to obtain a U.S. passport for unhindered travel in and out of the country could – with the right computer knowledge or coercion of the right state employee – walk into a county courthouse and within minutes, pick up a genuine, but completely fraudulent American birth certificate for his passport application … and no one would be the wiser.
“It’s entirely possible that these [vital records] systems could be altered by someone who wishes to do so,” says Professor Eugene H. Spafford, executive director of the Center for Education and Research in Information Assurance and Security.
Spafford, the 2009 recipient of a Computing Research Association award “for his long and effective leadership on issues of computer security and policy” has worked with the FBI, departments of Justice and Energy, the U.S. Air Force and a number of private companies to identify cybersecurity threats. He has testified before Congress and been consulted by U.S. presidents for his expertise in the field.
Spafford told WND that the push to digitalize vital records and rely on computers to print out official documents – like Barack Obama’s presented Certification of Live Birth, or COLB – has created the opportunity for fraud and deception to slip through the cracks.
“Many state systems – and federal systems for that matter – that keep records [electronically] generally have weaker controls than what should be in place,” Spafford said. “And with tight budgets, the amount of time spent keeping them up-to-date, auditing the log records and following up on exceptions tends to be one of the things that’s neglected.”
A long history of fraud and alteration
The federal government has already admitted that the states’ systems of vital records have been routinely breached in the past.
In 1976, the Justice Department advisory committee pointed out that false identification was a serious national problem, prompting the U.S. Public Health Service to revise its Model State Vital Statistics Act in 1977, in part to strengthen efforts to reduce rampant birth certificate fraud.
But nearly a decade later, a task force sponsored by the national citizens’ association Laws at Work concluded: “In some jurisdictions, birth certificates are easily counterfeited, obtained through imposture or created from stolen legitimate blank forms.”
Then, in 1986, the Inspector General Office of Analysis and Inspection followed up with its own study on birth certificates and found, “They are definitely being used for fraudulent purposes. We may be seeing the tip of the iceberg.”
The findings, coupled with advances in computer technology, led to sweeping changes across the country in the two decades since.
WND contacted each of the 50 states and the nation’s capital to learn what they’ve done to protect America’s vital records.
Beginning with California in 1978, and with progressively more and more states through the 1980s to today, the U.S. began moving away from paper files to computerized databases as the primary storage for birth certificates.
One by one, and pushed by changes in privacy laws, states also began eliminating the issuance of the “old” form of birth certificates – with birth weight and babies’ footprints and other identifying details – and producing instead simplified birth certificates, printed off a computer, with a minimum of information.
These new short forms, sometimes called “abstracts” or “certifications of live birth,” are now the standard issue in nearly all 50 states, with Kansas and Mississippi among the few exceptions. Most states still issue a long-form certificate upon request, but in some states, such as New Hampshire, Colorado, Arkansas, Utah and Vermont, the long-form certificates, which might include details such as the doctor’s signature or hospital of birth, are no longer available for babies born after a certain date.
The individual states told WND the digitalization effort was for a variety of reasons, including, “It’s more efficient than photocopies,” “It’s quicker and more economical,” and the frequent assertion, “The new technology is more secure than the old paper system.”
But as Spafford told WND, new technology comes with new security issues.
“Any form of technology – paper included – has benefits and risks that need to be considered,” Spafford said. “We have to make sure the system adequately considers the risks and builds in the necessary safeguards, so that we don’t introduce new problems that effectively counterbalance or overwhelm the benefits.”
But how vulnerable is the new technology?
How fraud can happen
Eugene H. Spafford
“There are several notable cases where other kinds of records were compromised and downloaded,” Spafford told WND. “Records from the Veterans Administration have been compromised on several occasions. Medical records from the agency that handles military medical data were compromised a few years ago. These kinds of things do tend to happen.”
Spafford explained that there are two primary ways computerized records can be altered or faked. The first is if someone in a vital records office itself has access to the database and can be persuaded to commit fraud:
“There are cases where insiders, those with legitimate access, have been caught in other areas looking at records, possibly changing them,” Spafford said. “There was someone in Washington, D.C., who was with the property tax office and who was altering property tax records, creating phantom properties and payments and stealing money from the District government, many millions.
“These are examples where the security of the databases wasn’t as good as it should be,” he continued, “and one could argue that they were caught eventually, but we don’t know about the ones who haven’t been caught, and we don’t know in some of these cases if what they said they accessed was all they actually accessed.”
Spafford concluded, “These concerns have been thought about by some parties in constructing these databases, but whether or not they’ve built all the necessary controls or safeguards in place, especially for insiders with access who can be bribed or threatened … it’s worrisome.”
The second way records could be altered or falsely generated is through the nimble fingers of a hacker.
“If the systems are on the network and they don’t have the appropriate controls,” Spafford said, “it could be done remotely.”
Spafford proposed several ways records could be protected from hackers, including storing a hard copy of one state’s records in another state for accountability, or most importantly, keeping vital records off the network altogether, reserved for in-department use only.
WND’s investigation into how states enter and share their vital records information, however, showed the system is far from adopting Spafford’s recommendations, and is, in fact, leaving wide avenues open for electronic mischief.
The first electronic link a hacker could exploit (or an inside person could infiltrate), WND discovered, isn’t even in the state or county courthouse, but in any of the state’s hospitals. Most states now allow hospital staffers to enter new birth certificates directly into the system when a baby is born.
And while some states, such as Illinois, do not issue birth certificates until a state staffer has verified the paper record against the entered computer record, not all states adhere to such security standards.
When WND spoke to the vital records office in North Dakota, for example, a staffer admitted there is no double check of the hospital’s entry at the state level and, “Occasionally errors do happen.”
Still other states, such as Michigan, still require the primary database entry to be done by a county vital records staffer, but the weakness in all these cases is that the records are linked electronically and therefore create potential entry points for a hacker.
A June 2007 report by Dr. Daniel Friedman of Population and Public Health Information Services reported on the dramatic increase of vital records now being sent and accessed on information networks.
Friedman reports that in a 1990 survey of 25 states, only 7 electronically transmitted their records, with only 17 percent of the total records on the network. But by 1995, that number had jumped to 57 percent, and by 2000, 24 of the 25 states surveyed were on the network, with 96 percent of their birth certificates being electronically transmitted.
Furthermore, the National Association for Public Health Statistics and Information Systems is in the process of connecting as many states as possible to a nationwide Electronic Verification of Vital Events network that enables a central system in Washington, D.C., to query the states’ vital records networks for federal purposes. Currently 18 states are online with EVVE, with four more and New York City in process of implementing it.
And yet, once the records are in the system, WND’s investigation discovered, in many cases there is almost no accountability check to ensure the electronic database is correct. If a county staffer punches the keyboard and the screen says the record is valid, the applicant is automatically issued a COLB.
Arizona and Colorado, for example, are among those states now offering same-day service for applicants, who can walk into a county office, ask for an official copy of their COLB and walk out with it within the hour.
WND asked staffers in both states, “Would someone have to check for a paper record on file somewhere? Verify anything more than what the computer database says?”
Staffers from both states answered, “No. It’s all computerized.”
But who would do such a thing?
There are several different groups of people who would have motivation to hack or exploit the system with the purpose of altering records. WND reported, for example, on an immigration scheme from 2004, when the FBI nabbed Jean Anderson, the former deputy registrar of the Hudson County, N.J., Office of Vital Statistics, for taking money to falsify county records.
According to a Department of Justice news release, Anderson was paid to insert phony birth records for illegal aliens into the files at her county office. The immigrants, in turn, approached county window clerks and requested copies of their birth certificates, after which the clerks looked to the files and, upon seeing the records Anderson had inserted, issued fraudulent birth certificates unknowingly.
Spafford added two potential perpetrators: “One group would be those who for reasons of political espionage or religious idealism wish to make attacks against the country and might wish to establish alternate identities.
“The second area is organized crime,” he said. “Some groups are very well funded, particularly the narcotics cartels. If they can establish new identities or takeover someone’s identity who is clean criminally, they may get less suspicion when transporting things across the border.”
Could Obama’s records have been ‘fixed?’
WND has been on the forefront of investigating claims that Barack Obama may not be a “natural born citizen,” as the Constitution requires, and thus ineligible to serve as president of the United States.
Multiple lawsuits have been filed alleging Obama was born in Africa, rather than Hawaii, as Obama insists, and others have been filed claiming that Obama’s birth status as a dual citizen because of his father’s British citizenship precludes the sitting president from being “a natural born citizen.”
In response to the lawsuits, Obama’s campaign and administration have posted online images of a document purported to be the president’s COLB from the state of Hawaii.
The computer-generated document, however, apparently printed after 2000, is exactly the kind of document WND’s investigation has shown could have been produced from a database that had been fraudulently altered.
WND contacted the state of Hawaii to ask how its files are electronically managed, but a state official refused to answer even basic information requests and instead responded to emails by quoting articles from a website that routinely mocks and condemns WND’s coverage.
WND then turned to Spafford to ask if Obama’s COLB may have been compromised, but he dismissed the idea:
“His election was confirmed by Congress, and federal courts have rejected attempts to have the election invalidated, so … I think the question is moot at this point,” he said.
He added, “There seems to be investigators who have scanned a copy of a long-form birth certificate with an official seal from the state of Hawaii, and the U.S. government accepts that.”
On the contrary, the scanned copy is merely a COLB. Obama’s long-form birth certificate remains among the many documents Obama has not disclosed to the public, a list that also includes his Columbia thesis, his kindergarten records, Punahou school records, Occidental College records, Columbia University records, Harvard Law School records, Harvard Law Review articles, scholarly articles from the University of Chicago, passport, medical records, files from his years as an Illinois state senator, his Illinois State Bar Association records and any baptism records and his adoption records.
“Where’s The Birth Certificate?” billboard at the Mandalay Bay resort on the Las Vegas Strip
The only people who have claimed to have seen Obama’s long-form birth certificate are Hawaiian officials, a fact Spafford also pointed out before issuing a warning that – regardless of the Obama scandal – the nation needs to ensure its vital records are not as susceptible as they are now.
“The Republican governor of Hawaii, in my recollection, has certified that the long form is on file,” Spafford told WND, “and so although I wouldn’t use that particular instance as an argument, I would say that if this is going to be a concern, then we should look at the system. Even apart from this individual case, if people aren’t willing to trust the system, then we should go back and look at why we’re using it.
“We are going to have a problem with this technology unless we take greater care to provide proof,” he concluded. “Twenty years from now, when everything is electronic, if this comes up again, then what are we going to do? The time is now to think about those issues and settle them, rather than 20 years from now.”
Note: Members of the media wishing to interview Drew Zahn, please contact us.