The FBI Affidavit provides some very interesting information on what Democrats are now referring to as the 'Louisiana Watergate'. Conservative propagandist James O'Keefe and three accomplices were caught allegedly attempting to tap the phones of Senator Landrieu.
As the Senator's office is on Federal property, the holding charge of attempting to gain entry to Federal property for the purpose of committing a crime carries a maximum ten year jail sentence.
The affidavit itself reads like a bad script for an episode of the A-Team. Two members of the group dressed up as telephone repairmen and attempted to gain access to the telephone closet. They headed for the Senator's office, attempted pretexting and were directed to the GSA office down the hall where the plot was uncovered when the pair were asked for identification and claimed to have left it in their van.
Now it is quite possible that a GSA employee would have been trained to recognize a telephone company ID badge, but I don't know what one looks like and the typical security guard at a non-government facility wouldn't either. For a few hundred bucks the conspirators could have bought a second hand badge printer on EBay to create their own badges and greatly reduced the chance of getting caught.
Using fake ID reduces the risk of being caught but increases the penalties if caught. Possession of a fraudulent access device is a federal crime, as is possession of means to create fraudulent access devices. Using real identification greatly increases the risk of being caught, but some do so anyway.
So how does a facility protect itself against this type of attack?
At this point we do not know where the conspirators first aroused suspicion, it is quite likely that they were considered suspect from the minute they walked in the door. A well designed security process has multiple layers and multiple checks:
- Check Government ID
- Confirm Corporate ID
- Check contact name
- Confirm with contact
- Escort visitor
- Defined process
The first line of defense is to
ask for government issued ID. With fifty states, there is considerable variation in driving licenses, but they are at least a closed set and a telephone repairman handing over a New York drivers license in Louisiana should be asked for an explanation. Most state driving licenses have anti-counterfeiting measures built in and are printed on distinctive stock.
Corporate ID provides an additional check but is not a substitute for government issued ID. Corporate ID should of course match the government ID.
My experience of government buildings is that government issued ID is required to enter the building. This alone would make the conspirator's claim that they left their ID in their van very suspicious.
Another thing that is required to enter a government building is a contact person. It is quite likely that the conspirators bypassed this requirement by giving the Senator's Office as the contact. 'Walk-ins' are a common occurrence at politician's offices of course, but a tradesman coming to perform work without a specific contact name should be a red flag.
In most government buildings, visitors require an escort unless they are visiting a separate area that is specifically designated as public access. Most of the newer corporate offices in Silicon Valley now have meeting rooms that connect directly to the lobby. This allows employees to meet visitors without bringing them into the part of the building where company confidential material might be on display.
Security procedures of this sort have become standard practice in most US companies in the wake of 9/11, at least with regard to the form which is easily copied. What is not easily copied are the less visible parts of the system such as what should happen when work needs to be done on the telephone system.
The most important security control is to have a defined procedure so that the person responsible for implementing it knows what to do. In the case of a GSA facility, there will be a written policy describing precisely which individuals should have access to the telephone system and under what circumstances. That process will anticipate the possibility that a bogus telephone repairman would turn up attempting to place a wiretap, not least because the process will have been extensively reviewed and quite possibly red-teamed by CIA teams responsible for attempting similar operations against foreign powers.
