| Last night, we showed you coverage of yesterday's session of the Senate Hearings on Immigration. The witness in the hot seat was was Rodolfo Bol, currently the IT Manager at the Immigration Department.
He rejected allegations from the Auditor General that he attempted to conceal information on the passport machine from their audit. He also explained how dishonest persons managed to get a bogus picture onto the system for the Won Hong Kim passport. He said that from the Department's investigation, the Immigration Officer who took the picture was Immigration Officer Erwin Robinson.
That's the officer who the Auditor General's report also points to, but there is a bit of a doubt. That's because Robinson had access to the passport system through a username and password, which could be compromised. Bol revealed yesterday that that just because Robinson's account information was used to access the passport system, it doesn't conclusively mean that he took it. He told the Senators that Robinson's password could be changed, allowing someone else to use his access profile.
Here's the context of that conversation:
Hon. Mark Lizarraga - Business Senator
"Can you delete users in the system?"
Rodolfo Bol- IT Manager, Immigration Department
"No sir, no."
Hon. Mark Lizarraga - Business Senator
"Ok, so you can't? But can you make a user active or inactive?"
Rodolfo Bol- IT Manager, Immigration Department
"Yes, that yes. There are different steps that we take when a person…when we are informed that a person is no longer in the system. One of the first steps that we do is change the password. Usually that would be the first thing because passwords on the system they cannot be viewed. For example, we can't view the password for any user there; we only see an asterisk. So that would be the first step that we would usually take- change the password so that the user have access to the system we use."
Hon. Mark Lizarraga - Business Senator
"But how can you change the password?"
Rodolfo Bol- IT Manager, Immigration Department
"Because on the user portal we have the option there to change passwords and…because we have to create a password whenever the user is first created; you have to create a password. So you can use that same module to change the password for the user."
Hon. Mark Lizarraga - Business Senator
"So you had the ability to change someone else's password."
Rodolfo Bol- IT Manager, Immigration Department
"Yes we have, as system administrators, yes we have."
Hon. Mark Lizarraga - Business Senator
"So theoretically you could access that persons profile or perform that person's role."
Rodolfo Bol- IT Manager, Immigration Department
"Yes, theoretically."
Hon. Mark Lizarraga - Business Senator
"You were the only person that had this capacity?"
Rodolfo Bol- IT Manager, Immigration Department
"No, we have Ms. Bowen also who is the…Ms. Georgia Bowen, she's our assistant administrator and she can also update user accounts."
Hon. Mark Lizarraga - Business Senator
"So if I were a user you could come in take away my password...you don't know what my password is but you could erase it, you could put in a password and theoretically you could have access to my user profile?"
Rodolfo Bol- IT Manager, Immigration Department
"In theory yes, I won't deny, in theory yes."
Hon. Mark Lizarraga - Business Senator
"Was that a flaw in the design of the system?"
Rodolfo Bol- IT Manager, Immigration Department
"Not really because..."
Hon. Mark Lizarraga - Business Senator
"I can understand you as the administrator of the system having the capacity to block somebody from entering but why would you want to have the capacity to change that persons password and use..."
Rodolfo Bol- IT Manager, Immigration Department
"It happens whenever they forget their password, we have to change it and give them a new one."
Ashley Rocke- Church Senator
"Is there any confidentiality or any oath that is involved?"
Rodolfo Bol- IT Manager, Immigration Department
"Of course, because we as information technology experts, we have access to a lot of information that is on every system and we adhere to ethics of data sharing and divulging of information…it's a very personal level, for me at least, to be very responsible in that manner."
Hon. Mark Lizarraga - Business Senator
"The reason you had different roles was so that you could have checks and balances in the system?"
Rodolfo Bol- IT Manager, Immigration Department
"Yes."
Hon. Mark Lizarraga - Business Senator
"And you had a data entry…well first of all, you had a person that created the file, in this case it was one Erwin Robinson, and then you had Erwin Robinson as data entry completed and then you had again Erwin Robinson as quality assurance pass- whatever that means, I guess he is the final check. Why would the system have allowed the same person to perform three roles?"
Rodolfo Bol- IT Manager, Immigration Department
"Well, the first two roles is the same role. It's just the data entry created an entry completed, it's the same role it's just separated by two different entries but it's the same role. And again, it depends on the supervisor, they would call me and say: you know, we need to assign these persons the QA role because we are short of staff or x reasons- they don't have to explain to me- and then I will go ahead and update that account to have two access: data entry QA or data entry and print, print and QA; whichever they need feed at the moment."
Hon. Mark Lizarraga - Business Senator
"And you did not identify this as a weakness, a structural weakness?"
Rodolfo Bol- IT Manager, Immigration Department
"Like I said, we prefer one user to have one role, either data entry or a next user QA, but again it is determined by the staff demands, I believe, at the passport section. If somebody calls in sick, some body is not in office, they require somebody to do that additional process so I believe that's why the supervisors will take decision to call me and say you know can you add this person also to QA or to print or whichever other role that is needed."
| 