Feb. 05--SALT LAKE CITY -- Former employees can access offices at the state Capitol -- in most cases on a 24/7 basis -- and 37 lost identification cards have not been deactivated, according to an audit report that sharply criticizes security at the statehouse.
The report by the state Auditor's Office also found nearly 90 percent of individuals with special access to areas of the Capitol building are not agency employees, but rather third parties.
In two cases, the owners of cards that had not been deactivated were deceased.
The holes in security are unacceptable, said Nicole Davis, spokeswoman for the auditor's office.
"The Capitol is one big element of our real estate holdings (as a state), so to speak," Davis said. "So we're very concerned."
The report also indicated that many department heads in the Capitol are unaware of who has access to their space.
"Groups were given access to the entity's office space prior to consulting with the entity," the report said.
David Pulsipher, performance audit director for the state audit office, said that of particular concern were former employees at the Capitol.
"An opportunistic ex-employee could enter the agency with ulterior motives," he said, including accessing sensitive information.
Utah Highway Patrol officers stationed at the Capitol building process the cards for the various government departments. But the departments themselves are ultimately responsible for keeping track of who has which permissions, Pulsipher said.
There is currently no central database of people who have access to specific rooms within the Capitol. Davis said there has been a lack of organization and communication with regard to access.
"We need to be clear about who has access and when they have access," she said. "There wasn't a great process in place to do that, or any coordination. We need to do a better job at that."
UHP Lt. John Mitchell is in charge of the troopers who conduct security at the Capitol. He defended the current security in the building.
"Most of the recommendations are already in place," he said.
Mitchell said, however, that he couldn't divulge which of the report's recommendations were already being implemented or in full use.
"That would be exposing our security plan," he said.
Mitchell did note the access permissions database may be upgraded so that each agency can quickly refer to who is allowed in their offices.
"We're working with a couple of companies saying, 'How can we make this web based?'" he said. "So there may be a couple of software updates. That's the nature of security."
Currently, agencies need to request a printout to see who has access to their area.
House Majority Leader Brad Dee, R-Washington Terrace, said Tuesday he was pleased to find out there had been an audit of the building's security.
He said he voiced his concerns about contractors with the Division of Facilities Construction and Management just last week. Dee said he'd like to see identification badges upgrade to include a photo ID.
"If you hire employees to do work ... they should have badges issued directly to them that are pictured so you can identify that person by their picture and by their badge," Dee said. "If they are passing those badges to other people that is totally unacceptable. So I welcome that type of audit."
Sen. Luz Robles, D-Salt Lake City, minority caucus manager, said she welcomes a new look at security badges but was quick to say the only time she feels an acute need for security is during committee meetings about highly charged political issues.
"And they (Utah Highway Patrol) have always been there with crowd control," Robles said. "I feel comfortable with the work they're doing."
Some legislators want to be careful about militarizing the Capitol. House Minority Whip Rebecca Chauvez-Houck, D-Salt Lake City, said she hopes building administrators will follow the recommendations of the audit but wants to preserve the open feeling of the building.