Hardly a week goes by that the federal government does not show its inability to perform its basic functions, be it background checks for gun buyers, healthcare for veterans, or protecting its citizens’ treasure trove of detailed personal information.
When I call a federal agency about my personal records, I am often greeted by a long recorded recital concerning the Privacy Act of 1974. Besides my obligations, the act also requires that every government agency “have in place an administrative and physical security system to prevent the unauthorized release of personal records.”
The estimated number of current, former and prospective federal employee personal data files lost to hackers (most likely Chinese spies) by the Office of Personnel Management (OPM) has now jumped to more than 22 million. So, who’s going to jail over the massive breach of government records?
Worse, according to CNN and many other news sources, “hackers accessed a database storing government forms used for security clearances, known as SF86 [Standard Form 86].”
The SF86 is a 127-page “Questionnaire for National Security Positions.” Each completed form provides hundreds of personal information items belonging to the applicant, their spouses or partners, relatives, friends, personal and business associates and people who know them well, their education, employment, military service, residences, foreign contacts, travel, etc.
There are 15 pages of detailed questions about relatives, six on marital status, and on and on. Each of those provides a hacker with another lead, another birthday, another branch on the relationship tree. Unlike a password, all that individual private data cannot be changed – your father is your father.
Especially interesting to a foreign spy agency would be the sections titled Psychological and Emotional Health, Police Records, Use of Illegal Drugs and Drug Activity, the four pages section on Use of Alcohol, and seven-page section on Financial Records, among others.
You have the idea: in the good old days they only stole your Social Security Number and used it to hijack your income tax refund, or scam hundreds of millions from Medicare or other government agencies. Now, thanks to the gross incompetence of OPM, Chinese government hackers have access to the intimate details of tens of millions of American lives.
Office of Personnel Management Director Katherine Archuleta resigned, “a day after revealing that the recent data breach of government computers was vastly larger than originally thought.” Did the director really have to wait until the breach exceeded 22 million records to resign; would this have been acceptable if it were merely the 4.2 million records OPM originally announced?
We have set the competence bar very low for most federal agencies and especially the upper management; yet they still seem to have a lot of problems getting over it. If protecting that information was not the top priority at OPM, what was?