Sunday, June 14, 2015

HackGate: Questions for your consideration

Lost in such important controversies as white-to-black passing and the comparative awesomeness or tedium of Hillary's re-launched campaign for president, the media has largely moved past what may be the most catastrophic national security failure since 9/11, the massive hack of the federal government's employee database. "May be"? Well, nobody has died yet, but that does not mean that the enemy who stole this information -- probably the People's Republic of China, and, yes, we are nuts not to regard this as the act of an enemy -- will not turn it to some horrible advantage. Leverage matters, and the power of that leverage is far greater because we now know that the enemy compromised the database used to store information supporting national security clearances.

This raises a few questions, to wit:

  • Does the enemy now have secret information about Barack Obama that might be released if he were to retaliate? His Columbia transcript, maybe, or the roster of the Choom Gang?
  • Seriously now, the White House needs to explain why the enemy is not in a position to blackmail countless thousands of federal employees.
  • One remedy would be simply to fire all federal employees in positions of influence who might be subject to blackmail so they cannot be turned. That might disrupt the federal government for a while, but it seems less dangerous than simply hoping for the best. The government needs to explain clearly why it is not doing this, and no squishy "because fairness" reasons ought be allowed.
  • If the government cannot protect this information, why should we have any confidence that it can protect any other? What business in its right mind would surrender any confidential information to federal regulators unless it were absolutely required to do? Somebody needs to explain how this breach does not completely shatter the willingness of anybody to share any valuable secret with the United States Government.
  • Last month, the Department of Commerce demanded under penalty of law that each company in the biomedical industry provide it with detailed information about its cybersecurity. Can the DOC now give credible assurances that it can protect that information, or can we safely assume that it has just helpfully aggregated the defenses of a major American industry in a useful hackable searchable database?
  • If the enemy can steal the government's security clearance data, does anybody believe that it cannot also steal the entire database of the Internal Revenue Service? Gee, I doubt there are any opportunities for blackmail there...
  • Does anybody think that Hillary Clinton, she of personal server fame, is the right person to restore our shattered confidence in the information security of the government of the United States?
  • People -- hilariously, including Bill Clinton -- bemoan a "trust deficit" in government. Well, this is an opportunity to close that deficit by addressing the questions above directly and clearly, if only Barack Obama will avail himself of it.

    UPDATE: More along the same lines, with a vastly more influential readership, from Glenn Reynolds.


    Anonymous said...

    Hold it. Last week at an LGBTEIEIO rally at the Pentagon, a general introduced his "husband". Except for Obama's college transcripts, there is really nothing left that they can blackmail anyone on.

    TigerHawk said...

    Maybe only the basis of shame has changed. How do you know that some dude didn't let his kids play out in the yard unsupervised?

    Anonymous said...

    Erg, how about you once said something disparaging about a law allowing same-sex marriage or made some ill-tempered remark which could interpreted as suggesting that men might be superior to women in some way? people have lost their job for that sort of thing.

    I am sure we are all reasonable people here and can agree that anyone who has ever made a sexual joke about women (except for women, homosexuals or other protected minorities) deserves to have their house firebombed and never be allowed gainful employment. However there might be some people in government who have some sort of vile anti-social behavior on their record and most selfishly hide it instead of gleefully sacrificing themselves, making them vulnerable to blackmail.

    Anonymous said...

    It's not just faceless, bureaucratic morons that are the victims here, but millions of hard-working Americans who have done nothing wrong other than work in positions that required them to submit an SF86 to OPM. This includes both federal employees and the contractors they employ that include defense and intelligence agencies.

    My wife and I have both spent over 30 years and have contributed significantly to the defense of this nation. And I should be fired because some idiots at OPM failed to properly secure their investigation servers? For the rest of our lives we will have to pay for credit monitoring and identity theft protection services.

    And what about my parents, and siblings, and their families? Should they lose their professional jobs too just to be sure? After all - details including their SSN's, birth dates, place of birth, etc. are all part of the SF86 and they could be potentially blackmailed as well.

    A crime has been perpetrated against millions of people. An act of war has been committed by a foreign government.
    Your "remedy" is to punish the victims?


    TigerHawk said...

    I suppose the question would be whether the people who are in positions of influence and who might be susceptible to blackmail is really millions of people, or hundreds or a few thousand. And there is no reason not to give such people generous severance or other leg up. But people in the real economy lose their jobs all the time for far less substantive reasons.

    Newer Post Older Post Home