OPM Hack: A Precursor To Much Bigger Problems

Photo: Wikimedia, Creative Commons

The recent data breach at the Office of Personnel Management (OPM), indicates our government's lack of ability in protecting personal data. At a time when politicians are allowing for the bulk collection of everyone's information. How is it that we are supposed to feel safer? Many Americans are (supposedly) willing to give up their individual civil liberties based on the idea that the NSA is protecting the country. When in fact it seems that they are endangering every American instead. Due in part by the very fact that they can not protect even the most sensitive data on any scale, let alone a massive one.

As I have reported previously, this is a major problem for Americans today. As politicians continue to push more policy that allows the collection of even more data, none are proposing any policy when it comes to protecting that data. We are now seeing the second coming of the Cyber Intelligence Sharing Information Act (CISA formerly known as CISPA). The bill gives legal immunity to companies that share personal data with the government in the name of cyber security. Read more about CISA here.

Currently our elected officials are using the data breach at the OPM as an excuse to pass CISA. Citing that had it been in place they would have been able to detect the intrusion. This could not be farther from the truth. In reality, the government would use the data they receive under the bill in a scheme to justify warrantless mass surveillance of domestic Internet traffic. It’s purely a surveillance bill, as nothing in it is actually designed to improve security.

“Under CISA, organizations aren’t required to hand over information on cybersecurity threats directly to the federal government. Instead, it would use a common system to share information while granting immunity from privacy laws, when users’ personal data is made available by organizations, such as service providers. Many privacy advocates see CISA as a serious blow to privacy rights. As it will open a door to hacking by government and private companies, allow service providers to perform surveillance on their users, and place more personal data on Americans in government hands”. - New Politics Nation

The recent hack at the OPM is evidence enough that the bulk collection of data must end. The personal information of nearly 22 million people has been exposed. Everything from past addresses, employment history, social security numbers, and in some cases even fingerprints. While elected officials have been calling for the resignation of OPM Director Katherine Archuleta, this is not an issue the lies on the shoulders of one individual. This is a system-wide issue that falls on the improper use of technology.

FBI Director James Comey told a congressional committee that the database included highly sensitive Standard Form 86 documents, which also include information on family members and close friends, extending the tally beyond just federal employees.

"I'm sure the adversary has my SF 86," Comey said, noting that the form includes information on his family and friends. "The numbers quickly grow far beyond the number of federal employees — which is millions over the last 20 years." - FBI Director James Comey

Applicants for security clearances are required to complete and submit the federal government’s Questionnaire for National Security Positions known as Standard Form 86 (SF-86) to the OPM.  At more than 100 pages, the SF-86 includes a significant amount of sensitive, personal information that must be submitted in order for a federal employee or contractor to receive a security clearance and serve in a national security position. Applicants must submit information regarding their mental health records, personal finances, and family members’ work history.

In a press release from Congressman Mike Turner (R-OH) on June 9th titled: Massive Data Breaches Could Be Devastating to Our National Security Personnel.

"Today’s announcement by OPM that a significant amount of sensitive information was taken from SF-86’s could be devastating to our national security personnel and their families. OPM estimates that more than 1 million fingerprints, in addition to current and past addresses, family member names and dates of birth, and other personal information has been put at risk. I remain committed to getting answers from OPM on how this happened, and exactly how they intend to help these employees, retirees, and their families in the wake of this crisis.”

Photo: Wikimedia, Creative Commons

To think that the public has surpassed the U.S government’s technological capabilities seems absurd. However, when the establishment is pushing to prevent individuals from protecting themselves through various forms of encryption, speaks volumes. As of this writing Katherine Archuleta has resigned, and Washington is intent on passing yet another bill granting the NSA the power to now share all of your information with every other government agency.

Meanwhile the deputy director of the OMB, Beth Cobert has been named as the interim replacement. Changing of the guard will not offer any protections. This just shows the detachment of the current establishment from the reality that is the real world. Somehow they feel justified in collecting more data and then sharing it across all departments. Yet continuing to fail in offering any protections. Aside from the fact that CISA annihilates the Fourth Amendment, our government will now be giving our information away to hackers worldwide as owner of the largest database of personal information anywhere.

This is precisely the reason the federal government of the United States has become such a successful target of millions of hackers. Some of these hacks are being traced back to many governments around the world. For every time our government detects a hack of this magnitude, they can not prevent another from happening. Yet somehow private companies can protect themselves from future intrusions. For a government to continue to request additional information from the American public, yet proving they can not protect it, is a scary thought.

In the end they are instituting policy that is asking you to allow hackers access to your personal information. While violating your civil rights to privacy. The bulk collection of data is not just an attack on the Fourth Amendment, but we are opening the door for hackers to access that information. Only to be used in nefarious ways that can potentially destroy individual lives. At no point in our history has our government been tasked with the gathering of so much personal information. Not even under the guise of the Patriot Act.

The Army Times reported that President Obama's top cyber security assistant Michael Daniel, who sits on the National Security Council, told reporters that the cyber threat continues to grow.

"Unfortunately, this incident is not without precedent," Daniel said. "Cyber security threats are growing broader as we hook more and more stuff up to the Internet, and our adversaries are becoming more sophisticated and ... more dangerous."

I find it comical that Michael Daniel tries to soften the impact by stating the attacks are because we hook more “stuff” up to the internet. Not because the federal government is a poor steward in protecting such data. The inability of our government to protect that data is just one of many reasons they should not be allowed to collect such information. The idea that they are using the OPM breach as an excuse to allow CISA to pass is complete deception.

The ACLU has written that in its current form CISA "empowers the military, including agencies like the NSA, to collect the Internet records of Americans' everyday Internet use" and that "It is a long-established principle that the military is not permitted to spy on Americans."

Politicians however, are ignoring the rights and the voices of the American people. CISA does not and will never protect anything, as that is not the intent behind it. The intent is to collect more information from service providers, while granting them immunity from legal recourse. This has to end immediately. If they are conducting this attack on your right to privacy now, you can rest assured that more attacks on your civil liberties are just around the corner.

Don’t be fooled America. Write your elected officials today and demand that they block the passage of CISA. Before it’s too late.