The federal hacking debacle

The Homeland Security Department headquarters in northwest Washington, Friday, June 5, 2015. (AP Photo/Susan Walsh)

The U.S. government collects a great deal of information about Americans under the promise that it will remain confidential and not be used against them. But a number of recent developments raise profound doubts about the government’s commitment to honor that promise.

The most recent two examples are the thefts of personal information about some 4 million federal employees maintained by the Office of Personnel Management (OPM) and of tax returns for about 100,000 households kept by the Internal Revenue Service (IRS).

Earlier, the OPM warned that 48,000 personnel records may have been stolen from a contractor that performs background checks on federal employees seeking security clearances.

The OPM theft is being blamed on China, though the Chinese government denies that accusation. The IRS theft is blamed on criminals seeking information to file false refund claims.

The finger of blame ought to point primarily at the government organizations that failed to protect information entrusted to them.

Those failures suggest that the government has not put enough time, talent and money into protecting citizens from the theft of data entrusted to it.

This fiduciary responsibility appears to be taken lightly even at the IRS, the agency with the highest responsibility for protecting the privacy of Americans about whom it collects information.

Last year the nation learned that an unidentified IRS employee in 2012 leaked the tax return of the conservative National Organization for Marriage, including the names of its donors, to an activist who gave it to the Human Rights Campaign (HRC), a gay rights organization. The HRC then published the return and publicized the fact that Mitt Romney, the Republican presidential candidate, had made a contribution to the conservative group. The IRS refused to tell Congress the identity of the leaker, and it remains unclear whether that employee was ever disciplined.

A government that has the slightest tolerance for the use of private data entrusted to it to score political points has lost its moral compass.

There is also a national security dimension to the government’s failure to protect personnel files and other sensitive data. The alleged involvement of the Chinese government in the OPM data breach, like many past examples of cyber espionage tracked to China, highlights the threat that insufficient cyber security exposes the United States to a crippling computer surprise attack.

“I fear the massive data breach at the Office of Personnel Management may turn out to be yet another example of America being walked over by rivals and adversaries,” Sen. Lindsey Graham, R-S.C., said in a statement released Thursday.

The Republican presidential candidate added, “The Obama administration’s failures in foreign policy and national security continue to pile up yet they do nothing to change course. I fear a cyber ‘Pearl Harbor’ is increasingly more likely if we do not invest in the necessary infrastructure to protect our nation.”

Both for ethical and practical reasons, the U.S. government must raise its cyber-security game — and reaffirm its absolute commitment to protect the privacy of Americans.