The U.S. government should protect personal information about its employees and citizens as if it were gold. Sadly, cyberthieves are routinely carrying digital bullion out of federal computers these days. Fort Knox, this isn’t.
Among the latest cringeworthy heists is the theft of records involving at least 22.1 million federal employees, job applicants, contractors and their family members from databases at the Office of Personnel Management. In two separate breaches, Social Security numbers, details gleaned from security-clearance background checks and even fingerprints were stolen.
Federal officials have repeatedly said outdated “legacy” computer systems are to blame. They also point out that the private sector also has a problem keeping a tight grip on Social Security numbers and other sensitive data.
Those excuses and look-over-there tactics are wearing thin. According to the Government Accountability Office, 19 of 24 major federal agencies have identified cybersecurity as a “significant deficiency” or “material weakness.”
Sign Up and Save
Get six months of free digital access to The Kansas City Star
They’re not exaggerating — the number of security breaches at federal offices involving personal information hit 27,624 in fiscal year 2014. That is more than double the figure from five years earlier.
These incidents demonstrate why Americans are right to be skeptical about giving the government access to their digital lives.
National security hawks in Washington have insisted they need a “back door” into software and hardware produced by the private sector. They want law enforcement agencies to be able to bypass passwords and encryption when they deem it necessary to protect public safety.
That built-in security flaw is just the sort of weakness hackers could exploit. Moreover, seeing as the federal government cannot protect its own sensitive information, how well would it protect everyone else’s?
It’s one thing for people to choose to share information with a private company. If a cellphone company drops the ball on security, customers can look for another company that does a better job protecting privacy and securing data.
If the government insists on access, however, people do not have the option to shop around for better service.
The Obama administration and Congress need to quit talking about significant deficiencies and material weaknesses in their digital assets and find the funding — and the expertise — to shore up the federal government’s vast computer systems.