How the Chinese data breach reveals a flaw in the modern American character
While Americans continue the endless debate about who we aspire to be, the Chinese have busied themselves with figuring out who Americans actually are. About four million of us to be exact. They looked us up online.
Allowing for the usual opacity of any story that touches on intelligence-gathering and data breaches, it appears that the federal government's human resources branch, a.k.a the Office of Personnel Management, was pwned by hackers a year ago — and the all the fingers are pointing at China.
A full data breach would not just reveal the identities, vices, and liabilities of most federal employees, but also of their families and loved ones. It would provide an adversary an incredible map of human weakness that is spread across the United States government.
But the real revelation in this data breach turns out to be the vices of the federal government itself. The data vulnerability of the OPM was identified as a "material weakness" by the Inspector General's office in 2007. The office had no IT staff on hand. According to a report in Ars Technica, the OPM had little idea about the scale of the data it even harbored on its servers or how it was organized.
Unfortunately, many other small federal agencies may be just as vulnerable to attacks. Two decades of bad security practices, a long decline in internal information technology experience within civilian agencies, and a tendency to contract out critical parts of IT to private companies without a great deal of technical oversight have created ripe attack conditions. To boot, DHS's efforts to provide a first line of defense against network attacks is based on an approach rooted in security strategies more than a decade old — and even that strategy is only now being fully put into place. [Ars Technica]
You might expect outrage, but so far this system-wide failure has been met with a shrug. The federal government zealously guards its powers to compile ziggurats of data on Americans when those powers are challenged by libertarians like Rand Paul. But the job the government is actually supposed to do with data — keep it safe and us safe with it — is entirely left undone. The zeal disappears once the data is stacked, somewhere. Wherever.
We presume that the NSA that keeps up to date on everyone's smart phone metadata has better security than the OPM. But the contractors who build the digital systems for the federal government, from the OPM to ObamaCare, exist only because their business model is to serve the federal government. The primary business plan of these companies is to jump through insane bureaucratic hoops (like becoming Y2K compliant), then certifying that they have done so to get contracts. That means they are primarily creatures that exist to navigate and satisfy regulatory hurdles, not to deliver "amazing products" that "just work." For that you have to go to Silicon Valley proper, and even they outsource much of the hard work to China.
In a sense, the data breach reveals how far American government is from republicanism in character. Republics are flinty things. Men who govern republics are supposed to find it shameful when they waste the public's money. They are supposed to think of their failures as a kind of betrayal of the public trust. But how many people are going to get fired for this? How many will lose contracts or suffer public and professional humiliation? None is my guess.
Disgrace in the American Empire only falls on multi-star generals who give classified info to the biographers they are banging. Not the dopes who are cashing checks while the Chinese break in our digital backdoor.