Broken Security Lock
Broken lock engraved "Safety First" Photo Credit: Chad Cooper / Flickr (CC BY 2.0)

After more than a year of campaigning with one big question mark, Hillary Clinton will almost definitely not be indicted for her use of a private email server while Secretary of State.

But Clinton’s problems with handling sensitive government data are only part of the serious issues that the federal government has in dealing with important digital information.

As has been pointed out frequently by Clinton and her allies, previous Secretaries of State had used private email servers, and government rules on IT have been vague and under-enforced. She requested to use a smart-phone in 2009, which the NSA denied, saying that for even the highest level officers of the federal government, “the current state of the art is not too user friendly, has no infrastructure at State, and is very expensive.”

The government has had serious difficulties bolstering its cyber-security and information technology staff. In 2014, the Department of Defense announced a plan to hire 6,000 new cyber-security specialists.

But hiring has been difficult, with government salaries far below those of the lucrative private tech sector, and employment requirements much higher. The FBI director has complained that prohibitions on marijuana use by government employees has made it hard for law-enforcement to recruit from among the drug-happy hacker subculture.

These failures to improve government systems have had a disastrous impact.

In 2014, a massive hack (traced to Chinese hackers) breached the data of the Office of Personnel Management, which holds records on current and former and former employees and applicants of the federal government, as well as security clearance information.

Personal information, including social security numbers, addresses, background check files, and even fingerprints were stolen. The OPM had to reach out to 21.5 million victims who were left vulnerable to identity theft as a result of the hack.

And let us not forget perhaps the most high-profile failure of the Obama administration’s use of information technology: the disastrous rollout of in October of 2013. The website that was supposed to make Obama’s healthcare reform easy to access for people ended up doing the opposite. It failed to load, featured glitches, and crashed, leading to barely any who attempted to use it succeeding in the initial weeks after launch.

A Brookings Institute analysis of the failures of the website launch found that the problem lay in part with the organization of government agencies — disputes of oversight between the Office of Management and Budget and the Department of Health and Human Services left no one clearly accountable for the project.

Again, we see the problems of a government unprepared for large scale information technology projects.

The most memorable moment of the past eight years in government computer policy, however, did not come from a weak network or email server. It came from the revelations of Edward Snowden, the government contractor who revealed the large-scale data-mining operation enacted by the government in the pursuit of national security.

In his response to outrage over the revelations, President Obama pointed to the oversight that the program received from numerous offices of the government, including Congress and several intelligence agencies. His message essentially boiled down to: “Trust us. We’re treating your data carefully.”

But considering the growing evidence that the government does not, in fact, treat its own data carefully, this does not feel very reassuring.

And it makes one wonder if Hillary Clinton, in putting her emails on a private server rather than leaving them to government oversight, might have left sensitive information in a place barely less secure than the Department of State, which was victim to its own major leak of a quarter million sensitive documents in 2011.

The FBI director, in his press conference recommending against criminal prosecution of Clinton, accused her of “extreme carelessness” in her use of a private server.

But “extreme carelessness” could easily refer to the way the whole government is treating its sensitive data.


Comments are closed.