Why the Government Should Destroy -- Not Store -- Employees' Sensitive Information
A reflection of the Department of Homeland Security logo in the eyeglasses of a cybersecurity analyst at the watch and warning center of the Department of Homeland Security's secretive cyber defense facility in Idaho Falls, Idaho. Mark J. Terrill/AP File Photo
Adjusting to a world where no data is secure
Imagine a piece of information that would be useful to store digitally if it could be kept secure, but that would do more harm than good if it ever fell into the wrong hands. With Friday’s news that “hackers have breached a database containing a wealth of sensitive information from federal employees’ security background checks,” just that sort of fraught information has arguably been exposed to hackers.
One of the documents that they got, the Questionnaire for National Security Positions, asked federal workers and contractors seeking security clearances “to disclose everything from mental illnesses, financial interests, and bankruptcy issues to any brush with the law, major and minor drug and alcohol use as well as a robust listing of an applicant’s family members, associates, or former roommates,” my colleague Adam Chandler explains. “At the bottom of each page, a potential employee must submit his or her social security number. Given the length, that means if you’re filling out this document, you will write your SSN over 115 times.”
That trove of information was useful to the national security bureaucracy in its efforts to stop espionage, monitor potential blackmail, and otherwise police its employees.
Yet it now seems like the U.S. would have been better off reviewing information about cleared employees on intake and then destroying it, rather than retaining the records.
“These forms contain decades of personal information about people with clearances,” Joel Brenner, a former high-ranking intelligence official told the Washington Post, “which makes them easier to recruit for espionage on behalf of a foreign country.”
In hindsight, retaining the documents betrayed a degree of hubris: National security officials had excessive confidence in their ability to keep these secrets from falling into the hands of malicious actors, so they risked storing them indefinitely.
What else falls in this “better to destroy than to have stolen” category?
After Chelsea Manning, Edward Snowden, and numerous successful hacks of various federal databases, perhaps the government should perform an audit and a purge on the theory that it won’t ever be competent enough to reliably safeguard information.
Isn’t there good reason to surmise that is true?
Perhaps the privacy activists who want to pass data retention laws forcing private corporations to purge the data that they hold at periodic intervals also have a point. Would it be a national security threat if the Google search histories and iPhone location data of all members of Congress, U.S. military personnel, and American CEOs fell into the hands of Vladimir Putin or China’s government? If so, perhaps it makes more sense to prohibit retaining such information for longer than two years, even though the precision of Internet ads might suffer as a result.
National security officials and Google leaders have institutional and psychological incentives to assert and believe that if they’re just careful enough going forward, they can safeguard the information that they hold. And we have an incentive to believe them. Wouldn’t it be great if our government and corporations that make cool products for us could exploit the benefits of unlimited data retention without any costs?
But I no longer believe that they can. If you disagree, what sort of leak or hack or data breach would it take to persuade you otherwise? I expect you’ll see it sooner, rather than later.