Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
Fun With Files
China has scored an intelligence coup by breaking into the Office of Personnel Management database and making off with the files on millions of current and former government officials. Estimates of the number of officials whose information was taken range from a low of 4 million to 14 million. Of course, the Chinese are not going to be interested in every clerk in the bowels of the Department of Agriculture. But they will have gained access, according to reports, to the background information on all those who held sensitive national security positions in the government.
For those curious what the information contained in these files might be, here is the form for national security clearances. It basically asks for every place you have ever lived, everywhere you have gone to school and worked, any groups you have joined, the names of anyone who has known you in any of these stages of your life, extended family members, contacts with foreigners, medical information, legal affairs, and so on. The form is 120 pages.
It is then supplemented by an FBI background investigation, which collects all information, truthful or not, unfiltered and unevaluated, about the official. As someone who has held these type of clearances, I don’t have a right to see my own file — although now I guess I can ask the Chinese for it.
So let’s put the minds of Ricochet to work to figure out how extensive the damage to the nation is from losing this information. Suppose our agencies had hacked into the Chinese, Russian, or Iranian personnel databases. What could we do with the information? Some off-the-cuff ideas:
1. Use the information to roll up any spy networks in the US by tracing connections, both personal and public, between the official and people here.
2. Blackmail. Find files with embarrassing information to try to turn the subjects into spies for our side. Or find relatives and close friends of theirs in our country to pressure.
3. Harassment. Use the information to disrupt the credit histories, accounts, and electronic identities of decision-makers in other countries, or leak the information to embarrass them.
Other ideas?
Published in Foreign Policy, Science & Technology
From what I understand, embarrassing information that can be used to blackmail (#2) someone is one of the main disqualifiers for a clearance.
Not necessarily. It depends on what the information and when it was done. When I received mine it had been some years after my early twenties when holding a clearance was not a priority for me. Being in my late teens and early twenties I smoked marijuana and when it came time to divulge that to the investigators and on the form mentioned by Mr. Yoo I did. Because there had been no prior arrests for it and because of the distance in time between when I did and when I applied for the clearance, I was able to acquire one. Now, I am not worried about being blackmailed because of this because it is on my SF-86 and the government knows about already. So as I said, it depends on what the information is and whether or not you divulged it to the investigators.
Z:
There are various types of “embarrassing” information, some of which might be legitimately embarrassing for one purpose, but would not necessarily be disqualifying from the perspective of obtaining a lower level clearance. This is one of the reasons why it’s not a good idea to “fudge” an answer (aside from basic honesty). Info that one considers personally embarrassing (and would not want revealed) may not be disqualifying.
John,
Considering that you are talking about the near unlimited resources of a government the sky is the limit. Any scam or identity theft or entrapment that has been done by amateurs could be done. The potential for sabotage by identity theft is huge. Our intelligence network is completely kaput for the moment. We probably should counter hack them as soon as possible. Mutual assured data war destruction could keep them from going over the top with this.
Gee John could it be any worse. I mentioned in the last comment I made on this subject that this makes me so pissed off I would like to personally keel-haul the cyber-security idiots who took their fat paychecks and let their country down.
If you have ever read “The Sea Wolf” the description of Wolf Larsen keel-hauling people is rather unforgettable. I had always identified with van Weyden. Now I feel like one of the Larsen brothers, Wolf, Death, and Jim Larsen.
Keel-haul them. If they don’t beg for mercy, keel-haul them again. I really don’t give a damn.
Regards,
Jim
Let’s look at the “response” to date. When we learned a short while ago about a high rate of failure by TSA checkpoint screeners, the Acting TSA Administrator and his deputy immediately stepped down, even though it’s unlikely the problems occurred on their watch. So far, I’m unaware that anyone at OPM has stepped down, or even taken personal responsibility, over the hack, even though the consequences potentially are far greater. Moreover, there is no sign that the MSM’s investigative resources are being directed to what should be a big story of malfeasance. So far, government employees–including those with security clearances-have the satisfaction of receiving 18 months of identity theft protection. How comforting.
Knowing precisely what kind of backgrounds will pass a security check could theoretically help foreign intelligence agencies when constructing fake identities for their agents. If they know what kind of blemishes don’t disqualify an applicant they can inject these sorts of blemishes into their fake identities so that they don’t look too squeaky-clean.
Maybe I’ve seen too many spy movies…
Well, other than intelligence, blackmail, and harassment, the other use that comes to mind is intimidation or extortion. Especially if the Chinese now know where the parents and siblings of many government workers live.
Intimidation may just be another source of blackmail, I guess, but I typically think of blackmail as a threat that the blackmailer will make certain information public unless the victim does as he is told. Extortion or intimidation is based on a physical threat, so its a bit different.
Would these files include photo identification of US intelligence and/or law enforcement agents working undercover?
Uh Oh
Regards,
Jim
Look at how far the Clintons have gotten with just 900 files.
Apparently the perimeter security breach wasn’t even necessary, as OPM had already allowed holders of PRC passports to work on their secured systems.
Would you care to explain again, John Yoo, why we should be trusting the Federal government to gather and hold confidential information on each and every one of us?
Why not publish certain sensitive materials to humiliate people & the gov’t?
Here’s a little musical interlude to lighten the mood.
Pressure Congressmen to do their bidding. Perhaps people filling out the paperwork might be less inclined to reveal everything if they don’t trust the government to keep the info secure from prying commies and corrupt pols.
Federal employees are not the only ones who fill out SF86s. All applicants for security clearances (there are some exceptions for politicians) must fill out the on-line version of the SF86. But this has not been mentioned in any of the reports. So was the accessed data segregated from other SF86 data?
They could do us (not the US government) a favor:
Publish the names, addresses, salaries, agency and job titles of the entire list on the open net.
See how the bureaucrats like the possibility of surveillance, and being held to account by their neighbors.
It is a way to exert nudging influence on a rolling basis. All the Chinese need to do is remind low-level people that they know “everything”, and then the low-level person looks the other way.
Inaction is very easy to justify, especially if you are a government employee. Your boss wants to criticize China and wants supporting information? That is hard to find. The FBI wants to probe Chinese influence-peddling or theft of US knowhow (like Clinton and Loral)? One does not really need to move very quickly on such requests…
All the Chinese need to do to obtain complete immunity is to get the government to do what it does best of all: nothing. And “nothing” is what one gets if a risk-averse employee is reminded that if they do nothing, then nothing will be leaked.
It can all be very quiet and nice and easy.
The background info won’t necessarily identify the current duty station and work assignment, especially if the investigation is more than a few years old. However, it will allow them to identify those who work in certain fields of interest, such as intel and special forces. This is enough to help them identify people to focus their espionage and collection efforts, and monitor their movements.
They should be able to determine which people have higher clearances, which will help refine these efforts.
It will help them understand the training and background of Intel personnel who would most likely be collecting or exploiting intel collected from China.
It will likely help them to assess the number and fluency of our Chinese language specialists.
Along with listing family members, these applications require 3 other people as references. This requires contact information. I wonder how many people will now refuse to be references.
I am trying to figure out how you can extort people now days. Show that they are homosexual? Nope, that is a plus now. Show they are a transgender? Nope that gives them a magazine cover. Cheat on their spouse? Happens so often that nobody cares. The only thing I can see you getting in trouble for is being obese, a smoker or a conservative. Those are now unacceptable.
Why not? In thirty years time one of those morlocks in the bowels of the department will be running the thing. Anyone care to argue the Chinese won’t take a long view?
Well, that’s easy–show that they’ve made a homophobic remark, mocked someone transgendered, or suggested that men and women sometimes fall in love if they work together and that women cry when you criticize them. Career over.
As Kurt Vonnegut used to say when the maximum in absurdity showed itself, “So it goes.”
Regards,
The government doesn’t gather and hold confidential information on each and every one of us.
Max,
Are you OK? IRS & Obamacare data are not confidential information?
Regards,
Jim
Fair point. I assumed Locke On was referring the myth that the NSA was listening to our phone calls. In reference to Obamacare, what information is being collected about me? I’ve not purchased insurance through healthcare.gov. And if a doctor were to ask me if I owned guns (which happened recently to a friend of mine), I’d tell them it was none of their business (which is what he told the doctor). The IRS certainly receives information about anyone who files taxes.
Max,
I’m not trying to be tough and I hate Assange, Snowden,..etc. but we really need to take something other than a business as usual attitude to all of this. We are in a new different informational universe and it get’s updated by ever more powerful technology every couple years.
Representative Chaffetz looked like he was ready to put his heavy boots on and jump up and down on some people. I think at least that is in order. Much much more needs to be done.
Finally, we can’t be naive. The intention of Obamacare is to wreck the private insurance market so single payer is instituted. Then you not only are going to have a government connected Doctor asking the questions but he may have government regulations to back him to force you to answer the questions. We are on the fast track to this and we’d better hit the brakes now.
Top House Republican calls on OPM director to resign over employee data breach
Regards,
Jim
I love this one. I can hear Tom Hanks: “There’s no crying in baseball!”
The big one missing here, after rolling up spy networks, is accessing virtually every other computer system in the nation.
The IRS online “transcript” system, for instance, used questions provided by the credit rating agencies to verify your identity, questions like mother’s maiden name, prior places of residence, etc.
Much of that information was available online via other hacks, so it was easy for the crooks to get access to the system, get the information necessary to file a tax return, and do so, making off with the refund.
The Chinese just got ~14m packages of information to use in breaching other systems.
If I didn’t live in this country, it would be hilariously funny how grossly incompetent our so-called National Security apparatus is.
You left out census, criminal records, most transactions involving finance, Medicare, Medicaid, student loans, voting records, property taxes, utility bills, etc. I can keep going if you wish.
Has anyone considered the power that the Chinese now have to hack into your bank account? Or email? Or anything that requires a password?
Remember back in ’08 the hacker named David Kernell? You remember him. He’s the one that successfully hacked into Sarah Palin’s Yahoo email account. And how did he do it? From Wikipedia: “The hacker, David Kernell, had obtained access to Palin’s account by looking up biographical details such as her high school and birthdate and using Yahoo!’s account recovery for forgotten passwords.”
You’d like to think that these password recovery programs have tightened up a bit. And they have. They now ask for your fathers middle name, the name of your high school mascot, the name of your high school best friend, what was you mothers maiden name, etc. Just the stuff that these files have in them. And the stuff that makes possible a clean low tech hack into anything that you own that requires a password and is offered with automated password reset.