December 26, 2024
Column

They’ve got your number

Irony almost never favors Congress, so senators who were busy Thursday debating how the government should collect immigration data didn’t mention a Senate hearing taking place at the same time over how veterans’ data came to be collected recently by a burglar.

The hearing’s primary witness, Veterans Affairs Secretary Jim Nicholson, looked angry, flummoxed, pained and poignantly helpless as he tried to explain the circumstances of 26.5 million records – veterans’ names, dates of birth, Social Security numbers, some medical information – being stolen from the home of a VA employee. He did no better with how it was that the employee had been taking home records for years and why this might not seem unusual to others at the VA, which technically forbids the practice (even if it admires the work ethic).

Nicholson apparently hadn’t been informed of the burglary for two weeks after the event that could produce years of identity-theft headaches for the veterans. He wasn’t clear about what should happen next. He looked like a man who was just coming to understand the possibility that so many records could be stolen.

Several of the senators reminded Nicholson that he had no business being astonished – the VA had flunked a House Government Reform Committee security report for four of the last five years. The VA inspector general had detailed the inadequacies of the department’s security system. The Government Accountability Office wrote four years ago of the VA’s “pervasive and serious information security weaknesses.”

The senators were not only well informed, they were sympathetic to Nicholson. Maybe that was because the hearing came up so fast they didn’t have time to prepare their deep-umbrage voices, or maybe they were that way because the disaster landed so close to the Capitol. When the GAO writes a report, it writes it to Congress. When an inspector general points out substantial vulnerabilities, Congress is informed.

As much as the senators seemed to know about the risks of loose security, many failed to appreciate that the warnings weren’t like the ones about Social Security, in which catastrophe is both politically useful yet distantly theoretical. They had been warned of a present danger at a government department and they had let it slide.

Twenty years ago, someone fond of stale imagery would have told you the federal government possessed a mountain of data on Americans. But it doesn’t now – it has instead billions of lines of code. During his testimony Nicholson held up a hard drive, which is the size of a coaster and would fit easily into a pocket, and said it could hold more than twice the amount of the stolen data.

Then he said someone who wanted to move that much information out of the VA system didn’t need to bother carrying anything – the system allowed him to e-mail it to a home computer. There is no mountain of data, no need to chase paper, just very valuable, very personal 0s and 1s zipping around government computers and sometimes beyond them.

One senator who has followed the issue of identity theft for years is Susan Collins, chairman of the Homeland Security and Governmental Affairs Committee, which held the joint hearing with Veterans Affairs. Beyond the mistreatment of the veterans, she observed, the lasting effect of this monumental mistake “will be increased doubts among the American people about the federal government’s commitment to protecting their personal information.”

She’s right, and who wouldn’t have increased doubts? Government has asserted its role in keeping track of what is, on a practical level, our identities. It’s not just veterans, but everyone with a Social Security number, which is to say everyone, subdivided nearly endlessly in multiples of those who pay taxes, receive Medicare or Medicaid, apply for a federal grant or a federal license, seek a passport or a green card, do virtually anything overseen by the federal government.

This is the government that wants all Americans to carry electronically readable, federally approved ID cards, the government that has just expanded its record keeping of who is crossing the border. (It is also the one that may or may not be keeping records of millions of Americans’ phone-call patterns, though the problem there may be a surfeit of secrecy.) Whether you think these are an unwarranted invasion of privacy or a justified action in the war against terrorism, you cannot help but wonder whether a federal employee will leave a list of our personal information on a park bench somewhere.

The chances of the VA being the only federal department with lax security standards, given that Congress never does anything so dramatic as demand the problems get fixed, is close to zero. You can imagine all over Washington this week the number of e-mails from senior staff telling agency subordinates that those long-ignored guidelines for security really do count – and always have counted, in case anyone from the GAO asks.

But if Congress now has a fair certainty that at least some departments are incapable of storing personal information securely, it can’t really continue demanding that Americans turn over more and more versions of that information for more and more agencies to share.

Or rather, of course it can. But why would it?

Todd Benoit is the editorial page editor of the Bangor Daily News.


Have feedback? Want to know more? Send us ideas for follow-up stories.

comments for this post are closed

You may also like