Would a labor union undermine the cybersecurity of its members?
Of course not, you say.
But House Oversight and Government Reform Committee Chairman Jason Chaffetz (R-Utah) and Rep. Gary Palmer (R-Ala.) think otherwise.
Further widening the divide between representatives of the federal workforce and Republicans in Congress, they recently published an op-ed in The Washington Times with the headline: “How collective bargaining undermines cybersecurity.”
The letter comes as the committee, which includes Palmer, has considered legislation that strikes at the heart of federal unions. Legislation questioning the “official time” practice of allowing labor officials to be paid by the government while doing union-related business has been approved by the panel. The government does this by statute because federal unions represent everyone in a bargaining unit, not just those who are dues-paying members. Union reps also deal with management on issues involving workplace safety and training that apply to all employees.
Palmer is among 40 Republican sponsors of a bill that could severely cripple federal unions by eliminating dues payments through paycheck deductions, as is common in the private sector. That bill, curiously named the Federal Employee Rights Act, also would require at least 50 percent of all employees to vote for union representation, instead of 50 percent of those voting, as is common in elections generally.
The position of Chaffetz and Palmer regarding labor and cybersecurity was summed up in their article’s secondary headline: “Rules protecting federal unions make information breaches more likely.”
Linking federal unions to the cybersecurity breach, revealed last year, that resulted in the theft of personal information of about 22 million federal employees and others might seem like a stretch, but that’s what the congressmen did when they accused the American Federation of Government Employees (AFGE) of interfering with cybersecurity measures.
They cited a Wall Street Journal opinion piece from last year that claimed the labor organization “made it harder” to protect federal files by filing a grievance after Immigration and Customs Enforcement (ICE) stopped allowing employees to access personal email accounts from agency computers.
ICE lost the dispute twice, once before an arbiter and on appeal to the Federal Labor Relations Authority (FLRA). Those decisions are not to the liking of the congressmen.
“In essence, the decision effectively established that the agency could not do anything to reduce security risks to its information systems without first providing the union with an opportunity to bargain,” they wrote.
“The current interpretation of the FLRA opinion is dangerous,” they wrote. “If agency directors are obstructed from taking immediate action to protect employees’ information without first going through collective bargaining, federal agencies are more vulnerable to attack.”
“Such an interpretation cannot stand,” they concluded, calling for congressional action. “Putting collective bargaining rights above security is preposterous.”
AFGE finds the congressmen’s argument preposterous.
“There is truly no limit to the depth that anti-union lawmakers will stoop in their ongoing crusade to suppress the workers’ voice at the job site,” AFGE responded. “This argument has no credibility on its face, and bad intentions at its heart.”
AFGE said its challenge to ICE never prevented it “or any agency from putting in place reasonable and prudent safeguards for the government’s IT systems.” The union called the ICE policy “an overreach that hinders the ability of ICE law enforcement officers to conduct investigations and related activities.”
“Union employees,” AFGE added, “have nothing to gain, and everything to lose, by preventing agencies from securing their computer networks and databases.”
Chaffetz doesn’t discriminate based on rank when complaining about cybersecurity issues. He also has gone after members of President Obama’s Cabinet.
“We asked for information about the period during which you used personal email for official business, the volume and recipients of such emails, and whether such emails contained classified information, among other questions,” Chaffetz wrote last week.
Lt. Col. Valerie Henderson, Defense Department spokeswoman, said “we provided the committee with a staff briefing earlier this year, and we will continue to provide them with additional information going forward.”
Chaffetz also is pressuring Homeland Security Secretary Jeh Johnson to provide information about “informal waivers” that allowed him to use his personal email on department computers. Johnson said last year that he would no longer use his personal email for government business, but Chaffetz wants more information about the waivers.
“The ‘informal waivers’ that you and other senior officials relied on raise a number of concerns about the Department’s commitment to securing sensitive systems at the highest levels,” Chaffetz wrote to Johnson on March 10. “The use of an informal process to skirt cybersecurity rules and regulations creates the appearance that senior DHS officials consider themselves above the rules they expect rank and file employees to abide by.”
The Defense and Homeland Security departments did not provide comment on the substance of the Chaffetz letters, but Carter and Johnson previously acknowledged mistakes.
Joe Davidson is a columnist.