Ryan Evans is editor of the digital media outlet War on the Rocks.
When you read about the recent hack of the Office of Personnel Management (OPM), in which China is thought to have filched millions of security clearance application forms, you might have shrugged your shoulders. Just another hack, right? No big deal, right? Wrong. This cyberburglary is an even greater intelligence catastrophe than the Edward Snowden affair. And our negligent leaders, bureaucracies and their contractors need to be held responsible.
When I applied for my security clearance in 2010, as I was preparing to work with the U.S. Army in Afghanistan as a social scientist, I filled out a long form called an SF-86. Practically everyone with a federal government security clearance knows this document. It takes a lot of time to complete and requires in-depth disclosures of a very personal nature. My SF-86 contains my Social Security number, information about my credit history, my job history (including a dispute with a past employer), contact information for my closest friends and family in the United States and abroad, all non-Americans with whom I am close, a list of every foreign official I ever met, every place I lived and people who could verify that I lived there, and much more. If I had ever been arrested or had any history of drug abuse, I would have had to report that, too.
So you can understand my frustration when I discovered that China had likely hacked the OPM and two of its contractors and made off with at least 4 million SF-86s on former, current and prospective U.S. government workers.
Beyond narrow concerns about identity theft, think about the national security implications.
This form provides all sorts of information that could be used to recruit an individual as a spy. In fact, collecting such information is the whole point of the form. The U.S. government wants to assess the vulnerability to recruitment or blackmail of every person given access to classified information. Beijing may now have in its hands the most intimate details of the lives of the human beings responsible for generating and keeping our nation’s most sensitive secrets.
Greed, ego and blackmail are among the most common motivations of those who betray their countries. This bounty of security clearance application forms would provide China with information it could use to cultivate sources on all three of these fronts. It would know who is in debt and financial trouble. It would know about stalled careers and past work disputes, over which individuals may still harbor a grudge. And it would know who has family and friends in Iran, China, Russia or other places who may be vulnerable to threats or appeals for information. It is therefore fitting that one former intelligence official has described this data as the “crown jewels.” Troublingly, there are hints that some of it may already be for sale on the Internet, which could provide any U.S. rival with access to this information.
Snowden’s betrayal of his country is seen as the single greatest intelligence loss ever suffered by the United States. His stolen cache of hundreds of thousands of documents — most of which, it seems, had little or nothing to do with violations of U.S. civil liberties but rather focused on intelligence programs targeting foreign entities and powers — has already harmed U.S. and allied intelligence collection efforts and damaged the United States’ reputation at home and abroad. But given the potential implications of foreign adversaries and even terrorist networks knowing the secrets of millions of people working for the U.S. government, it’s clear the OPM hack is worse. In short, the United States’ rivals and enemies may have the leverage they need to induce or coerce government employees and contractors into providing classified information.
What can we do? It is time for accountability. Organizations — whether private or public — generally do not dramatically reform themselves unless they are held accountable when they screw up. First, because the OPM and its contractors violated their obligation to keep sensitive personal information safe and secure, unions representing federal employees should organize their members and join forces with the other victims of this hack to file a class-action suit against the agency and its contractors. Hitting the government and contractors where it hurts will send the message that we as a society take this threat to our nation seriously. Second, federal investigators should identify those responsible for leaving sensitive data on so many workers and contractors vulnerable — so that President Obama can fire them. OPM Director Katherine Archuleta should be the first, but not the last, to go. Only by holding itself accountable can our government show that it also takes this threat seriously and begin to regain the trust of the men and women who work so hard to keep this country safe.
To read more on this topic: