Digital Government Digital Policy Events United States

The Ticking Privacy and Security Bomb

As eGovernment applications proliferate, so does the amount of sensitive citizen data stored in government IT systems. Proliferating as well is the risk that this data – which individuals are usually compelled to provide – is disclosed, stolen or otherwise compromised through human error, negligence or cyber-attacks. And, in the end, it’s the citizens who are getting hurt, really hurt. The damage from security breaches has moved far beyond identity theft and financial gain – lives could now be at stake.

Case in point: The targeted March 2014 cyber-attack by a foreign government of the US Government agency that maintains the records for tens of thousands of government employees, military personnel and contractors holding or having applied for security clearances – including this author’s. Not only did these records contain information such as Social Security numbers, birth-dates, addresses, telephone numbers, etc. but also extremely sensitive personal data such as:

  • detailed listings, including addresses and phone numbers, of family members and foreign contacts
  • prior arrests and disciplinary actions
  • lawsuits
  • bankruptcies
  • history of mental illness, gambling, alcohol and drug use

The consequences of this breach are staggering – not only for the individuals affected but for national security. This information enables the perpetrators to:

  • identify covert agents, which could result in their imprisonment – or worse
  • target individuals possessing classified information of value and expose them to blackmail or recruitment as a spy
  • identify foreign relatives of U.S. intelligence personnel and expose them to coercion

The point here is that privacy and security are the underpinnings on which eGovernment is built. If the underpinnings fail, the building collapses. Up to now, privacy and security of data have been taken as a given but this seemingly endless stream of security breaches, each worse than the previous one, make this now a myth.

Why should a citizen trust the government with their most sensitive information anymore? In a Fall 2014 survey of about 1,000 adults, the Pew Research Center found that only six percent stated that they were “very confident” that government agencies can keep their records private and secure; 25% stated they were “somewhat confident.” It’s not clear how much longer citizens will tolerate this situation – or how far away we are from the tipping point where individuals will flat out refuse to provide sensitive personal information, even at the cost of penalties.

This distressing state of affairs can only have a quenching effect on the growth of eGovernment services, particularly at the Federal level. Privacy and data security can no longer be taken for granted, they must now become an integral part of the value proposition that eGovernment offers to citizens.

Citizen 2015 will be chairing a panel discussion on cyber-security at the EnterConf 2015 conference in Belfast, Northern Ireland on June, 19