Editor’s Note: A guest post from Paul Dietzel, candidate for the 6th Congressional District in Louisiana. This piece originally appeared at InsideSources.com.
When a company is hacked and loses private consumer data, it will lose millions of dollars and the trust of its customers. Just this year, many major companies like Target and Michaels have learned this lesson the hard way.
When Washington loses your information, the only person who loses is you. The bureaucrats in D.C. have no fiduciary incentive to keep information secure and face no accountability regarding their information mismanagement.
Unfortunately, Americans are required to deal with the federal government – a place where our records are less safe than ever before. Whether it’s the IRS, the NSA or the new Obamacare website, the security measures put in place to protect your privacy are not up to par.
As the owner of a tech business that handles electronic transactions every day, I can tell you that my business could never get away with the slack security policies Washington agencies have established.
Let’s start with Healthcare.gov. Even though all Americans were required to have health insurance by March 31, Healthcare.gov was—and still is—not secure.
Just recently, the administrators of Healthcare.gov alerted all users that their passwords had to be changed due to the “Heartbleed” bug. One might assume that the federal government would use bank-grade systems and techniques for securing our data—but this is not the case. All users were forced to create new passwords.
In January, it only took expert hackers four minutes to access the personal information given by users to Healthcare.gov. David Kennedy, head of computer security consulting firm TrustedSec LLC, told the House Science, Space and Technology Committee that “[Healthcare.gov] is insecure—100 percent,” and stated that the website had more the 20 vulnerabilities.
President Obama has claimed more than 7 million Americans have signed up for Obamacare, but these 7 million should be wary that their credit card information, social security numbers and health records may not remain private.
And remember, Healthcare.gov is integrated with many of the IRS systems, leaving your tax records at risk as well. This instance wouldn’t be the first time tax data could have been compromised. Last year, the federal government’s own auditor, the Government Accountability Office (GAO), released a report stating the IRS was not doing enough to keep your data secure.
The IRS data centers weren’t periodically updating passwords, were storing unencrypted login details and were using easily-guessed passwords in internal systems.
The IRS and Healthcare.gov harvest your private data, but at least you know what data these agencies store. The NSA’s full surveillance of cell phone and email records leaves Americans vulnerable to a new level of data theft. When we shop online, we know our credit card has a chance of being stolen; however, when the government is taking data without warrants, citizens have no concept of how their privacy can be abused.
This is why we cannot trust Washington with our private data. If I had my way, the NSA wouldn’t be unconstitutionally collecting mass data, the IRS would be abolished, and Obamacare would be repealed. But, even if we got rid of those programs, we still need to re-empower Congress with real oversight of the security of our government data, not just trust it to some bureaucracy.
As an entrepreneur in this field and a candidate for Congress, I would propose new ideas to replace the subpar privacy laws on the books.
I would start by turning over data management to the private sector. Many departments use government contractors for data storage, but these particular companies aren’t working. Instead of turning to government contractors, we should recruit real private sector companies who already have a specialty in this field, and leave data in the hands of people who have already been successful at keeping it secure.
After altering who manages government data, we need to bolster the power of Congress, not outside agencies, to ensure departments are only keeping lawful data. One relevant House committee needs to be assigned the power to audit all departments and, if necessary, shut down any projects which are either jeopardizing our security or unconstitutionally seizing data.
American citizens are releasing too much data to the federal government, and we have plenty of reasons not to trust them. That’s why we need to send leaders who understand data and technology to Washington to return this power–the power of personal privacy–back to the people.