NRPLUS MEMBER ARTICLE M aps, casualty estimates, munitions forecasts, the war plans of our allies and adversaries, even our allies’ intercepted communications, all were leaked in the latest breach of American intelligence and military agencies. Photographs of well over 100 classified documents have been working their way around social media since late last year.
It’s been a tragicomic sequence. The secret files were posted to a niche meme community on Discord, Thug Shaker Central, then a slightly bigger one, End of Wow Mao Zone, and the big leagues, Minecraft Earth Map. “Here, have some leaked documents.”. . . “Nice.” Then on to Twitter and Telegram. Soon enough, American intelligence agencies were rushing to protect their sources, fearing them burned. The Biden administration is mollifying South Korea and Israel, spied-upon allies. And American military leaders are revising their plans for the war in Ukraine. Comic opening, swift and unpleasant repercussions.
America’s military and intelligence officials are trained for these situations, and are, no doubt, putting things to rights to the best of their abilities. All but the greenest rookies will have firsthand experience dealing with information incidents at their agencies. Despite being staffed with the government’s most capable data defenders, America’s security agencies suffer massive information losses on a regular basis.
Already in 2023, the U.S. Marshals Service lost its own trove of sensitive law-enforcement information including personally identifiable data on Marshals Service employees, subjects under investigation, and other unspecified third parties. Over at the Department of Defense, the U.S. Special Operations Command exposed to the public more than three terabytes of emails through a server misconfiguration. And the Federal Bureau of Investigation lost control of its information systems for investigating images of child sexual exploitation. Not all leaks are tragedies, but some have tragic and gruesome implications.
It is tempting to glance away from these failures. It’s easy enough to think all of this might just be above your pay grade, someone else’s problem, something for the generals, spooks, and FBI agents to sort out. What’s any of it got to do with you anyway?
Here’s what: You file your taxes every year, and you tell the IRS everything about yourself and your family. Maybe you fill out more forms to collect benefits from the government, such as Social Security, Medicare, Medicaid, or food stamps. You probably respond to government surveys when asked, especially when a legal notice demands it. And if you’ve worked in a business, you might know more than you’d like about regulatory reporting requirements and business taxes.
In their day-to-day administration of America’s laws and regulations, the U.S. government’s civilian administrative agencies collect enormous amounts of information about you and any organization with which you’re involved, such as your church, union, bank, or small business. None of that data is any safer than the state secrets that are leaking from America’s security agencies like sand through a toddler’s fingers.
Indeed, how could you expect the IT defenders at the Department of Agriculture, say, to outperform those at the Central Intelligence Agency? If the top-secret agencies fail to keep their data safe, how could the humdrum bureaucracies of civilian administration succeed in keeping your data safe?
Of course, they don’t. Administrative agencies and offices across every branch of government are riddled with information-security failures, and Americans’ administrative records are being hacked and leaked all the time.
In this young decade alone, there have already been dozens of public and notable breaches, including from, yes, the Department of Agriculture, as well as the Internal Revenue Service and other offices of the Treasury Department, the House committee on the January 6 riot, the Department of Energy, the National Space and Aeronautics Administration, the Federal Aviation Administration, the National Institutes of Health, the Securities and Exchange Commission, at least 27 U.S. attorneys’ offices, the central Administrative Office of U.S. Courts, the Supreme Court, and others. Over the same period, there have been thousands of security incidents that the government knows about but has kept the details to itself. The Office of Management and Budget tabulated over 62,000 information-security incidents in fiscal year 2020 and fiscal year 2021. Thousands more hacks and leaks may have evaded the government’s notice or reporting.
The information you’ve given government wittingly is not all there is for you to worry about, either. Agencies collect their own data about you. They get it from what’s ostensibly the public domain, such as social-media posts, and they get it via mandatory reporting requirements for third parties such as your bank, health-insurance provider, and employer. The IRS, for example, contracts with Palantir’s Gotham platform to gather data on taxpayers and centralize it in the IRS Lead and Case Analytics platform to target audits. Everything Gotham and all of the other government bots and AI systems dig up about you and centralize on agency computers is as much at risk of disclosure as anything you’ve given the government on a form.
What can you do? It’s not as if you’re interacting with private technology platforms and can just be careful about which ones you use, what you upload, and where you browse. This is the federal government, you have only one of them, and you have to do what it says.
There’s not a lot to be done for the information that the government already has collected. What’s gone is gone, and what’s not will be soon. But put faith in the political system, and at least there can be hope for the future. Talk to your political representatives about your concerns. These are not partisan issues, and every member of Congress, Republican or Democrat, who cares about serving their constituents should be willing to hear you out and share what they are doing to improve information security.
And it’s worth adding that the simpler and smaller government becomes, the less information there is to leak out. Close measurement and tight controls on information flows within government would help, too, but if the data aren’t collected to begin with, they can’t be leaked, hacked, or shared.
The U.S. government’s information security is a disaster throughout. The problem will grow as long as government does.