- The Washington Times - Monday, January 9, 2017

ANALYSIS/OPINION:

Russian hackers and other identity theft trolls needn’t cramp their fingers trying to get sensitive personal identifiers of D.C. residents.

The D.C. government itself is broadcasting the information.

Even biometrics, such as fingerprints, retinal scans and DNA, are at risk of reaching the fingertips of thieving hands.

A new report by the Office of the D.C. Auditor explains the problem, and alerts officials to the fact that the issues run three mayoral administrations deep.

So the current Bowser administration is simply following in the footsteps of its predecessors.

The auditor examined the security of at-risk personal information that is web-based and desktop-available. The personal identifiers are a treasure chest for identity thieves — including Social Security numbers, date of birth, place of birth, mother’s maiden name, educational and financial information and employment data.

Here’s the gist of Auditor Kathy Patterson’s damning revelations of her examiners’ look into the breachable habits of the D.C. Department of Human Resources, D.C. Department of Employment Services and D.C. Child and Family Services Administration:

The chief problem is that the District fails to secure and protect the Personally Identifiable Information (PII) of employees, residents and agency interactions, and its policies are lax in responding to breaches.

The audit cites among possible breach outcomes the “unauthorized access, use or disclosure” of personal data that could lead to “identity theft, blackmail, or embarrassment and legal liability.”

“PII collected in past years may be stored in remote, unsecured locations (e.g., boxes stored in a closet or basement, old databases),” the report said.

The crux of the problem, as the audit report pointed out, dates back at least to the years when Muriel Bowser was a D.C. Council member during the Adrian Fenty administration.

Muriel Bowser springboarded from her council seat to the mayor’s suite in 2014.

Reportedly, she plans to seek re-election in 2018, which means her appointees and administrators at least have a political obligation to reverse the three-administration trend of leaving personal information out there in cyberspace unsecured and on dusty government shelves around the city.

Most important of all, however, is council oversight — tough, probing, factual oversight.

The discussions should be led by Brandon Todd of Ward 4, chairman of the council’s Government Operations Committee, which oversees the Bowser administration, and Jack Evans of Ward 2, who oversees the Finance and Revenue Committee. Both are Democrats.

Stakeholders need to watch carefully to ensure that Mr. Todd doesn’t let the other Bowser folks off the hook, and Mr. Evans needs to ensure that his colleagues don’t allow unions, social services advocates and the 2018 elections to make excuses to balloon the budget and increase taxes.

A lack of money did not create the problem of the city’s unsecured data systems, and more money will not solve it.

As the auditor has shown, even personal information no longer needed is being stored, albeit unsecured.

A lack of insight and oversight allowed the problem to fester for nearly a decade.

Indeed, it’s obvious why the auditor chose those three agencies: They interact with every constituency in the city.

Ever applied for a job or a background check through the D.C. government?

Medicaid?

Unemployment benefits?

Child support?

Food stamps?

LGBT housing?

Adoption or foster care?

Child care?

As I said, Russian hackers and identity theft trolls could have a field day with the easily accessible D.C. personal information.

Sad, disturbing and frightening — and also true.

Deborah Simmons can be contacted at [email protected]

LOAD COMMENTS ()

 

Click to Read More

Click to Hide