American Culture

Presidential passport breach: Why do contractors have easy access to sensitive data?

By Martin Bosworth

The accessing of private passport-based travel data of all three Presidential candidates by contractors working for the State Department has finally galvanized Capitol Hill to address the issue of privacy–something we’ve been begging them to do for years. Ron Wyden sums it up succinctly:

“The Government Accountability Office has been warning about this problem for a decade. And it seems to me in this administration, there’s been pretty much a culture of disregard for privacy, and that’s part of the problem,” he said.

Wyden may have been referring to a 2006 report from the GAO documenting the lack of oversight in sharing Social Security Numbers with contractors working for various federal agencies, including the IRS and the FBI, as well as within the private sector. It is but one of many reports the investigative agency has issued documenting the serious vulnerabilities our government’s mad drive to outsource its functions to the private sector has wrought–but it’s only the tip of the iceberg.

Natasha Chart begins by asking the right questions:

Who did the passport data contractors work for? On top of that, my question, why the **** are contractors getting access to sensitive public data? Have we privatized the government so much that there aren’t any federal employees left to handle this stuff?

Brilliant at Breakfast’s Jill gets some answers by untangling the web of allegiances involved in the passport breach and discovers a number of disturbing conclusions, including the fact that new employees at State may have been trained using “live” personal data:

Is Mr. McCormack saying that when they’re training new employees, they’re giving them access to production data? Even if they’re taking a copy of the production database and putting it on a test server, this is still sensitive data about individuals, some of them high-profile, that they’re using for TRAINING NEW EMPLOYEES? And if a trainee immediately decides to look up information for Hillary Clinton, shouldn’t that have set off a red flag as to what this new employee was likely to do?

The question then becomes, why did low-level non-Federal employees have access to such sensitive data, and why weren’t better safeguards in place?

This excellent International Herald-Tribune article from February 2007 has the answer–the mad dash to turn government service into a pig’s trough of profitability has made contracting the virtual fourth arm of the government:

Without a public debate or formal policy decision, contractors have become a virtual fourth branch of government. On the rise for decades, spending on federal contracts has soared during the Bush administration, to about $400 billion in 2006 from $207 billion in 2000, fueled by the war in Iraq, domestic security and Hurricane Katrina, but also by a philosophy that encourages outsourcing almost everything government does. Contractors still build ships and satellites, but they also collect income taxes and work up agency budgets, fly pilotless spy aircraft and take the minutes at policy meetings on the war. They sit next to federal employees at nearly every agency; far more people work under contracts than are directly employed by the government.

Outgoing GAO head David Walker added an emotional note to the phenomenon: “There’s something civil servants have that the private sector doesn’t,” he said in an interview. “And that is the duty of loyalty to the greater good — the duty of loyalty to the collective best interest of all.” He added, “Companies have duties of loyalty to their shareholders, not to the country.

That’s absolutely right, and I can vet it from my personal experience. The government claims they need to outsource all of these functions to contractors in order to take advantage of younger, technologically-adept workers with specialized skillsets, rather than expanding the federal bureaucracy. If that were actually true, I’d understand it. But it’s not.

See, your average government contractor is very much a fly-by-night, seat-of-the-pants operation. Unless you’re one of the established big boys like Lockheed Martin, SAIC, CACI, etc., in order to even get your foot in the door, you have to qualify for “8a/disadvantaged status,” which is gov-speak for “woman or minority-owned business.” I’ve lost count of the number of operations I’ve run across that were only getting contracts as the result of having a woman or black CEO, which adds a very ugly racist and sexist dimension to the business–it makes others resentful of them and less willing to trust that they can actually do the job. And, to be blunt, many times they cannot–the ease with which you can obtain these contracts often means many of these contractor and subcontractor agencies have virtually no experience as a business, no idea how to handle basic issues like payroll, accounting, getting benefits for employees, etc. When you have money literally being thrown at you because you’re the lowest (or ONLY) bidder in a contracting announcement, who needs to know how to run a business?

Now, once you’re in the mix as a government contractor, in order to make any kind of profit, you have to charge the agency you work for enormous markups, which can cost the government billions–and this doesn’t stop even if you’re a giant like Boeing:

The Army’s shady approach to its $200 billion makeover has been such a disaster, Congress has ordered the entire military to stop using the arrangement, forever…The outcome has been less than impressive. In 2003, when the LSI contract officially kicked off, Future Combat was meant to be a $92 billion effort; today, that figures stands at $200 billion, minimum — and maybe more than $230. An operating system that was supposed to require 33.7 million lines of code is now estimated to be 63.8 million lines big. “They’re getting to the point they should’ve been in 2003,” Francis noted.

But here’s the thing–many contractors and subcontractors who win bids for government service don’t have nearly enough employees available to do the jobs they claim they can do. So they put out a mad rush of job announcements on Craigslist, Monster, CareerBuilder, etc. and rush to get people in as soon as they can. Often this happens without any kind of background check or even vetting of the prospective’s qualifications or experience–and when the background check DOES happen, it’s often incredibly invasive and touches on every aspect of the prospective’s life. It’s an all-or-nothing approach in this culture.

The best part? Those obscene markups I mentioned earlier do not always trickle down to the employee in the form of higher wages. You often hear about longtime Feds leaving to make more money in the private sector, and that’s absolutely true–but it’s often true for those at the GS-13 level or higher, those with many years of institutionalized experience and knowledge that can be put to use for a company looking to get government gigs. At the lower levels, the salaries contracting agencies pay their prospectives are ridiculously low, many of which don’t even meet the standard of living in an expensive area like the Metropolitan D.C. region. (Trust me, I know.)

So you get people at low pay, which generally means either fresh-faced kids who need a serious boost on their resume, immigrants looking for a quick route to citizenship or on hold with their H-1B status, or people who just need any kind of job and are willing to say, and do, anything to keep it. They often don’t have the training or smarts necessary to handle all the pitfalls and complexities of working for a Federal agency, and once they see that there’s no promotional opportunities in it for them and nowhere to go, they start looking for better work–and they not only take their skills with them, they can cause all kinds of untold damage. To wit:

* A contractor who won a no-bid contract to design a Web site for the TSA to enable flyers to remove their names from terrorist watch lists created such a hole-riddled, poorly-designed piece of trash that it had to be shut down, leading to an investigation by Henry Waxman’s Government Reform Committee.

* 40 percent of Medicare/Medicaid agencies and health insurance contractors experienced breaches of sensitive medical and personal data between 2004 and 2006, driven by the vast interchange of data among contractors, subcontractors, and third parties across the world.

* A contractor upgrading the Department of Education’s online student loan service operations accidentally exposed the personal data of 21,000 students briefly in 2006.

* Unisys, a big-time government contractor hired by the Veterans’ Administration (yes, that Veterans’ Administration) to help process veterans’ health insurance claims had a desktop computer containing data on 38,000 veterans stolen from its home office in Reston,Virginia. (Note the quote from Larry “Wide Stance” Craig himself on privacy problems.)
All of these breaches could have been prevented by locking the data down, keeping it in-house, and most of all, by ensuring only federal employees had access to it. But the current contracting culture is determined to pare government down to the absolute brittle bones in order to build portals of profitability in the private sector. Contractors, as both Walker and a colleague of mine said, have no loyalty to the government–they know flat-out they may never get hired into the agency they work for. Nor do they have loyalty to their agency, really–they’re easily replaceable in ways that Federal employees are not. Their first loyalty is to themselves and their own survival. They are, in effect, outsourced mercenaries, paid to do the work of public service as a private commodity.

Hmm…mercenaries working for the government. I’ve heard of this somewhere before.

4 replies »

  1. Pingback:
  2. You’ve got me thinking, Martin – could we get a gig as contract bloggers for the government?

  3. Most countries worry about the military overwhelming the state. We worry about the public infiltrating the government and military

  4. Privatization:

    Not applying for a $55K a year DOL job so that I can apply through a contractor for the same job at $80K a year (not including their fees).

    Our tax dollars at work.