[Dailydave] The OPM Mess and the Bigger Picture

dan at geer.org dan at geer.org
Wed Jul 1 16:53:19 EDT 2015


Keying in on this:

> And that's pretty much exactly what the Chinese stole here, except
> without the French guy from "The Professional" and all the outfits. The
> problem, as we're going to drill home again and again over the next year
> during damage control in congressional meetings each more painful and
> less informative than the last, wasn't that OPM didn't protect the
> database, but that they HAD THE DATABASE COLLECTED AT ALL.

I'd sent a comment to the Passcode folks at the Christian Science
Monitor that may not have made it into print (electrons).  To prove
I agree with you, here it is:


-----------------8<------------cut-here------------8<-----------------

Q: Should the Office of Personnel Management chief be held responsible
for the lapse in security that led to the breach of millions of
personal records?

A: No.

Changing a person will not help -- it is purely symbolic, and such
symbolic gestures are precisely, totally, and without debate what
happens in political hierarchies (read, Washington) whenever there
is bad news to handle.  Even talking about whether to fire someone
is a criminally profligate waste of the citizenry's attention span.
What is neither a waste nor a diversion is the question that matters:
When data is scarce or precious, there may be compelling reason to
centralize it but if and only if that centralization is risk
cognizant.  When data is either plentiful or of marginal value,
then centralizing it can only create risk, never value.  Therefore,
what is to be asked of those to whom OPM reports is what, exactly,
was their raison d'etre for assigning the OPM its role as centralizer
(scarcity or preciousness of what, exactly), and whether they
delegated to OPM their own duty of risk cognizance on purpose or by
accident.  If wanting prediction, then the supposed reforms embodied
in the Dodd-Frank law massively removed resilience from the financial
system by forcing the centralization of functions previously widely
dispersed into what now can only be described as freshly minted
single points of failure waiting to happen.  It is the urge to
centralize that is what political hierarchies do.  It is apologists
for, and hucksters of, centralization that should lose their jobs.


Dan Geer

-----------------8<------------cut-here------------8<-----------------



More information about the Dailydave mailing list