What if a Home Depot-scale data breach occurred in gov't?
Last week, officials at Atlanta-based Home Depot announced that security breaches at the company had allowed hackers to access some 56 million credit-card accounts. That's more than five accounts for each and every person in Georgia, and represents the largest retailing cyber-security breach ever announced in this country. The breach occurred undetected from April until Sept. 2, company officials said.
According to the New York Times, Home Depot had been warned by its own employees of its potential vulnerability but did not make it a priority, responding too slowly and too late in trying to tighten its cyber-security. (The company has said that it has now patched all known weaknesses and that customers can shop confidently at its stores.)
Reading those stories, I couldn't help but imagine the enormous political outcry that would have erupted if a much smaller breach had occurred involving, say, personal data collected to verify income and eligibility for ObamaCare subsidies. What is being treated as an unfortunate oversight in the private sector would become scandalous, earth-shaking proof of the inherent incompetence of a government that cannot be trusted to do anything right. And that would only be the beginning.
Darryl Issa would be fuming, venting and preening on national TV. Fox News would be treating us to unsourced claims that President Obama had been warned of the potential breach but ordered cyber-security teams to "stand down" before he headed off to the golf course. Ted Cruz would be suggesting that only the data of conservatives had been left exposed while John McCain would be insisting that the problem could be solved only by putting boots on the ground in Syria.
I'm not at all arguing that a breach of government-held data on such a scale would be acceptable, although given technological realities, they are probably inevitable to some degree. When even the most closely held classified data of the National Security Administration can be made public, it's clear that secrecy has become a relative rather than an absolute concept.
In addition, part of the double standard can be explained by the fact that the problems and failings of government are exposed quite publicly, and ought to be, while private companies keep internal failings as private as possible. But it is equally true that the failings of government quickly become part of a larger narrative that attempts to discredit government as a whole, while the failings of Home Depot, which followed the breach at Apple, which followed the failings of Neiman Marcus, which followed a breach at Target, are kept in perspective and recognized as problems of the type that are more or less inherent in the modern world.
