« Atkins Studies - Sucess? | Main | Comments - Inline or not? »

This is scary!

The OPM's new e-government initiative, e-QIP may be the scariest thing I've seen in a long time. Sure it looks all nice and pretty and convenient, but the OPM may be playing with fire. Security clearance data will be accessible online for applicants starting in June 2003. How long before the site becomes target number one for hackers? Credit card stuff is bush league compared to the kind of dirt you could pull from these files. Of course security will be high, but the data will sit there forever. Even OPM acknowledges that you typically fill out the form, and don't revisit the information for years.

Anyone who has ever filled out a security clearance form (SF-86) knows the gory detail of your life that they get into. They also know that maintaining the data to complete the form is hard, and an electronic means to fill out the form is the preferred method of completing this monstrosity. There is a piece of software called EPSQ to fill out the forms, and their are Word and PDF versions of OPM form SF-86 available.

For those of you who have no experience with the form or process, here's a list of some of the section headings:

Name/Address/Etc.Your Military Record
Where You Have LivedYour Selective Service Record
Where You Went To SchoolYour Medical Record
Your Employment ActivitiesYour Employment Record
People Who Know You WellYour Police Record
Your SpouseYour Use Of Illegal Drugs And Drug Activity
Your Relatives and AssociatesYour Use Of Alcohol
Citizenship Of Your Relatives and AssociatesYour Investigations Record
Your Military HistoryYour Foreign Activities
Your Foreign ActivitiesYour financial Delinquencies
Foreign Countries You Have VisitedPublic Record Civil Court Actions
Your Association Record 


These questions cover a period of 7 to 15 years depending on clearance and agency. The form is designed to be comprehensive. That's a serious list of personal information to be stored in an Internet accessible database. If you are applying for a clearance would you use this system?

Update: After discussing this site with James at OTB, it might not be as bad as it looks, at least to begin with, but there my guess it that there will still be plenty of hackworthy data behind the site.

The e-OIP site indicates that you can enter, update, and retrieve (print) your data - although it appears that when the site comes online you will only be able to do this during the process of completing a form. It does look like initially your data is saved in a holding database until you send it to the agency. Once send, it would in theory be "out" of the system then and harder to hack (of course the devil is in the details - rarely is information really deleted from databases). It looks like the capability to get at your data will be in the systems at some point (from the e-QIP FAQ).

20. I have completed this form in the past. Why doesn’t this system have that data?
In the future e-QIP will be able to retrieve the data you are entering now. Earlier data has not
been loaded into this system.

There will probably be a manual process to get the data back from the last agency you submitted a form to. The security posture of the site may rest on whether or not your data remains accessible to this web app. The trade off for the site is that if you can't easily get to your previous submission(s) what's the point of using it. It's not like they are going to stop using the paper form anytime soon. It is the functionality (which is alluded to) that allows authenticated users to get at previous data that would allow for hacking attempts...


Comments (2)

i think you are wrong.... (Below threshold)
jay:

i think you are wrong.

i think you are wrong.... (Below threshold)
jay:

i think you are wrong.




Advertisements









rightads.gif

beltwaybloggers.gif

insiderslogo.jpg

mba_blue.gif

Follow Wizbang

Follow Wizbang on FacebookFollow Wizbang on TwitterSubscribe to Wizbang feedWizbang Mobile

Contact

Send e-mail tips to us:

tips@wizbangblog.com

Fresh Links

Credits

Section Editor: Maggie Whitton

Editors: Jay Tea, Lorie Byrd, Kim Priestap, DJ Drummond, Michael Laprarie, Baron Von Ottomatic, Shawn Mallow, Rick, Dan Karipides, Michael Avitablile, Charlie Quidnunc, Steve Schippert

Emeritus: Paul, Mary Katherine Ham, Jim Addison, Alexander K. McClure, Cassy Fiano, Bill Jempty, John Stansbury, Rob Port

In Memorium: HughS

All original content copyright © 2003-2010 by Wizbang®, LLC. All rights reserved. Wizbang® is a registered service mark.

Powered by Movable Type Pro 4.361

Hosting by ServInt

Ratings on this site are powered by the Ajax Ratings Pro plugin for Movable Type.

Search on this site is powered by the FastSearch plugin for Movable Type.

Blogrolls on this site are powered by the MT-Blogroll.

Temporary site design is based on Cutline and Cutline for MT. Graphics by Apothegm Designs.

Author Login



Terms Of Service

DCMA Compliance Notice

Privacy Policy