• Please take a moment and update your account profile. If you have an updated account profile with basic information on why you are on Air Warriors it will help other people respond to your posts. How do you update your profile you ask?

    Go here:

    Edit Account Details and Profile

Fuck you OPM!

H

Hair Warrior

Well-Known Member
Contributor
Funny story: I once worked at OPM as a GS civilian. I know a bit about this.

We were aware of shortcomings in PII use and protection - particularly with USAJOBS and USAStaffing (not on the SF-86/investigations side, done by FISD division). I tried to get senior leaders (GS-14, 15 and SES who ran USAJOBS in HCLMSA, a division which no longer exists) at OPM to better protect PII. They constantly skirted the issue and tried to do the least to make system adjustments.

At the time, OPM was using Monster.com website mechanics to underpin USAJOBS. Monster was the contractor who made USAJOBS for OPM. Congress was concerned because Monster.com had been hacked recently. OPM collected SSNs from all Fed applicants - even those who never got interviewed or hired for a job. That's just a huge database to try to protect. Over 40M Americans had a USAJOBS account - basically every able bodied American age 20-40 had applied to join the government at some point. Anyway, Congress wanted OPM to better safeguard PII/SSNs. Congress told us they would happily fund the proposed system encryption enhancements, as long as OPM implemented them.

I convinced my SES at OPM that we should do more to encrypt and safeguard PII, particularly SSNs. We spoke with the SES div leaders around OPM. We pushed it up to the agency Acting Director. We got him on board. We proposed a new Presidential Executive Order. We got it signed by POTUS. It's E.O. 13478.

We took the signed E.O. back to those same recalcitrant GS-14s and 15s at OPM. We asked them to do more to safeguard PII, in compliance with the new E.O. They just stared at me blankly and said "That does not change anything. We aren't going to change how we collect and safeguard PII." So frustrating. To be fair, the E.O. had no teeth, so OPM just ignored it... even though OPM sponsored it.
 
Last edited:
jmcquate

jmcquate

Well-Known Member
Contributor
Flash said:
Only a few required listing more comprehensive information other than a name and contact info, not SSN's and other more sensitive stuff, so not everyone on your SF-86 is going to get a letter.
Click to expand...
Depends on the attributes, or combination of attributes that whomever is cleaning up this shitstorm is using as a threshold. Name+address+DOB in the right hands can do some damage.
 
zippy

zippy

Freedom!
pilot
Contributor
Got my letter today, as expected.

Hair Warriors? said:
Funny story: I once worked at OPM as a GS civilian. I know a bit about this.

We were aware of shortcomings in PII use and protection - particularly with USAJOBS and USAStaffing (not on the SF-86/investigations side, done by FISD division). I tried to get senior leaders (GS-14, 15 and SES who ran USAJOBS in HCLMSA, a division which no longer exists) at OPM to better protect PII. They constantly skirted the issue and tried to do the least to make system adjustments.

At the time, OPM was using Monster.com website mechanics to underpin USAJOBS. Monster was the contractor who made USAJOBS for OPM. Congress was concerned because Monster.com had been hacked recently. OPM collected SSNs from all Fed applicants - even those who never got interviewed or hired for a job. That's just a huge database to try to protect. Over 40M Americans had a USAJOBS account - basically every able bodied American age 20-40 had applied to join the government at some point. Anyway, Congress wanted OPM to better safeguard PII/SSNs. Congress told us they would happily fund the proposed system encryption enhancements, as long as OPM implemented them.

I convinced my SES at OPM that we should do more to encrypt and safeguard PII, particularly SSNs. We spoke with the SES div leaders around OPM. We pushed it up to the agency Acting Director. We got him on board. We proposed a new Presidential Executive Order. We got it signed by POTUS. It's E.O. 13478.

We took the signed E.O. back to those same recalcitrant GS-14s and 15s at OPM. We asked them to do more to safeguard PII, in compliance with the new E.O. They just stared at me blankly and said "That does not change anything. We aren't going to change how we collect and safeguard PII." So frustrating. To be fair, the E.O. had no teeth, so OPM just ignored it... even though OPM sponsored it.
Click to expand...

It would only have been funny if you ended it with you choosing to identify them by name in a letter to congress so they can personally testify in hearings to why they refused to follow an executive order. You'd be covered under the whistle blower protection act, although that may just be another toothless law that agencies choose to ignore.
 
H

Hair Warrior

Well-Known Member
Contributor
HH-60H said:
I'm not sure what this means. E.O.s have the force of law within the Executive Branch.
Click to expand...
E.O. 13478 (the one I championed) amends an old E.O. 9397 from 1943 that basically said "agencies shall collect SSN."

All federal entities, including the Navy, used to use E.O. 9397 as a blanket mandate to collect SSN at every opportunity. We wanted to eliminate the mandate by making SSN collection optional for agencies, rather than compulsory.

We changed the word "shall" to the word "may" - making it optional. But we did not go so far as to create a new mandate. Thus, no teeth. So, OPM can legally ignore it.

Wording: https://www.federalregister.gov/art...federal-agency-use-of-social-security-numbers

Some organizations took the hint and started looking at ways to maybe stop collecting SSN, or better protect it. See here: http://energy.gov/sites/prod/files/maprod/documents/DOE_Guidance_on_the_Use_of_the_SSN.pdf
 
Last edited:
H

Hair Warrior

Well-Known Member
Contributor
zippy said:
It would only have been funny if you ended it with you choosing to identify them by name in a letter to congress so they can personally testify in hearings to why they refused to follow an executive order. You'd be covered under the whistle blower protection act, although that may just be another toothless law that agencies choose to ignore.
Click to expand...
Yeah, I really couldn't do that. Also, I am NOT trying to say "told ya so" or claim that I could have prevented the Chinese hack in any way.
 
Last edited:
Jenlm

Jenlm

Well-Known Member
Got my letter from OPM about a week after I got my FINSEL and two days after I did my enlistment....
 
Alpha_Echo_606

Alpha_Echo_606

Does not play well with others!™
Contributor
Looks like I'm late to this party, my letter came today. I guess I was secretly hoping my info didn't get hacked.
 
You must log in or register to reply here.
Top