Are Massive Data Breaches A Policy Instrument?

The first story is about a massive data breach under the Obama Administration: personal informational and files on all whistleblowers at the Department of Homeland security and beyond.  The second story is about the purchase of an American company by a Chinese company: Such acquisitions always require approval of the Administration and the Committee of Foreign Investment in the United States. The acquisition suggests a massive data transfer to China. Unlike the “loss” of 20 million personnel files at the Office of Personnel Management (since that was probably corruption), are these data breaches policy, with each Administration exposing the data of those each Administration sees as enemies or at least as problematic?


Data Breach Affected More Than 240,000 Homeland Security Workers, IG Confirms; The Breach Also Affected Non-DHS Employees Who Communicated With The Department’s Inspector General., January 1, 2018.
Personal information about more than 247,000 Homeland Security Department employees and other people connected with the agency was compromised in 2014, the department’s internal auditor said Wednesday. In May, the Homeland Security inspector general’s office found a copy of its investigative case management system—and the reams of personal information it contained—in the possession of a former inspector general’s office employee, according to a department statement. Inspectors found the case management system as part of a criminal investigation but did not say if the former employee is the target of that investigation. The statement also did not provide details about how the system ended up in the former employee’s possession except to say that it was not the result of a third-party cyberattack and that other employees’ personal information was not the target of the “unauthorized exfiltration.” USA Today described the breach in November based on leaked documents but Homeland Security did not confirm the breach at that time. 
The case management system contained personal information on 247,167 Homeland Security employees who worked for the department when the information was removed in 2014, the department said. It also contained information about non-employees who were subjects, witnesses or complainants in inspector general investigations between 2002 and 2014, the department said. The statement does not say how many non-employees were in that group. The department is “implementing additional security precautions to limit which individuals have access to this information and will better identify unusual access patterns” in the future, according to the statement. 
The statement did not describe what personal information was compromised. Personal information can range from less sensitive information, such as names and phone numbers, to highly sensitive information, such as Social Security numbers and financial data.   The department is offering free credit monitoring to employees and other people whose information was compromised. Employees were informed about the breach in a Wednesday letter, but the department won’t directly notify non-employees because of “technological limitations.” The notice includes a contact number for non-employees who were associated with Homeland Security inspector general investigations to request credit monitoring. Security experts have often said credit monitoring is less effective at preventing criminals from profiting off your leaked information than other steps such as freezing your credit. “The Department of Homeland Security takes very seriously the obligation to serve the Department’s employees and is committed to protecting the information [with] which they are entrusted,” the notice states. 

Can The Chinese Government Now Get Access To Your Grindr Profile? Washington Post, January 12, 2018.

China experts and former intelligence officials are raising concerns about user data privacy following the acquisition of Grindr, the world’s largest gay dating application, by a Chinese technology firm. The Chinese government, they say, could be in a position to demand sensitive and embarrassing details on the lives of millions of non-Chinese citizens. This week, the Kunlun Group completed a full buyout of Grindr, a gay, bi, trans, and queer dating app that claims 3.3 million daily users. The Chinese firm bought 60% of the company in Jan. 2016 for $93 million and has now acquired the remaining stake for $152 million, according to stock filings. Grindr announced that Kunlun executives will take over leadership of the company.

That announcement set off alarms among officials and experts that track Chinese intelligence and foreign influence operations in the United States. The Chinese government is sweeping up massive amounts of data on not only its own citizens, but also Americans and others, as part of a unique and well-planned effort to build files on foreigners for intelligence purposes.

The article includes no information on the total number of Grindr users or nor any of its prominent users, in the way that it was reported that Pres. Obama was discovered to subscribe to Rent Boy when its customer list leaked.