A Former Employee Calls NASA About The Security Breach
Keith’s note: The last two times there was a data breach I was directly affected since I am a former NASA civil servant even though I left the agency 25 years ago. I also underwent a FBI security scan to get a press badge at NASA HQ 15 years ago. I sent an email to NASA HQ PAO, Human Resources, and CIO yesterday asking how media and former employees are affected by the latest security breach. This is the response I got.
It is pointless to send me to the website since I am no longer a NASA civil servant and I do not have a “Smart Card” to log in. So I called the phone number. They never bothered to ask me for my case number (so why was I given one?). A recording of the call is below. Clearly NASA is not prepared for handling responses to former NASA employees about this topic. Note: I am in Virginia which is a “one party” state when it comes to recording phone calls (which I never do if you call me BTW). This is a customer service call that I think is worth sharing.
“Dear Keith, Thank you for your inquiry to the Enterprise Service Desk (ESD) regarding the potential PII compromise. At this time we are being advised to direct all media inquiries to NASA Headquarters, Ms. Karen Northon at [deleted]. We are dedicated to providing you with a high-quality and timely resolution. You can review the status of your inquiry at https://esd.nasa.gov. If you have any questions or need further assistance, please contact us at 1-877-677-2123, option 2 or submit a ticket at https://esd.nasa.gov. For quicker service, reference your case number [deleted] when calling or include it in the subject line of your e-mail. Thank you,
Service Provider, NASA Enterprise Service Desk (ESD)
NASA Shared Services Center
Self-Service/Web: http://esd.nasa.gov/esd
Phone: (877) 677-2123
Fax (support documentation only): (888) 525-6497″
And that was one of my concerns when JPL got draconian about ssecurity, a mess which ended up as the Nelson et al. Supreme Court case and a fair amount of brain drain from JPL. In the name of security, JPL wanted all employees and all contractors with site access to go through the sort of background checks typically used for security clearances. Even though the work involved was unclassified science which NASA was ordering people to publish in open source journals.
One of my concerns was that would put a huge amount of personal information on NASA and other government databases, for no good reason, and that information would still be there for decades. Even after the individuals left NASA or were no longer NASA contractors. That means the information could be stolen, and NASA might not even have contact information to inform the affected people. Let alone a funded responsibility to help them. I agree with an earlier comment: if the information isn’t really necessary, don’t ask for it and don’t put it on an internet-linked database which could be hacked.
It was not just JPL, but all government contractors without security clearances that were in a “position of public trust”. And our data was compromised.
Sounds like the basis for a huge class lawsuit to get their attention.
It was. The citation for the Supreme Court ruling is NASA v. Nelson, 562 U.S. 134. Unfortunately, NASA and JPL managed to redefine the case before it got to the Supreme Court. The proposed and now actual process was described as a hypothetical example of what JPL might do, and they were asked to rule on whether or not JPL could impose any sort of background check on employees and contractors. Nelson and his colleagues were mostly objecting to the nature of the background checks, not their existence at all.
For example, asking the FBI if a potential employee had an undisclosed criminal conviction would not have been an issue. Interviewing a potential employee’s ex-wife and asking if he’d ever done anything which make him a blackmail target, well… I think a whole lot of people thought that was over the line for totally unclassified, scientific research.
My security clearance application, interviews, and fingerprints from a State Department summer internship application in 1996 were inexplicably part of the the OPM hack in 2015. I didn’t even end up doing the internship.
And they actually knew how to find you and let you know in 2015? 19 years after you put in the application? That’s a bit spooky in itself.
Идиот. It is no wonder Keith is incredulous about this. Clearly, this is a specific example *why* our country is in the shape its in.
Спасибо Кит
Well, Дурак. I’m not sure how commonly they use a direct transliteration from English (or other languages.)