Information governance in the federal government

Inexcusable mismanagement of classified data, secret e-mail accounts and wanton destruction of public information demonstrate that there isn’t any information governance happening in the federal government.

Cybersecurity
Unlimited

Several years ago, I arranged for a representative from the New York State Archives to provide training in e-mail and document retention for one of my government clients. The trainer did a fantastic job and here are a couple of takeaways she provided:

  • Never use your personal e-mail account for official business.
  • Never use your government account for personal communications.
  • Never, ever send official, intra or inter-agency business e-mail to anyone’s personal account.

This organization also used an e-mail archiving system and was preserving every single e-mail that went in or out of the organization as required by published retention and disposition schedules for different government entities in the state. In other words, hayseed county and municipal governments all over the country have processes and procedures for preserving official, digital communications whereas the federal government seems to be completely lacking in this area.

Let’s take a look at a few examples of our federal government’s complete lack of information governance.

In 2013, the Associated Press reported on top Obama appointees using secret email accounts. Not only were high level appointees guilty of this, the president also engaged in this behavior. This is apparently occurring to some extent in the Trump Administration, as well. The most well-known case, of course, is Mrs. Clinton’s use of her own e-mail server which was used to send and receive classified information and demonstrated gross negligence – a criminal offense. Conveniently, “someone mistakenly deleted Clinton’s archived mailbox from her server and exported files.”

I spent four years in army intelligence during Ronal Reagan’s second term and my colleagues and I might still be breaking big rocks into smaller ones at Leavenworth had we been involved in these sorts of activities. While the high-profile culprits have all gone unpunished, Jake Tapper reported that “the Obama administration has used the 1917 Espionage Act to go after whistleblowers who leaked to journalists…more than all previous administrations combined.”

Then there is the case of two years of missing e-mails for Lois Lerner. Not only did her hard disk crash and need to be sent for destruction, but her Blackberry was mysteriously wiped clean after “congressional staffers began questioning her.” Coincidentally, five other employees who worked closely with Mrs. Lerner also lost e-mail related to the investigation when their hard disks crashed at around the same time. In addition to all this, Mrs. Lerner was also using a personal e-mail account for official business under the name of her dog.

Are you kidding me? You mean to tell me that the IRS has no archiving system or centrally managed mail server with 7 years of backups through which these tragically lost e-mails could have been restored? Had these shenanigans been exposed at a publicly traded company, we would have seen heads rolling and executives doing the perp walk on national television facing up to 20 years in prison under the Sarbanes-Oxley Act.

Recently, the “premiere law enforcement agency in the world” had to forensically recover five months of missing text messages between investigators in a high-profile investigation. This was the result of a “technical glitch…that affected 10% of the FBI’s employees.” In this particular case, Andrew Napolitano calls for the release of all the raw data to the public; “The government works for us; we should not tolerate its treating us as children.” I completely agree.

Then, there is the case of Sandy Berger, a former National Security Advisor, who stole classified information related to the 9/11 attacks from the National Archives. Don’t worry – he pleaded guilty to a misdemeanor in federal court and was severely punished with 100 hours of community service and a $50,000 fine. A breach of protocol allowed him to remove these documents and there have been a number of other thefts from the National Archives, as well.

In another high-profile case, former CIA Director General Petraeus gave classified information to his mistress/biographer, Paula Broadwell. He pled guilty to a misdemeanor and avoided prison time. In what can only be described as an Inspector Clouseau moment, the CIA boss and Ms. Broadwell were using the draft folder in a shared Gmail account to communicate with each other.

Recent, significant data breaches at federal agencies have included the NSA, IRS, OPM and the USPS.

UK politicians are as clueless as our own when it comes to information security and governance. Apparently, British MPs routinely share login credentials with their staff members.

While the DNC isn’t a government agency, their inexplicable handling of hacked e-mails and the Imran Awan case provides insight into the casual disregard elected officials seem to have for information security and IT management.

In all of the examples I have covered here, the information belongs collectively to us – American citizens. It doesn’t belong to the miscreants who wantonly mismanage or attempt to it hide from us. These people aren’t our leaders, they are our employees and we have a right to know what they are up to. Radical truthfulness and transparency rather than radical secrecy should be the default stance for our well-paid politicians and government employees.

Good information governance comes from the top, which is why ISO standards call for “top management” to be involved in development of governance policies and procedures for information and IT. When can we expect to see this in the federal government?

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! State of the CIO, 2018: IT-business alignment (finally) gets real