Democratic computer security specialist Ira Winkler is disgusted over the Senate Judiciary Committee memo controversy — not with Republicans, but with his own party. As he explains, there was no “hacking” or stealth effort to access the files. They were left open for all to see: “This is not the electronic equivalent of physical breaking and entering, as it was portrayed by many senators and newspapers. What happened in the Senate Judiciary Committee was the electronic equivalent of leaving the files in the Capitol rotunda.”
Winkler argues Senate Democrats were extremely negligent in failing to protect their allegedly confidential files, even though federal law requires private companies to take affirmative steps to protect confidential material.
Not surprisingly, Congress has adopted laws for the private sector that it now ignores when concerning itself. The Economic Espionage Act requires information to be protected to the same extent that one seeks to classify it as a secret or claim legal protection. Given the outrage expressed by senators, it is clear they wanted the information to be secret. But if information is left as unprotected in public or healthcare-related businesses as it was by the Democrats, corporate executives could be heavily fined or go to jail under HIPAA (Health Insurance Portability and Accountability Act), Sarbanes-Oxley, or GLBA (Gramm-Leach-Bliley Act) regulations.
While concern over political ethics in the Senate is important, it is a non-issue compared to this poster child for gross negligence in computer-security. Senators want to shun basic responsibilities that they impose on the private sector by making scapegoats over borderline ethical issues, instead of taking responsibility for the negligence this story tells. The public should be outraged that the Senate has spent hundreds of hours and countless dollars deflecting blame when inexpensive measures could have been easily taken. This story isn’t Memogate. This is Memo-gateless.
UPDATE: A D.C. Lawyer writes:
So I drop my wallet in the Capitol Rotunda. Or I take it out on purpose, set it down there on a table, and forget about it and walk away. It’s fair game? Yes, I’m stupid for losing it and have to share blame for its loss or theft – but you really agree that someone swiping it is a “non-issue” compared to my losing it?The Dems’ outrage about this is a little excessive, sure, but let’s keep in mind what the actual culpable as opposed to stupid conduct was.
I appreciate the point, but I don’t think the analogy captures what is alleged to have occurred in this case. Nothing was stolen here. It’s not as if someone dropped their wallet. It is more as if an attorney left papers, perhaps concerning a confidential attorney-client matter, in the rotunda, and then someone else came along and read the documents without removing them. Is it wrong to read the documents knowing they are confidential? Yes. Is the attorney negligent for leaving the papers in the rotunda, thereby risking the exposure of confidential information about your client? Yes. Indeed, the attorney has violated the ethical obligation to safeguard client confidentiality and is quite “cuplable” for the lapse.
The Ciceronian Review also quarrels with the rotunda analogy, and asserts “the evidence suggests that the Democrats did not know the files were open.” This is not true. At least one GOP staffer informed the Democratic systems administrator in charge of the network drives in question that network documents were unsecured and it remained unfixed for months. Winkler notes this, as did I back in January.
UPDATE: Byron York reports on two new Democratic memos, and what happened when Democratic staffers accidenally obtained confidential Republican memoranda.
ANOTHER UPDATE: See here.