Latest in OPM

The Cyberlaw Podcast

Steptoe Cyberlaw Podcast, Episode #74: An Interview with Catherine Lotrionte

Our guest commentator for episode 74 is Catherine Lotrionte, a recognized expert on international cyberlaw and the associate director of the Institute for Law, Science and Global Security at Georgetown University. We dive deep on the United Nations Group of Government Experts, and the recent agreement of that group on a few basic norms for cyberspace. Predictably, I break out in hives at the third mention of “norms” and default to jokes about “Cheers.”


A Correction and a Reiteration

Last week, I wrote a piece on the OPM hack, quoting a GAO report that seemed to me to suggest that the intelligence community had concerns about OPM's computer security back in 2010. In response, I received the following missive from a senior intelligence official suggesting I had misread the GAO report in question:


Whose Fault is the OPM Hack, Really? Part II

Last week, I posed the question of whether we should really be blaming OPM—which is not an intelligence, counter-intelligence, or cybersecurity agency—for the theft of government personnel records, presumably by professional intelligence operatives, when we have plenty of intelligence, counter-intelligence, and cybersecurity expertise in the federal government.


Whose Fault is the OPM Hack Really?

Everyone's mad at the Office of Personnel Management, and I totally get why. The hack is awful, the magnitude staggering. The consequences will be big, both for the country and for lots of individuals. It's a very ugly situation, and OPM has certainly not handled it competently, let alone well. And the more we learn, the worse it gets.

But here's my question: Is this really OPM's fault?

The Cyberlaw Podcast

Steptoe Cyberlaw Podcast, Episode #71: An Interview with David Anderson

Privacy advocates are embracing a recent report recommending that the government require bulk data retention by carriers and perhaps web service providers, exercise extraterritorial jurisdiction over data stored abroad, and expand reliance on classified judicial warrants. In what alternative universe is this true, you ask? No need to look far. That’s the state of the debate in our closest ally. The recommendations were given to the United Kingdom by an independent reviewer, David Anderson.


The OPM Data Breach: Congress Should Investigate, but Should Consider Its Own Responsibility for Protecting Federal Workers

The data breach of OPM’s personnel records system is a privacy and security disaster for the U.S. Government and for the 4 million (and possibly as many as 14 million) current and former federal employees and contractors (including many Lawfare readers, unfortunately!) whose security clearance applications have reportedly been accessed by Chinese hackers.

Subscribe to Lawfare