The OPM compromise and information dynamics.

If you pay attention to the news, you've undoubtedly heard that the US Office of Personnel Management, which coordinates the background investigations for every civil servant and contractor of the United States government was pwned so thoroughly that the intruders even got into E-QIP, the online web service that prospectives have to enter their life histories into (well, at most the last decade of it) so the process can begin. Say what you want about government, but this will probably go down as the most gigantic clusterfuck in history and it shows every sign of getting worse, not better. One of the things the US government has gotten incredibly paranoid over since 9/11 is people who aren't USians, almost unto xenophobia. So why, then, did they outsource their entire IT infrastructure management to mainland China? I got nothin'. And that's not what I wanted to write about, actually. What I wanted to write about is how wrong-headed the idea of "Tell your security officer everything, because if somebody tries to blackmail you about it you can go to them, and they'll help."Here's the idea underlying security clearances: For information of a certain level of sensitivity (the metric of which is how much damage will be done if it gets out or is abused), how much can the government trust the people who will have access to that information? Movies and television have pretty accurately sketched out what they are and whoever wrote the Wikipedia page seems to know their stuff. The more sensitive the information, the higher the classification level and the more hardcore the background investigation is, ranging from talking to your significant others and parents all the way up to having to undergo a polygraph examination (whether or not you think polygraph exams are worth a tinker's dam is the stuff of a separate post) while being asked questions designed to make you cry or blow your stack. You also have to fill out one of two documents (sometimes on dead trees, most lately through E-QIP, occasionally both multiple times because paperwork goes missing and has to be redone, and database backups are usually not being done when you think they should be (anybody who's ever worked in TechOps will expound upon that at length)) which document large swaths of your life history, sometimes all the way back to ten years ago to give investigators something to go on. You can Google those PDFs pretty easily if you've a mind to, they are not themselves sensitive and you can see what kinds of questions you will have to answer: Your arrest record, how hard you party, any affairs you might or might not have had (or be having), how much you drink, whether or not you have ever taken drugs (this can be an immediate deal-breaker for several agencies)... the list goes on and on. There are lots of questions about where you've lived, who you know, and who probably still knows you because the investigators will contact at the very least some subset of those people to verify the answers, and they ask questions about what you did and the kind of person you are (which aren't on the forms). They take notes, and sometimes transcripts of those discussions. The investigators will also interview the applicant at least once (sometimes several times) to question them about things that came up during those field investigations. OPM's investigators are reasonably hard to shock because they've quite literally heard nearly everything. Chances are you are not the only LeVayan Satanist/crossdresser/swinger/fanfic author they've ever met. You might be the sixth that month. This makes them scarily easy to talk to. It is standard procedure to fingerprint applicants for security clearances. Whether or not one's fingerprint cards are scanned into E-QIP is unknown. Of course, if they are there's no way they could ever be abused... It is also common for the security officer you work under (who is usually your boss) to take you aside and tell you "Look, if there's anything you'd like me to know in case somebody tries to twist you with it, you can come to me." The idea is, if the government knows your dark secrets, and your boss knows your dark secrets they'll help you out if anybody tries to use them against you. Feels warm and fuzzy inside, like you just ate a pup