File Sharing Breach Exposes Congressional Investigations

Last week a fresh political scandal hit the streets of Washington, DC, when a document listing dozens of investigations of Congressional leaders was leaked to the Washington Post. Such a leak would normally be a huge breach of confidence and trust toward those involved in the investigations. However, it appears one of the investigators themselves is to blame for the leak, because a confidential document listing details of multiple investigations was found on an unsecure file sharing site.

Washington is keeping a close eye on the investigation list, and with good reason, but from a technological perspective, I hope people are looking into how this document got out in the first place. According to the Post, the file “became available on file-sharing networks because of a junior staff member’s use of the software while working from home.”  In a shock to no one, that staffer was fired immediately, and Congressional leaders are looking into exactly how this happened to prevent it from happening again.

This story puts file sharing in the news in a scary way. Telecommuting could take a big hit if employers aren’t confident that their staff can work remotely while still protecting company information–if Congress can’t do it, how can private businesses? I think its safe to venture, however, that most workplaces (including Congress) have not given their staffs enough real training or education on how to protect information, online or otherwise. Employers seem to prefer draconian IT measures, like blocking social networks or personal email accounts, than more training.

Employees who do work offsite can be trapped by unintended problems. Have you noticed how VPN access always seems to work in the office, but never works once you leave? I can remember emailing documents to myself more than a few times to get around using systems that almost never worked well, and when I got back to the office, IT never seemed to have a solution, so I created my own. Luckily the information I worked with wasn’t confidential, but I know people who did the same things with much more sensitive data.

I’d like to assume this Congressional staff member knew what could happen using a peer-to-peer site for confidential information. But considering people don’t know how to create secure passwords for email and banking accounts or how to make posts on Facebook private, its totally possible they had no idea. According to the Post, House administration rules say that staff who take work home “must protect the confidentiality of sensitive information” from unauthorized disclosure.

In a culture where people are expected to work 24/7, of course people are going to log on from home. What employers need is to find ways to educate employees on how to do that safely. Today security breaches are happening everywhere, from internal lapses almost as often as from outside hacks. A statement issued by Speaker of the House Nancy Pelosi and Minority Leader John Boehner, reported that “We are working diligently to provide the highest level of data security for the House in order to ensure that the operations of House offices are secure from unauthorized access.” Let’s hope that data security includes more staff training, on the Hill and around the country.