When the Boss Is Last to Know: Chaffetz Snoops at the Secret Service

Posted: 1:06 pm EDT


The Department of Homeland Security Inspector General has completed its independent investigation into allegations that one or more Secret Service agents improperly accessed internal databases to look up the 2003 employment application of Congressman Jason Chaffetz, Chairman of the House Committee on Oversight and Government Reform. The Inspector General has confirmed that between March 24 and April 2, 2015, on approximately 60 different occasions, 45 Secret Service employees accessed Chaffetz’ sensitive personal information. The OIG concluded that only 4 of the 45 employees had an arguable legitimate need to access the information.

Here is the IG’s conclusion:

This episode reflects an obvious lack of care on the part of Secret Service personnel as to the sensitivity of the information entrusted to them. It also reflects a failure by the Secret Service management and leadership to understand the potential risk to the agency as events unfolded and react to and prevent or mitigate the damage caused by their workforce’s actions.

Screen Shot 2015-09-30

via dhs/oig

All personnel involved – the agents who inappropriately accessed the information, the mid-level supervisors who understood what was occurring, and the senior leadership of the Service – bear responsibility for what occurred. Better and more frequent training is only part of the solution. Ultimately, while the responsibility for this activity can be fairly placed on the shoulders of the agents who casually disregarded important privacy rules, the Secret Service leadership must do a better job of controlling the actions of its personnel. The Secret Service leadership must demonstrate a commitment to integrity. This includes setting an appropriate tone at the top, but more importantly requires a commitment to establishing and adhering to standards of conduct and ethical and reasonable behavior. Standards of conduct and ethics are meaningful only if they are enforced and if deviations from such standards are dealt with appropriately.

It doesn’t take a lawyer explaining the nuances of the Privacy Act to know that the conduct that occurred here – by dozens of agents in every part of the agency – was simply wrong. The agents should have known better. Those who engaged in this behavior should be made to understand how destructive and corrosive to the agency their actions were. These agents work for an agency whose motto – “worthy of trust and confidence” – is engraved in marble in the lobby of their headquarters building. Few could credibly argue that the agents involved in this episode lived up to that motto. Given the sensitivity of the information with which these agents are entrusted, particularly with regard to their protective function, this episode is deeply disturbing.

Additionally, it is especially ironic, and troubling, that the Director of the Secret Service was apparently the only one in the Secret Service who was unaware of the issue until it reached the media. At the March 24th hearing, he testified that he was “infuriated” that he was not made aware of the March 4th drinking incident. He testified that he was “working furiously to try to break down these barriers where people feel that they can’t talk up the chain.” In the days after this testimony, 18 supervisors, including his Chief of Staff and the Deputy Director, were aware of what was occurring. Yet, the Director himself did not know. When he became aware, he took swift and decisive action, but too late to prevent his agency from again being subject to justified criticism.

Read the full report here. Check out Appendix 1 for the chronological access to the Chaffetz record which includes multiple field offices, including the London office. Appendix 2 is the timeline of record access.

We can’t remember anything like this happening in the recent past.  There was the 1992 passportgate, of course, which involves a presidential candidate, but that’s not quite the same. In 2009, the DOJ said that a ninth individual pleaded guilty for illegally accessing numerous confidential passport application files, although it was for what’s considered “idle curiosity.”

Whether the intent of the Chaffetz record breach was to embarrass a sitting congressman or curiosity (not everyone who looked at the files leak it to the media), the files are protected by the Privacy Act of 1974, and access by employees is strictly limited to official government duties. Only 4 of the 45 employees who did access the Chaffetz records had a legitimate reason to access the protected information. If the DOJ pursued 9 State Department employees for peeking at the passport records of politicians and celebrities, we can’t imagine that it could simply look away in this case. Particularly in this case.  Winter is definitely coming to the Secret Service.



The State Dept’s 360 Degree Feedback as Placement Tool, and Probably, a Lawsuit Waiting to Happen

Posted: 2:05 am EDT

We have originally written about the 360 degree feedback in 2008 as it started gaining popularity within the State Department. (see Sexing up the 360-Degree Feedback, Revisited). We thought then, and we still think now, that using the 360° feedback for evaluative purposes, (instead of using it primarily for development), especially when a candidate’s next job is on the line can easily transform this useful learning tool into an inflated, useless material with real consequences for operational effectiveness. We understand from comments received this past July, that this is being used as a developmental tool by Consular Affairs and the Leadership and Management School at FSI (see a couple of feedback), but those are, in all likelihood, the two exceptions. The 360 degree feedback is primarily used as an assignments or placement tool.

In 2013, the Marine Corps Times reported that the Pentagon was expanding its use of “360-degree” reviews for senior officers, but legal concerns may limit their inclusion in any formal promotion or command screening process:

Even if there is interest among the brass to formalize the process, there may be big legal hurdles to expanding the 360-review process beyond a strictly confidential tool for self-awareness.

Officers have valid concerns about anonymous and unverified criticisms seeping into the official process for doling out promotions, command assignments or seats at prestigious schools.

If officers feel their career was damaged by a harsh 360-degree review, they might insist on knowing precisely who lodged the criticisms in order to rebut them. And if the confidentiality is questioned, then the whole endeavor ceases to have much value.
From a legal standpoint, that officer might have a right to file a Freedom of Information Act request to find out who submitted that confidential review.

“The more that’s at stake … the more difficult it will be to maintain the anonymity,” the senior official said. “And, of course, if you don’t maintain the confidentiality, then you have a very different product,” because peers and subordinates will be far less likely to offer candid criticism.

In April 2015, an official Pentagon study concludes that the “360-degree reviews” probably should not be used as a part of the formal military evaluation and promotion process. Below via the Military Times:

[T]he new report cites a long list of legal, cultural and practical concerns that would prevent this type of review’s widespread use in determining who gets selected for promotions, command assignments or slots at prestigious schools.

In 2013, Congress ordered the Defense Department to do a thorough assessment of whether and how 360-degree reviews should be used in the military personnel system.

Rand researchers concluded that the tools should be limited to personnel development programs, which means some troops are subject to 360-degree reviews but the results are provided only to the individual for his or her own benefit, and are not included in any official personnel file.

In the September issue of the Foreign Service Journal, consular-coned officer, William Bent, currently serving at the US Embassy in Barbados pens a Speaking Out piece on the need for the State Department to reevaluate its use of the 360-degree reviews.

Mr. Bent spells out the following concerns as the 360 feedback continue to be used as a placement tool by “assignment decision-makers”:

♨︎ || The reviews are seldom transparent. In current practice, the assessed employee usually has no idea what feedback the deciding official has received, and an employee receiving any negative feedback is rarely, if ever, contacted to discuss the issues raised. This creates the potential for unsubstantiated criticism that can unfairly undermine an employee’s chance for advancement. One does not have to assume deliberate career sabotage here: as a manager, one sometimes has to make unpopular decisions that years later still rankle former subordinates who, because of inexperience, may not have had the full picture.

The Bureau of Consular Affair’s recent development of the Consular Bidder Assessment Tool addresses the issue of transparency by allowing the assessed employee to see the anonymous feedback statements. But the employee is denied the opportunity for a timely discussion of the results (bidders are instructed not to attempt to discuss results until after bidding season is over). This is a surprising approach from the bureau that brought us the innovative CLI.

The DCM/principal officer 360-degree reviews are neither transparent, nor do they provide any opportunity for assessed employees to obtain feedback.

♨︎ || The reviews have little value because the assessed employee chooses the assessor. On the whole, most peers and subordinates resist being frank and candid in their reviews. Having the assessed employee pick his or her own assessors emphasizes this tendency, skewing the results.

It also replicates the EER problem: when everyone walks on water, the decision-makers try to read between the lines, looking for any chinks in an individual’s armor. Paradoxically, this feeds into the concerns discussed above, since any negative review raises bells and whistles and is given extra weight.

♨︎ || Use of 360-degree reviews for purposes other than development remains controversial among human resource experts. Using them to determine assignments is akin to using them as performance appraisals, which some human resource experts see as detrimental to an organization because of its negative effect on personal growth. When the results are not shared in a transparent way, trust is undermined.
♨︎ || The State Department’s use of 360s in determining assignments was not adequately studied prior to implementation. This practice appears to have been implemented on an ad hoc basis several years ago, with a few bureaus using email as a platform to receive input. The use of 360s has now proliferated, with all bureaus involved in the assignment process utilizing them to make decisions.

Yet there seems to have been no prior centralized review of the ramifications of broad use of the tool on the Foreign Service workforce. The use of SharePoint and other technologies to gather the results also raises confidentiality questions (some 360s have been posted—I assume accidentally—on the State Department’s intranet site).

♨︎ || Some recipients of the results may lack the training and expertise to interpret them effectively. There is a reason there are books and articles written by human resource academics and specialists on how to effectively implement and utilize the 360-degree review process. Has the State Department trained officials using the results in human resource management or the 360-degree review process? Do these officials have goals beyond filling the position in question (e.g., the further career development of an employee)?

Moreover, what role has the Bureau of Human Resources—the one bureau theoretically best placed to manage this process—played in implementing the 360 review requirements? Are career development officers discussing the results of 360s with clients to improve the employee’s chances of strengthening skills?

♨︎ || The annual deluge of 360s creates significant time and resource issues. Let’s face it, the 360 process has become a major time suck for everyone involved, with email inboxes inundated each summer with requests for 360-degree reviews. Although we all have a responsibility to assist our colleagues and the organization as a whole by diligently filling out the reviews, the sheer volume of requests can be overwhelming. This could result in less comprehensive responses that don’t give a full portrait of the assessed employee.

Mr. Bent provides four recommendations including, the immediate suspension of “the use of 360s in the Foreign Service assignment process pending the completion of a study, conducted by an outside consultant, on the effectiveness of their use.”

If the Pentagon’s decision not to jump into the 360 degree bandwagon is not enough to give the State Department pause in its use of the 360 as part of the employes’ assignment process, then perhaps what should give them pause is the potential for privacy and FOIA litigation.  360 results posted online, hello?

We’ve located the Pentagon 360 study conducted by the Rand Corporation. In one part, it quotes a participant of its study saying, “Conventional wisdom in regards to 360-degree assessments from experts and researchers is that the most effective use of 360 assessments is to enhance professional, individual development. Once you change the purpose or intent of a 360 from development to evaluation, you affect the willingness of raters to provide candid or unfettered feedback.” That’s probably the most apt comment when it comes to the 360 degree feedback.

Read Rand’s 360-Degree Assessments: Are They the Right Tool for the U.S. Military? (pdf).



Related posts:

1) More Systems Compromised in #OPMHack, 2) A Love Letter to Hackers, and 3) What’s a Credit Freeze?

Posted: 3:29 am  EDT


On June 4, OPM released a statement on “a cybersecurity incident” that potentially affected personnel data of current and former federal employees, including personally identifiable information (PII) (see OPM Hack Compromises Federal Employee Records, Not Just PII But Security Clearance Info).  The initial estimate was that the OPM hack affected potentially 4 million employees. On June 12, fedscoop reported that the American Federation of Government Employees (AFGE) believed that the breach may have compromised personal data of as high as 14 million employees.

We understand that the State Department issued a notice to employees concerning the OPM breach on June 4. A second notice dated June 12 (am told this was actually a June 11 notice) was shared with BuzzFeed (see below). Several unnamed State Department employees were quoted in that BuzzFeed article, a tell-tale sign of growing frustration that we can also see from our inbox.






Excerpt from email sent by Under Secretary of Management Pat Kennedy on June 12 (via BuzzFeed)

This is an update to my previous e-mail of June 4th [repeated at the very end of this message.]

As was communicated last week, the U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have exposed the Personally Identifiable Information (PII) of some current and former Federal employees. This email provides additional information regarding next steps for those affected State Department employees. But, every employee should read this email.

In the coming weeks, OPM will be sending notifications to individuals whose PII was potentially compromised in this incident. The email will come from [DELETED] and it will contain information regarding credit monitoring and identity theft protection services being provided to those Federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service.

As a note of caution, confirm that the email you receive is, in fact, the official notification. It’s possible that malicious groups may leverage this event to launch phishing attacks. To protect yourself, we encourage you to check the following:

1. Make sure the sender email address is [DELETED]

2. The email is sent exclusively to your work email address. No other individuals should be in the To, CC, or BCC fields.

3. The email subject should be exactly [DELETED]

4. Do not click on the included link. Instead, record the provided PIN code, open a web browser then manually type the URL {DELETED]. You can then use the provided instructions to enroll [DELETED].

5. The email should not contain any attachments. If it does, do not open them.

6. The email should not contain any requests for additional personal information.

7. The official email should look like the sample screenshot below.

Additional information has also been made available beginning on June 8, 2015 on the company’s website [DELETED].

Regardless of whether or not you receive this notification, employees should take extra care to ensure that they are following recommended cyber and personal security procedures. If you suspect that you have received a phishing attack, contact your agency’s security office.

In general, government employees are often frequent targets of “phishing” attacks, which are surreptitious approaches to stealing your identity, accessing official computer systems, running up bills in your name, or even committing crimes using your identity. Phishing schemes use e-mail or websites to trick you into disclosing personal and sensitive information.

Oh, man.

Hopefully no one will copy this “recipe” to send folks a fake notification to enroll somewhere else.

On May 28, just days before the OPM breach was reported, OPM issued a solicitation for OPM Privacy Act Incident Services. The services required include 1) notification services, 2) credit report access services, 3) credit monitoring services, 4) identity theft insurance and recovery services, and 5) project management services. According to the solicitation, these services will be offered, at the discretion of the Government, to individuals who may be at risk due to compromised Personally Identifiable Information (PII).  The $20,760,741.63 contract for Call 1 was awarded to Winvale Group, LLC on June 2 but was published on fedbiz on June 5, the day after the breach was reported. Call 1 contract includes services to no more than 4 million units/employees.

Note that the State Department notice dated June 12 says that “email should not contain any attachments (#5). The OPM Services awarded on June 2 includes the following: Contractor email Notification: The Contractor will prepare and send email notifications to affected individuals using read receipts. Emails (or attachments) will appear on Government letterhead, will contain Government-approved language, and will contain the signature of the Government official(s). Emails may contain one or more attachments. Email notification proof(s) will be provided to the Government for approval not later than 48 hours after award of a Call against the BPA. The Government will approve the email notification within 24 hours to enable the Contractor to begin preparation for distribution. The Contractor will require, receipt, track, and manage read receipts for email notifications.

Get that?

Now this. Somebody from State sent us a love letter for the hackers:

Dear Hackers: While you’re in there, please get my travel voucher for $291.46 approved, permanently cripple Carlson Wagonlit so we can stop wasting money on a useless product, and figure out how many special political hires there really are roaming our halls.  Oh and please don’t use my SF-86 info against my parents, it isn’t their fault I was an idiot and gave the government every last bit of info on my entire life.  I’m sure there’s more but it’s the weekend, let’s chat Monday. #LetsActLikeNothingHappened #SeriouslyThoughWTF .

And because the initial report is often understated per abrakadabra playbook hoping the bad news will go away, we’re now hearing this:

Oops, wait, what’s this?

Well, here is part of that email sent from “M” on  June 15, 5:35 pm ET:

“OPM has recently discovered that additional systems were compromised. These systems include those that contain info related to background investigations of current, former, and prospective Federal government employees, as well as other individuals from whom a Federal background investigation was conducted. This separate incident…was discovered as a result of OPM’s aggressive efforts to update its cybersecurity posture… OPM will notify those individuals whose info may have been compromised as soon as practical. You will be updated when we have more info on how and when these notifications will occur.”

So that original OPM estimate of 4 million affected employees is now OBE. That original $20 million contract will potentially go up.

Brian Krebs‘ piece on credit monitoring, the default response these days when a breach happens is worth a read. Basically, he’s saying that credit monitoring services aren’t really built to prevent ID theft (read Are Credit Monitoring Services Worth It?).

What can you do besides the suggestions provided by the State Department and OPM? Brian Krebs suggests a “credit freeze” or a “security freeze” not discussed or offered by OPM. Check out the very informative Q&A here.


We  know what else is on our to-do list today.


Former Secretary Clinton talks about her state.gov private emails

Posted: 01:11 am  EDT


Excerpt from the transcript of Hillary Clinton’s remarks on the email controversy swirling about via Time’s @ZekeJMiller:

There are four things I want the public to know.

First, when I got to work as secretary of state, I opted for convenience to use my personal email account, which was allowed by the State Department, because I thought it would be easier to carry just one device for my work and for my personal emails instead of two.

Looking back, it would’ve been better if I’d simply used a second email account and carried a second phone, but at the time, this didn’t seem like an issue.

Second, the vast majority of my work emails went to government employees at their government addresses, which meant they were captured and preserved immediately on the system at the State Department.

Third, after I left office, the State Department asked former secretaries of state for our assistance in providing copies of work- related emails from our personal accounts. I responded right away and provided all my emails that could possibly be work-related, which totalled roughly 55,000 printed pages, even though I knew that the State Department already had the vast majority of them. We went through a thorough process to identify all of my work- related emails and deliver them to the State Department. At the end, I chose not to keep my private personal emails — emails about planning Chelsea’s wedding or my mother’s funeral arrangements, condolence notes to friends as well as yoga routines, family vacations, the other things you typically find in inboxes.

No one wants their personal emails made public, and I think most people understand that and respect that privacy.

Fourth, I took the unprecedented step of asking that the State Department make all my work-related emails public for everyone to see.

I am very proud of the work that I and my colleagues and our public servants at the department did during my four years as secretary of state, and I look forward to people being able to see that for themselves.

Again, looking back, it would’ve been better for me to use two separate phones and two email accounts. I thought using one device would be simpler, and obviously, it hasn’t worked out that way.


The Clinton folks have also released a Q&A on her email use:




So if we tell over 70,000 employees that they should secure their email accounts and “avoid conducting official Department business from your personal email accounts,” then we go off and use our own private non-government email, what leadership message are we sending out to the troops?  Follow what I say not what I do?


The secretary of state is the highest classifying authority at the State Department. Since she did not have a state.gov account, does this mean, she never sent/receive any classified material via email in the entirety of her tenure at the State Department? If so, was there a specific person who routinely checked classified email and cable traffic intended for the secretary of state?


The podium heads insist that there is no restriction in use of private emails. Never mind that this is exclusive use of private emails. If a junior diplomat or IT specialist sets-up his/her own email server to conduct government business at the home backyard shed in Northern Virginia, do you think Diplomatic Security would not be after him or her? Would he/she even gets tenured by the Tenuring Board despite systems management practices contrary to published guidelines?  If the answer is “yes,” we’d really like to know how this works. For ordinary people.

And then there’s this — if there were a hundred people at State that the then secretary of state regularly sent emails to, was there not a single one who said, “wait a minute’ this might not be such a great idea?


Bottomline despite this brouhaha? Her personal email server will remain private. She has full control over what the public get to see. End of story. Or maybe not.


Oops, what’s this? Oh, dear.



State Dept refused to name its SGEs because of reasons #1, #2, #3, #4 and … oh right, the Privacy Act of 1974

— Domani Spero

Last week, ProPublica posted this: Who Are State Dept’s 100 “Special Government Employees”? It Won’t Say.  We blogged about it here: Who Are State Dept’s 100 “Special Government Employees”? Dunno But Is Non-Disclosure For Public Good? Today, the Project On Government Oversight (POGO) has more on the subject. And after months of giving one reason or another to the reporters pursuing this case, the State Department is down to its Captain America shield  — the Privacy Act of 1974.

Below excerpted from POGO: State Dept. Won’t Name Advisers Already in Government’s Public Database:

They’ve all been selected to advise the State Department on foreign policy issues. Their names are listed on the State Department’s website.

So why won’t the Department disclose that these individuals are special government employees (SGEs)?

For four months, State has refused to name its SGEs, ProPublica reported last week, leaving the public to guess which outside experts are advising the Department on matters that affect the public’s interest.

Yet, the Project On Government Oversight was able to find more than 100 of the advisers identified as SGEs in an online government database. In other words, some of the information that State has been refusing to provide is hiding in plain sight.
State has refused to identify any of its special employees, even though most agencies contacted by ProPublica were easily able to provide a list of their SGEs.

First, a State spokeswoman told ProPublica her agency “does not disclose employee information of this nature.”

When ProPublica filed a request seeking the list of names under the Freedom of Information Act (FOIA), it was told the agency doesn’t keep such a list, and State’s FOIA office refused to track down the information because it would require “extensive research.”

In September, ProPublica told State it planned to report that the Department was refusing to provide a list of names. In response, State said the FOIA request “was being reopened” and that the records would be provided “in a few weeks,” according to ProPublica.

“The State Department has since pushed back the delivery date three times and still hasn’t provided any list,” ProPublica reported last week. “It has been four months since we filed the original request.”

On Friday, a State official told The Washington Post that the Department is “diligently working to resolve” the FOIA request. The official cited concerns about “maintaining employee protections of privacy.”

State’s posture over the past several months is at odds with POGO’s finding: why can’t the Department give the press the same information it already supplied to a public database?

“Disclosure of certain employee information is subject to the Privacy Act of 1974,” Alec Gerlach, a State spokesperson, told POGO. “That some information may already be publicly available does not absolve the Department of Privacy Act requirements. Whether someone is an SGE is Privacy Act-protected information that we would not release except through the FOIA process.”

However, one of the authors of ProPublica’s story questioned why State hasn’t turned over the requested records. “I think anytime a government agency won’t reveal information, it raises questions about why they aren’t,” Liz Day, ProPublica’s Director of Research, told POGO.

Holy mother of god of distraught spoxes!  Okay, please, try not to laugh. It is disturbing to watch this type of contortion, and it seems to be coming regularly these days from Foggy Bottom.

Seriously.  If this is about the Privacy Act of 1974, why wasn’t ProPublica told of this restriction four months ago? And does that mean that all other agencies who released their SGE names were in violation of the Privacy Act of 1974?

Also, State/OIG was told that “The number of special government employee filers was given as 100.”  A State Department spokeswoman told ProPublica that there are “about 100” such employees.  But what do you know?  The Project On Government Oversight was able to find more than 100 of the advisers (excel download file) identified as SGEs in an online government database. Are there more? How many more?

The list does not include the more famous SGEs of the State Department previously identified in news report.

New message from Mission Command:  “Good morning, Mr. Hunt (or whoever is available). Your mission, should you choose to accept it, involves the retrieval of very Special Government Employee (SGE) names. There are more than a hundred names but no one knows how many more.  They are padlocked in the Privacy Act of 1974 vault, guarded by a monstrous fire-breathing creature from Asia Minor. PA1974 vault location is currently in Foggy Bottom.  As always, should you or any member of your team be caught or killed, everybody with a badge will disavow all knowledge of your actions. This message will self-destruct in five seconds.  If not, well, find a match and burn.”

* * *





Take Time Today to Tell Your Senators to #StopCISPA

Via the Electronic Frontier Foundation.  Click on the image below to use EFF’s automated system to email your senators.  Sunlight Foundation shows that backers of the Cyber Intelligence Sharing and Protection Act had $605 million in lobbying expenditures from 2011 through the third quarter of last year compared to $4.3 million spent by opponents of the bill. Lopsided resources in action.

Screen Shot 2013-04-21

EFF: U.S. House of Representatives Shamefully Passes CISPA; Internet Freedom Advocates Prepare for a Battle in the Senate

ACLU:  CISPA Explainer #1: What Information Can Be Shared?

ACLU: CISPA Explainer #2: With Whom Can Information Be Shared?

ACLU:  CISPA Explainer #3: What Can Be Done With Information After It Is Shared?

The Security Skeptic:  What you (still) need to know about CISPA

— DS






US Embassies Cyprus & Greece: Federal Benefits Recipients at Risk of Identity Theft

You’ve heard about the financial crisis roiling the tiny Mediterranean island of Cyprus.  The €10 billion bailout announced recently is not going to be the end of it.  According to The Telegraph, Cyprus central bank official Yiangos Dimitriou has confirmed that the cashing of cheques will be banned as part of the introduction of capital controls. Dimitriou also announced that bank withdrawals will be limited to €300 a day.  Reuters reported that people leaving Cyprus may take only €1,000 with them. Apparently, there are also notices at the airport warning travelers of the new restrictions and that officers had orders to confiscate cash above the €1,000 euro limit.

Given that the 2010 OIG report of US Embassy Nicosia made no mention of American Citizen Services, we presume that there are not too many American residents in the island.  American retirees have flocked to Greece and their number in Cyprus is significantly lower than the UK pensioners, of which there are reportedly about 18,000 in the island. We understand that the Athens consular district is home to approximately 110,000 American citizens and there is a federal benefits attaché at the US Embassy in Greece who reports to the consul general.

Still, there potentially are enough Americans residing and banking in Cyprus which prompted the Federal Benefits Unit at the US Embassy in Athens to released the following statement:

We have arranged the following contingencies for customers who receive their federal benefits through Cyprus banks. Under any of these options, direct deposit changes usually occur 2 months after the month we receive the request, so do not close your old account until you receive the first payment in your new account.

Send an email to FBU.Athens@ssa.gov to change how you receive direct deposits.

Use a Subject Line in this format: SUBJECT: CYPRUS

– Your name and last 4 digits of your social security number

In the message, provide the following:

1. Last name and first name

2. Street Address

3. Phone Number

4. Social Security Number (9 Digits), and

5.  Direct deposit information, depending the option you request.

Options include designating a bank in the United States to receive direct deposits, designating a bank in the Greece to receive direct deposits (though the account must be in euros), and requesting a Chase Direct Benefit Card from JP Morgan Chase Bank

Read in full here.

Similarly, the contact info for the Federal Benefits Unit in Nicosia requires beneficiaries to provide their SSN via email to consularnicosia@state.gov .

Screen Shot 2013-03-24

The intentions to help as expeditiously as possible is commendable but did anyone stop and pause how this might put retirees and recipients at risk of identify thief?

Did anyone stop and think how Social Security information is an identity thief’s dream?

With your Social Security number in hand, an opportunistic hacker or other online criminal can do just about anything — create phony bank accounts using your name; charge unlimited amounts of goods and services to credit accounts you never meant to open; steal your identity and recreate it multiple times and in multiple locations.

What security provisions are there to minimized potential misused of SSN transmitted via unencrypted email?

Where is the disclosure statement required under the Privacy Act?

The Privacy Act states that you cannot be denied a government benefit or service if you refuse to disclose your SSN unless the disclosure is required by federal law, or the disclosure is to an agency that has been using SSNs before January 1975, when the Privacy Act went into effect. There are other exceptions as well. Read the Code of Federal Regulations section here: http://edocket.access.gpo.gov/cfr_2008/julqtr/28cfr16.53.htm.

If you are asked to give your SSN to a government agency and no disclosure statement is included on the form, you should complain to the agency and cite the Privacy Act of 1974. You can also contact your Congressional representative and U.S. Senators with your complaint. Unfortunately, there appear to be no penalties when a government agency fails to provide a disclosure statement.

Asking the federal benefits beneficiaries to send their social security numbers via email is like asking them to write it on a postcard.  C’mon folks,  would you write and mail yours on a postcard? No? Well then ….




US Embassy Manila: George Anikow, Diplomatic Spouse Killed in Early Morning Altercation

Citing the Information Officer of the US Embassy in Manila Tina Malone, Rappler.com reported that the husband of an American Embassy employee was killed in Makati City, in the Philippines on Saturday, November 24.  Ms. Malone declined to disclose more details about the incident but did say that the Philippine National Police (PNP) have suspects in custody and that “The US Embassy appreciates the cooperation of the Philippine authorities, and will work closely with the PNP in their investigation.”

An ABS-CBN report identified the victim as George Anikow, who was allegedly killed by 4 suspects at around 4 am, Saturday, in front of the gate of Bel-Air Subdivision.  Elsewhere local reports also indicate that US embassy press attache Tina Malone confirmed the incident but refused to give out the name of the victim for “privacy reasons.” Various news reports spelled the victim’s name as Anico.

The alleged attackers, young men who reportedly come from well-off Filipino families, ranged in age from 22 to 28 and are publicly named by the news report here.

The Philippine Daily Inquirer also reported this incident:

George Anikow, 41, an inactive US marine officer, died on Saturday morning after he was mauled and fatally stabbed at the back and left shoulder in an event so random he and the other men hardly knew each other, Senior Supt. Manuel Lukban, Makati police chief, said in an interview.
The victim, a dependent of one of the officers of the US Embassy, was awaiting order from the US Marine to be called to duty, the police said.

Lukban said the Makati police opted to file murder, a non-bailable offense, instead of homicide since the attackers chased the victim “with the intent to kill.”

We emailed the US Embassy Manila last night but have yet to receive a response (which may or may not come).  We’ve also seen the public affairs arms of embassies do this often enough citing “privacy reasons” for the deceased in refusing to release or confirm the identity of victims.  They ought to know better than that since the privacy rules no longer cover the dead. Would be a lot more understandable if they decline to provide details due to sensitivity to the next of kin rather than privacy rules.

While we have been unable to confirm this, it looks like the FSO in this case is a first tour officer on a consular assignment to the US Embassy in Manila.  Public records also indicate that the US Embassy in Manila back in August solicited a quotation for a service apartment for this FSO and her family (spouse,  three children 12, 10 and 6 and a 50 lb Labrador) for 40 nights ending on September 24, 2012. Which seems to indicate they were in temporary housing until late September.  And if that’s the case, then they have just moved in to Bel-Air within the last two months, a private subdivision and gated community in Makati where the victim was reportedly a resident.

The latest Crime and Security Report issued by the Regional Security Office of the US Embassy says that crime is a significant concern in urban areas of the Philippines. Typical criminal acts include pick pocketing, confidence schemes, acquaintance scams, and, in some cases, credit card fraud. It also says that carjacking, kidnappings, robberies, and violent assaults sporadically occur throughout metro Manila and elsewhere in the Philippines.





In which politicians lament over our dead diplomats — also fund-raises over them before they are even buried

Perhaps Mitt really is a nice, rich guy who shops at Costco. That does not offend me; but this one does.  There are way too many “wonderfuls” here to make it sound authentic.  I do not/not like it.  He sounds as if he did not think through what he was going to say besides calling them, wonderful, that is.  It sounds to me as if our diplomats killed in Benghazi have become convenient props for the political campaign. Brrr…. that is cold, man.

Here is a coverage of that Virginia speech:

“I know that we’ve had heavy hearts across America today, and I want you to know things are going to get a lot better. But I also recognize that right now we’re in mourning. We’ve lost four of our diplomats across the world. We’re thinking about their families and those that they’ve left behind,” Romney said, at the beginning of a rally with roughly 2,700 supporters here in Northern Virginia.

Then, as Romney continued to lament the loss of U.S. Ambassador J. Christopher Stevens, and the three others killed in Benghazi, a heckler distracted him.

“What a tragedy, to lose such a wonderful, wonderful, uh,” Romney said, as the heckler began to yell, “Why are you politicizing Libya?”

Romney continued, “wonderful people that have been so wonderful and appreciate their service to the country.”

They are …”wonderful, wonderful, uh (heckler interuptus) wonderful people that have been so wonderful …”

That’s the best he can do?

You can hear the crowd chant the heckler down with USA! USA! USA!  Then Mr. Romney said, “And so I would, I would offer a moment of silence but one gentleman doesn’t want to be silent so we’re going to keep on going,” Romney said.

If he wins in November, he would need a good thesaurus.

So then here comes a top contender for the Crassest Award of the Year.

Former senator and former GOP presidentiable Rick Santorum apparently is using the rising violence in the Middle East (and his expression of condolences on the deaths of our diplomats) as the basis for a fundraising e-mail sent out by his political advocacy organization according to The Cable:

“The news coming out of the Middle East is deeply saddening and concerning. Karen and I first want to express our condolences to the families of Ambassador Stevens and the three other American officials who were killed in the recent terrorist attacks. Their service to our country was heroic and this senseless act of violence is horrifying,” begins the e-mail signed by Santorum and sent out by Patriot Voices, the nonprofit 501(c)4 advocacy group he co-founded after he lost his primary bid.
The organization has two missions: to help Mitt Romney defeat Barack Obama and to promote conservative policies and values, according to Santorum’s statements in June when it launched.

“Please continue to stand with me as we advocate for policies that properly defend Americans and their principles abroad. President Obama’s approach of apologizing to our enemies, turning our backs on our allies, and leading from behind weakens America and empowers our enemies. If American ideals are to remain prosperous here and abroad, the appeasement policies of this president must stop,” Santorum wrote.

The Cable reports that the end of the e-mail contains the pitch with a link to the Patriot Voices donation page.

Wow, what a crass act. Announcing an expression of condolence to the dead diplomats’ families via a fund-raising email with a pitch for donation before our diplomats are even back in U.S. soil. Before we can properly bury them or mourn their passing.  What?  They couldn’t wait even until after the return of remains today?

Holy mother of goat and her crazy nephews! How shockingly opportunistic!

Meanwhile in related news, in yesterday’s Politico op-ed, Newt Gingrich, former Speaker and another former GOP presidentiable took issue with the Obama administration calling this a “senseless act of violence” (he probably did not get Rick’s email) and writes:

This concept of “senseless violence” is at the heart of the left’s refusal to confront the reality of radical Islamists.

These are not acts of senseless violence.

These are acts of war.

Our ambassador to Libya and three other Americans were not killed by a senseless mob. They were killed by a purposeful group of men armed with sophisticated weapons.

I recall, of course, Newt Gingrich telling CBS News in 2011, “The correct thing in an act of war is to kill people who are trying to kill you.” He was talking about Al-Awlaki, a U.S.-born cleric linked to al Qaeda, who was killed by a CIA drone.

Haven’t we seen this movie with war drums before, after 9/11? It started slow, then swooshed ever and we ended up in Iraq and got stuck there for years and years.

How many dots would it take before the warmongers can connect “this purposeful group of men” to say …. Iran and the bomb, bomb, bomb Iran chorus?  The pencils are out and the dots are out there …

I think we must be vigilant and not get swooshed over a second time around even when our hearts are broken.

Google Buzz: Think Before You Click

A lot of virtual ink has been spilled on Google Buzz since its rollout last week especially relating to privacy issues. Here is the Google team’s recent take:  Millions of Buzz users, and improvements based on your feedback and A new Buzz start-up experience based on your feedback:  On Saturday, Google announced some forthcoming changes via its Gmail blog:

For the tens of millions of you who have already started using Buzz, over the next couple weeks we’ll be showing you a similar version of this new start-up experience to give you a second chance to review and confirm the people you’re following.
Second, Buzz will no longer connect your public Picasa Web Albums and Google Reader shared items automatically. Just to be clear: Buzz only automatically connected content that was already public, so if you had previously shared photos in an “Unlisted” album or set your Google Reader shared items as “Protected,” no one except the people you’d explicitly allowed to see your stuff has been able to see it. But due to your feedback Buzz will no longer connect these sites automatically.

Third, we’re adding a Buzz tab to Gmail Settings. From there, you’ll be able to hide Buzz from Gmail or disable it completely. In addition, there will be a link to these settings from the initial start-up page so you can easily decide from the get go that you don’t want to use Buzz at all.

This may be a great idea for some, but it’s not for me.  If you want to skip this hassle after the Buzz splash screen (the one that says Check out Buzz and Nah, go directly to Gmail), select Nah … and go to your Gmail account.  Scroll down to the bottom of your Gmail page and click on “turn off Buzz.” Buzz should disappear from the left-hand side bar of your Gmail. For good measure, check that your Google profile is also configured to your desired privacy setting.    

Related Items: