OP, please revise your title to match the article, it is currently misinformation.
The complaint is about where the oversight comes from. This is not some random cloud server.
“S.S.A. stores all personal data in secure environments that have robust safeguards in place to protect vital information,” he said. “The data referenced in the complaint is stored in a longstanding environment used by S.S.A. and walled off from the internet. High-level career S.S.A. officials have administrative access to this system with oversight by S.S.A.’s information security team.”
Don’t you think after 5 months without oversight who exactly has access to that server that the difference between this and a random s3 bucket is nearly nil? But you are right, in the light of integrity the title should reflect the facts as they present themselves currently.
I do, yes, it’s blazingly stupid and others have been jailed for less.
But I’ve noticed a number of misleading post titles recently, like the just today there was obe about a cyclist getting hit by a car when it was actually the cyclist turning into traffic. Tragic, but the title misleads. So I’ve started pointing them out.
Maybe I just long for the days when titles aren’t rewritten to drive opinion and engagement (regardless of if I agree or disagree).
I agree that “random server” is a bad choice of words, but do want to add additional information context as the concern isn’t necessarily unwarranted. Another qoute from the article:
“I have determined the business need is higher than the security risk associated with this implementation and I accept all risks,” wrote Aram Moghaddassi, who worked at two of Mr. Musk’s companies, X and Neuralink, before becoming Social Security’s chief information officer, in a July 15 memo.
Its also sounds like they did spin up a new database with limited security/oversight to “move” faster. Why that’s worrisome is they aren’t denying there is a risk or lack of security, they are just saying it’s justified.
The SSA stores a lot of sensitive data. Normally with sensitive data you want to be very careful with who can access it and how.
What is potentially worrisome in this situation is it seems like the SSA is taking on the “move fast and break things” attitude of Silicon Valley.
More technically, most government agencies use AWS and Azure (cloud providers) to host data. So spinning up a new server isn’t inherently bad. However, creating a new server that is secure and has the correct access controls (user permissions regarding who can see/change content) can be challenging. The whistle blower believes they are not doing this right, and it sounds like the head of the SSA isn’t disagreeing, just saying he thinks the risk is worth it.
OP, please revise your title to match the article, it is currently misinformation.
The complaint is about where the oversight comes from. This is not some random cloud server.
Don’t you think after 5 months without oversight who exactly has access to that server that the difference between this and a random s3 bucket is nearly nil? But you are right, in the light of integrity the title should reflect the facts as they present themselves currently.
I do, yes, it’s blazingly stupid and others have been jailed for less.
But I’ve noticed a number of misleading post titles recently, like the just today there was obe about a cyclist getting hit by a car when it was actually the cyclist turning into traffic. Tragic, but the title misleads. So I’ve started pointing them out.
Maybe I just long for the days when titles aren’t rewritten to drive opinion and engagement (regardless of if I agree or disagree).
I agree that “random server” is a bad choice of words, but do want to add additional information context as the concern isn’t necessarily unwarranted. Another qoute from the article:
Its also sounds like they did spin up a new database with limited security/oversight to “move” faster. Why that’s worrisome is they aren’t denying there is a risk or lack of security, they are just saying it’s justified.
Could you please explain like I’m 10?
The SSA stores a lot of sensitive data. Normally with sensitive data you want to be very careful with who can access it and how.
What is potentially worrisome in this situation is it seems like the SSA is taking on the “move fast and break things” attitude of Silicon Valley.
More technically, most government agencies use AWS and Azure (cloud providers) to host data. So spinning up a new server isn’t inherently bad. However, creating a new server that is secure and has the correct access controls (user permissions regarding who can see/change content) can be challenging. The whistle blower believes they are not doing this right, and it sounds like the head of the SSA isn’t disagreeing, just saying he thinks the risk is worth it.
That makes sense, thanks for the explanation
Oh yea, agree it’s a dumb move. This should be on-prem data IMO.
BUT WONT SOMEONE THINK OF THE SENSATIONALISM?