Cybersecurity

The Massive SolarWinds Hack Won't Stop the Feds from Wanting All Your Data

Government surveillance doesn't just violate privacy rights; it’s a major security risk.

|

Governments often tell their subjects that they must submit to surveillance programs to stay safe. Whether the boogeyman is terrorism, hate, or even health, government snooping on private data often violates our rights to privacy.

But surveillance programs are unsafe on their own. Securing major sets of sensitive personal data is a tall order that few can fulfill. What do you know: Government agencies that want more access to your data all too often get hacked and risk exposing your private information to the world.

A case in point: on the same week that we learned the Treasury Department succumbed to a huge hack, it proposed a major expansion of their quiet yet pervasive financial surveillance programs to so-called "self-hosted wallet" (AKA privately controlled) cryptocurrency transactions.

Last week, it was revealed that agencies such as the U.S. Departments of Commerce, Treasury, Energy and National Nuclear Security Administration (!), and Homeland Security had succumbed to a sophisticated cyber-attack where a likely nation-backed actor had infiltrated government systems. This hack was just one part of a larger offensive against the major IT infrastructure company SolarWinds, who counted some of the largest players in commerce, media, government, and academia among its clients. Specifically, hackers compromised an old version of SolarWinds' Orion software that was used by some 18,000 customers.

Security analysts are still probing the extent of the hack and likely fallout. It appears that systems had been infiltrated for months since around March; perhaps attackers still have access to certain networks. And this particular operation might not have been limited to just the SolarWinds Orion product. We might not know the full contours of this problem for quite some time.

Government leaders are already beating the drums of cyberwar. They can't help themselves, but it's certainly too early for such threat escalation. But it's always worth thinking through government surveillance practices that put our data at risk of such inevitable offenses. Creating massive government databases of personal information creates an unavoidable breach liability.

When it comes to the Treasury Department, the hacking risk is especially acute. Few people know that Treasury has operated a massive financial surveillance program made possible through the Bank Secrecy Act, which is kind of like the "PATRIOT Act for money," for decades. Under the guise of fighting money-laundering and crime, the Treasury Department forces financial institutions to collect and share personal information on innocent people every day. Unsurprisingly, Treasury would like to expand these programs to ensnare more cryptocurrency transactions in its dragnet.

The proposed "self-hosted wallet" rules would make it much harder for privacy-minded individuals who run manage their own private keys for cryptocurrency to make transactions with people who outsource key management to third parties.

Right now, customers of third party-managed wallets and exchanges must submit to certain "anti-money laundering/know your customer" (AML/KYC) government data reporting rules when making transactions greater than $10,000 dollars. The proposed change would require that the recipients of such transactions also submit to personal data collection even when they manage their own keys before the regulated company may send the funds. Furthermore, the limit for such "self-hosted wallet" recipients would be lowered to $3,000 for certain data recording requirements—a new and unjustifiable roadblock for privately managed wallets to engage with the rest of the crypto economy.

There are a lot of problems with this rule. It would make it harder for privacy- and security-minded individuals who manage their own keys to interact with other users. It would create a huge hacking risk for those who decide to submit to the new AML/KYC rules.

And it would seem to make a whole category of cryptocurrency transactions legally unworkable. For example, with a multisignature transaction or smart contract where no one party controls a transaction, there is not a straightforward way to collect AML/KYC data—in the case of a smart contract, there might not be a "person" involved at all. Would these transactions simply be illegal?

Frustratingly, the proposal doesn't give the public a lot of time to respond—as a "midnight regulation," it affords a measly 15 days over the holidays to suggest improvements in comparison to the typical one to three months.

Unfortunately, this program would be only one of the many problematic data extraction schemes the Treasury Department has cooked up over the years.

For example, the Financial Crime Enforcement Network (FinCEN) has partnered up with the Federal Reserve to force banks to keep dossiers on anyone who wants to send an international transfer of at least $250 (called the "travel rule").

Fancy cyberattacks are far from the only risk. FinCEN suffered another recent breach where thousands of so-called "Suspicious Activity Reports" (SARs) that banks are required to file with the government on transactions that the government wishes to flag were leaked to journalists. The media covered the leaks mostly to criticize banks for allowing these government flagged transactions to go through. Yet the bigger story about why the government collects this data and how insecure those reports apparently are went basically unmentioned.

By forcing major platforms to collect and share personal data on self-hosted wallets before allowing transactions to go through, the government would not only access (and probably expose) private data, it would majorly cut down on self-hosted wallet activities by making it that much harder for privacy-minded users. Now that we see the Treasury Department is apparently riddled with cybersecurity holes, we have even greater reason to resist the expansion of its financial surveillance programs.

Mandating that companies keep sensitive data on innocent transactors so that governments can review them "when needed" inevitably creates a security risk. Now banks and agencies must not only collect or review the data, they must make sure that it doesn't get exposed to the wrong parties. We shouldn't be surprised when they fail. Instead, we should not give these groups more access to personal data and wind down the data collections programs that do exist.

The Treasury Department routinely does not even consider privacy costs when weighing the costs and benefits of a new proposed rule. They really should go farther: government agencies that propose collecting more private data should be required to consider the security and hacking liabilities of collecting and storing this data. My guess is that a lot of these programs would suddenly appear too costly to justify. We need to weigh these very real security risks along with the threats to our abstract rights to privacy.

It's a bit mind-blowing that a hacked government agency would propose such sweeping expansions to financial surveillance on the same week that we learned their systems suffered a major intrusion. It's yet another data point on the extreme security risks of such collection in the first place.

NEXT: Humanity and Wild Nature Will Likely Both Be Flourishing in 2100

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. So;
    no cell phones
    no ‘social’ media
    no credit or debit cards
    no internet use
    only work under the table for cash.

    What could go wrong?

    1. “no cell phones
      no ‘social’ media
      no credit or debit cards
      no internet use”

      “It’s Life, Jim. But not Life as we know it.”

      1. “It’s dead Jim, dead Jim, dead.”

        1. Sᴛᴀʀᴛ ᴡᴏʀᴋɪɴɢ ғʀᴏᴍ ʜᴏᴍᴇ! Gʀᴇᴀᴛ ᴊᴏʙ ғᴏʀ sᴛᴜᴅᴇɴᴛs, sᴛᴀʏ-ᴀᴛ-ʜᴏᴍᴇ ᴍᴏᴍs ᴏʀ ᴀɴʏᴏɴᴇ ɴᴇᴇᴅɪɴɢ ᴀɴ ᴇxᴛʀᴀ ɪɴᴄᴏᴍᴇ… Yᴏᴜ ᴏɴʟʏ ɴᴇᴇᴅ ᴀ ᴄᴏᴍᴘᴜᴛᴇʀ ᴀɴᴅ ᴀ ʀᴇʟɪᴀʙʟᴇ ɪɴᴛᴇʀɴᴇᴛ ᴄᴏɴɴᴇᴄᴛɪᴏɴ…CMs Mᴀᴋᴇ $80 ʜᴏᴜʀʟʏ ᴀɴᴅ ᴜᴘ ᴛᴏ $13000 ᴀ ᴍᴏɴᴛʜ ʙʏ ғᴏʟʟᴏᴡɪɴɢ ʟɪɴᴋ ᴀᴛ ᴛʜᴇ ʙᴏᴛᴛᴏᴍ ᴀɴᴅ sɪɢɴɪɴɢ ᴜᴘ..Yᴏᴜ ᴄᴀɴ ʜᴀᴠᴇ ʏᴏᴜʀ ғɪʀsᴛ ᴄʜᴇᴄᴋ ʙʏ ᴛʜᴇ ᴇɴᴅ ᴏғ ᴛʜɪs ᴡᴇᴇᴋ……….. Home Profit System

    2. no cell phones
      no ‘social’ media
      no credit or debit cards
      no internet use
      only work under the table for cash.

      Funny how the Information Age has turned out to be a Pandora’s Box of social dysfunction.

      1. [ PART TIME JOB FOR USA ] Making money online more than 15$ just by doing simple work from home. I have received $18376 last month. Its an easy and simple job to do and its earnings are much better than regular office job and even a little child can do this and earns money. Everybody must try this job by just use the info
        on this page…..work92/7 online

      2. No phone, no lights, no motor car, not a single luxury. Like Robinson Crusoe, it’s primitive as can be!

        1. JOIN PART TIME JOBS
          Google pays for every Person every hour online working from home job. I have received $23K in this month easily and I earns every weeks $5K to 8$K on the internet. Anm Every Person join this working easily by just just open this website and follow instructions
          COPY This Website OPEN HERE….. Visit Here

    3. Google pays for every Person every hour online working from home job. I have received $23K in this month easily and I earns every weeks $5K to 8$K on the internet. Every Person join this working easily by just just open this website and follow instructions……… Visit Here

    4. Google pays for every Person every hour online working from home job. I have GFJ received $23K in this month easily and I earns every weeks $5K to 8$K on the internet. Every Person join this working easily by just just open this website and follow instructions……… Visit Here

    5. PART TIME JOB FOR USA ] Making money online more than 15$ just by doing simple works from home. I have received $18376 last month. Its an easy and simple job HBA to do and its earnings are much better than regular office job and even a little child can do this and earns money. Everybody must try this job by just use the info
      on this page…. Visit Here

    6. I get paid over $190 per hour working from home with 2 kids at home. I never thought I’d be able to do it but my best friend earns over 15000 dollars a month doing this and she convinced me to try. The potential with this is endless visit here for full detail open this………EARN DOLLARS CLUB.

  2. Slightly OT – I heard an “expert” on NPR talking about this hack and while, laudably, he didn’t call it a Russian hack as so many others have, he did say, given the size and the scope of the hack, that it certainly appeared to be a nation/state behind the hack. The interviewer asked him which nation/states had this capability and he replied that it was a very short list – Russia and China. Now, far be it from me to argue with an “expert”, but I suspect the list of nation/states capable of carrying out such an attack is somewhat longer than that – I suspect that at least the United States belongs on that list, if not some or all of the UK, France, Germany, Canada, Australia, and Israel.

    But why would we or our allies commit such a hack? Well, that wasn’t the question, was it? The question was, who is capable of carrying out such an attack? If you’re not considering the possibility that it was a false flag operation (or possibly just the CIA up to their usual bullshit of pretending they’re a sovereign entity answerable to no one) or that it was “friendly” surveillance, you’re not actually looking at all the possibilities.

    1. “…but I suspect the list of nation/states capable of carrying out such an attack is somewhat longer than that…”

      Yeppers.

      The State of Calfornia… Singapore… Hong Kong…. Japan….hell, even Monaco…I am thinking the list is huge.

      1. I have received $17634 last month from home by working online in my part time. I am a full time zsa student and doing this easy home based work for 3 to 4 hours a day. This job is very simple to do and its regular earnings are much better than any other office type work.
        See detail here………… USA ONLINE JOBS

    2. China was behind the huge hack of OMB that gave them access to security clearance applications for many federal and military workers. How the media is focused on Russia and not China seems almost scripted.

      1. That was the first thing that crossed my mind.

        1. Get $192 hourly from Google!…Yes this is Authentic since I just got my first payout of $24413 and this was just of a single week…MGb I have also bought my Range Rover Velar right after this payout…It is really cool job I have ever had and you won’t forgive yourself if you do not check it….

          ===========★ Home Profit System

      2. China is the one on the march. Keep eyeballs on the CCP.

      3. Of course it’s scripted. Not to say that Russia shouldn’t be suspect here, but anyone thinking the Chinks couldn’t possibly be behind this are ignoring their multi-decade history of technology theft.

        It’s too bad we’re getting a President who’s Xi’s cockholster.

        1. JOIN PART TIME JOBS
          Google pays for every Person every hour online working from home job. I have received $23K in this month easily and I earns every weeks $5K to 8$K on the internet. Awe Every Person join this working easily by just just open this website and follow instructions
          COPY This Website OPEN HERE….. Visit Here

    3. SleepyJoe will solve this riddle. He is writing the code in his basement.

    4. Canada? Yeah. No. Not unless China forced that jerk off in power to do it.

      1. That’s not completely out of the question. Trudeau is a bigger bitch for China than even Hunter Biden.

    5. I believe the Sec. of State and Attorney General have both indicated that Russia was the culprit. I suspect both these men are in position to see the data and talk to expert who know. While I understand Donald Trump’s attempts to obfuscate, I don’t quite understand why anyone else would care to do so. Yes others are likely working to hack American systems, but in this case I think we can place blame where it correctly belongs, Russia.

      1. I don’t get why this would even be controversial. The secretary of state said it was Russia, security experts and other anonymous sources all say Russia.

        The only world in which this gets controversial is a world in which a major US party is taken over by a cult of personality and that personality is one that is compromised by Russia.

        1. Jeezum, I wonder which “major US party” that might be? Maybe the same party that wants to replace the current voting scheme? Replace winning by earning votes, with winning by whining? The “winner” is, NOT via election wins by the most votes or even electoral college votes, it is “WINNING” by “He who whines and cries and makes up lies, the most”!

          The Lizard Men hijacked millions of votes, dammit! I want a selective do-over!

  3. Make 6,000 dollar to 8,000 dollar A Month Online With No Prior Experience Or Skills Required. Be Your Own Boss And Choose Your Own Work Hours.Thanks A lot Here.

    visit This Site——->>> earn dollars.

  4. SW hack was a state actor likely Russia but there are other possibilities. We were attacked but Koch reason liberaltarians want to blame the US for all ills. You’re doing what you are paid to do but let’s not pretend you care about freedom or privacy anymore.

    1. “SW hack was a state actor likely Russia but there are other possibilities.”

      Can’t we blame this one on Obama? Or maybe Hunter Biden?

      1. Shit has turned your brain into sarcasmics.

        1. Some folks are intelligent, well-informed, and benevolent enough to competently discus ethics, morality, and politics. Others? They literally know how to talk shit, and little if anything else!

          1. Rumor has it some people eat shit.

            1. Rumor has it some people eat metaphorical shit, which flows from the mouth and the tweeter of the Trumptatorshit, every damned day!
              I am SOOOO looking forward to BEYOND January 20th!

              1. I know. You statists are ecstatic about Joe

                1. I am looking forward to the end of the Trumptatorshit, and the threat of a 1-party state.

                  WHY do I fear a 1-party state in the USA, you wonder? Because it IS a threat RIGHT NOW!

                  If you need proof of what I say, read https://reason.com/2020/12/20/desperate-to-stop-biden-from-taking-office-trump-suggests-military-intervention-voting-machine-seizures-and-appointing-sidney-powell-to-investigate-her-own-fraud-claims/ Desperate To Stop Biden From Taking Office, Trump Suggests Military Intervention, Voting Machine Seizures, and Appointing Sidney Powell To Investigate Her Own Fraud Claims

                  Trump flunkies want to use martial law to hold new elections in swing states that didn’t vote Trump. Use the military to force a do-over where the people didn’t vote for Trump like they were supposed to. Give them a second bite at the apple.

                  And there will be endless do-overs till these wayward slobs do things the RIGHT way, and vote for Der TrumpfenFuhrer!

                  Those states who voted for Der TrumpfenFuhrer? Texas, for instance? And now that time has gone by, and millions of Texans have seen yet MORE of the “true stripes” of the Trumptatorshit… And they voted for Trump, but are SOOOO disgusted by now, they want to vote differently by now… Do THEY get a do-over?

                  Let’s selectively re-play this game till the Trumptatorshit lasts forever!

                  The ONLY way that states that DID vote for the continuation of the Trumptatorshit, will get a re-vote, to make it all “fair” to people who’ve changed their minds, by now, or who were excluded from voting by “R” machinations or being too busy or sick that day, to vote… The ONLY way that voters in THESE states will get a “second bite at the apple”, is to make up utterly fantastical LIES about the “R” party’s cheating, collusion with Lizard Men, etc.!

                  If the Lizard Men stole it last time, what will keep them from stealing it the next time around?

                  What we are CLEARLY evolving to here, is NOT election wins by the most votes or even electoral college votes, it is “WINNING” by “He who whines and cries and makes up lies, the most”!

                  WHY, oh WHY might it be, that people who don’t like the history of 1-party states, are afraid to vote “R” any more?

                2. “Winning by whining”, is the NEW “R” way, under Der Would-Be TrumpfenFuhrer. Whine and LIE more than the next guy, will put you in power, and keep you in power! (See above for proof of this). And then “R” folks wonder why voters are afraid to vote “R” any more! Go figure!

                3. Martial law is so in right now.

    2. Not sure how you say likely russia when china is behind one of the biggest hacks in US history. What evidence aside from unsupported media narratives? China doesn’t even hide their attempts. The media does.

      1. How completely you mimic your cult master.

        1. “Leave China alone!”

          1. So, basically, what you’re saying is that Pompeo is a Chinese puppet. Hmm. Got it.

            1. Correction: Barr AND Pompeo. They’re both Chinese puppets, apparently. 😉

  5. Possible President-Elect Joe Biden’s proposed gun control plan could cost gun owners a massive $34 billion in new taxes if implemented based on an old provision that would require individuals to register and mandate a tax fee in order for one to keep the guns and magazines they already possess.

    Oh goodie. Glad we elected him then.

    1. Becerra, though, does have a lengthy history of believing that the power of government is the solution to all that ails you, whether you like it or not. He’s a big believer in “Medicare for All,” a complete government takeover of medical coverage via single-payer health care.

      No record keeping there.. good thing biden is nominating him to the role over health.

    2. Also one could point out reason’s defense of SV and their lack of articles on companies like Google tracking users even if the user opts out.

    3. Biden wants to take your guns? Probably a vast exaggeration…

      We DO know that Der TrumpfenFuhrer AND JesseSPAZ want to take your free speech! And they want to use the EXACT same logic to do it with, that Biden could use to take your guns! Der TrumpfenFuhrer AND JesseSPAZ are “blazing the path” with the EXACT SAME logic, that COULD be used, now, to take your guns! I have REPEATEDLY warned JesseSPAZ that he’s adding powers to Der TrumpfenFuhrer, that will eventually be used against the agenda of Der JesseBahnFuhrer! And now here we go, possibly!

      https://reason.com/2020/12/18/the-bipartisan-push-to-gut-section-230-will-suppress-online-communication/#comment-8646584
      From the article:
      “Section 230, which is a liability shielding gift from the U.S. to ‘Big Tech’ (the only companies in America that have it—corporate welfare!), is a serious threat to our National Security & Election Integrity,” the president recently tweeted.
      There’s your “logic” from Der TrumpfenFuhrer, and MANY conservaTurd commenters on these pages.
      By the EXACT SAME logic, ANY laws shielding gun and ammo manufacturers and-or sellers (Remington for example) need to be held accountable for the shootings of crazy users of their products! Remington, exercise better editorial control of your bullets!

      Hey conservaTurd assholes-commenters! Ye moochers off of a “liability shielding gift from the U.S. to ‘Big Guns and Ammo Tech’”…
      You ready to pay $90,000 per gun and $15 per ammo-round, or pay out the ass for insurance, for your guns? No? Then you are hypocrites ass usual!

      1. Is there anything you wont defend biden on? His public statements are clear. He has talked about beto as the gun czar. Stop eating shit.

        When someone openly says they want to do something, believe them. But you run to fucking defend him. Weird.

        1. The likes of YOU piled new powers onto Der TrumpfenFuhrer’s desk, and now Der BidenFuhrer will use those exact same powers! You still gonna be lusting to add NEW powers to the Trumptatorshit on 19 January? WHEN are you gonna grow a BRAIN, idiot?!?

          For the record…

          Senile Mackerel Snapper Bad?!? He BAD, all right! He SOOO BAD, He be GOOD! He be GREAT! He “Make America Woke”! MAW! All who are against Senile Mackerel Snapper Bad, are into MAWlessness, chaos, badness, and MAW-breaking! They are out-MAWs! MAKE AMERICA WOKE, I say!!!

          We KNOW He can Make America Woke again, because, as a bad-ass politician, He PUNISHED all of the MAW-breakers! He Hair Smeller-Feller in Chief!

          BACK from Beyond the Beyond, Beyond the Grave, it is the MAGA that Wouldn’t Die! MAGA Part II; Make America GREEN Again! The USA flag will now be… Red, White, and GREEN!

          See https://reason.com/2020/10/16/biden-tries-to-gloss-over-his-long-history-of-supporting-the-drug-war-and-draconian-criminal-penalties/

          All Hail to THE Hair Smeller in Chief!!! His Punishment Boner is BIGGER than ALL the rest of ours, put together!

          Most of all, HAIL the Chief, for having revoked karma! What comes around, will no longer go around!!! We CAN smell ALL of THEIR hair, and they will NEVER think of smelling OUR hair, right back!

          Senile Mackerel Snapper Bad-Ass Hair-Smeller all right!

          Yes, we can! We CAN smell all the hair, all the time, and NONE will be smart enough to EVER smell our hair right back!

          These voters simply cannot or will not recognize the central illusion of politics… You can hair-smell all of the people some of the time, and you can hair-smell some of the people all of the time, but you cannot hair-smell all of the people all of the time! Sooner or later, karma catches up, and the others will hair-smell you right back!

          1. The shit-muncher defends Democrats and cries out in pain when he strikes you.

            1. Wow, what clever wit! Did your mommy help you write that?

              1. The shit-muncher speaks from experience.

    4. Yeah. Rumor has it that he may initially try to use EOs to re-define “assault weapons” under GCA 1934 as short-barrelled rifles, shot-guns, etc. That would seem to be the low hanging fruit.

      1. 1934 is the NFA. GCA is 1968.

        The restrictions on short barreled rifles & shotguns are from the NFA

        Such a redefinition would be difficult as the NFA is quite specific in the definition of short barreled. Agency interpretations still have to be a reasonable reading of the statutory text.

        1. NFA, yeah. Sorry about that. And yes, the definitions are quite clear. And I am not convinced that such a move by Biden would be successful.

          On the other hand, with what happened with “bump stocks” is not all that encouraging. Luckily, I suspect Biden’s anti-gun rhetoric will be way on the back-burner. Anti-gun laws haven’t been a winning issue, for Dems, on the national level, for quite some time,

        2. Is anybody going to note that the ATF has already moved against pistol “braces”.
          And 80% lowers?
          Trump isn’t even gone yet and they are re-writing regulations to ban items that literally hundreds of thousands of Americans have legally owned for years.
          ATF is an extremely anti-gun agency

          1. Yes, I have noticed.

    5. Not in the article. What batch of thin air are you pulling this from.

  6. Cleanest election evah!

    1. We just need the voting manufacturer in charge of web security.

  7. You can enhance your luck by investing in digital currency. If you really don’t know about it then I personally suggest you read my blog Read More.

  8. I don’t know every single rule in existence, which is a problem itself and the reason why I don’t typically like govt interference, but most of the financial regulations for AML and KYC rules, many of which were bolstered by the Patriot Act, are rules I support and value greatly. 20 years ago, you used to be able to open accounts in someone’s name without providing a SSN. I’m not saying the rules have eliminated fraud, but it’s a hell of a lot harder now than it was back then.

  9. it’s a hell of a lot harder now than it was back then.

    So making it harder to do something that was already a crime is a worthwhile exchange for the right to privacy?

  10. It’s a bit mind-blowing that a hacked government agency would propose such sweeping expansions to financial surveillance on the same week that we learned their systems suffered a major intrusion.

    “Mind-blowing”? More like business as usual.

  11. This stuff reminds me of the news stories about how the latest and greatest drug bust in history shows we’re winning the war on drugs. Obviously the bad guys outwit “cyber-security” all the time, and we hear news about “cyber-security” only when there’s a purported success or things are so bad they can’t be covered up anymore.

  12. Well, good luck if you want to comment on the proposed rule. It doesn’t show up as a proposed regulation on regulations.gov. I suppose you could mail a comment…

    (Article includes a link to the pdf version of the announcement from the Federal Register. But the online government portal returns no rulemaking from FinCen on that date, nor does searching for the RIN or Docket number on the pdf return any result. Kinda sketchy.)

  13. I am creating an honest wage from home 1900 Dollars/week , that is wonderful, below a year agone i used to be unemployed during a atrocious economy. I convey God on a daily basis i used to be endowed these directions and currently it’s my duty to pay it forward and share it with everybody, Here is I started…
    Here is More information.

  14. Crypto transactions are not only public, they ate linked together in a fully public blockchain. That’s the whole point! Complaining about crypto surveillance is like complaining about keeping archival copies of the NYT and Reason.

  15. Nice post! great content. Thank you for sharing such a useful information.

  16. They are getting ahead of the exodus out of America. No one is leaving without forking over all their dough.

Please to post comments

Comments are closed.