Since the release of the Snowden files, we have come to know more and more about the information that governments collect and try to keep secure. The attack on OPM (Office of Personnel Management), alleged to be the work of Chinese hackers, showed how critical it has become to better protect this information. The OPM data breach has resulted in the exfiltration of personal data affecting more than twenty million US government officials, and endangered operations all over the world. It seems that law enforcement and administration agencies need to turn more to those same techniques they require from private companies.

“Nothing should have ever been lost from the system,” Burke said in court, later adding, “The settings were set to never delete.” The absence of backups or archives shows a surprisingly low level of professionalism in cybersecurity. It is something we could have dealt with in the ’90s but those days are now long gone. In addition, data tends not to delete itself on its own, there may have been a “user error” or an outsider threat actor breaching the system. Without proper logs it is hard to tell. Nonetheless, if it is this easy for the police to lose sensitive data, it raises fundamental questions about what kinds of data law enforcement agencies should be allowed to collect and store. This issue reminds me of a speech that former NSA head Michael Hayden delivered at the IWP Cyber Intelligence Initiative Inaugural Conference a few months ago. He said he no longer believed that any government could protect its citizens in cyberspace with adequate speed or efficiency.