The SSA stores a lot of sensitive data. Normally with sensitive data you want to be very careful with who can access it and how.

What is potentially worrisome in this situation is it seems like the SSA is taking on the "move fast and break things" attitude of Silicon Valley.

More technically, most government agencies use AWS and Azure (cloud providers) to host data. So spinning up a new server isn't inherently bad. However, creating a new server that is secure and has the correct access controls (user permissions regarding who can see/change content) can be challenging. The whistle blower believes they are not doing this right, and it sounds like the head of the SSA isn't disagreeing, just saying he thinks the risk is worth it.

So again, it’s all just bullshit hopes and dreams by the anti-doge people. No data has been exposed or hacked, no evidence of it actually being on anything insecure.

It's times like this I wonder about the like/dislike paradigm I.E. "I like/dislike knowing this and/or appreciate the perceived reputability of the source" vs. "This is good news/I fucking hate this."

This one just got a "I fucking hate this" from me.

I think we should be able to have a national class action against DOGE. 100% serious, all US citizens for sure, and anyone else with data in the Social Security database, should sue the individuals responsible for this.

Then we take the money and start a company that contracts out to the government to create a national digital ID system that is the most secure in the world, and allows for amazing anonymity.

In cyber security you may never know if a bad actor got access to your systems/data. The issue with not following good security practices is that you increase the risk of this happening.

Its like saying we should stop mandating vaccines cause the diseases aren't around anymore. When you let down your defenses you end up with outbreaks that shouldn't have happened and are harder to control.

That makes sense, thanks for the explanation

Once a nuke goes off in a major city, we are pretty much guaranteed it from what I understand about multiple cyberpunk-style worlds

I hate this is a good point

The votes on the posting itself should reflect if the content is worth your time. I'm not even American and I have a really bad feeling after reading the article, but it's better to know than being in the dark, and the article itself is full of details which make it pretty reasonable to believe it's the truth.

Mr Borges really brought the receipts on this one, and he is one of the heros of the american people that will probably pay dearly for his courage, and he still did what's right.

Don't you think after 5 months without oversight who exactly has access to that server that the difference between this and a random s3 bucket is nearly nil? But you are right, in the light of integrity the title should reflect the facts as they present themselves currently.

this is a whole can of worms that you can look into but the entire western conception of the Chinese social credit system is essentially a myth propagated by western media outlets.

don’t get me wrong, the chinese government legislated local governors implement something vaguely similar to the financial credit system in the west but, as the law works in china, they all interpreted the order differently and it seems only the “good” parts get rolled out nationally.

situations similar to the western “social credit” myth existed for a brief time in a very small number of local pockets (think smaller divisions such as cities and towns), but they were quickly absconded and the architects of those systems punished, for essentially wasting government time and money.

note i’m definitely not a tankie fuck tankies but i also think if we’re gonna talk about china we don’t need to make shit up bc just like the US there is plenty of real shit to criticize. the “social credit” thing is a joke that westerners get made fun of internationally for believing, pretty much. it’s not remotely real, at least how you probably think of it.

realistically at this point you don’t have more or less rights or freedoms as a citizen of china or the united states. you’re pretty equally fucked either way now.

I do, yes, it's blazingly stupid and others have been jailed for less.

But I've noticed a number of misleading post titles recently, like the just today there was obe about a cyclist getting hit by a car when it was actually the cyclist turning into traffic. Tragic, but the title misleads. So I've started pointing them out.

Maybe I just long for the days when titles aren't rewritten to drive opinion and engagement (regardless of if I agree or disagree).

In cyber security you may never know if a bad actor got access to your systems/data. The issue with not following good security practices is that you increase the risk of this happening.

If they're using Azure or AWS then they have a level of built in good security practices. These people aren't morons, they know what they're doing. In fact, using AWS or Azure you have to fuck things up to make it insecure, because by default they're all pretty locked down.

Its like saying we should stop mandating vaccines cause the diseases aren’t around anymore.

I'm 100% a pro-vaccine person, but vaccines should not be mandatory. "My body, my choice" - isn't that the saying? Or is that only for women wanting an abortion? If someone doesn't want to get a vaccine then they can suffer the potential consequences while those who are vaccinated don't (but they have to deal with the potential side effects of the vaccine).

While AWS/Azure do make the initial configs rather fool proof, that falls apart the moment you start configuring them for actual use. It's also especially easy to mess things up when handling PII, at the SSA level it's probably something that DOGE staff don't have experience with.

As for vaccines. Largely through that out there cause it seemed like obvious bait for you, but I don't think a single slogan "my choice my body" really encapsulates the arguments around abortion

The people working at doge are mostly what people would consider geniuses in their field. Configuring azure databases to be secure is a piece of cake. Like I said, it’s harder to make them insecure than it is to make them secure. I know, I work with them every day. How does handling PII make it easier to mess things up exactly?

Good to know you were just trying to bait and “troll”, not really good faith arguing is it? You wouldn’t have been trying to find something to disagree with just because you can’t argue against my actual point I made, were you?

“My body my choice” perfectly encapsulates the argument for abortion because it literally is pro-abortion people’s main argument - and yes, I am 100% pro-abortion.

I think the line "how does handling PII make it easier to mess things up" just about sums things up for me.

If the servers are secure and the PII is properly encrypted in the original db then how does it make it any easier to mess up? Would love to hear your expert opinion on this.

the government may be responsible for reissuing every American a new Social Security number at great cost

Has this department made our government efficient yet?

There are laws about how to handle PII and potential criminal charges based on things like the Privacy Act. Meaning there are additional requirements above and beyond how people normally store data on a system.

More requirements = More chances to mess up

And you’ve got evidence those laws aren’t being followed? No? There’s nothing that hosting it on a secure cloud server that makes that any easier to “mess up”.