I got a note in the mail today from the Federal Government's Office of Personnel Management, letting me know that my security clearance information was among those stolen in the massive data breach we've read about. They've taken a page from Target -- the store, that favorite of Michelle Obama's -- by offering me three years of free identity theft protection by way of compensation.
Which is all well and good, but -- like the President's own pre-announced withdrawal timeline for his Afghanistan surge -- that only tells the Chinese how long they have to wait before going gangbusters with the stolen data. My personal interests aside, out of a simple concern with national security they ought to flag my data (and all our data that was stolen) forever, not for three years. Whoever stole this stuff knows everything there is to know about where I've lived and worked, has on file personal references from people who have been interviewed in support to the investigation, and so forth. You could obtain any kind of paperwork from the government, or for that matter from private banks, based on what's in that file.
Fair enough if the three years is a stopgap while they put something else in place to ensure that the stolen data can't be used by the hackers, although it's not clear what that "something" might be. Perhaps a marker that anyone affected must be handled on a different basis than past information, should they need new clearances (or loans).
Still, three years is not that long a time. The scale of this breach, targeting as it did those with security clearances, ought to merit a much more permanent and serious response. That's true even if the government only cares about its own security, and not at all about those of us who are personally compromised.