OPM Sued Over Privacy Concerns With New Government-Wide Email System

An anonymous reader quotes a report from the Hill: Two federal employees are suing the Office of Personnel Management (OPM) to block the agency from creating a new email distribution system -- an action that comes as the information will reportedly be directed to a former staffer to Elon Musk now at the agency. The suit (PDF), launched by two anonymous federal employees, ties together two events that have alarmed members of the federal workforce and prompted privacy concerns. That includes an unusual email from OPM last Thursday reviewed by The Hill said the agency was testing "a new capability" to reach all federal employees -- a departure from staffers typically being contacted directly by their agency's human resources department.

Also cited in the suit is an anonymous Reddit post Monday from someone purporting to be an OPM employee, saying a new server was installed at their office after a career employee refused to set up a direct line of communication to all federal employees. According to the post, instructions have been given to share responses to the email to OPM chief of staff Amanda Scales, a former employee at Musk's AI company. Federal agencies have separately been directed to send Scales a list of all employees still on their one-year probationary status, and therefore easier to remove from government. The suit says the actions violate the E-Government Act of 2002, which requires a Privacy Impact Assessment before pushing ahead with creation of databases that store personally identifiable information.

Kel McClanahan, executive director of National Security Counselors, a non-profit law firm, noted that OPM has been hacked before and has a duty to protect employees' information. "Because they did that without any indications to the public of how this thing was being managed -- they can't do that for security reasons. They can't do that because they have not given anybody any reason to believe that this server is secure.that this server is storing this information in the proper format that would prevent it from being hacked," he said. McClanahan noted that the emails appear to be an effort to create a master list of federal government employees, as "System of Records Notices" are typically managed by each department. "I think part of the reason -- and this is just my own speculation -- that they're doing this is to try and create that database. And they're trying to sort of create it by smushing together all these other databases and telling everyone who receives the email to respond," he said.

Re:

[Anonymous Coward]

Can we fire all of them?

No.

The whole point of the civil service is that government employees can't be fired for political reasons, they can only be fired for cause. This was set up to defeat the old "spoils" system, where civil service jobs were given out to cronies of the politicians in exchange for large bags of cash.

Re:Can we fire all of them?

[Pizza]

Can cause please include insane amounts of government waste? We dont need that many civil servants. Also, just make civil servants earn the average income of their field. Lord knows we dont need to pay accountants $160k + benefits with 40 vacation days a year on our dime.

You do realize that "earning the average income of their field" would actually yield a considerable net _increase_ in pay? ...Civil servants overwhelmingly make _less_ money than they would in the private sector.

Re:

[sabbede]

They also get a fantastic benefits package that includes being almost impossible to fire. But is it even still true that they don't get paid as much? I've seen some of the pay schedules, and the numbers get pretty big.

The people at the top may well be making less than they would running corporations of similar size, but those are mostly political appointees.

Re:Can we fire all of them?

[cayenne8]

Most govt jobs pay much less that their counterpart jobs in the private sector.

And they have strict drug policies...so, no smoking grass even if legal in your state or medicial...still a federal crime and out you go.

They do make up for it, by having pretty decent healthcare and retirement benefits....the longer you stay in, the more generous they get with personal and sick leave....

You have to jump through a lot of hoops for a federal job, especially if it in any way handles sensitive information.

But yes, due to the fact the feds generally pay a good deal less than the private sector, you have to decide if the less pay is made up for by other benefits.

One is generally job stability....remember, everything has its trade offs.

Re:

[cayenne8]

So much outdated nonsense. I don't think a civilian in DoD has been drug tested in over 20 years (unless special programs). The pay is not much less than similar jobs on outside, and the reason the line is long to join fed civil service is because it is pretty sweet package. So, no the fed pays pretty well for similar work (if you can find those that actually work). And the extra "burden" on sensitive info is a joke. True happening: when I joined my last office I was badly used - no skin off my nose since I

Re:

[wasteoftime]

Could be different experiences but I saw this a multiple locations. Robbins AFB was a nightmare - in the short time I was there they had two separate murder for hire type rings, our division lead contracting officer has his office carpet cut out looking for evidence of DNA for sex abuse, I was practiced by GO for cancelling bad contracts but my civilian leaders were bent out of shape since they were good ole boys, the foremen in one of the depot shops were known as the Dodge County Mafia...hell, I could go

Re:

[wasteoftime]

I don't think this is true at all. I think I was very well compensated all things considered and I was a far more productive civil servant that the vast majority of folks I came in contact with (over 40K gov and contractor at my last location). Heck, I was getting over 20+% locality pay for one of the cheapest places in the country to live. And my retirement pension is pretty damn good on top of it.

Re: Can we fire all of them?

[nazsco]

that's how the populists get power.

they identify rules against their power grabs, in this case the separation of federal machine and executive.

then they cry over one easily fixable issu, like limiting salaries to market rate. And with that reasonable argument win you over.

But then they use your support to dismantle the other thing blocking their power grab.

Before you know it, they will have even larger inneficiences but all going to their companies.

Re:

[sabbede]

What? The executive branch RUNS the "federal machine". There is no separation between the Federal bureaucracy and the person the Constitution puts in charge of it.

Re: Can we fire all of them?

[Baloo Uriza]

Populists win elections on their own without gerrymandering and voter disenfranchisement. You're getting populists and conservatives mixed up, this is a fascist coup.

Re: Can we fire all of them?

[flyingfsck]

Anybody who gets the email is already in the database.

Re:

[sabbede]

Uhm, no, that's the whole point of the Civil Service Act, not the civil service. And it's a bit silly anyhow if you think of it. The person in charge of the government can't fire his employees? Government employees should be easy to replace, not impossible to replace.

Re:

[rickb928]

And I thought the whole point of United States Civil Service was to provide necessary goods and services to the population of the United States, and to others as directed by the President or by law (that's redundant, you know). And to do so according to law and lawful policy.

Since we now know, for a fact, if you're paying attention, that many of federal government employees do, in fact, act for political gain, and some, perhaps many, for the specific purpose of obstructing policy they disagree with.

If you w

Sounds like a mailing list

[jrnvk]

Not sure how controversial those are, at least until someone accidentally hits reply all

Re:Sounds like a mailing list

[laughingskeptic]

No one stands up a compliant server for anything in the U.S. government in one day. This means no security controls on the server were validated, that required anti-virus software is not licensed and installed, etc. And they just sent the IP address of this system in the email headers to every U.S. government employee so it is being targeted today. This is what is controversial: that some people from outside the org showed up with a box, plugged it into the network, loaded up the email addresses of 2.3 million employees and went to town. This the first recipe in recipe book for "How To Be Hacked" stew.

Maybe the most ridiculous lawsuit of all time

[registrations_suck]

Employees complain that an organization wants to send email to all employees.

Really? I mean, come on man.

It's semi-shocking that this capability wasn't created, I dunno, 20 years ago?

As a federal employee, I am not bothered in the slightest by such a capability.

As for the "reply all" problem, that is easily solved.

Re:

[quonset]

Right. An unsecured server handed over to the friend of an oligarch who doesn't have any clearance to access such information.

Sure, nothing wrong with that at all.

Re:

[butlerm]

The President of the United States can grant clearance necessary for someone to do their job or advise him properly at any time and for almost any reason because under the Constitution the executive power of the United States including all federal agencies is vested in him. He does have to see that the law is faithfully executed but there are limits to the degree of control Congress can exercise over the President under separation of powers and this is one of them. The president can share information with

Re:

[registrations_suck]

Not to mention that the govt can create a system to email all employees without providing info to anyone. I mean, jezz.

Re:

[Anonymous Coward]

The president can share information with anyone he wants...

Oh, he has. Just ask to see his "special classified briefing documents" and for a small donation he'll take you to Mar Largo and show you all sorts of things, laws be damned.

Re:

[sabbede]

Who said it was unsecured? The complaint seems to be that there hasn't been enough red tape involved, not that it was unsecured. And the person in charge of it is a government employee. And who said they weren't cleared for access? Is a list of internal email addresses so sensitive that a ranking official can't see it?

These things you claim seem very silly to me.

It's a feature, not a bug

[echo123]

Right. An unsecured server handed over to the friend of an oligarch who doesn't have any clearance to access such information.

Sure, nothing wrong with that at all.

Lousy, unaccountable email servers are a feature of the GOP [arstechnica.com], not a bug.

Re:

[Ungrounded Lightning]

Lousy, unaccountable email servers are a feature of the GOP, not a bug.

Also a feature of at least one recent Democrat presidential candidate [wikipedia.org]. B-)

National Archives

[bill_mcgonigle]

National Archives should be given control of backups so when an agency "accidentally deletes" backups when Congress launches an Investigation, the Archives can help out and save them from such embarrassment.

They already handle classified archives so this should be doable and save a ton of money.

I'm sure they were all accidents, right?

Re:

[ToasterMonkey]

National Archives should be given control of backups so when an agency "accidentally deletes" backups when Congress launches an Investigation, the Archives can help out and save them from such embarrassment.

They already handle classified archives so this should be doable and save a ton of money.

I'm sure they were all accidents, right?

My reflexive response is, haha, they will just use personal communications.
https://en.wikipedia.org/wiki/... [wikipedia.org]
https://en.wikipedia.org/wiki/... [wikipedia.org]

Then I was relieved when I remembered we tried to fix this.
https://en.wikipedia.org/wiki/... [wikipedia.org]

But what does following the law mean today? Fuck it, just pardon the whole agency, what is Congress going to do, impeach, lololol. Use burner phones and cover your own ass, everyone look out for themselves, fuck laws, this is what we voted for. So good luck with that one Bill.

anonymous lawsuit

[writeRight]

Attorneys attempt a class action based on complaints by two anonymous employees. Those two will be subpoenaed and will need to show unlawful harm. Big waste of taxpayer money in court to coddle career pensions paid by all Americans.

Re: anonymous lawsuit

[nickovs]

They only need to show harm if they want damages. If they are just seeking an injunction to demand that the OPM follow the law (which clearly states that a privacy impact assessment is required) then they just have to show that the law was not followed.

The solution is pretty easy: the OPM could do a PIA. The problem is that this is likely being put in place to spot âoesubversiveâ civil servants who donâ(TM)t sufficiently by in to the new regimeâ(TM)s agenda, so a PIA (which would need to be published) would be damning.

Re:

[writeRight]

You are right about the lawsuit "prayer" asking for injunctive relief, and that a quick review to follow rule may be fastest resolution. The boilerplate "Grant such other relief as the Court may deem just and proper" is in there, so will watch this.

Leave before the purge cycle.

[couchslug]

Every party switch will require purging the internal enemies installed by previous regimes and neutrality won't save anyone.

Eventually the armed forces will be affected which is a great way to turn into (r)ussia, but enlisted careers will be safer than officers.

The armed forces have been affected for a while.

[Ungrounded Lightning]

Every party switch will require purging the internal enemies installed by previous regimes and neutrality won't save anyone.

Eventually the armed forces will be affected which is a great way to turn into (r)ussia, but enlisted careers will be safer than officers.

The armed forces have been affected at least since the officer candidate schools began asking whether the student would obey orders to disarm the US citizen civilians in an area. (If I recall correctly this was during the Obama administration.)

Re:

[sabbede]

"Outside" of what? They're Federally owned servers in Federal buildings. One of the complaints is that a new server was added to an office!

Interesting Wrinkle

[necro81]

A personal friend is a federal judge. When this email from OPM came through last week it caused a bit of a stir, because:
1) OPM has no jurisdiction over employees in the Judiciary. They are a separate, co-equal branch of government. As such, they have their own IT and personnel policies.
2) It looked for all the world to be a crude phishing attack. Poor formatting and grammar, a hint of immediacy, the threat the bad consequences, combined with a "click here" hyperlink with obfuscation.

Welcome to the wrecking crew. I've done enough renovation in my home, or refactoring substantial codebases, to know that you usually have to start by tearing things down. But usually that's done according to a thought-out plan, with a clear trajectory from the tear down to a better-built result. This just looks like some dumbass with a sledge hammer.

Possibilities for names

[necro81]

Two federal employees are suing the Office of Personnel Management (OPM) to block the agency from creating a new email distribution system -- an action that comes as the information will reportedly be directed to a former staffer to Elon Musk now at the agency

For reference: the supposed DOGE office doesn't actually exist, because Trump can't just make a new federal department out of thin air without Congress. So, instead, he's squeezed DOGE into what was the United States Digital Service [npr.org] - the guys that fixed the healthcare.gov rollout.

That "e-mail" and "Elon Musk" have similar initializations present so many opportunities.

Elon-mail
Musk-mail
e-Musk

All sound rather unpleasant.

it's almost like president musk

[k3v0]

has no idea how government works