WikiLeaks on Wednesday posted documents allegedly from CIA director John Brennan‘s email account, including Brennan’s application for security clearance and papers about U.S. torture policy.
The documents come after a teenage hacker says he breached Brennan’s AOL email account. The hacker told Wired that he did so by pretending to be a Verizon* worker and tricking another employee to reveal Brennan’s personal information and then requesting a password reset from AOL.
The WikiLeaks page includes Brennan’s application for security clearance, which has many personal details, including his Passport number, his past residencies and information about his acquaintances. WikiLeaks also published documents outlining the U.S. policy in Iran, as well as letters about U.S. torture practices.
This document leak is another in a string of examples of the government’s inability to protect its own data. First the New York Times shocked with the revelation that Hillary Clinton had been using a private email server during her tenure as secretary of state. Then the news of the Office of Personal Management breach broke. Now the director of the CIA’s emails were shared online by someone who is not yet old enough to buy beer.
But despite these consistent breaches, the government is pressing for more and more data from Americans. Today tech companies are rallying against a piece of cybersecurity legislation aimed at helping companies share cyber threat information with other companies and the government. However privacy advocates and tech worry that the bill gives the government more access to information about Americans, information it has proven time and again it cannot keep safe.
Brennan ironically rose to power after a major scandal in which former CIA director David Petraeus was charged with sharing classified information with his mistress. It’s shocking that in the wake of that, Brennan would send such important documents to an email account administered by a company that can’t keep his personal information safe.
Perhaps before addressing cybersecurity through legislation aimed at sharing data about threats, the government should adopt stricter security measures for its own employees.
The documents on WikiLeaks today reveal personal identifying information and government secrets. But beyond that, they reveal a culture of carelessness and incompetence in handling sensitive data that raises the question, why should the government have access to more?
*Verizon owns AOL, and AOL owns TechCrunch.