Let's be fair: while the source may well be partisan, it is also a technical document. Referring to it simply as a partisan political document doesn't acknowledge its full contents or its value to a technical community.
It is not a technical document. It is a document that contains technical details. For instance: it contains a formal set of "findings", as in the "findings" of law and fact in a trial. Here's one of the first findings:
FINDING: Slow implementation of critical security requirements such as dual factor authentication is a true case of misplaced priorities.
That's not technical language. It's not even formal language.
OPM was/is a clusterfuck. I'm not disputing that. But the authors of this document had a job to do: portray administration appointees in the worst light possible.
I won't argue with you the difference between a technical document and a document with technical details. You're welcome to that definitional win.
There are interesting technical details in this document about the exact methods, vectors, files, timelines, etc used in both offense and defense of this incident. They would be of interest and value to many in this community regardless of the partisan agenda of the committee.
A technical document about a breach would explain the mechanisms for the vulnerabilities and exploits involved, and discuss how systems could be architected and written differently to avoid them.
This document walks up the abstraction chain several notches and attacks the org chart and security policy of the MS Word variety, not the way things were written or configured (except insofar as bad config stemmed from not enough teams of paper not enforced well enough). It is pitched at the kind of CIO/CTO who could just as easily be any other CxO, not at engineers.
I disagree. If you're going to say "But the authors of this document had a job to do: portray administration appointees in the worst light possible." then you need to at least show some examples of that.
You're not making an argument. You're trying to pass an opinion as a fact. You need to back up statements like that.
The document is a "Majority Staff Report". And the only listed authors are from one party. By definition it is a partisan document. That doesn't mean that it's 100% false (or 100% true), but that's the context for the report.
Regardless of whether or not anything was exaggerated, it's still a partisan, political document. The contents don't change that. This would still be the case if it was a "Minority Staff Report" too...
The past 8, if not the past 24 years, of highly partisan, political, and acrimonious relations between political parties in the U.S. is sufficient context for the observation that this is a single party's view of the incident to be salient.
That of the two major parties, the report is authored by the one with a far more adversarial relationship wwith the truth is also worth mentioning.
Not that the report mightn't contain elements of reality. But this is also likely to be as critical of the opposing part and politically beneficial to the authoring party as possible .
The fact is that this isn't a bipartisan and balanced (possibly, yes, to the point of compromise) report. That is not an opinion.
Tptacek hasn't argued the contents are specifically flawed. But the impartiality of the authors is certainly suspect on well-founded grounds.
Yes, agreed, a partisan document out of a Congressional Committee is inherently biased. I don't think anyone would dispute this as a general principle so there's no reason to think this a special case.
That's ridiculous. The OPM data breach was the largest in the US government's history.
If even that, which most of the intelligence and law enforcement officials have said is a catastrophe that won't be fixed for a generation, shouldn't be portrayed in the "worst light possible", then what should?
Enough with the partisan crap. This happened on those people's watch. Regardless of which party named them as the leaders of the OPM, they should be heavily criticized for it.
In fact, I'm actually quite angry myself at the fact that the Obama administration tried to downplay this for as long as possible last year. You actually didn't see much about it in mainstream media, and only some of it in tech media. All because Obama may have not wanted to be remembered as the president on whose watch the OPM breach happened.
So what I get from this is that you're the partisan one, not the OPM report.
