Labor Department Computers Vulnerable to Leaks: Study
Computer systems used by the U.S. Department of Labor to produce market-sensitive economic data are more likely to be a source of possible leaks than a facility used by journalists to report on the figures, according to a study commissioned by the department.
Sandia National Laboratories was hired to examine possible sources of leaks at so-called lockups, where journalists are given copies of reports on data such as the unemployment rate in advance of their release to the public.
“The IT environments where the data are produced are more likely avenues for data loss than is the Press Lockup facility,” according to a footnote in the August 2011 report posted on the Department of Labor website.
Sandia said it was asked to look into security at the lockups after the Labor Department was approached by authorities, including the U.S. Securities and Exchange Commission and the FBI, “concerned that key economic data were potentially subject to unauthorized, premature release.” Sandia’s “scope of allowed activities” was limited to the lockups and didn’t include “other areas associated with the preparation of the target data.”
After the Sandia study, the Labor Department in April ordered media organizations to remove computer software, hardware and communications lines they had installed at the department. Instead, reporters were told they would have to use government equipment, software and Internet connections.
Bloomberg and other news organizations protested the procedures, saying they hindered their ability to transmit market-moving news to readers quickly and accurately using the best available technology.
Reporters in lockups are given data, typically 30 minutes before their broader release. This gives journalists time to prepare stories and headlines that are published after a government employee throws a switch opening communications lines to the news organizations’ computer systems.
Sandia Corp. is a unit of Lockheed Martin Corp. (LMT), the world’s biggest defense contractor. Sandia operates national laboratories for the Energy Department in Albuquerque, New Mexico, and Livermore, California.
Sandia’s study for the Labor Department “provided technical analysis as one step in a process to reduce potential economic-data compromises,” Stephanie Holinka, a spokeswoman for the company, said yesterday in an e-mail. It was one of many such studies Sandia has done for the federal government and private industry, she said.
SEC spokesman John Nester declined to comment. Paul Bresson, spokesman for the FBI, didn’t immediately respond to a request for comment.
The Labor Department each month produces a report on the jobless rate and the change in payrolls for the previous month. It also compiles reports on consumer and producer prices and weekly claims for unemployment benefits.
Some members of Congress also objected to the new Labor Department procedures.
“Given the market-moving impact of these numbers and the largely automated processes of today’s market institutions, even a minor flaw in the timing or accuracy of this data could result in a destructive impact on global markets,” Senator Roy Blunt, a Missouri Republican, wrote in a letter to Secretary of Labor Hilda Solis.
Representative Darrell Issa, a California Republican who conducted a hearing on the issue on June 6.
After the complaints, the Labor Department agreed to allow news organizations to continue using their own equipment and data lines. Reporters will be required to leave mobile phones and other electronic devices in lockers outside of the lockup room, along with personal effects such as umbrellas and purses.
Stephen Barr, a spokesman for the Labor Department, declined to comment on the Sandia report and referred to a letter addressed to Issa.
“The Sandia team noted that the lockup is but one part of a larger data assembly and distribution process,” according to the June 26 letter from Brian Kennedy, assistant secretary for congressional and intergovernmental affairs at the Labor Department.
“While Sandia speculates on other areas of potential vulnerability, including within the Bureau of Labor Statistics (BLS), Sandia’s team did not review BLS’s data security procedures and safeguards because those issues were outside the scope” of an agreement between the Labor Department and the U.S. Department of Energy.
The letter also said BLS has “robust security measures in place for many years,” and that the department “undergoes regular third-party audits.”
To contact the reporter on this story: Meera Louis in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Christopher Wellisz at email@example.com