On Monday, President Obama quietly signed a bill repealing the major provisions of the much-touted ethics law known as the STOCK Act.
Passed in 2012 after a 60 Minutes report on insider trading practices in Congress, the STOCK Act banned members of Congress and senior executive and legislative branch officials from trading based on government knowledge. To give the ban teeth, the law directed that many of these officials’ financial disclosure forms be posted online and their contents placed into public databases. However, in March a report ordered by Congress found that airing this information on the Internet could put public servants and national security at risk. The report urged that the database, and the public disclosure for everyone but members of Congress and the highest-ranking executive branch officials—measures that had never been implemented—be thrown out.
The STOCK Act’s partial repeal received workmanlike coverage from Beltway outlets like The Hill and Politico, prompted the expected howls of protest from transparency groups, and generated a few ripples in the mainstream media.
The meager coverage was a striking counterpoint to the waves of media attention that accompanied enactment of the STOCK Act in April 2012—310 articles in the two weeks surrounding its passage, according to a search of Lexis Nexis. Just as striking is that none of the reports on the partial repeal consulted experts who could answer the question at hand: did the disclosure rules in fact threaten individual or national security?
To address this question, CJR consulted four cybersecurity experts from leading think tanks and private security consultancies. Each came to the same conclusion: that Congress’s rationale for scrapping the financial disclosure rules was bogus.
“I don’t think there is any risk,” said James Lewis, the director of the Technology and Public Policy Program at the Center for Strategic and International Studies, of posting federal disclosure forms online and in a database. “Only the risk of going to jail for their insider trading.”
Martin Lipicki, a senior management scientist at the RAND Corporation who specializes in information technology and national security, said, “I just don’t see the mechanism” by which online financial disclosures could compromise security. And Ben Hammersley, a technology expert at The Brookings Institution, said that “at a glance it seems to me that the country has been made less secure” by repealing the disclosure rules.
Bluntest of all was Bruce Schneier, a leading security technologist and cryptographer. “They put them personally at risk by holding them accountable,” Schneier said of the impact of disclosure rules on Congress members and DC staffers. “That’s why they repealed it. The national security bit is bullshit you’re supposed to repeat.” (Three of the four experts we consulted opted for the same term of choice.)
The disclosure rules were strongly opposed by federal employee unions, who represent many of the roughly 28,000 officials who would have had to join Congress in more detailed public disclosures. But members of Congress who addressed the partial repeal pointed not to those lobbying efforts but to the recommendations of a report lawmakers had commissioned from the National Academy of Public Administration.
The 157-page NAPA report offers detailed background for its recommendations and provides scenarios in which the disclosures could lead to trouble. We reviewed several of these scenarios with the cybersecurity experts.
A leading concern raised in the report is that online financial disclosures could endanger personnel in sensitive international or security-related postings. It lays out scenarios in which the discovery of diplomats’ personal wealth or financial distress could lead them to be targeted either by criminals or foreign intelligence agencies. “Officials were especially concerned that unrestricted online access to the personal financial information of employees stationed overseas, as well as their families, would subject them to greater risk of kidnapping,” states the report.