By Sasha Chavkin

Columbia Journalism Review – April 17, 2013

On Monday, President Obama quietly signed a bill repealing the major provisions of the much-touted ethics law known as the STOCK Act.

Passed in 2012 after a 60 Minutes report on insider trading practices in Congress, the STOCK Act banned members of Congress and senior executive and legislative branch officials from trading based on government knowledge. To give the ban teeth, the law directed that many of these officials’ financial disclosure forms be posted online and their contents placed into public databases. However, in March a report ordered by Congress found that airing this information on the Internet could put public servants and national security at risk. The report urged that the database, and the public disclosure for everyone but members of Congress and the highest-ranking executive branch officials—measures that had never been implemented—be thrown out.

The government sprang into action: last week, both chambers of Congress unanimously agreed to adopt the report’s recommendations. Days later, Obama signed the changes into law.

The STOCK Act’s partial repeal received workmanlike coverage from Beltway outlets like The Hill and Politico, prompted the expected howls of protest from transparency groups, and generated a few ripples in the mainstream media.

The meager coverage was a striking counterpoint to the waves of media attention that accompanied enactment of the STOCK Act in April 2012—310 articles in the two weeks surrounding its passage, according to a search of Lexis Nexis. Just as striking is that none of the reports on the partial repeal consulted experts who could answer the question at hand: did the disclosure rules in fact threaten individual or national security?

To address this question, CJR consulted four cybersecurity experts from leading think tanks and private security consultancies. Each came to the same conclusion: that Congress’s rationale for scrapping the financial disclosure rules was bogus.

“I don’t think there is any risk,” said James Lewis, the director of the Technology and Public Policy Program at the Center for Strategic and International Studies, of posting federal disclosure forms online and in a database. “Only the risk of going to jail for their insider trading.”

Martin Lipicki, a senior management scientist at the RAND Corporation who specializes in information technology and national security, said, “I just don’t see the mechanism” by which online financial disclosures could compromise security. And Ben Hammersley, a technology expert at The Brookings Institution, said that “at a glance it seems to me that the country has been made less secure” by repealing the disclosure rules.

Bluntest of all was Bruce Schneier, a leading security technologist and cryptographer. “They put them personally at risk by holding them accountable,” Schneier said of the impact of disclosure rules on Congress members and DC staffers. “That’s why they repealed it. The national security bit is bullshit you’re supposed to repeat.” (Three of the four experts we consulted opted for the same term of choice.)

The disclosure rules were strongly opposed by federal employee unions, who represent many of the roughly 28,000 officials who would have had to join Congress in more detailed public disclosures. But members of Congress who addressed the partial repeal pointed not to those lobbying efforts but to the recommendations of a report lawmakers had commissioned from the National Academy of Public Administration.

The 157-page NAPA report offers detailed background for its recommendations and provides scenarios in which the disclosures could lead to trouble. We reviewed several of these scenarios with the cybersecurity experts.

A leading concern raised in the report is that online financial disclosures could endanger personnel in sensitive international or security-related postings. It lays out scenarios in which the discovery of diplomats’ personal wealth or financial distress could lead them to be targeted either by criminals or foreign intelligence agencies. “Officials were especially concerned that unrestricted online access to the personal financial information of employees stationed overseas, as well as their families, would subject them to greater risk of kidnapping,” states the report.

Lewis, of the Center for Strategic and International Studies, was skeptical that online financial postings would notably increase the risk of crime for diplomats who were already visibly wealthy and deployed in foreign countries. He also disputed the notion that online postings would be a boon to foreign intelligence services. “For 40 bucks you can buy all that info from a credit service,” Lewis said.

The report also cites risks to law enforcement, intelligence, and undercover personnel, such as facilitating the profiling of American intelligence officers by foreign state actors.

Lewis said there are sensitive posts that may merit an exemption from disclosure. But he said that such jobs constituted a small and easily distinguished fraction of the 28,000-odd executive branch and legislative staffers now being exempted from online disclosure.

“For 95% of the cases, exempting these people is a mistake,” Lewis said.

Another concern raised in the report is that the creation of a searchable public database would place everyone included at a higher level of risk for outcomes ranging from blackmail to harassment to identity theft. It offered the analogy of “boiling the frog” in gradually warming water, warning that “this forthcoming increment in available data could become the fatal temperature change that goes undetected by the hapless frog.”

“Making this information available in this fashion fundamentally transforms the ability (and the likelihood) of others—individuals, organizations, nation-states—to exploit that information for criminal, intelligence, and other purposes,” the report found.

Hammersley of The Brookings Institution was unconvinced. “Is it that there’s a whole generation of slightly lazy blackmailers?” he asked.

Without more plausible specifics, he said, the report was offering a “slippery slope” argument that could be applied equally well to any type of disclosure rule. “When I see a slippery slope argument it always makes me suspicious of the motivations of the people who are making it,” Hammersley said. “Because it means there are actually no arguments against the thing they actually talking about.”

In the case of the STOCK Act’s disclosure rules, that may not quite be true. There would have been some hassle and burden for government employees in complying with the measures. No doubt many federal workers also felt the public financial disclosures would be an invasion of their privacy, one that they hadn’t consented to when embarking on those careers. Those claims are worth listening to—and they should be weighed in a debate against specific arguments for the benefit of disclosure in this case, rather than vague statements about the virtues of transparency.

Had reporters dug deeper here, they might have forced a debate on the actual merits of repeal—and in the process generated a bit more attention to Congress’s swift and silent rollback of ethics rules based on implausible claims of a security threat.