Bisignano wrote that “all employees are required to go through a vetting process prior to being granted access to SSA information systems” and “are granted the appropriate permissions to perform their work” based on their job functions. He said the agency’s “AWS cloud environment is audited yearly to ensure these controls are implemented and maintained.”
We contacted Borges’ attorneys at the Government Accountability Project today and will update this article if we get a response.
Borges resigned “involuntarily”
Borges’ whistleblower report alleged that SSA officials violated the Federal Information Security Modernization Act by “knowingly placing a High-Value Asset containing data on over 450 million people in an uncontrolled environment.” The Government Accountability Project said that if “bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital healthcare and food benefits, and the government may be responsible for re-issuing every American a new Social Security Number at great cost.”
Borges resigned from the SSA a few days after going public with his allegations. In a letter to Bisignano, Borges said he was “involuntarily” leaving his position.
“This involuntary resignation is the result of SSA’s actions against me, which make my duties impossible to perform legally and ethically, have caused me serious attendant mental, physical, and emotional distress, and constitute a constructive discharge,” he wrote. “After reporting internally to management and externally to regulators serious data security and integrity concerns impacting our citizens’ most sensitive personal data, I have suffered exclusion, isolation, internal strife, and a culture of fear, creating a hostile work environment and making work conditions intolerable.”
Borges’ resignation letter alleged that “newly installed leadership in IT and executive offices created a culture of panic and dread, with minimal information sharing, frequent discussions on employee termination, and general organizational dysfunction. Executives and employees are afraid to share information or concerns on questionable activities for fear of retribution or termination, and repeated requests by me for visibility into these events have been rebuffed or ignored by agency leadership, with some employees directed not to reply to my queries.”
Bisignano probably isn’t done answering questions about the whistleblower allegations. Crapo’s letter to Bisignano said the senator’s initial round of questions is “an immediate first step, considering the seriousness of Mr. Borges’ allegations concerning SSA’s ability to safeguard data collected and maintained by the agency.”
