Follow this authorMegan McArdle's opinions
Follow
In an apparently unrelated incident the following day, some users reported seeing an approval go briefly live on the SEC site, before disappearing, presumably because someone had accidentally posted it too early. After the market closed, the approval went up again. Bitcoin ETFs were finally a reality.
The parables here are rich enough to mine forever: These events seemed to vindicate some wariness about moving our entire lives into the digital realm where they can so easily be hacked. But, then again, why should the bitcoin decision have been made by people who had apparently not — according to the safety team at X — bothered to enable a common security feature known as “two-factor authentication” on the SEC’s official account? For IT folks, this kind of basic precaution is, as security technologist Bruce Schneier put it, “kindergarten stuff.”
Advertisement
This looked particularly bad given that the SEC claims oversight of cybersecurity incidents in the private sector, and will probably not accept “I forgot” as an excuse if a company’s poor security results in market-moving hacks. (Further delicious detail: they had to reopen comment on one of those proposed rules because, uh, the internet comment form broke.) Also, it turns out that the government has been working for years on switching over to two-factor authentication. In September, the SEC issued an impressive-sounding progress memo that included a lot of meeting, establishing and implementing but not yet clicking the two-factor authentication checkbox in their social media security settings.
Which makes this not just a funny mini-scandal but also a story about how much worse the government is at technical things than the private sector it purports to oversee.
We’ve already heard many reasons the government struggles to do technology well: Salaries aren’t high enough to compete for top tech talent, and dedicated civil servants (yes, there are many) have to navigate around unfireable incompetents. But if you want to fully understand the perverse incentives that the political system creates for people trying their best to give us what we want and need, read “Recoding America,” by Jennifer Pahlka, who founded the U.S. Digital Service during the Obama administration.
Advertisement
Americans are obsessed with making sure that no government employee, anywhere, ever gets away with anything on the taxpayer dime. So we’ve stripped away their discretion, laying out extraordinarily detailed procedures for every single thing they do — which many then hew to exactly, no matter how outdated the guidelines or absurd the results because they know that when anything does go wrong, they will be called to account by politicians who understand very little about their jobs. Their safest response when this happens is, “Look, I was following the letter of the law you guys wrote.”
Thus, procurement is a glacial process. Much of the technology we do buy doesn’t work as well as it should because it was selected to fit guidelines written years ago — often by well-meaning people who were mainly thinking about making politicians happy and keeping the inspector general at bay. Even when they’re trying hard, government technologists have to contend with the decades of accumulated bureaucratic cruft.
This system is fine for an agency that doesn’t want to do anything — which I guess describes the SEC in this case. But even the most hard-nosed libertarian sometimes wants the government to change with the times and make something happen, like, say, approve a bitcoin ETF. This can’t happen if every agency is mummified in red tape.
So though it’s fair to heap scorn on the SEC for its missteps — and yes, have some fun at its expense — don’t assume the best way to get things done is to have the Senate breathing down its neck. Just as likely, this will result in new guidelines that further ensure nothing ever happens again — at least, nothing we want. And that’s no laughing matter.
Share Comments
Popular opinions articles
HAND CURATED
- Opinion|Our true feelings about race and identity are revealed in six words January 11, 2024Opinion|Our true feelings about race and identity are revealed in six words January 11, 2024
- Opinion|Ron DeSantis and Nikki Haley have lost their way January 11, 2024Opinion|Ron DeSantis and Nikki Haley have lost their way January 11, 2024
- Opinion|Jack Smith’s case got stronger over the past monthJanuary 11, 2024Opinion|Jack Smith’s case got stronger over the past monthJanuary 11, 2024
View 3 more stories
Loading...
Last week’s hack of the Securities and Exchange Commission’s X account is a real-life metaphor so deliciously apt, so perfectly on the nose, it tells you almost all you need to know about the conundrums besetting modern regulators.
The hack involved the SEC’s then-pending decision on whether to approve exchange-traded funds that hold bitcoin. Fund managers have been trying to bring such funds to market, but the SEC has been dragging its feet for a decade — and not entirely without reason: As cryptocurrency markets evolved, they garnered an astonishing number of scams. Also, the main use for bitcoin seemed to be speculating on the future price of bitcoin.
A few years back, the SEC did allow ETFs based on bitcoin futures products; unlike crypto, futures markets are already highly regulated. But while the fuddy-duddies at the SEC might have thought this made the ETFs entirely different from just holding crypto, the U.S. Court of Appeals for the D.C. Circuit disagreed, issuing a ruling that made it hard for the agency to continue denying Americans our right to pointlessly speculate on high-tech monopoly money. After all, not everyone lives within walking distance of a casino.
All this set the stage for what happened last Tuesday, when the SEC’s account on X (formerly Twitter) said bitcoin ETFs had been approved. The price of bitcoin rose, only to recede minutes later when SEC Chair Gary Gensler hastily sent a message from his own account, saying that no, no, the SEC’s account had been compromised and bitcoin ETFs hadn’t yet been approved.
In an apparently unrelated incident the following day, some users reported seeing an approval go briefly live on the SEC site, before disappearing, presumably because someone had accidentally posted it too early. After the market closed, the approval went up again. Bitcoin ETFs were finally a reality.
The parables here are rich enough to mine forever: These events seemed to vindicate some wariness about moving our entire lives into the digital realm where they can so easily be hacked. But, then again, why should the bitcoin decision have been made by people who had apparently not — according to the safety team at X — bothered to enable a common security feature known as “two-factor authentication” on the SEC’s official account? For IT folks, this kind of basic precaution is, as security technologist Bruce Schneier put it, “kindergarten stuff.”
This looked particularly bad given that the SEC claims oversight of cybersecurity incidents in the private sector, and will probably not accept “I forgot” as an excuse if a company’s poor security results in market-moving hacks. (Further delicious detail: they had to reopen comment on one of those proposed rules because, uh, the internet comment form broke.) Also, it turns out that the government has been working for years on switching over to two-factor authentication. In September, the SEC issued an impressive-sounding progress memo that included a lot of meeting, establishing and implementing but not yet clicking the two-factor authentication checkbox in their social media security settings.
Which makes this not just a funny mini-scandal but also a story about how much worse the government is at technical things than the private sector it purports to oversee.
We’ve already heard many reasons the government struggles to do technology well: Salaries aren’t high enough to compete for top tech talent, and dedicated civil servants (yes, there are many) have to navigate around unfireable incompetents. But if you want to fully understand the perverse incentives that the political system creates for people trying their best to give us what we want and need, read “Recoding America,” by Jennifer Pahlka, who founded the U.S. Digital Service during the Obama administration.
Americans are obsessed with making sure that no government employee, anywhere, ever gets away with anything on the taxpayer dime. So we’ve stripped away their discretion, laying out extraordinarily detailed procedures for every single thing they do — which many then hew to exactly, no matter how outdated the guidelines or absurd the results because they know that when anything does go wrong, they will be called to account by politicians who understand very little about their jobs. Their safest response when this happens is, “Look, I was following the letter of the law you guys wrote.”
Thus, procurement is a glacial process. Much of the technology we do buy doesn’t work as well as it should because it was selected to fit guidelines written years ago — often by well-meaning people who were mainly thinking about making politicians happy and keeping the inspector general at bay. Even when they’re trying hard, government technologists have to contend with the decades of accumulated bureaucratic cruft.
This system is fine for an agency that doesn’t want to do anything — which I guess describes the SEC in this case. But even the most hard-nosed libertarian sometimes wants the government to change with the times and make something happen, like, say, approve a bitcoin ETF. This can’t happen if every agency is mummified in red tape.
So though it’s fair to heap scorn on the SEC for its missteps — and yes, have some fun at its expense — don’t assume the best way to get things done is to have the Senate breathing down its neck. Just as likely, this will result in new guidelines that further ensure nothing ever happens again — at least, nothing we want. And that’s no laughing matter.
login
who are we?
contact us
qosheapp
Toi Staff
Gideon Levy
Belen Fernandez
Andrew Mitrovica
Mort Laitner
Nikkei Editorial
Rami G Khouri
Ali Fathollah-Nejad
visit website
