As the financial crisis wreaked havoc on America's economy in October 2008, billionaire investor Warren Buffett made a wise observation about Fannie Mae and Freddie Mac — the two institutions at the center of the crash — and the regulatory agency that oversaw them at that time.
"It's really an incredible case study in regulation," Buffett said. "[T]he sole job of OFHEO was to watch over Fannie and Freddie. ... Two companies were all they had to regulate. OFHEO has over 200 employees now. They have a budget now that's $65 million a year, and all they have to do is look at two companies."
Of course, the catastrophic failure of the two tightly-regulated, government-sponsored enterprises is now the stuff of financial legend. Buffett's point stands as a nice antidote to the myth that tight government control can prevent most anything from going wrong. And as Fannie and Freddie were government enterprises, it also shows how government not only fails to prevent catastrophe, but often creates it or makes it possible.
On Tuesday, the Internal Revenue Service announced that about 100,000 taxpayers had had their personal data stolen from one of the agency's systems. As the Washington Examiner's Sarah Westwood reported Wednesday, this theft comes after years of warnings from the Treasury Department's inspector general about identity theft, which already costs the agency more than $5 billion each year, and which the agency remains incapable of preventing. No one expects the Internal Revenue Service — the supposedly wise guardian of millions of Americans' most private financial data — to be a leaky sieve for identity thieves to exploit. But it is.
Historically, fraudsters have exploited the tax-filing process by claiming the tax refunds of others. The IRS, ever quick to pounce taxpayers for innocent errors, is notoriously slow in dealing with such situations once they have been identified — according to the Government Accountability Office, it can take up to nine months in resolving them. And as the inspector general noted in 2012, the agency has no idea how many identity thieves exploit their processes to make bank.
In the immediate case, the IRS suffered from a breach of personal data, which apparently originated in Russia. Such hacking does take place, but unlike with Target and other private companies that suffer data breaches, Americans have no choice about whether to share their information with the IRS.
For millions, this is also true of the state and federal Obamacare exchanges. New mandates now require Americans to purchase insurance and providers and insurers to keep electronic records. This means government has put many more Americans' intimate personal data at risk today than just a few years ago. State exchanges in Minnesota, Vermont and Connecticut are known to have been compromised, as has the federal healthcare.gov system. In fact, security for healthcare.gov was so primitive at launch that anyone who knew how to construct a URL correctly could access complete strangers' health and income information.
The IRS's foibles this week show once again that Americans today are, more than ever before, at the mercy of government's competence in matters of self-regulation and information technology. That is never a good place to be.
Let's change the status quo. An Article V Convention of States can shrink the bureaucratic web in Washington, making it more efficient and more accountable to the will of the people.