[UPDATE: As of March 20, the errors described below have been corrected.]
TIME released this article ([archive link]) today, quoting me and others about the cybersecurity risks in what DOGE Is doing throughout the federal government. Unfortunately, the article contains several errors, including a significant misquote attributed to me which misrepresents what I told the author of the article and speciously maligns the Department of Veterans Affairs.
That error, the most significant one I found in the piece, is here (emphasis added by me):
The department also collects medical data, social security numbers, and the names of relatives and caregivers, says Kamens, who says he was the only federal employee at the agency with an engineering technical background working on cybersecurity.
In fact, what I told the author is that I was the only federal employee with an engineering technical background overseeing cybersecurity for VA.gov. There are certainly other federal employees with an engineering technical background working on cybersecurity in other parts of the VA, and I never said otherwise.
This statement attributed to me is also inaccurate:
Kamens says he was hired in 2023 to improve “several specific security issues” for the site, which he declined to name due to confidentiality reasons.
I told the author that I was hired in 2023 to oversee cybersecurity for VA.gov in general, not merely to improve several specific security issues. When I got there I identified several specific specific issues which I was in the process of overseeing the resolution of when I was fired. The implication in the article that I was only hired to improve those specific issues is inaccurate.
In addition to these substantive errors in the content of the article, I noticed other, minor errors:
- There is something missing from the sentence, “Kamens notes that scammers often use personal information, such as an individual’s bank or hospital, in order to convince them they’re a trusted person.” Perhaps the author meant to write, “…such as an individual’s bank or hospital records“?
- A reference in the article to “privacy sector” should read “private sector.”
- In that same paragraph, a reference in the article to “cybersecurity officials” should read “cybersecurity professionals.”
Not an error per se, but a curious omission: the author of the article asked me for my response to how the VA press secretary dismissed my concerns, but he did not include my response in the article.
I have notified the author about the errors (but not the omission, for which, being an editorial decision, I do not believe it is my place to demand a correction), and he says he will correct them, so I hope by the time you read this he will have already done so.
It is worth noting that of all the articles that have been published about my firing by DOGE from USDS and VA, this is the first one which contained errors I needed to correct.
