Reacting to a [flagged]: This is on-topic for HN, since it involves someone discussing how they plan to re-architect huge software systems and design new features... Even if they are terrible choices that could also break some laws.<p>One of the examples in the article may sound familiar to those of us at larger-companies. Imagine an <i>authentication</i> service, with nice clear boundaries between it and the other systems and subsidiary-companies users are traveling to. Those other systems each possess their own different teams and problem-domains, including business-logic around permissions and privacy. Some of those differences may be hard-requirements. (In the case of government, from actual laws that enable the organization.)<p>However Some Executive wants the authentication system to be twisted into a master person-info database, aggregating sensitive private information from all of the other ones, in the name of "preventing fraud." Exactly what kind of fraud it would prevent or why the cross-domain expertise should be coded <i>in there</i> is not examined.<p>So that's the login.gov thing. Even this excerpt of the meeting is feels depressingly familiar to me, a situation where some new manager is desperately trying to leave their stamp on things with a New Initiative that will justify further promotions:<p>> “I think we were on the topic of login aggregating data. It's an illegal task,” the employee question, which was read aloud by a woman facilitating the meeting, said. “The Privacy Act forbids agencies sharing personal information without consent.”<p>> “The idea would be that folks would give consent to help with the login flow,” Shedd said. “But again, that's an example of something that we have a vision, that needs worked on, and needs clarified. And if we hit a roadblock, then we hit a roadblock. But we still should push forward and see what we can do.”