Skip to content

Ernst Exposes SBA’s Lack of IT Security as the Agency Pursues AI Technology

SBA’s IT security failures pose a direct threat to the safety of Americans’ personally identifiable information.

SBA has publicly touted its “artificial intelligence tools” yet continues to report that it has not used AI.

WASHINGTON – U.S. Senator Joni Ernst (R-Iowa), Ranking Member of the Senate Small Business Committee, is exposing Biden’s Small Business Administration (SBA) for pursuing costly Artificial Intelligence (AI) technology while many SBA offices and programs lack even basic internet technology (IT) security, putting Americans’ personal information at risk.

The SBA has mainly used its $22 million IT Working Capital Fund (IT WCF) to prioritize pet projects that support questionable policy changes and AI, while the agency as a whole continues to fail federal IT standards and has significant security risks in its systems. Additionally, the SBA has not complied with an executive order that directs federal agencies to list where and how they use AI.

To get answers and accountability, Ernst is calling on SBA Administrator Guzman to provide a full accounting of how SBA is making investments from their IT Working Capital Fund budget. 

She wrote, “It is vital the SBA use its IT WCF for authorized purposes only and make appropriate investments to modernize IT infrastructure throughout the agency. The SBA has not done so, reportedly spending significant funds on IT projects within some divisions, such as the Office of Capital Access, even as other offices appear to lack the capacity to perform basic IT functions, like importing data from Excel spreadsheets.

“Specifically, SBA was cited as having ineffective management when it came to risk, supply chain risk, IT configurations, and identity and access policies. It also had ineffective data protection and privacy, security training for personnel, information security continuous monitoring capabilities, and contingency planning. 

“The SBA needs to do better, especially given the fact that thousands of Social Security Numbers were used to commit fraud and identity theft in the Paycheck Protection Program (PPP) and COVID-19 Economic Injury Disaster Loan (COVID-19 EIDL) programs.

“Additionally, the SBA has not complied with Executive Order (EO) 13960, Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government, which directs federal agencies to list where and how they use AI. The SBA has touted its ‘artificial intelligence tools for fraud review on all loans in the 7(a) and 504 Loan Programs,’ ‘sophisticated automated reviews,’ ‘advanced data analytics,’ ‘machine learning functionality,’ and ‘artificial intelligence and machine learning solutions.’ The SBA also launched an updated Lender Match tool that verifies borrowers and screens for fraud. In a recent interview, you stated that the SBA has embraced AI. Despite this, the SBA has not been transparent and reports that it has not used AI.”

Read the letter here.