Following your organization's data security practices is not immoral. To me, refusing to accept a PDF is no different than running a cash only store and refusing to accept credit cards as payment.
And how long would that store stay open with such a policy? That's the problem. The government has less competency than small businesses with 5 employees. And not just a bit less, a lot less. Its hard to believe it is just the bureaucrats. I think the leaders of those parts of the government didn't get their posts from merit. And they have no idea just how bad they are at their jobs. It also is probably a bit of too many cooks in the kitchen too.
> The government has less competency than small businesses with 5 employees. And not just a bit less, a lot less.
The US government manages a more diverse array of problems (critical, life and death problems) than any other US organization (and probably more than any other org in the world). Amazon has only a tiny fraction of the competence of the US government and is not nearly as reliable. Remember the last time a significant portion of the social security system went down? I can't, but I can remember the last time AWS went down.