Your Tax Dollars At Work: Identity Theft

The Washington Post reports another data snafu at a government agency:

More than 1,100 laptop computers have vanished [poof!] from the Department of Commerce since 2001, including nearly 250 from the Census Bureau containing such personal information as names, incomes and Social Security numbers, federal officials said yesterday.

This disclosure by the department came in response to a request by the House Committee on Government Reform, which this summer asked 17 federal departments to detail any loss of computers holding sensitive personal information.

Of the 10 departments that have responded, the losses at Commerce are “by far the most egregious,” said David Marin, staff director for the committee. He added that the silence of the remaining seven departments could reflect their reluctance to reveal problems of similar magnitude. [my emphasis]

This doesn’t really surprise me. No one likes their dirty laundry aired in public. I wonder whether congress will follow up on this?

Although I’d love to point fingers and say “na, na, naaa, na, na,” I really can’t blame anyone for this. Too few people realize how important the information on a laptop really is. With the explosion of easily transported electronic devices, information that used to fit in a warehouse can now be transported in your pocket. Public consciousness hasn’t keep up with developments. The sensitivity of the information isn’t something you can keep drumming into people. They either get it or not.

At some point laptops started being the Computer De Jour for anyone wearing a suit and tie (or a nicely pressed business outfit with classy accessories). According to my experience, anyone with enough clout can run roughshod over security issues, at least for someone in the Census Bureau and not in Homeland Security. The DHS has stringent computer controls! (Or maybe not?) But if you have a laptop, you take it with you. And sometimes laptops get stolen. No rocket science here people.

The only real solution here will probably involve hardware supported data encryption. The data encryption needs to be both code to the individual and absolutely transparent to the user. No extra installation, no extra hassle. If anything the computer has to be easier to use with encryption than without. This might take the form of biometric data (fingerprint scanning?) coupled with a direct encrypt/decrypt chip between the hard drive and the rest of the computer.

The problem is that if there is no standard for the hardware, no system will be supported widely enough to be worth implementing. And US government can’t implement a standard because that’s in a hands-off legal area. (Or at least a hands-off political area)

But if I had my druthers, that’s where I’d want my tax dollars going. And not my information into the hands of thieves.

%d bloggers like this: