Stop making sense.

One tricky bit about requiring disclosure of incidents of theft or loss of confidential personal information is that the public announcement of the event may itself lead to more identity theft. Usually someone stealing luggage or burglarizing a house has no idea the laptop they're taking contains valuable data -- they're only stealing it for the value of the computer itself. But if there's a news story about it, suddenly it's more likely that the data will be discovered and find its way to people who will misuse it.

That said, I don't know what the solution is, since we certainly don't want to go back to the days when companies routinely mishandled data, lost it, and said nothing about it.

That said, I wonder just how genuine Congress's outrage really is?

Acting!

Thanks for pointing this out, Mr. Drum. After all, this info isn't really likely to inflict inconvenience or harm until it's sent off to the financial industry.

A suggestion for an investigative crusade: I wonder if anybody has any idea of the number of people who've been denied jobs because of identity theft? I think it's got to be much higher than anybody suspects, simply because no prospective employer is going to admit that they refused to hire somebody because of a damning credit report. And the info brokers are insinuating themselves further into the hiring process all the time: Recently I looked into for a moonlighting gig at a coffee house (not Starbucks), and the only way one could apply was through a corporate web site run by the good people of ChoicePoint.

I sure hope the FBI is looking into this analysts finances........he's had 3 good long years to do whatever! Imagine if a smuggler/coyote got ahold of this.......presto!

Americablog has a post where the VA info stolen can unlock doors....embassies, military bases......wow.
I most certainly hope heads will roll on this and not business as usual.

CIA, VA = FEMA'd!

I sure hope the FBI is looking into this analysts finances........he's had 3 good long years to do whatever! Imagine if a smuggler/coyote got ahold of this.......presto!

The guy should be canned for severe negligence. Why on earth did he need to take home an image of a live database with 20 million+ confidential records?

I wonder how genuine Congress's outrage really is?

It's an election year. Symbolic populist issues are needed - you can pander to idiots while not actually doing anything to piss off your contributors. Hence, the "illegal alian crisis", the spectacle of Republicans decrying oil company profits!!!....

Coming soon, a flag-burning amendment which requires lazy gay welfare recipients to get a job!

Why on earth did he need to take home an image of a live database with 20 million+ confidential records?

To impress geek chicks, obviously.

Really the involuntary collection of personal information needs to stop. My personal information should belong to me, if I choose to have Equifax keep my credit file they should have to ask my permission. If they're not doing a good job then I can tell them they don't get my records anymore. If I want to hole up in a cabin and not allow anyone to keep info on me, then that should be my right as well.

Coming soon, a flag-burning amendment which requires lazy gay welfare recipients to get a job!

Lazy gay Spanish singing welfare recipients, you mean....

And don't forget, the election will be held right around the time that the annual War on Thanksgiving cranks up.

Okay, I suppose this puts me in tin-foil-hat territory, but...the idea that someone, for murky reasons, would take these files home for a night, and on THAT VERY NIGHT be burglarized of them (because we know, if there's one thing burglars grab first, it's computer files)... Is no one suspicious of this whole set of events?

Compare this to the FBI files thing, which went right to the special prosecutor (and, like everything else he got, went no place but innuendo-land).

This whole thing is a staged scam.

The upshot is;
1. The spammers who were tipped off about the information, and burgled it, will make tons of money selling these vets' information to supplementary health insurance providers.

2. Congress will get to make noise about protecting our personal information better, and end up passing laws with loopholes that their special freinds (and no one else) can use.

Every consumer currently has the right to make it so that instant credit can't be opened in their name. I have that set on my account; all it took was filing with the three credit agencies. That's my choice, although it's caused me some inconvenience in the past. Why, however, should my preference take away the choice from everybody else?

Sometimes, even in a democracy, you get exactly the kind of government you voted for.

And of course, when they "reformed" bankruptcy, all these "outraged Congressmen" all voted to kill an amendment that would allow a victim of identity theft to have access to the old-fashioned kind of bankruptcy protection. The credit card companies weren't about to have anyone get away from their trained attack dogs and miss squeezing a single penny.

Oh, for the good old days of an oak tree and a rope for dealing with these kinds of criminals.

Let's see, we have faux outrage which is sure to win the hearts and minds of a portion of gullible voters and we have genuine action which would offend the campaign contributors. Hmmm...what to do, what to do...

The fact that any employee could download records onto a disc and take them home is mind-boggling. Every record should be stamped every time it is accessed. Exporting of data should be limited to only those who absolutely need to do it.

This isn't brain surgery, it's laziness (and being cheap). Am I the only guy who has a problem with the fact that this guy's house "happened" to get robbed when he "happened" to have a disc full of records in his house, and the burglers "happened" to come upon the disc and "happened" to decide it was important enough to steal?

This whole thing reeks of an inside job.

If somebody got hold of Congressional members social security numbers and birthdates and stole a couple of their identities, you could be fairly certain Congress would do something about it. The caveat is, the culprit would have to pretend to be Rick Santorum.

I don't know what all this huffing and puffing is about, I just got my new Kevin Drum Visa in the mail and I have some spending to do.

American Hawk:

Simple compromise. "Instant credit" would still be available, but each individual would have to switch to "instant credit" status himself. This would effectively reverse the default status to what Kevin describes.

Good idea, huh? Or do you still plan on shilling for the credit industry?

Okay, I suppose this puts me in tin-foil-hat territory, but...the idea that someone, for murky reasons, would take these files home for a night, and on THAT VERY NIGHT be burglarized of them (because we know, if there's one thing burglars grab first, it's computer files)... Is no one suspicious of this whole set of events?

Well, it turns out that the guy had been taking a laptop home for three years. So one could argue that it's a bit of a surprise that it didn't happen sooner.

The fact that any employee could download records onto a disc and take them home is mind-boggling. Every record should be stamped every time it is accessed. Exporting of data should be limited to only those who absolutely need to do it.

That's a lot easier said than done. For instance, I'm guessing that few organizations even imagined devices like multi-gigabyte keychain memories when they designed their systems. I just think it's egregious that this particular analyst has been casually taking a laptop back and forth to work.

Keptsimple-- This is a simple freedom of contract problem. The default preference should be for more freedom of contract, not less. If people choose to restrict their own freedom of contract, that's their right, but it shouldn't be forced on them. Anything else is simple nanny state-ism; freezing your credit account takes about five minutes.

This isn't brain surgery, it's laziness (and being cheap). Am I the only guy who has a problem with the fact that this guy's house "happened" to get robbed when he "happened" to have a disc full of records in his house, and the burglers "happened" to come upon the disc and "happened" to decide it was important enough to steal?

I believe the thieves stole the laptop computer with the computer disk inside.

If somebody got hold of Congressional members social security numbers and birthdates and stole a couple of their identities, you could be fairly certain Congress would do something about it.

Credit Reporting Companies have special rules and treatment for congresscritters. Their records are maintained by a highly trained analyst who does not let any bad information sully their files (even information that is correct). Congresscritters get their calls get answered immediately and any erroneous information in their file is immediately deleted with a personal letter of apology from the company President.

Pay the veterans what we own them, say thank you and erase their data. Don't trust the veterans with their own money? Put it into a long term bank account, then say thanks you and erase their data.

Every consumer currently has the right to make it so that instant credit can't be opened in their name.

False. Kevin has explained this before:

Credit Freeze
Identity Theft
Identity Theft
Congress and Credit Freezes

Biff-- That deals with the separate issue of a credit freeze. I was talking about a fraud alert, which the article linked in your first Drum link talks about.

Pay the veterans what we own them, say thank you and erase their data. Don't trust the veterans with their own money? Put it into a long term bank account, then say thanks you and erase their data.

Uh, right. Take the guy who's mind is damaged by the head wound he suffered, hand him a check, pat him on the back and say, "Spend it wisely, now, because our obligation to you is over." Good thinking, there.

Oops, that was supposed to be "whose mind", not "who's mind".

I agree with sglover. We also give VA benefits until death. It's probably a good idea to have a record of who is eligible and who isn't. "You want the mortgage loan you're entitled to? But you're not in our computer!!!". That's seriously a scorched earth solution to a minor problem.

What are the odds that someone just happened to break into the home of the guy who had the disk in his possession. Tin foil hat time! Someone paid him for the inof.

Does anybody know if the Federal Government has universal standards for data security? I know that standards aren't universally applied - Republicans were able to steal data from Democrats a few years back because the Democrats didn't properly secure their shared volume.

Every company that traffics in information has come up with solutions for this - or bought into what the market has come up with.

But the Federal Government dwarfs any single company in the country - and whatever guidelines they come up with ought to be freely available. It seems like an obvious economy of scale.

The veterans involved were those discharged post 1976 as I read

And, as has already been mentioned, this person had been taking these kind of files home for a couple of years which, IMO, is plenty of time for certain types of people to find out and setup a illegal entry to snatch the computer

More to this than meets the eye for sure (election year ya know...)

"...The growth of state power is neither a caprice of history nor the fruit of "paganism." It is the consequence of the community's effort to protect itself against irresponsible economic power." - Reinhold Niebuhr

Saam Barrager >"...the Federal Government dwarfs any single company in the country - and whatever guidelines they come up with ought to be freely available..."

I believe that would be the Federal Information Processing Standards set of rules (FIPS)

"Everything burns but paper don`t crash" - jimfl@tensegrity.net

From the story, him taking his information home is a routine thing. And yeah, when a house is broken into, often times the laptop is the first to go.

The real questions is WHY the employee was taking home such sensitive data. More than likely, it's because the employee was feeling pressure at work to do more than is reasonable in a 40-hour work week.

The real questions is WHY the employee was taking home such sensitive data. More than likely, it's because the employee was feeling pressure at work to do more than is reasonable in a 40-hour work week.

Unlikely. As a government employee, he was unionized. Unless he molested a kid at work, he practically can't be fired. It's far more likely he was bringing the laptop home for personal reasons.

"We also give VA benefits until death. "

I knew it, American Hawk, a socialist.

Compute their long term benefits into cash. Add in the amount they need for head wounds or drug addiction or sad war stories. Add it all up. Put it into a bank account if we believe our veterans are stupid idiots.

American Hawk, like Frequently Ken and the rest of the marxist Republican bozos, suddenly socialism is a great idea if it is their people! Only their special people are goddamned stupid idiots that need paternalism, and according to them it's not socialism until some other group of jackasses has another group of special people who want government paternalism.

I am telling you guys, big government conservatives, paternalistic liberals, same shit different wrappings.

Unlikely. As a government employee, he was unionized. Unless he molested a kid at work, he practically can't be fired. It's far more likely he was bringing the laptop home for personal reasons.

Oh, bullshit. I work for the Feds, and in my organization we (as in, everyone) undergo semi-annual data security refresher training. Said training makes quite clear that violating the rules can result in termination. Of course, there's a process of investigation, fact-finding, and so on. But your "he's in a union, he can't be fired" equation is your own ignorance talking.

Compute their long term benefits into cash. Add in the amount they need for head wounds or drug addiction or sad war stories. Add it all up. Put it into a bank account if we believe our veterans are stupid idiots.

Have you ever known anyone who was mangled, truly mangled, by his wartime service? Do you have any idea of the kind and duration of care that some of these guys require? The tone of your remarks strongly suggests that the answer to both is "no". Maybe you should get a little more life experience, before you trot out "solutions" that are so thoughtless and divorced from reality.

Compute their long term benefits into cash. Add in the amount they need for head wounds or drug addiction or sad war stories. Add it all up. Put it into a bank account if we believe our veterans are stupid idiots.

Each veteran signed a contract that offered him or her the benefits, instead of cash. Obviously, the government should live up to its contractual obligations (although whether it HAS to is an interesting question, albeit not one really germane to this thread). It would be wrong to simply force a cash settlement. Are you on crack?

sglover: Oh, bullshit. I work for the Feds, and in my organization we (as in, everyone) undergo semi-annual data security refresher training. Said training makes quite clear that violating the rules can result in termination. Of course, there's a process of investigation, fact-finding, and so on. But your "he's in a union, he can't be fired" equation is your own ignorance talking.

Uh huh. How often do y'all take laptops home to work away from the office? And when's the last time somebody in your organization actually was fired for negligent data security practices?

How often do y'all take laptops home to work away from the office? And when's the last time somebody in your organization actually was fired for negligent data security practices?

In my branch, about, oh, never. We do have people who work in the field, who need to take laptops with them to conduct surveys and such, but they're only supposed to carry software and data relevant to the specific task. The organization I work in has a tradition of maintaining confidentiality that predates -- by decades -- the widespread adoption of computers. We take it seriously.

I've known several people whose identities were stolen. The ability of theives and fraudsters to make this a profitable black market business is directly a result of the lax controls of the reporting industry.

We need the default to be more, not less, privacy, and more control over our own personal information. The only constitutional amendment that should be under discussion right now is one guaranteeing the privacy of individual citizens. From corporate intrusion into our finances to government intrusion into our personal choices, there is just way too much mucking around in personal affairs by entities with NO right to know.

Anyone who is a true conservative understands this.

fercryinoutloud

And when's the last time somebody in your organization actually was fired for negligent data security practices?

Well, considering that no one ever gets fired in this administration no matter how colossal the fuckup, it wouldn't be surprising that he won't lose his job. In fact, had he had on his laptop a few other sensitive databases, he might be in line to get a Presidential Medal of Freedom.

The issue isn"t just run of the mill ID Theft. Steal my ID and you can buy yourself a big screen TV (not even plama!) and that's about it. Steal a military ID, retired or not, and you have access to military bases that the average schmoe doesn't. Seems to me this is a much bigger issue than everyone has made it to be so far.

As a former VA employee who worked with sensitive medical information I want to clarify something. The VA has a very strict data security policy. Employees are never to look at data on personal computers. I have worked for state government and in the private sector and the VA has the strictest data security I have seen. That said, we are dealing with human beings and whatever it was -- he was in a rush, laziness, etc.-- the guy made a serious error. This analyst did sign something stating he would not do exactly what he did.

Then again, if the VA "loses" the ID information on millions of vets, then that's millions of vets to whom they can give the runaround when it comes time to paying benefits.

Sounds like a very Republican cost-savings measure to me.

Today my wife and I went down to Manhattan Civil Court to find out if we are being sued for a debt we did not incur, and by whom and for what. We received a letter from an attorney offering to help us fight off a company called Credigy, although we have never been notified of any lawsuit. It turns out that after my wife left a Fortune 100 company where she was a SVP a year and half ago, somebody applied for a credit card with Capitol One in her name and used her office address, although she turned in her corporate ID and has never been back into the building, so could not have picked up the card, and no mail has been forwarded. Turns out the recipient of the card (mailroom or nearby office occupant?) used the card for cash advances to receive $3K or more, and the bills were always sent back to Capitol One as no such person (the ex-employer might have tried forwarding them, but then my wife would have known about the fraudulent card). She knew nothing about the card or debt, so in March this year she got a call on her cell phone from a debt collection attorney, and after several conversations with them and Capitol One, received and filled out documents and an affidavit saying she was not the applicant nor recipient nor user of the card. She also contacted all 3 credit reporting agencies and had a notation made about the false card, which interestingly was not on her credit reports. Case closed, rightZ? Wrong.
The attorneys/collection firm then used the information on the affidavit, etc. to file a lawsuit for debt collection of over $3K just a day or two after they received back the signed affadavit, using the information with her correct address, etc. to file the lawsuit - despite telling her that it would end the collection effort. But they never bothered to serve her with any notice of this lawsuit; the letter from the ambulance chasing attorney offering to represent us in the lawsuit that had been filed was the only way we knew it had been filed and that the sleazy attorneys were still pursuing collection, even though they understood she was not responsible and had responded quickly and responsibly to address the false claim in March.

In summation: Capitol One issued a card without any verification of who really was the recipient. Her ex-emplyer has crooks in the mailroom, or her former high level unit. The collection attorneys used deceit to trick her into getting her home address, and know damned well from her letter, etc. that it is a stolen identity. Capitol One never contacted her to ask if it was a case of identity fraud, and sold the receivable to a sleazy collection firm. They also wrote it off, and this morning told her it was a closed case. This afternoon we determined that a lawsuit had been filed in March. And the attorney who wanted to help us fight them, and brought it to our awareness, showed no further interest once we said we didn't want to declare bankruptcy (we actually are quite well off). So we are a nation of thieves, knaves, sleazebags, liars, and victims, and now have a court date in December 2006 as we countersued for a nice sum while we were at the Civil Court building. We also are going to file an ethics and professional misbehavior complaint with the New York Bar Association, and copy Elliot Spitzer's office, as well as talk to some friends at the Wall Street Journal about doing a story on this tragedy because our Congress has determined that national security does not include our finacial well being.
PS - The Court clerk said that she deals with similar behavior all day long and that they usually use a very weak form of service (taping it to your door or sending in a junkmail type envelope), so people do not respond and then the collection people get a summary judgement and garnishment of wages for the entire amount plus collection/attorneys fees. America? what a farce!

I'm also work for a federal data agency (not the VA). This violation at the VA is something that we are very seriously concerned about. The quality of the data collected to produce many economic statistics and research used to guide monetary policy and policy actions depends greatly on the trust survey responders have that their information will be kept confidential. I'd like to add a comment to those already provided by sglover and the VA data analyst above:

This VA analyst is probably not just going to lose his job, he is probably going to jail. I don't work for the VA, but the vows to protect data across agencies are similar, and a much more minor infraction than this has a jail sentence of 5 years at my agency, in addition to a hefty fine.

Data confidentiality is something federal agencies take very seriously. Numerous protections shield SSNs and any other person/firm identifying information from anyone who does not need to access that information as part of their job. This includes using pseudo identifiers and stripping data of all such information for data analysis. Numerous IT security controls protect the data from unauthorized access. That said, some analysts do require access to such data to do their job, and like all other federal employees, they take a vow not to ever -- accidentally or intentionally -- reveal information about a respondent to a third party. These vows are reinforced in annual trainings and enforced with fines and jail penalties as I described above. This analyst broke the law, and has seriously endangered the public's faith in the federal statistical system.

On a lighter note, you can probably remove your tinfoil hats - property crime in DC is very high, and almost everyone I know has had at least one laptop stolen from their home/car/self. I had a bike stolen last year while it was chained outside a police station. In my gentified DC neighborhood, you can expect to be mugged at least once every few years.

The thing I don't get, as a 20-year IT guy, is why 27 million SSNs were available ANYwhere.

The simplest of security measures requires that sensitive data never be easily viewable, even to the techno-geeks who control access to it.

When given, the quality and quantity of access must be limited to the specific tasks assigned to the person, with the sensitive elements (like SSNs, user IDs, passwords) anonymized, encrypted, and/or password-protected to ensure it is useless to everyone other than its intended audience.

Why do these 26+ million records exist in readable form anywhere? At any time? Available to anyone?

Another of many reasons to never belong to the military. The neocons use you for cannon fodder to amass corporate wealth in trumped up wars to increase their cronies profits but then allow your identity to be compromised while limiting your rights to straighten it out or file for bankruptcy. Republican congressmen represent corporations and not citizens or veterans. Cheney and Limbaugh knew: stay away from the military.

"his is a simple freedom of contract problem. The default preference should be for more freedom of contract, not less. If people choose to restrict their own freedom of contract, that's their right, but it shouldn't be forced on them. Anything else is simple nanny state-ism; freezing your credit account takes about five minutes."

Thats one way of looking at it. Here's another:

"This is a simple security problem. The default preference should be for more security, not less. If people choose to dispense with their own security, that's their right, but it shouldn't be forced on them. Anything else is simple big-brotherism; freezing your credit account is currently impossible".

和弦铃声下载 手机铃声免费下载 手机铃声下载 手机铃声下载 mp3铃声下载 下载手机铃声 三星手机铃声 手机铃声 免费铃声下载 铃声下载免费 搞笑铃声下载 搞笑免费铃声 铃声下载免费 搞笑下载铃声 下载铃声 三星铃声 免费铃声下载 MP3铃声下载 手机铃声下载 手机铃声下载 手机铃声 MP3铃声下载 手机铃声下载 免费铃声下载 免费铃声下载 搞笑免费铃声 免费铃声下载 手机铃声 mp3铃声下载 免费铃声下载 下载铃声 mp3手机铃声 三星铃声下载 免费手机铃声下载 手机铃声下载 手机铃声下载 免费铃声下载 搞笑手机铃声 手机铃声免费下载免费铃声下载 铃声下载免费 手机铃声下载 免费铃声下载 免费铃声下载 手机铃声 手机铃声下载 免费手机铃声下载 和弦特效铃声下载 文秘写作 竞聘演讲稿 个人工作总结 八荣八耻演讲稿 中国文秘网 治疗牛皮癣,阴虱特效药 免费歌曲铃声下载 免费手机铃声下载 免费铃声下载 mp3铃声下载 免费手机铃声下载 手机铃声下载 免费铃声下载 手机铃声下载 免费铃声下载 手机铃声下载 手机铃声下载 mp3手机铃声 免费手机铃声下载 免费铃声下载 免费铃声 手机铃声下载 手机铃声下载 免费铃声下载 搞笑铃声 免费手机铃声 免费铃声免费铃声下载 mp3手机铃声 mp3铃声下载 免费铃声 手机铃声免费下载 mp3铃声 免费手机铃声下载 免费手机铃声下载 手机铃声 手机铃声 免费铃声下载 手机mmf铃声下载mp3手机铃声 手机铃声 手机铃声免费下载 铃声下载 免费铃声 手机铃声下载 免费手机铃声免费铃声 免费手机铃声 mp3铃声 mp3铃声下载 免费铃声

The guy should be canned for severe negligence.

This violates existing VA rules, so it is more than negligence. When I worked in the VA we were regularly warned not to do this, and took computer courses reminding us of the regulations.

The guy should be canned.

"The thing I don't get, as a 20-year IT guy, is why 27 million SSNs were available ANYwhere?"

This gets to the heart of the matter. The reason that SSNs a interlaced all throughout databases, is that corporations/governments etc adopted it as a defacto identifier for employees customers etc, years ago.

Those talking about computer security issues don't understand a couple of items. 1) Database security is a different beast, and is controlled (if at all) by values that must be programmed in, and almost universally are not. 2) The only platform on which access control was ever much practiced was on mainframes.

I can almost guarantee that the person who had this database on a PC was a finance person, who did not need the SSN data for ANY REASON WHATEVER, but who merely copied a copy of a database down to a PC. At minimum, it should have been encrypted, but the bigger issue, is why do organizations allow these types of analysts to access this level of info at all? The reason is decentralization of IT, and the "tablebanger" syndrome.

The notion that most organizations practice access control to actual resources (files, databases etc) is laughable. At best, they do access to servers.

Draconian policies are also mostly a joke. Most large organizations save up their hit lists of people for generalized RIFS (reductions in Force), since it avoids all the HR hassles.

Putting a nice sizeable price tag, liability for credit losses, and responsibility for credit restoration on the organization that lost the data might begin to get the attention of the data custodians, but there is no quick solution to decades of bad practices.

You ALL miss the point. The guy ILLEGALLY took home information so he could TRY to do his job. I've know hundreds of Government employees who have done the same. Yes, those I knew weren't taking data this sensitive. It was usually stuff you civilians wouldn't even be able to read without an extensive training class. None the less. Government employees at the VA are massively overworked, underpaid, and charged with the awesome responsibility of assisting Veterans of all wars now that Bush and company would ignore them. VA funds keep getting "left out" of GW's spending plans. Yes, the guy will probably go to jail. GW, who expects him to do a job any company probably has a whole team working on, won't.