I don’t know the in’s and out’s of OMB decrees on the Federal government, but from this story, it looks like Federal government is doing a good job at addressing security concerned and data leakage. There can always be something better, but even these steps are more than I’d expect, that is, nothing.
While I certainly applaud action like this, I still maintain that the core problem is that an identity thief can screw your life over if he has your name, SSN, and other information that I’d expect to be “public.” That is, the problem with The System is not that baddies can get ahold of that information, but that they need only that information to do bad things.
On the other hand, we clearly favor a good enough approach to security for the efficiencies and speed of transactions it provides: sliding a credit card it better than writing out a check. The end result, as I mentioned last time on this topic, is the unspoken agreement that we favor the group’s ease over the individual: we profit in aggregate from crappy security, but individuals who get hacked have to go through months, if no years, of hassle.
On another note, thinking back on the hyped up drug-scares of the 80’s and the red hunting of the 50’s, do we actually know if all those lost laptops are having a huge, negative impact? I assume they are, but you know what they say about assuming.
Update: for example, on the latest infamous laptop theft:
A preliminary investigation by FBI officials suggests that data [from the stolen VA laptop] has not been accessed since the laptop was stolen, easing fears that the exposed data might have fallen into the hands of identity thieves. As Reg readers have pointed out that still leaves the possibility that a forensics savvy data thief might have lifted the data. No incidents of ID theft linked to the theft have been reported at of yet, cause for cautious optimism that the whole security flap was simply (as it first) appeared a random burglary.
Hmmm. If industry analysts not only described the problem space in abstract terms but actually championed the creation of open source solutions to address this space, then the world would be a better place.
One of the things that could help is the notion of data masking. Another is an open source full disk encryption software which no one is currently working on.
Any thoughts on how analysts can help in the creation?
You’re right on about an open source disk encrypter. I take it you’ve looked and not found any?
Everyone talks about solutions to the problem *after* the laptop has been stolen, no-one really talks much about stopping the theft in the first place. I'd rather avoid having my laptop stolen than have to reconfigure a new one and reload my backed up data, which is why I use a Pacsafe bag from http://www.pacsafe.com