Census Bureau Loses Hundreds of Laptops

Billosaur writes "According to CNN, The U.S. Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau. According to Commerce Secretary Carlos M. Gutierrez, 'All of the equipment that was lost or stolen contained protections to prevent a breach of personal information.' This comes after the fiasco involving the Veteran's Affairs Department's loss and eventual recovery of a laptop containing 26.5 million veteran and active-duty records." Given the scope of the operation, are these losses to be expected or is this an example of poor government security standards?

what kind of protection

[CastrTroy]

'All of the equipment that was lost or stolen contained protections to prevent a breach of personal information.'

I would like to know what kind of protection is being used. Is it just password protecting windows? encrypted hard drives? This kind of blanket statement doesn't really tell me much about how safe the census data really is.

If a "suit" says so it must be true

[hodet]

From TFA:

"All of the equipment that was lost or stolen contained protections to prevent a breach of personal information," said Commerce Secretary Carlos M. Gutierrez. "The amount of missing computers is high, but fortunately, the vulnerability for data misuse is low."

Ya, OK, I know I feel better. My bet is that they all had some kind of encryption software installed on them that very little to none of the users actually use.

Security measures?

[Anonymous Coward]

Let me guess... they put on Windows login passwords.
Since 2001? Hmm, at that time there were still lots of Win98 machines floating around even in business. You could assign a password, or just bypass the login with IIRC, pressing ESC.

The scary thing is that government moves so slowly when it comes to technology. It wouldn't surprise me that they're using some ancient encryption - decent for its age -- but completely inadequate with today's tools.

"Real" employees seldom lose their notebooks...

[Anonymous Coward]

Temps, on the other hand, are a different story. Some of them feel entitled to keep the laptop as a lovely parting gift. Others feel the need to test the ability of the employer to retrieve the computer. When push comes to shove, it's not easy to retrieve a computer from a temp who lives in some remote part of the country -- without spending more than the computer is worth. If you have to send someone to visit in person -- game over.

No consequences means no responsibility.

[Kadin2048]

I think that a big part of the problem is that Federal employees can't really be punished, unless they're grossly negligent.

In terms of job security, it's just below being a pedophile priest; most of the time if you fuck up, you might get demoted or shuffled around ("I see there's a warehouse in Sioux Falls that needs a manager...") but probably not actually thrown out on your ass by Security.

IMO, this leads to all sort of laziness and a general lackadaisical attitude on the part of a great many USG employees -- not all of them, to be sure, but it seems like there are usually 4 bags of useless skin for every one person who's pulling the weight of 5 people. It's about the only place I've ever seen that could honestly look to gigantic multinational corporations for advice on how to be more efficient. Total sausage factory, in other words.

The laptop losses don't really surprise me, because I doubt these people get more than some sort of administrative demerit -- if that -- for losing one. I'm sure there's some sort of procedure that they go through, but I'm willing to bet that in the long run they just get a new machine issued and they go on, grinding their way towards retirement.

If you want to stop these losses, I have a plan: tell people that they get one laptop. If they lose it, they can try to do their job without one, and if they can't do it, then they can find a new job somewhere else. Like the private sector. Maybe McDonalds. Or if you can't tolerate being that extreme, just make any loss of a laptop come with an automatic demotion of one Government Service grade. There's nothing like the fear of demotion to strike fear into the hearts of bureaucrats.

Re:Heh.

[Otter]

Given that 1) they have a massive short-term workforce of census takers and 2) I doubt they were giving them 1999's highest-end hardware, I can't get too worked up about this. What would the government do with a slightly higher stack of Pentium 120s, build a bigger Beowulf cluster? As long as there was no privacy violation, this doesn't sound like such a bad loss rate for such a huge project.

Running some quick numbers....

[Malfourmed]

From the article:

More than 30,000 laptops were used within the department's 15 operating units since 2001, the department said, and a total of 1,137 were stolen or missing.

Let's assume that at any given time there were about 20,000 laptops in use at the Commerce Dept in the five years since 2001. (30K laptops were used in that period, but some would have been swapped out during that time.)

1,137 missing over this period is a bit over 200 per year, or about 1% attrition per year.

Given the scope of the operation, are these losses to be expected?

I'd say yes. We're talking mobile pieces of equipment, easily hidden in a suitcase or even in coat these days.

The level of data compromise, as opposed to physical asset loss, is another matter, but then the article doesn't quantify that.

Re:Heh.

[Anonymous Coward]

the worst part is, if it was them, those so called "security measures" will mean nothing since they will have the access codes anyway. let's just hope they decided to delete all of the census junk so they could have more room for the torrent porn and music.

Hello, identity theft!

[Lurker187]

I'm more concerned about the "nearly 250 from the Census Bureau containing such personal information as names, incomes and Social Security numbers" [washingtonpost.com]. I heard a sound bite about it from the Commerce Dept. statement this morning, they said not to worry, the data is, and I quote, "password protected".

Yeah, that's real comforting [slashdot.org].

Re:No consequences means no responsibility.

[sumdumass]

The government is sort of a funny thing. In one hand they will throw money around and waist it like it wasn't theirs in the first place. In the other hand they are so tight with the money you would think if you shoved coal in thier asses, diamonds would protrude the next day. Why is this important? Well, I'm willing to bet that quite a few of the lost laptops are 4 or more years old when they were lost.

Why does the age of the laptop matter? Because the story sets this up as the census bureau lost the majority of them. Now, in 2001 if you were issued a laptop that was three years old, you are likley to have a pentium pro or smaller processor (less then 250 nhz) with a video screen that you cannot deviate more then 15% from center and still see. Packing this bundle of pleasure around would most likly mean toting about 15lbs or more around when you consider attachments you needed because of the tech availible then. Now imagine carrying one of these around going door to door for 6 months and someone shows you thier 2002 model that weigths in at 3lbs with carrying case and all, Has started, compiled and burnt a music cd in the time it took for your 3 and 1/2 year old monster to boot.

Losing it was probably the only way to get an upgrade. If it was my employee doing this, they probably would be fired so i agree with you in that respect. OTOH, i have seen government computer equiptment that has been around longer then the department. I'm wondering if the lost laptops aren't more of a forced upgrade and the middle management is in on it too. In that situation, there wouln't be anyone willing to punish people.

Yet another reason I tell them to piss off

[davie]

Not only do census takers ask questions to which they are not entitled answer--by any stretch of the Constitution--they store the information on laptops that any recently-fired hamburger flipper fucktard can walk around with and lose or trade for a couple rocks of crack.