Census Bureau Loses Hundreds of Laptops 203
Billosaur writes "According to CNN, The U.S. Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau. According to Commerce Secretary Carlos M. Gutierrez, 'All of the equipment that was lost or stolen contained protections to prevent a breach of personal information.' This comes after the fiasco involving the Veteran's Affairs Department's loss and eventual recovery of a laptop containing 26.5 million veteran and active-duty records." Given the scope of the operation, are these losses to be expected or is this an example of poor government security standards?
what kind of protection (Score:4, Insightful)
I would like to know what kind of protection is being used. Is it just password protecting windows? encrypted hard drives? This kind of blanket statement doesn't really tell me much about how safe the census data really is.
If a "suit" says so it must be true (Score:3, Insightful)
"All of the equipment that was lost or stolen contained protections to prevent a breach of personal information," said Commerce Secretary Carlos M. Gutierrez. "The amount of missing computers is high, but fortunately, the vulnerability for data misuse is low."
Ya, OK, I know I feel better. My bet is that they all had some kind of encryption software installed on them that very little to none of the users actually use.
Security measures? (Score:1, Insightful)
Since 2001? Hmm, at that time there were still lots of Win98 machines floating around even in business. You could assign a password, or just bypass the login with IIRC, pressing ESC.
The scary thing is that government moves so slowly when it comes to technology. It wouldn't surprise me that they're using some ancient encryption - decent for its age -- but completely inadequate with today's tools.
"Real" employees seldom lose their notebooks... (Score:1, Insightful)
No consequences means no responsibility. (Score:5, Insightful)
In terms of job security, it's just below being a pedophile priest; most of the time if you fuck up, you might get demoted or shuffled around ("I see there's a warehouse in Sioux Falls that needs a manager...") but probably not actually thrown out on your ass by Security.
IMO, this leads to all sort of laziness and a general lackadaisical attitude on the part of a great many USG employees -- not all of them, to be sure, but it seems like there are usually 4 bags of useless skin for every one person who's pulling the weight of 5 people. It's about the only place I've ever seen that could honestly look to gigantic multinational corporations for advice on how to be more efficient. Total sausage factory, in other words.
The laptop losses don't really surprise me, because I doubt these people get more than some sort of administrative demerit -- if that -- for losing one. I'm sure there's some sort of procedure that they go through, but I'm willing to bet that in the long run they just get a new machine issued and they go on, grinding their way towards retirement.
If you want to stop these losses, I have a plan: tell people that they get one laptop. If they lose it, they can try to do their job without one, and if they can't do it, then they can find a new job somewhere else. Like the private sector. Maybe McDonalds. Or if you can't tolerate being that extreme, just make any loss of a laptop come with an automatic demotion of one Government Service grade. There's nothing like the fear of demotion to strike fear into the hearts of bureaucrats.
Re:Heh. (Score:5, Insightful)
Running some quick numbers.... (Score:5, Insightful)
Let's assume that at any given time there were about 20,000 laptops in use at the Commerce Dept in the five years since 2001. (30K laptops were used in that period, but some would have been swapped out during that time.)
1,137 missing over this period is a bit over 200 per year, or about 1% attrition per year.
I'd say yes. We're talking mobile pieces of equipment, easily hidden in a suitcase or even in coat these days.
The level of data compromise, as opposed to physical asset loss, is another matter, but then the article doesn't quantify that.
Re:Heh. (Score:1, Insightful)
Hello, identity theft! (Score:3, Insightful)
Yeah, that's real comforting [slashdot.org].
Re:No consequences means no responsibility. (Score:3, Insightful)
Why does the age of the laptop matter? Because the story sets this up as the census bureau lost the majority of them. Now, in 2001 if you were issued a laptop that was three years old, you are likley to have a pentium pro or smaller processor (less then 250 nhz) with a video screen that you cannot deviate more then 15% from center and still see. Packing this bundle of pleasure around would most likly mean toting about 15lbs or more around when you consider attachments you needed because of the tech availible then. Now imagine carrying one of these around going door to door for 6 months and someone shows you thier 2002 model that weigths in at 3lbs with carrying case and all, Has started, compiled and burnt a music cd in the time it took for your 3 and 1/2 year old monster to boot.
Losing it was probably the only way to get an upgrade. If it was my employee doing this, they probably would be fired so i agree with you in that respect. OTOH, i have seen government computer equiptment that has been around longer then the department. I'm wondering if the lost laptops aren't more of a forced upgrade and the middle management is in on it too. In that situation, there wouln't be anyone willing to punish people.
Yet another reason I tell them to piss off (Score:2, Insightful)