Census Bureau Loses Hundreds of Laptops 203
Billosaur writes "According to CNN, The U.S. Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau. According to Commerce Secretary Carlos M. Gutierrez, 'All of the equipment that was lost or stolen contained protections to prevent a breach of personal information.' This comes after the fiasco involving the Veteran's Affairs Department's loss and eventual recovery of a laptop containing 26.5 million veteran and active-duty records." Given the scope of the operation, are these losses to be expected or is this an example of poor government security standards?
Heh. (Score:5, Funny)
Re: (Score:3, Interesting)
Re:Heh. (Score:5, Insightful)
Re: (Score:2)
It's not just a security issue, it's a waste of resources. And it probably represents just the tip of an iceberg that we happen to be able to see.
Over the last five years, let's estimate the average price of a not-so-high-end laptop (let's be optimistic and assume they were being frugal) was $1000. This represents a loss of well over a million dollars - just in the hardware - not to mention the data, labor for replacement, etc. And parent thinks it's no big deal, something to be expe
Re: (Score:2)
Err, no. Not sure where you got that from.
You also have to take into account that they might not be the high end equipment but the would our could be used for many more years... our tax money at work replacing stolen equipment.
Again, these are census takers' computers! They're not being replaced, they'd just be sitting in a warehouse with the other hundred thousand they did get back. Even if they could be dusted off in 2010 (and
Re: (Score:2)
By the time we get everyone worked up over it, maybe we will have spent over 10 million dollars or so. If we are lucky, congress will stop all thier lawmaking duties and hold hearings on why we lost what amounts to a fraction of a percent of the yearly budget over a period of 5 or more years.
BTW, the reason people aren't saying 2 million dollars is a large sun of money is because it equals less the one cent of
Re: (Score:2)
No consequences means no responsibility. (Score:5, Insightful)
In terms of job security, it's just below being a pedophile priest; most of the time if you fuck up, you might get demoted or shuffled around ("I see there's a warehouse in Sioux Falls that needs a manager...") but probably not actually thrown out on your ass by Security.
IMO, this leads to all sort of laziness and a general lackadaisical attitude on the part of a great many USG employees -- not all of them, to be sure, but it seems like there are usually 4 bags of useless skin for every one person who's pulling the weight of 5 people. It's about the only place I've ever seen that could honestly look to gigantic multinational corporations for advice on how to be more efficient. Total sausage factory, in other words.
The laptop losses don't really surprise me, because I doubt these people get more than some sort of administrative demerit -- if that -- for losing one. I'm sure there's some sort of procedure that they go through, but I'm willing to bet that in the long run they just get a new machine issued and they go on, grinding their way towards retirement.
If you want to stop these losses, I have a plan: tell people that they get one laptop. If they lose it, they can try to do their job without one, and if they can't do it, then they can find a new job somewhere else. Like the private sector. Maybe McDonalds. Or if you can't tolerate being that extreme, just make any loss of a laptop come with an automatic demotion of one Government Service grade. There's nothing like the fear of demotion to strike fear into the hearts of bureaucrats.
Re:No consequences means no responsibility. (Score:5, Funny)
Sounds like just about every place I've worked. You have the office wanderer (the employee that is never in their office and you know you can find them in one of the offices of), the office chatterbox (the person that is always talking to someone on personal business), the office lazyass (the person who is in iTunes Store, surfing CNN, or printing some 100 page PDF on the schematics for their MAME arcade box instead of doing their jobs), and finally you have the office whiner (the person who doesn't do anything except complain to everyone (the chatterbox and wanderer especially) about how busy they are).
Then you have the people, like me, that do their jobs and go the fuck home w/o talking to anyone. We are considered the "anti-social assholes" because we get our work done, on time with praise, and make all the other douchebags look bad.
Yes, this is mostly a joke. Mod appropriately
Re:No consequences means no responsibility. (Score:5, Funny)
Re: (Score:2, Flamebait)
Actually, you are just the office Douchebag. Your co-workers don't care how much you work. You are quite, you are an asshole and you are not liked much.
Welcome to my world.
Re: (Score:2)
Re: (Score:2)
Other days, I am most certainly the office lazyass.
So these aren't always fixed roles, but they sure are true on a day-to-day basis.
by the way, guess which I am today! *cough*
Re:No consequences means no responsibility. (Score:4, Interesting)
I'm a lazyass (Score:3, Interesting)
We used to have the office 'anti-social asshole' who did his job well and without complaint, but he got fired. We still have the office whiner (our highly unqualified, also lazy, network admin). And we have a few other more middle-of-the-road average guys mostly do their work, mostly don
Re: (Score:2, Interesting)
Re: (Score:3, Interesting)
You are encouraged to toe the line, come in on time, leave on time...and not much else. If you do a good job you are "rewarded" by being kept in that position, because they need someone who can do the work. If you screw up, the only way they can get rid of you is by promotion.
Still, the efforts of the 20-25% who know what they are doing keeps the government working. Most of them stay for the security and benefits. I still have frie
Re: (Score:2)
Personally, I got very tired of the private sector. People being removed for political reason, whole departments getting slashed so the numbers looked good to prospective buyers, people being let go because they make more then X dollars, being lied to, benefits vanishing, working 70 hours weeks and finding out that everyone must get an 'average' on their revue regardless of the work done, do 80% of the work, but not getting promoted bec
Re: (Score:3, Interesting)
I worked for the Department of Health Services. Obviously they have data that is ultra-sensitive since it involves classifications of all disorders (including HIV, AIDS, mental). When people "lost" laptops they weren't even given so much as a slap on the wrist. They had certain vaguely numbered forms to fill out (for insurance purposes), and then some requisitions for a new laptop to be ordered. What was obvious to me was ignored by them. These people hadn't lost anything at all. They simply got a fr
Re: (Score:2)
I am very busy, and I have written code and implemented systems for people who care about the publics money and work hard.
I haven't seen anyone in my department not care and not do there job well.
Assuming your phoning home software story is true, I find it interesting that your company would take that kind of liability risk.
A woman keeping a job for 6 weeks is not an example of government ineffiency.
It could be that she wants to change and keep a j
You're probably the 1 in 5. (Score:2)
I don't think anyone would say that all government employees are total idiots; that's obviously untrue -- if it was, nothing would get done. And no matter how little you like the government, it does get st
Re: (Score:2)
I also worked very hard, as did many of the people on my team. But I realized early on that the work I was doing was "make work." I'm a software engineer that was sorting text files, and removing "outdated" comments from SQR (SQRibe) files. I was clearly not doing "engineer" level work. I resigned because it wasn't rewa
Re: (Score:2)
Just out of curiousity, what do your employees do for 6 months without a laptop? Do they get a note from their manager saying their work was all late because the dog ate their laptop?
What if they get a hit from it, but they can't t
Re: (Score:2)
They learn to do their work on their desktop machines. It's not really that complicated.
They (or their direct manager) had to make a case for needing the laptop. It is explained to them that they are wholly responsible for that laptop. The fact of the matter is we're strict on the issuance of laptops because we know the truth about laptop use. Out of 122 laptops issued only 16 of those have EVER been utilized out of the office. The loss of laptops here in 2 years? Five. But only three of those cou
Re: (Score:2)
Ah, I see the difference. At my company, everyone gets a laptop by default. You have to try harder to get a desktop unless you're a developer or something.
In our company, your laptop is frequently your only machine. So if you were to lose it, you wouldn't have anything to work on. I guess if laptops are the exception rather than the rule, it wou
Re: (Score:3, Insightful)
Why does the age of the laptop matter? Because the story sets this up as the census bureau lost the majori
Re: (Score:2)
I know I'm feeding a troll, but I can't help it. Good troll!
Bullshit. There's less of people getting "thrown out on your ass by Security" in government service for lots of reasons, the main one being you can't get thrown out just because you pissed off your big boss and
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
what kind of protection (Score:4, Insightful)
I would like to know what kind of protection is being used. Is it just password protecting windows? encrypted hard drives? This kind of blanket statement doesn't really tell me much about how safe the census data really is.
Re: (Score:2)
The article is uselessly vague (Score:2)
Unless the encryption was automatic, then someone careless enough to lose a laptop might have been careless enough to skip the encryption.
heh. makes me think about ... (Score:2, Funny)
Sheesh, I hope I haven't ever acquired one accidenatlly
Counting the wrong things. (Score:3, Funny)
Re: (Score:2)
You've actually hit very close to the truth. From TFA:
I help with the computer inventory of a major agency. If at any time you took a snapshot of our inventory database, then sampled it, you'd find a distressingly large number of computers missing. Most of them aren't gone, they're just mislaid. They got taken off the network and put on a shelf in
It's only to be expected (Score:5, Funny)
I'll bet this is a direct result of their "Fill in our survey, get a FREE laptop!" promotion during the last census.
yes (Score:2)
Yes, the standards are poor, but not as bad as it could be because at least it contains a protection on the data and it seems that no one has used it yet. But this isn't enough, because no matter what you have someone can break it. They should institute a policy of witholding some pay from empolyees as a form of fine whenever they lose a laptop. $1000 would be enough of an in
Re: (Score:2)
No, there are other ways to penalize them that are both legal and ethical. Reduced raise at next review, demotion, termination... A good stern talking-to.
No (Score:2)
"They should institute a policy of witholding some pay from empolyees as a form of fine whenever they lose a laptop. $1000 would be enough of an incentive to make sure that they stopped leaving them in coffee shops."
First of all, you seem to think they were lost in this manner as a matter of course.
What about robbery?
Second, you can not put a fine on something and have people suddenly not be careless. It hap
Re: (Score:2)
Which implies the goal of the computer theft is the data on it. Almost always, computer theft's target is the hardware, with the intent to resell. If its easiest for the criminal to activate the laptops "restore to factory condition", thats what he'll do rather than spend a day (or weeks or months) trying to access protected info. If the real goal was the data, you would swipe it from the coffee shop, clone the disk, the turn it
Census is leet (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Same here. (Score:2)
YES! (Score:2)
If a "suit" says so it must be true (Score:3, Insightful)
"All of the equipment that was lost or stolen contained protections to prevent a breach of personal information," said Commerce Secretary Carlos M. Gutierrez. "The amount of missing computers is high, but fortunately, the vulnerability for data misuse is low."
Ya, OK, I know I feel better. My bet is that they all had some kind of encryption software installed on them that very little to none of the users actually use.
Re: (Score:2)
This kinda reminds me of the other many stories where rogue terrorists invaded the locked server rooms and stole their RAID arrays.
Oh, that was a dream, I never heard of that.
WTF are people thinking about having important data on a laptop? It may of been another dream, but I heard of laptop harddrives dying, being ran over by cars, falling off the top of cars, taxis, or whatever. Laptops are in no way shape or form a reliable place to store data. In my server room, I have RAID arrays that are backed up t
Re: (Score:2)
Re: (Score:2)
They posed as "Repair" personnel from the vendor and swapped out half of a 0+1 raidset. They could easily retrieve the data. Note that they new which storage arrays to go after and where they were indicates some serious breach of security. Either an inside job or a hell of a casing.
I can say that the data was not something that should be i
Re: (Score:2)
1137out of a total of how many? (Score:4, Interesting)
Re: (Score:3, Informative)
Considered a good job by whom? I work for an agency under Department of Defense, supporting about 3,000 users. We've lost three laptops in the last five years, two of them by the same contract employee. That employee no longer works here.
I can't speak for Commerce but DoD requires FIPS 140-2 encryption of data at rest on mobile devices. We redirect mobile user's My Documents folder to a network share, turn o
Re: (Score:2)
Philosophical Jo
Re: (Score:2)
Uniquely challenging set of circumstances? How much training to you have to have to learn to not leave a laptop unsecured?
Re: (Score:2)
Re: (Score:2)
Touché ;-)
That's still a lot of missing laptops, though.
Re: (Score:2)
Come again? What's the point of a laptop that's tied to a specific location? Buying a laptop when a desktop machine would suffice is a complete waste of money.
Re: (Score:2)
It has to do with physical security - you can store a laptop in a high-security safe when you're not using it. It costs more than a desktop PC but less than hardening the building ;-)
Re: (Score:2)
Moreover, it sounds like only a third had personal information on them. For all we know, two-thirds of these laptops may be 15 years old 286's, and sitting in a warehouse next to the Ark of the Covenant.
Laptops for sale! (Score:2, Funny)
Laptops will be lost or stolen (Score:2)
Are they sure? (Score:3, Funny)
Are they sure? Maybe they miscounted...
bada-bing!
OK, sorry about that.
Running some quick numbers.... (Score:5, Insightful)
Let's assume that at any given time there were about 20,000 laptops in use at the Commerce Dept in the five years since 2001. (30K laptops were used in that period, but some would have been swapped out during that time.)
1,137 missing over this period is a bit over 200 per year, or about 1% attrition per year.
I'd say yes. We're talking mobile pieces of equipment, easily hidden in a suitcase or even in coat these days.
The level of data compromise, as opposed to physical asset loss, is another matter, but then the article doesn't quantify that.
Re: (Score:2)
The fact that they even know the laptops are missing shows that they have better asset inventory control and reporting than many organizations I've worked with. If they also inventory sensitive data and can tell you if any (and what type) was on the laptop, they're another step up. At that point, it's fairly simple to ensure that the ensure is strongly
Re: (Score:2)
Obvious answer (Score:2)
How many laptops does the Department of Commerce have, total? What percentage of these were lost or stolen over the past five years? What percentage of laptops owned by other government agencies were lost or stolen during the same time period? What percentage of laptops owned by a private company (say, for example, WalMart) were lost or stolen during the same time period? If 1,13
Perspective (Score:2)
EFS and FileVault: Why aren't they the default? (Score:3, Informative)
1) Use a MacBookPro
2) Turn on FileVault
3) Problem solved.
But it appears as if there's an equally effective solution in Windows:
kb 307877 [microsoft.com] simply Click Start, point to All Programs, point to Accessories, and then click Windows Explorer, locate the file that you want, right-click the file, and then click Properties, on the General tab, click Advanced, Under Compress or Encrypt attributes, select the Encrypt contents to secure data check box, and then click OK If the file is located in an unencrypted folder, you receive an Encryption Warning dialog box. Use one of the following steps: If you want to encrypt only the file, click Encrypt the file only, and then click OK. If you want to encrypt the file and the folder in which it is located, click Encrypt the file and the parent folder, and then click OK.
(yesyesyes, if you detailed the procedure for enabling FileVault it would be nearly as long).
But, I'm 100% serious about this, why don't both Microsoft and Windows enable file encryption by default?
(Full disclosure. Do I use FileVault? No. Why not? Well, to tell the truth, I'm worried about bugs and glitches. There is safety in numbers. If Macs had FileVault enabled by default, then any bugs in it would cause problems for millions of users, and Apple would find out and fix them quickly. As it is, I suspect about 0.01% of all Mac users use it, and I've felt for a long time that one of the keys to avoiding OS trouble is to stay in the mainstream and avoid using anything that lots of people aren't using--unless I have a good reason).
Re: (Score:2)
I used file encryption for awhile, but the speed issues really turned me off of it. It also reduced my notebook's 'unplugged time' by quite a bit. I'd guess that these issues are a really good reason to turn this off by
No big deal (Score:3, Informative)
I'm willing to bet that the number of "lost" machines is really much lower than the report stated. I just looked at our inventory and changes we submitted over the last couple of years (dead machines especially that need to be removed from inventory) haven't been made in the master lists yet. I'd chalk this up to carelessness with the inventory database more than carelessness about actual machine loss. After all, we're talking about 5-7 year old laptops. Who's really using those old boxes anyway?
Expected? (Score:2)
Re: (Score:2)
similar to governement credit card problem (Score:3, Informative)
My company directly reimburses the credit company, but only for "approved" expenses. Sometimes things are not approved and the employee must pay it then.
Heh. (Score:2)
That's a lot (Score:2)
I don't think the census bureau can really be expected to handle that many of anything.
Extra protection (Score:3, Funny)
Re: (Score:2)
Probably a commerce records problem (Score:3, Informative)
Of course, this is a mildly uninformed opinion. I haven't worked at Census for a while and I had nothing to do with laptops when I did. I'm just saying there's something fishy with the notion that Census lost a thousand laptops. I don't buy it.
Besides, excluding the decennial survey-takers (temporary employees during the decennial census) there aren't than many people at the census bureau with government-issued laptops. Everyone would have had to disappear one laptop and some folks would have had to disappear two.
Re: (Score:2)
Hello, identity theft! (Score:3, Insightful)
Yeah, that's real comforting [slashdot.org].
Government loses (Score:2)
VA Contractor Loses Computer Containing Personal Data [consumeraffairs.com]
August 7, 2006
A government contractor hired by the Veterans Administration (VA) to help process insurance claims announced that a desktop computer containing information on as many as 38,000 veterans had disappeared from its home office.
Energy Department lost computer equipment [gcn.com]
At least 18 pieces of "computer processing equipment," including at least one laptop, are missing from the Energy Department's Office of
Re: (Score:2)
Of course private companies don't have to report it, so clearly they must not have this issue.
sigh.
Needs some acounting and analysis (Score:2)
We should probably find an appropriate federal government agency and assign them to keep a regular count of how many Census Bureau laptops have been lost using some sort of mandatory survey, plus provide periodic analysis of the demographics of the laptop users and ...
Oh wait. Never mind.
"losses to be expected (Score:2)
I sure hope you're only kidding and this is onyl a rhetorical question. Losses to be expected ? Is this a war ? One should really "expect" his data to be stolen ? One should easily just "forgive" state/government security policy weaknesses ? And we should just believe their word when they say all of those laptops contained data protection measures ? Oh come on.
Are they sure (Score:2)
- Andrew
Hmmm (Score:2)
Like what ? a BIOS password ? A prosecution warning ? or was it really something serious like encryption that can't be broken in a few days ?
At least they're doing their job (Score:2)
But what was their average age? And how many laptops filled out the Race and Ethnicity section? Are the Toshibas worried about racial profiling?
Obvious question, obvious answer (Score:2)
Yes.
There's really nothing about any of this that denotes a requirement for these two conditions to be mutually exclusive. In fact, both statements clearly can be — and actually are — quite true, and it's probable that a causal relationship exists between the latter and the former. Most US government agencies are not known for being paragons of efficiency; the larger th
Re: (Score:2)
Look at the financial records for you local government and see how close they where to there budget.
Then compare that to the private industry.
I am a recent government employees, and after 20+ years in the private sector, I am amazed at how well the government works by comparison.
Yes, there are problems, but they are not nearly as bad as people want to think.
Re: (Score:2)
Having worked with various municipal, state, and federal government agencies on numerous projects, I simply don't share your opinion on the matter. In my experience, a relative few are efficiently run, and as they get larger in size and scope of responsibility, the probability that they're more likely to get mired in bureaucratic muck grows asymptotically.
If they could only lose 200 more... (Score:2)
Oh do the math and figure it out!
Don't give them any more information than you must (Score:2)
Weeks later, a census worker showed up at my front door. Instead of having her with fava beans and a nice chianti, I simply refused to answer her questions about household income, number of bathrooms, races of people living in the house, etc. When she mentioned a possible fine for non-compliance, I quoted the census part o
Re: (Score:2)
Do you want a laptop that broadcasts to the FBI everytime you log in?
And if they ordered special laptops just for that purpose, they would cost 4 times as much and everyone would scream.
Re: (Score:2)
If they put it into every laptop manufactured, then there are other concerns.
Also, the chip they would want to use costs $5.78 if bought in bulks of 1000.
But the chip is the cheap part.
Re: (Score:2)
Where does this meme come from?
The constitution says only that there must be an enumeration every ten years "in such manner as [Congress] shall by law direct.", and there's certainly no prohibition on asking other stuff at the same time. So congress has by law (specifically, US Code Title 13) directed that the Beareau should collect a eclectic stew of information. Some of which is obviously essential to making good public policy and some of which apparently sounded good to someone at the time. The latte
Re: (Score:2)
Re: (Score:2)
So unless those hackers have access to obscure hacking devices like Knoppix disks and hex editors, the data is totally secure.
I feel safer already.