Monday, February 12, 2007

TOPIC: Privacy Is A Thing Of The Past
The following article reminds me that I have NO privacy any more, and should no longer have a high expectation of privacy. As the system administrator for my company's network, I have the task of monitoring security. Part of that job is reading security bulletins, etc. Every week, I receive security newsletters with short blurbs about this company or that university losing laptops with umpteen thousand names and other assorted personal data on them. That's bad enough. BUT, when the FBI -- the Federal Bureau of Investigation -- loses more than 150 laptops into "the great abyss", I realize that privacy is a thing of the past.
FBI lost 160 laptops in last 44 months
by Nate Anderson
How many laptops does the FBI lose? The Office of the Inspector General (or OIG; it's a part of the Department of Justice) sought to find out back in 2001, when it did an initial audit of the Bureau's losses of both weapons and laptops. The findings of that first audit were bad enough that the OIG began a follow-up on it, the results of which have just been released. The good news is that losses are dropping. The bad news is that they're still happening, and the FBI doesn't know if secure information is entering the wild. When the initial audit was completed in 2002, the FBI was losing 3.82 functional weapons a month (training weapons were going missing at an even higher rate of 5.07 each month). [That's an avg of 54 FBI weapons hitting the streets EVERY year.] Laptop losses were even worse, with 10.71 disappearing every thirty days. [That's 129 laptops lost per year.]
The new audit shows significantly better numbers: only 1.09 functional weapons and 2.64 laptops were lost each month, and losses of training weapons dropped all the way to 0.41. While the OIG applauds the work that the Bureau has done so far, they still raise questions about the loss rate and about the FBI's procedures for handling such events.
Losing guns isn't a good thing, but losing laptops can be just as bad, especially when they contain classified information. Unfortunately, the OIG determined that the FBI doesn't even know which of its computers contain such information. "Perhaps most troubling," says the report, "the FBI could not determine in many cases whether the lost or stolen laptop computers contained sensitive or classified information. Such information may include case information, personal identifying information, or classified information on FBI operations." Laptops can also contain goodies like the software that the FBI uses to make its identification badges, a copy of which was installed on a laptop stolen from the Boston Field Office in July 2002.
In the 44 months that it took to complete the new audit, the FBI lost 160 weapons and 160 laptop computers—a massive improvement over the 354 weapons and 317 laptops lost during the first 28-month-long audit. In any organization the size of the FBI, equipment is going to be lost, misplaced, or stolen, so perfection is not to be expected. [Says who?] The substantial progress made by the Bureau is encouraging, but the OIG still claims that the FBI "has not taken sufficient corrective action on several recommendations contained in our 2002 audit report."
To help them fix the problems, the OIG has thoughtfully offered 13 more suggestions. For example, the FBI has to make sure that a form FD-500 is filled out that describes the contents of every laptop computer, and it needs to do a better job of making sure that employees leaving the agency return FBI property.
A couple of pointers. IF you have a company laptop, make sure to encrypt the files. Also, take a moment to put your laptop bag in the trunk of your car. It's an easy target sitting in the backseat, even in a backpack or case. And for goodness sake, DON'T have automatic login set for ANY computer you use. I realize passwords aren't a huge block for hackers, BUT they do provide some protection for prying eyes and the crackheads that steal anything for a fix.

No comments: