Slashdot Mirror
U.S. Service Personnel Data Stolen
BStrunk writes "I was reading the news this morning on Reuters, when I stumbled across this article:
U.S. Service Personnel Personal Data Stolen
In the article, an official violated policy by taking the detailed personal information of thousands of active and reserve troops to his personal home, storing it on a personal computer, that was later stolen. In an age where domestic phone calls are monitored, a government employee was allowed to walk out of a government installation with the data on thousands of American citizens to store on an insecure personal computer? Doesn't that seem strange to you? This is a real failure, in my opinion, in government protection of its citizens. Layers of encryption and protected access was successfully bypassed to make the theft of this information as simple as stealing a home pc.
Now, not only do service personnel currently serving have to worry about IEDs and being fired upon, but they are now subject to possible identity theft. A real failure. After this, how could one have faith enough to serve an inept institution?"
How about: From the three-week-old-news department?
Improvised Explosive Device. DIY bomb, if you will. Nasty little fsckers.
You are not the customer.
After this, how could one have faith enough to serve an inept institution?
Why do we need all the editorializing in the blurb? And the troops don't serve an institution.
This happens all the time unfortunately. People's stupidity can circumvent and electronic security measures. But I'd rather have my identity stolen than my legs blown off by an IED.
http://psychicfreaks.com/The burglary from the employee's home in Aspen Hill, Maryland, involved a laptop computer with an external disk drive, officials have said.
... and it starts by gathering all the personally identifiable information they can get on us citizens? (first the vets data was stolen, now this) ... Maybe the US terrorist threat level should be raised to red!
2 things...
1.) Wouldn't stuff this sensitive be encrypted if it's sitting on an external disk drive?
2.) Is there some sort of conspiracy going on? With the terrorist arrests in California and Canada? Perhaps somebody is planning something big
Improvised Explosive Devise.
Basically a bunch of artillery shells wired to a trigger or remote. When a US convoy drives past the IED hiding spot, a watcher triggers the explosive and the huge crater is formed right where the convoy used to be.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Improvised Explosive Device - http://en.wikipedia.org/wiki/Ied
You could at least post the update that the Vet's are now suing the VA.
Like a big 120mm shell converted into a roadside bomb.
Or a stick of TNT dipped in superglue and then bb's
This article has recently been linked from Slashdot. Please keep an eye on the page history for errors or vandalism.
There's a real fear that this includes classified disability info.
If that info gets on the web, an employer googling a potential employee's name may see that candidate has, for instance, post-traumatic stress disorder (PTSD) and decide not to hire them. It's currently illegal to discriminate like that, but there's no way anyone will ever know in this hypothetical situation.
obviously no deficiencies vs. no obvious deficiencies
This is in addition to the identifying data of millions of Veterans stolen in the same event. They originally reported only Veteran data. Now it seems it contains active duty soldier info as well.
TFA: Bryan Whitman, a Pentagon spokesman, said, "We want to encourage service members to be vigilant and carefully monitor their personal information and any statements related to recent financial transactions."
Great, as if they didn't have enough to deal with. I can just picture some soldier under mortar fire in Iraq, trying to load a rifle with one hand while juggling a cellphone on hold with American Express in the other hand..
Slashdot Burying Stories About Slashdot Media Owned
Personal information on about 2.2 million active-duty, National Guard and Reserve troops was stolen last month from a government employee's house, officials said on Tuesday in the latest revelation of a widening scandal.
The Department of Veterans Affairs said the information, including names, Social Security numbers and dates of birth, may have been stored in the same stolen electronic equipment that contained similar personal data on 26.5 million U.S. military veterans.
Same crap, different day. The problem isn't that the information is stolen -- that happens all the time. It's that a lot of these people are in no condition to do much about it. Now you have veterans, many poor, disabled, aging, fighting a new battle alongside active duty personnel, who may be in Afghanistan or Iraq and totally unaware that this is going on, let alone being in a position to do anything about it if their identity is compromised.
Honestly, this kind of thing is so widespread, from credit card companies, to banks, to telcos, and now the government, that it makes you wonder just what it takes to secure your personal data. I wouldn't be surprised if this happens to one of the major credit bureaus somewhere in the near future.
GetOuttaMySpace - The Anti-Social Network
It's not a Dupe... this is a diffrent theft, the origonal data stolen was from the V.A. database.
It just happened exactly the same way...
I guess Slashdot can't help if the news is repetative.
I don't give a damn for a man that can only spell a word one way.
Mark Twain
http://www.va.gov/
"This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings."
From Wikipedia: Basically saying, it's bad enough these guys are getting blown up and shot at without some schmuck using their SS# to fraudulently bump up the credit card manufacturing industry.
Slashdot notices a month-old scandal.
Thieves steal personal data of 26.5M vets
Theft of Data Leads to Firings
Clear, Dark Skies
I know that many slashdot readers may not get out much, but you've had to have been living under a rock for the last month to avoid this story; it's been reported on in every mainstream press publication there is.
The information is not classified, it's Official Use Only, which is a form of protected information. Personell records are usually, in part, execmt from freedom of information act requests, so they may enjoy a slightly higher level of protection than ordinary OUO.
However, nearly every govenrment computer in existence includiung laptops has gobs of OUO information on it. It's not encrypted because it's not that sort of information. It's just controlled dissemination. That does not mean it might be harmless to release it but it's way below classified.
It is not alarming the people occasionally accdentally disseminate or lose control of OUO. Employees are simply expcted not to do so wilfully or wantonly or carelessly. Its even permissible to share OUO with people outside the governemnt if the employee thinks it would be useful to do so. The fact that OUO was taken home is not a big deal.
In this case the only big distinctions are the massive quantity of the information, and the fact that it's personell records which do have higher levels of protection. Apparently it was also policy not to take these home.
Some drink at the fountain of knowledge. Others just gargle.
Its a device used to keep from getting pregnant. In the late 80's, there was an IED for OIL program that the UN started with limited success. Since then, the country has had a glut of birth control so much so that inventive terrorists have discovered a way to turn them into cheap and effective weaponry. This is why the military has upped its recruiting of pre-teen girls to combat this menace.
This is my sig. There are many like it but this one is mine.
Besides, domestic calls are not monitored without a warrant. Do you have a problem with that? Perhaps you are thinking of international* calls to known members of terrorist organizations.
Is that a question?* According to my phone bill, a call made from my house to another country is an international call.
Gamingmuseum.com: Give your 3D accelerator a rest.
Did they ever find out why this official had the info on his home PC to begin with? What possible legitimate use could there be for info like this outside the office?
Slashdot Burying Stories About Slashdot Media Owned
The only way to prevent most of that kind of leak is the infamous trusted computing. How can you prevent somebody to walk out of the building with critical files on his USB key without "secure hardware" ?
service personnel currently serving have to worry about IEDs
Insecure Employee Diskdrives
Encrypt the Damn things!
I've worked on military and government contracts. We had the same problems as every company does: employees/contractors/government personel taking home their work and working on it on their personal PCs. Regardless of the number of NDAs they sign, the computer security briefings they get, and the number of times they are told by management they do it anyway. Are they wrong for doing this? Of course! Will they lose their security clearance over this? Probably, depending on what their rank/GS level is.
Training, a no-exception penalty policy for "losing" sensitive data, and encryption are what is needed to prevent this in the future. Unfortunately, the government seems to be a little short on $$$.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
that most folks who go in the military don't do it to "serve an inept institution" or to serve an insitiution of any kind. Those who are serving for ideological reasons (even if "patriotism" only plays a small part in the decision) believe they're serving the country as a whole and the ideals it stands for. That's why we say "serving our country" not "serving the military."
Everyone who has been in the service knows that there are always a few idiots up in the higher levels of the chain of command. Also that the civilian employees of the DoD aren't always interested in looking out for the interests of the military personnel that they are supposed to be serving. Dealing with the civilian DoD folks was a constant frustration during my time at Fort Bragg. Not that those folks are all bad, but the service they gave me when I was in the 82nd was second only to the service I get from the DMV -- surly and uncooperative.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
Don't worry, this is all fixed now, and can't possibly happen again. We recommend that you not dwell on past history, and move forward into the future. Your private information is completely safe with the government, we've learned our lesson.
And that goes double for next time, too.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
Nahh. We've ceased the stop-loss program and now we pay "contractors" 5 times what we pay the military to do the military's job.
This guy is way out there
"Who shall watch the watchers?" --Decimus Iunius Iuvenalis
[Emphasis mine]
He wasn't allowed to do it, he simply wasn't caught in the act and prevented. Reading the article, I see nothing about him having sought or received permission. Just because one is able to do something does not mean that one is allowed to do it.
It's official. Most of you are morons.
Contractors without even crappy VA benefits and not subject to Geneva conventions. ;)
You are not the customer.
Does it seem strange to anyone else that so many computers containing sensitive information are suddenly being reported stolen? Is it just an accident that this particular computer, containing this particular set of incredibly extensive personal information, just happened to be stolen from this person's home in Virginia?
First, how would someone know that this computer contained all this information? Perhaps this is a job for spyware. It's easy to imagine a piece of malware that looked for large personal databases and phoned home when they are found. Or, perhaps, people whose jobs gives them access to personal information are being trailed and their computers then stolen?
Yes, I know that laptop theft is pretty endemic, but the number of high-profile thefts like this one, the one's involving the auditors Ernst & Young, etc., makes one wonder if there isn't some type of sophisticated targeting going on. I realize that the pressure to disclose such thefts has risen greatly in recent months, in large part due to laws like California's that require notification. (Laws which, by the way, the Republican Congress is seeking to preempt through federal legislation.) So this could just be a result of increased reporting, but the targets involved seem to have particularly juicy caches of data.
Am I being paranoid?
Oh ... now I understand.
The government already has your SSN, your mother's maiden name, and just about every piece of information someone would need to impersonate you. The only thing you have standing bewtween you and identity theft is the loyalty and competence of government employees.
You are reading a copy of my copyrighted post.
Goverment employees often contribute their own time to work on projects. This is a case of "no good deed goes unpunished." The guy was working on a project at home "unauthorized", his laptop and usb hdd get stolen, officals grandstand, and he gets fired at age 60 (perhaps without a pension).
If a laps in procedure could be shown alongside damages to you, you can, otherwise it's like saying if somebody steals your car and causes third party damage you are responsible for letting your car be stolen.
As for data losses in general... upper management have always believed that the (procedural and common sense) rules don't apply to them. Same old story... how did the still have access to client data after they where fired?... because you said if I didn't give him access from home I'd be looking for a new job!
Are you implying that anyone who serves their country in the military has signed a "soul-selling contract"?
I swear I didn't know it was loaded...
This is exactly why the government shouldn't keep personal info. Yes, they have to keep personel info. But, imagine if the data walked home with was call records. Or, call transcripts. Or, banking information.... I'm not worried about a benign competent government having my information. I'm worried about the real world situations and real people that data would encounter. This isn't even getting into malice on the part of government officials. Heard a military officer say, whenever you are dealing with more than two or three hundred people, you will have a few scumbags. Now, how many scumbags is that in a government which employes millions of people? Or any major corporation/church/university/institution....
Here's to losing my Karma Bonus again....
This follows on to the theft of several laptops worth of corporate employee data. Almost makes me want to open up a consumer credit protection business...
Ernst & Young lose data on a quarter-million Hotels.com customers
Ernst & Young (hey, there is a theme here!) lose information on Sun employees (including then-CEO Scott McNealy). Also included were employee records for IBM, Nokia and Cisco.
Wells Fargo proves it can play the game too.
And not to be left out, let's not forget Fidelity's loss of 200,000 HP employee records.
What's scary is that both Fidelity and E&Y audit other companies for security and regulatory compliance (including HIPAA and Sarbanes-Oxley)...
Just junk food for thought...
Any word on who this guy in Virginia was? I haven't seen him/her identified by name in any of these articles. It would be kind of ironic if the military is protecting the identity of the person who gave up the personal info on millions of soldiers and vets.
How do we know it wasn't an "inside job"? We don't know if this guy is a criminal or just an idiot. I've heard that when you make something more idiot-proof, the world just makes better idiots.
I have worked for tech companies that had various security and ID badge programs, guards at the gates, etc., but nothing that would have prevented me from carrying a few CDs out in my handbag. I also worked at a place that entrusted lot of sensitive info to a vendor -- and the vendor moved all his hardware to his basement in a high-crime neighborhood.
s/US convoy/target/, IEDs are not and have never been restricted to Iraq, they've been used throughout the whole second half of the 20th century at least.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
He wasn't supposed to take identifiable data out of the facility, and if he did, it was supposed to be encrypted. The employee ignored his annual data security training, and sufficient barriers don't exist to force the encryption. There is a major data security storm going on around here, and it serves no good to blame the government when it's One Damn Fool causing the problems by ignoring rules.
It's like a postal service driver driving on the wrong side of the road, plowing into a family, killing everyone involved, and blaming USPS for the deaths. At what point do you trust an employee to do his job right? You want to build something into the mailtruck to make sure it stays on the right half of a road? How does he make left turns?
Dare to Hope. Prepare to be Disappointed.
re post rant: what do you mean "not only"?
I think the service personnel are MUCH more worried about being blown up or shot, than "whoops my credit rating got a bit low". So much so that I don't think it really adds to their problems.
Yeah it's a shitter but you can't compare someone using your name to apply for a credit card or a car loan, with being KILLED.
a government employee was allowed to walk out of a government installation
This is very misleading. Considering it sounds like he took it in electronic format, there are a TON of ways he could have taken this home and I doubt people are strip searched everyday they leave the office.
It is probably against policy to take these documents home without permission. So saying he was "allowed" to do it is very misleading...he was not allowed to do it, he was just a trusted employee who has security clearance (hence the trust) and he did something stupid.
I mod down so you can mod up. Your welcome.
As ever, with security, when it comes to sysadmins, you need to be able to trust the personnel, no only in terms of their integrity, but also in terms of their stupidity.
init 11 - for when you need that edge.
(most)Army civ employees are crap ... they make all contractors feel like cinderella (or cindarellus) for doing all of the work they [can't]/[won't]/[incapable of doing] while they rot on the vine. Tons of tax $$$$ could be saved by cutting these leechy turds loose.
-- if you mod me down, I will become more powerful than you can possibly imagine
People are focusing on the transgression of the guy putting this data on his laptop and taking it out of the building. In reality, you can bet the systems he was working on were networked and he could have accessed the data from his home directly. I'm not sure if there is a simple solution to this other than constantly making sure all data is encrypted wherever it is stored.
Deployed soldiers not only have to worry about their current condition, but they do worry about everything going on back home. The more worries back home, the more distraction from their current jobs, the more danger of making a mistake. Yes, I am a war veteran, so I know.
Soldiers with close family back home should be okay, as they can just have someone else monitor their credit. Soldiers with no family and little access to the Internet should be worried. The VA should at the very least give each soldier and veteran free online credit monitoring for the next couple of years.
Actually this is the best thing that could have happened. A complete failure in a system, potential for identity theft, and involving current/past service men/women. I am one of those by the way.
Why is this the best thing? Cause when troops are involved national pride actually works and things get done. People will flip out over this and they will finally fix it. Think of the children is first followed quickly by think of the troops. Now maybe they'll put the responsibility where it belongs. Squarely on the shoulders of those companies that deal with credit. Then I'll stop getting those calls for the new service that protects my credit and it only costs $14.95 a month. Make that free and actually go after these thieves instead of what they do now.
Everything about this post is so wrong.
First off, your last comment: "After this, how could one have faith enough to serve an inept institution?" was offensive. It's not that they have faith to serve an institution- it's they have faith and beliefs that they are protecting something of the utmost importance- YOUR FREEDOM!!! Having served in the Air Force and done my time in the deserts of the Middle East, I know first hand what those guys are going through over there. For some ignorant fool as yourself to question their faith, dissappointing to say the least. They are over there giving their blood, sweat, tears, and families to protect your freedom & you don't even have the common decency to say thank you. To get to the point of your story- yes there are protections put in place to defend information from falling into the wrong hands. But if you are an IT "Geek" you should know, the least secure of any point on a network is physical. If you can physically get access to data then that data can become vulnerable. Its not like you can let people see or copy data, but then wipe it from their minds, computers, etc. the second leave a restricted area. The government has their issues and it deals from the top down. But they need to hire more personnel in the concerned areas who know what they are doing. Too many times did I run into civilian contractors on bases who hadn't a clue how to properly setup and maintain a network. I only wish I had the opportunity to right some of the wrongs I have seen- i.e. civilian contractors collecting in upwards of $200,000 a year to work in a "Hostile" environment; and all they are doing is collecting a pay check AND NOT completing the tasks they need to. I have seen this FIRST HAND while in the Middle East. The civilian IT staffs at most bases there were incompetent; but still they were collecting the big checks. But that Senior Airman going around showing them what is wrong with their networks and fixing their problems for them- he only makes $15,000 a year- AND he is going to hostile environments to do it. You tell me where the problem lies.... it lies in the hands of people like yourself who complain about the "Institution," but do nothing to change it; except maybe vote the person in who has changed our country over the bast 6 years. THANK YOU!
"I will not Lie Steal or Cheat, nor tolerate among us anyone who does. Furthermore, I resolve to do my duty and live ho
This is a common misstatement made by those who think joining the armed services is about service to the army, or the navy, or the president. Joining one of the U.S.A.'s armed services is about serving your country, not the individuals in control of it. It's about protecting your homeland from invaders. It's about getting a shot at the brass ring of U.S. citizenship through sacrifice. It's about putting yourself on the line for your brother, your friend, your mother, your future, etc.
When I apply for a job in the states, I do so based on my ability to trust my employer to treat me responsibly. I would refuse a job that didn't pay well, or one where my employment would be degrading or unduly dangerous. Joining any military is a distinctly different sort of employment. It's an inherently dangerous job, one in which you can expect abuse from your employer, rigorous and painful training, and eventual combat duty.
So, in short, while this article is certainly a sign that our government is abusing our troops, one should honor those who do so despite the obvious risks inherent in service. Rather than wondering who would serve, we should wonder who would treat so poorly those who give so much. We ought (as in a moral ought) to respect and honor those who risk their lives to defend our way of life. We ought (again, moral ought) to hold in deepest revulsion those who abuse them, or send out the troops over petty personal desires and greed.
-GiH
"In an age where domestic phone calls are monitored, a government employee was allowed to walk out of a government installation with the data on thousands of American citizens to store on an insecure personal computer? Doesn't that seem strange to you."
No contradiction here, both are consistent with each other. Either way, it is because you have no privacy in the eyes of the state.
${YEAR+1} is going to be the year of Linux on the desktop!
I've done work like this, writing software that works with various sensitive data, millions of records, maybe even one of you, and I've done it from home.
However, my set of data was real data that was obfuscated, random names, SSNs, etc., generated, replacing the ones in the database. No real data was ever allowed to be exported off the database server, period. Only an SA could steal it.
That this wasn't done is just gross negligence on the part of the organization.
"how could one have faith enough to serve an inept institution?"
./ editors have enough of the spin and editorializing - especially when its egregiously wrong as it is in this case. How about getting an editor with some military background instad of the usual suspects? A little bit if diversity might help ./ avoid posters like the originator who completely misses the point of the article and instead tries to spin it politically (point is veterans records were taken via a moron breaking security at the VA, not some anti-military screed that the OP tries to spin it into).
I didnt serve the Army - I served *IN* the Army.
What I served was the American People, through their elected Commander in Chief, and the primary focus of the Oath I and others swear is:
to Uphold and Defend the Constitution of the United States
Second error bythe OP is the "institution" that lost the data was not the military per-se but the Veterans Administration, a cabinet level office that is seperate fromthe Army, Navy, Airforce, marines and Coast Guard,m etc.
When will
There Plenty of libertarian geek veterns out there who post here regularly - Rob, grab one and add some diversity to the editorial clique.
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo! http://goo.gl/J9bkO
I know that in this case more than social security numbers were taken. But this is a good spot to say that I would like the US government to publish, for free download, a list of all issued SSNs and their associated names. Then the banks, insurance companies, universities and so on will have to stop pretending the damn things are secret.
You're such a moron...The correct term is IUD = Intrauterine Device. These were around in the 1970s and you can even see a reference to it in the old "Saturday Night Fever" movie from that era. These things weren't 100% effective and there were problems with them.
Of course! Privatizing government functions lets the government get around that annoying thing called the "Constitution" (aka "just a goddamn piece of paper").
Similar to the upcoming US election results
No, I can assure you that it is 100% factual. This is just another example of gross government spendatures and negligence. This goes right up there with the time that Jimmy Carter attempted to trade rectal thermometers for hostages.
This is my sig. There are many like it but this one is mine.
I doubt "The Man" specifically engineered this failure. "...was allowed to walk out?" What kind of crap statement is that? He had a laptop and an external hard drive. I didn't see any mention of "His supervisor instructed him to copy sensitive data onto a personal computer..." Should everyone leave an hour early so the door guards can perform an extensive scan on their laptop? If they run across encrypted files, shoudl they require the keys, to ensure no secure data is being taken? If they have to check those files, then don't the door guards need very high-level security clearances?
Unless you want the government to perform a full cavity search on every employee capable of interacting with anyone who has access to secure files every time they leave the building, this sort of thing can happen.
All the procedure in the world won't make up for an unthinking -- or worse, uncaring -- employee worried about meeting a deadline.
That what was all this school was for... to teach us how to solve our own problems. -- janeowit
It takes less time to search for ied in google than to ask it here.
I know most people here don't know or care that there's a difference, but not everyone in the military is a "soldier". In fact, most of our service men and women are not soldiers at all.
but, as far as I know, the government is not only elected by the voters, it consists entirely of citizens.
It may sound like a left-field libral statement, but working for the country isn't working for the "dirt" of the country, it's working for the people who make up the country. There are a lot of folks (at the local level in smaller cities at least) who do believe that this kind of service (serving as mayor, working for the Dept. of Building Safety) provides something useful to people. Even at the federal level, a lot of folks at least start out with the idea that they will be serving their fellow citizens. I know of a good number of vets who had that same idea about being in the military. (Though as another poster mentioned, there were also a good number in it for the GI Bill)
From your post it sounds like you don't believe that there can ever be a justification for war. I suppose you'd deny it was worth fighting to prevent another 6 million Jews killed in the 40s? Peace in our time, right Neville? Or perhaps that when England invaded the US in 1814 we should have let them burn the entire country, rather than just Washington DC?
There are a lot of people who believe that it's possible to serve their fellow citizens by serving in the military (But probably not a lot reading slashdot, oh the horror of such a politically incorrect thought! Close your minds now, slashdotters). Whether those people serving in that way agree with a particular political decision that our duly elected leaders make is another issue entirely. Confusing the two (as you do) is nonsensical.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
This all comes down to being able to trust your employees. The government has a lot of poeple working for them, and it is impossible to make sure that every employee is doind exactly what they should. Maybe we can spend more tax dollars to get guards to search everyone before they leave and train them on how to look for information on computers. Then since we can't trust every guard we need to spend more to higher people to watch the guards, and more to watch the watchers, and more to watch the watchers of the watchers, and ... I think you get the idea.
I hear there are a lot of Service Memebers bringing a class-action against the VA in this case. Being a military member myself I don't get why. If you want to sue then get the man that took the info home. If you sue the VA and win then the VA is going to have to pay a lot of money out of its already decreasing budget. How will we get the good healthcare and other bennifits if the budgt is going to send every service member a check for $1.50. Let's face it class actions aren't very good at getting anyone money except the lawyer. I say we just look for the thiefs, who most likely didn't know that info was on the laptop, and put them in jail. The laptop has most likely been reformatted and sold at a pawn shop.
The greatest of all weaknesses is the fear of appearing weak. ->JB Bossuet, Politics from Holy Writ. 1709
Dr science posts to slashdot! He's not a real doctor you know...
Sig removed because it was obnoxious
Okay, not a ton of verts on ./, and fewer still have been in the past 10 years.
This is not a problem with insecure hardware, someone taking work home, etc. Thi6s is a much deeper problem.
Who knows what an access roster, alpha roster, or leader's book contains? Military style?
Who knows what it takes to do anything and what goes on almost every piece of paperwork you have to fill out?
Full Identifying Data, to include First, Middle, Last Name, Social Security Number, and often times Date of Birth go on all these. This problem is an issue with how the military identifies, tracks, and loves to have SSN's on everything it prints. Then, despite the best OPSEC plans if you are not in an MI unit with it's own burn bin set up for Classified and SBU (Sensitive But Unclassified) your information will go home with everyone, get thrown in the trash, and be available to anyone on post, and any personnel guy anywhere.
Identifity theft and risk for it is ripe in the military, and the issue is with the administrative and personnel system currently in place for the military.
YouStockIt - Education through Unorthodox Methods
"Layers of encryption and protected access was successfully bypassed"
So was your grammar checker.
Why yes, I AM a rocket scientist!
Here's how it happens:
The big problem is management, the people who make the big money to take responsibility, react more than proact. Security means vigilance, but it also means giving people the proper time to do their work within the procedures of security. In my life I've only met a few people who took day to day security seriously and made a point of not giving in when someone asked for a short cut, "just this one time."
Management as much as ever seems to attract people to the wages and not the actual responsibilities. Peter principal of some strip I suppose.
A feeling of having made the same mistake before: Deja Foobar
Someone stole a laptop. It would be wiped and sold on the street. 99% chance no one would be the wiser, the thief didn't know what he had. Now news comes out that there could be a laptop with tons of valuable info...thiefs all now look to see if they have the golden laptop! Another case where the news of the incident makes the problem worse. Lets make a big deal of this when someone actually knows they have this data and uses it for ill intent.
You are a total Tard.
Lay off the Soldier of Fortune II dude, and have some respect for the men and women who put thier lives on the line so you can sit there on a Friday night whacking off to porn, playing WOW and eating your Capt. Crunch (Not a true military officer, just so you know).
Unbelievable.
That's what happened a couple of weeks ago when the a huge data store of Veterns identity info from the VA went missing on a stolen laptop.. I mean you can't turn on the news with out hearing someone rant about this travesty. You only have to go to a VA hospital to see exactly how much Americans care about their troops.
I am sure the outrage over this one is going to be deafening. Just like the protests against the nazi fundamentalists who tried to get FOX to stop airing "Saving Private Ryan" on the anniversary of D-Day because they were offended by it. Jeez, why did they show back to back repeats of "House" last night instead?
In the meantime, I am going to stock up on Identity Theft and Volcano insurance.
This was different data, on the same damn laptop. I think the guy was in on it. Nothing else was stolen, just his laptop, which, oopsie! had not one but two sets of valuable data which were not supposed to be on it. Here's what I think went down:
Dude had some bad debts to some bad men. Said bad men approached him with a way he could pay them off. Just get data for ID theft on his laptop then leave it in his house and they would make it look like a burglary. Dude does so, and reports laptop stolen, but not the data on it. Later, after other Bad Dudes are off his back, dude has a change of heart and admits the data was on the laptop.
I know, never ascribe to malice or greed what can adequately be ascribed to incompetence, but I think the facts in this case are pretty damn fishy.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
After this, how could one have faith enough to serve an inept institution?
So, surely you've seen some of the great moments of the Commander in Chief that currently runs policy for the US military?
And this was the first clue in 6 years that it was an inept institution?
Oh, I get it now. Welcome back. How was Mars?
While you were away, Earth has been on the verge of total chaos in the absence of any remotely intelligent leadership, mostly thanks to the fundamentalist sheep that seem to make up the highly vocal minority of the human population.
Just to bring you up to speed, the most powerful man in the world has trouble stringing two coherent sentences together when a camera is pointed at him (which is almost constantly, unfortunately), and the runner up is widely regarded as being his poodle. This pretty much implies that the two most powerful military forces on the planet are pretty much running on empty in the IQ dept. As you will have guessed, this means nobody on the front lines is safe from any angle. Many of those on the "Home Front" are pretty much in the same boat.
So, while these idealistic, brave young men and women are trying to protect us in the "free" world, we're all losing the freedom they're dying to protect. You ever hear any of the stories where someone sets of a major alarm at one end of the city, then robs a gold repository at the other end when all the cops are away? That's what's happening here, only the gold being carted off is our freedom and privacy, and the soldiers are off dying in the wrong place for the wrong reason. Given the apparent incompetence of the world leadership, it's more likely being misplaced than stolen.
Well duh. Riddle me this: Whose more stupid... The guy who was making the obvious joke or the guy who was too dumb to realize it was a joke?
This is my sig. There are many like it but this one is mine.
>> After this, how could one have faith enough to serve an inept institution?"
Anyone living in the US does, not just those in the services.
I generally agree but have to add that when I worked on a Naval base, we had a very good set of govies, mostly software engineers (some with PhDs) who operated at a very sophisticated level of computing and were not just sitting around and rotting in their chairs. Even the management was good. In this case it was often the contractors that were mediocre -- we had the full range of really good contractors and some who were only good for dragging tax dollars out of the millitary. I think the difference here was that the job was interesting (meteorological and oceanic weather modelling products). Most people will sit around and rot when they are restricted by small minded bureaucracies. Everything was fine at this place until you had to request office supplies.
If secure information is in a room; nothing come in, nothing goes out. He shouldn't have had a personaly owned laptop near the place, much less a harddrive. I've worked in goverment building where, no phone, no radio, no ipod, hell no notepad, and I was checked, not my belongins since I couldn't bring in any. Anything less than a zero tolarance policy will not stop these failures of the goverment.
I think I just cashed out all my cool points.
Now, not only do service personnel currently serving have to worry about IEDs and being fired upon, but they are now subject to possible identity theft. A real failure. After this, how could one have faith enough to serve an inept institution?"
I'm in Iraq right now. Yes, we have to deal with IED's and being fired upon. And yes, having to worry about this isn't all that great either. But that has absolutely nothing to do with "serving an inept institution" as you call it. We don't serve an institution. We serve in the Armed Forces of the United States. I serve in the Army, and I don't think that the Army is inept. This isn't a failure of the US Army as a whole, but it was due to the indiscretionary act of one person. He violated OPSEC (Operational Security) and he had no business taking sensitive information into his personal computer. This is HIS fault, and I hope he gets prosecuted to the fullest possible extent under the UCMJ. So please, like the parent said, no editioralization is necessary. We serve because we took an oath. We serve because we are professionals. We serve because words like Loyalty, Honor, Duty and Courage mean something to us. It doesn't mean that it means nothing to a civilian. But I hate it when people assume we are nothing but mindless drones. I, personally, try to keep politics away from the military. Which is why I don't endorse any side of political debate, when speaking as a soldier. I'm here to do a job, and I'm here as a professional.
Sorry for going so far off-topic.
Vivin Suresh Paliath
http://vivin.net
I like
He's a retired vet.
Luckily for me, I served in the Canadian Army, and they take personal privacy a little more seriously up there.
It's a sad commentary when the supposedly most advanced superpower in the history of the world can't even keep personal data private for it's most advanced military forces.
-- Tigger warning: This post may contain tiggers! --
Improvised Explosive Device. DIY bomb, if you will. Nasty little fsckers.
:P (-_-) ;_;
I heard 'secondhand' that Gulf War 2 didn't have to have all the IED carnage.
In brief:
At the begining of Gulf War 2 there was an ammo dump over there that wasn't secured by
the good guys. So the bad guys got access to it first and cleaned it out.
Since then, the good guys have been paying the price for this oversight....
The IED'ers are using sound guerllia tactics. I recently heard that the insurgents don't
resort to 'sniping' from a concealed location because after the first shot or two, their
position is given away and a RPG could be forthcoming a moment later in retailiation from superior forces (the good guys). So with IED's you get the ultimate, deadly 'jack in the box' experience: you never know when one will show up next....
What is really 'mindblowing' is that the insurgent forces are killing their own countrymen with these things just because they want to help the 'good guys' out with this military operation (i.e. police station-based IED attacks).
9/11 and Gulf War 2 was/is nasty business--there are no winners....
I hate to say it, but having been a developer on big databases full of reasonably sensitive information this doesn't surprise me in the least. Operators & developers must have very liberal access to be able to perform their jobs, and they're far too often dangerously undertrained re: basic fundamentals of data security. "i have to run out, can I just leave you my password to check on this job status in 30 minutes?..."
I'm not exactly convinced that my freedom lies in a desert oil field or is protected by shooting innocent civilians in other countries.
Part of the problem is this likely isn't really considered secure information. Yes, there could be serious consequences if it were to be stolen, but it's the same basic data that thousands of companies and organizations currently use and have on file, where any warm body with a headset and two weeks training can view it.
Birth dates, social security numbers, and the like aren't government secrets or anywhere near the magnitude of something with a classification. It's simply "private." Just like in banking, where developers should never work with live systems, they must occasionally to see what sensitive, personal data is causing the problem.
The article is also unclear as to how the data was removed from the office, or whether the equipment stolen was personal or business use.
However, I do agree that better consideration and vigilance is merited in situations such as these.
That what was all this school was for... to teach us how to solve our own problems. -- janeowit
They don't want to serve an institution, and they didn't join in order to serve an institution, but let's get serious. Once someone is in, their job isn't to think up "what does my country need today?" -- their job is to follow orders. Orders which come from someone, who got their orders from someone else, up a long chain to..
That takes a hell of a lot of faith, faith so strong that it denies all observations of how political leaders get into the position to issue orders. Perhaps this spectacularly-idealistic faith is the the modern explanation for the proverb "there are no atheists in foxholes."
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Press reports say there was some medical information in the records(http://www.modernhealthcare.com/article.cm s?articleId=40022).
If there was enough to rise to the level of "electronic Protected Health Information" then the big guns of HIPAA swivel in the VA's direction.
Then the VA would be legally required to encrypt the data. (Of course, as with anything said about HIPAA, I'm oversimplifying. Encryption is an "addressable" requirement, which means you're allowed to say (with proof) "I can't do it" as long as you do something else that you can show is just as good).
"Official Use Only" does not *begin* to cover HIPAA requirements.
Provided that I was browsing google. I wasn't. I was reading slashdot so it took less time post my question. I think the onus is on the submitter and the slashdot editors to link things like IED to a definition or to use the acronym tag. Doing this would clarify what the article summary is about. IED wasn't a computer term so it stands to reason that I wasn't the only person who did not know what it meant. Also, by posting my question in the comments and then receiving answers, the definition of IED is preserved on the same page as the article summary. No one else needs to go google for the answer.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
IED - ID error correction. An error-detection code applied to each sector ID on a DVD disc.
It might also be the Institution of Economic Development, or an audio company named Innovative Electronic Designs.
Excuse me if I sound punchy, I'm suffering from TOS (TLA Overload Syndrome).
Ok, I'm off to sign my life and freedom away to fight and kill civilians in the name of your freedom. Are you proud of me now?
The stories regarding this matter keep referring to "data theft" and "stolen data". But while the laptop and external harddrive were stolen, the data itself was not. "Stolen" and "theft" only apply to cases in which the rightful owner no longer has possession of the item in question. So we cannot say that the data itself was "stolen", rather we must say that the rights of the righful data owners were "infringed", right? Indeed, if someone had obtained this data without authorization by hacking into the VA's computers (rather than by stealing a harddrive), then "stolen" and "theft" wouldn't apply at all. Am I right? No? I didn't think so either. ;-)
-- "I never gave these stories much credence." - HAL 9000
The news is that 2.2M Active Duty personnel data was also on the laptop.The previously reported story was about the 26.5M Veteran's Data personnnel was stolen.
Oh.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Almost good enough to be a movie plot. Dude buys stolen laptop for drugs, then finds it has multi-million dollar value for the data it contains. Suddenly, he realizes that everyone and his ex-wife will be looking for the thing, so he has to bump off the junkie that sold him the thing to cover his tracks.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
Many of the comments have been about the failings of the individual responsible for taking the data home. While this is certainly an important aspect, I think that the fact that service member personal data can be taken home is a bigger issue. Where was this data? Probably in a malformed spreadsheet on his work PC, completely unprotected by encryption. If we (the people) want to ensure that this cannot happen anymore, puch your duly elected representatives to enact legislation requiring any personally identifiable information be encrypted at all times. If the entertainment industry can see to it that I can't copy a CD, then certainly the government should be able to ensure that nobody can copy my SSN or other such info.
I worked in a IT shop in the AF for a contracting squadron and I must say that if it were up to me, the PC's would all have biometric stuff, no writeable drives (CD, DVD, Floppy), no open ports on the machine (USB, Firewire, Parallel, COM, etc...), and no printscreen button. This seems to me to be the only way to stop this sort of thing from happening.
Wow, that was good. But perhaps too well crafted for the humor impaired.
If anything this should show the American people just how bad of a problem managing stored personal information can be.
And the Feds want a lot more.
I am a vet and this makes me sick to my stomach.
Do you want the same?
Just support the warehousing of information without any plan, oversight or security.
For anyone to EVEN consider that anything that happens within the Bush Administration is not greed/power driven is to be completely beyond belief - unless you've been on the orbiting space station or trekking the Andes over the past 6 years.
Please, and forever more, always ask the next question.
This is the crucial aspect to analytical thinking: always ask the next question - understand the existence of cause and effect, but - never assume something that follows something else IS ALWAYS the effect (Post hoc, ergo propter hoc.).
Example: when those Spanish-language radio stations organized the national protest marches (while that NSA illegal spying was in the news), one should ask: Who owns those Spanish-language radio stations????
Another case where the news of the incident makes the problem worse.
I'm just dying to know what your criteria is for when something should and shouldn't be released in the media. When do you let the light escape that box? The more powerful an institution is (and therefore the more capable of harm due to misbehavior or ineptness), the less we should report about it? Seems to follow from your premise, doesn't it?
In terms of government accountability, the precedents for and implications of your position are disturbing as all get out. The obvious analog to "Don't report anything bad about [the war], it's only abetting the enemy" is the stuff of any totalitarian state.
You're confusing the role of reporters with that of propagandists.
"Fundamentalism" isn't about divine morality. It's about human authority.
Thanks for the chuckle, I haven't heard Dr. Science in years.
This is precisely why we need to monitor everybody's telephone calls and net communications... If we had been keeping tabs on this guy, we would have none he was violating the privacy rights of millions of our sevicemen.
With all the recent news of mass killings in Iraq, the sagging US economy, the problem with immigration and illegal immigrants, the news of congressional scandals, stories of massacres by marines, the NSA listening in on private conversations, and his own sagging poll numbers-- George W. Bush held a press conference to address these various concerns by US citizens who are afraid of losing their jobs, unable to get health insurance, afraid of government intrusion into their private lives and abuses by US marines in Iraq and Afghanistan, and identity theft stemming from the recent spate of lost personal data at the hands of government officials. Here is a link to the Press Conference.
It just seems curious that all these laptops are stolen when they have tons of personal data on them; there have been serveral cases in the private sector as well. It's almost enough to make one think that the "thieves" are getting too lucky here; wouldn't surprise me at all to find out in at least some of these cases either the subject was identified and followed in advanced by the thief or an inside accomplice fingered them when they had the desired data on the laptop or backup tapes.
What these theives really got was personal data the could easily be used to put 2.2 million people with security clearances in a compromised position, these people in government need to get paranoid, very paranoid.
Apocalypse Cancelled, Sorry, No Ticket Refunds
What about when the thief realizes that he has the addresses and ranks of almost every active member in the US military. Someone without any ethical standards would call up Al-Quaeda and say "Hey look, you want to knock of the families of every colonel and lieutenant in the nation? Here... it's yours for 20 million dollars." In my opinion, this is the biggest concern. Along with the people that are saying this is the best thing that's ever happened, claiming it demonstrates some hole in the government. I can't make any sense of that. I know the government gets a lot of things wrong, but it also gets a lot of things right, and thinking it's a good thing that 27 million people are now at risk of having their identities stolen or worse is messed up. That idea is just stupid.
My son was born with a Cu7 UID stuck to his chest.
Apocalypse Cancelled, Sorry, No Ticket Refunds
From the summary:
a government employee was allowed to walk out of a government installation with the data on thousands of American citizens to store on an insecure personal computer
Does anyone else see the adjective "insecure" in so many IT contexts and realize how funny it sounds? I mean, what are we to make of an insecure document? A document that is harbouring feelings of self doubt? That poor tortured little document -- imagine what it must be thinking: "Am I really a document? Do people like to read me? Does this file format make me look fat?"
If it weren't for deadlines, nothing would be late.
Perhaps you didn't notice, but the entire federal government got failing grades on their infosec security report card.
What percentage of companies would receive a failing grade on infosec security if they were held to the same tests and standards? Just a wild guess, but I would hazard over 90 percent. Not a month goes by without some business reporting sensative data loss, and it still happens, again and again. And be mindful that business have an easier time hushing up such things than the government. I saw an article a few days ago about how even HIPPA is being largely ignored now that the newness and enthusiasm has worn off
This loss was catastrophic and inexcusable, but it could easily happen to any private firm handling credit data too. As in this case, all it takes is one well meaning but stupid (and unlucky) employee to circumvent the rules and the world turns to crap.
I would guess that most corporations are less structured than the government in formulating and implementing policies. In fact, unlike the government, corporate policies are rarely backed by criminal laws. The worst a business can do is fire a negligent employee and maybe, just maybe, sue him, unless they can convince the local prosecutor that fraud was involved. The government can (and does) do all the above plus they can prosecute for simple negligence.
This guy, while obviously negligent and stupid, was probably not of malicious intent. He probably thought he was "serving the veterans" by working at home without compensation. Stupid and unlucky for him. As I said before "no good deed goes unpunished", but a more apt saying would be "the road to hell is paved with good intentions".
I think a larger issue than this one theft is that this same data exists out in the financial world too, handled by many outsourced companies and uncleared employees in a completely unregulated way. A better solution would be for Congress to nix this whole situtation by rendering SSNs usless for financial transactions by making it a crime for any firm to use or store SSNs **FOR ANY PURPOSE**, other than payroll tax collection for its own employees. The only people to whom your SSN should have any meaning and use ought to be you, the Federalis, and your employer. The credit agencies and data brokers would howl, but it should be done.
Speaking as someone who recently served in the military and now works as a defense contractor, the DOD and the VA have a huge problem with protecting the personal information of people that work for the agencies. Walk into any office on any military installation and I can practically guarantee you will find the names of people with SSN either posted on the walls or lying around freely on someone's desk. Unfortunately, DOD and VA track all their employee's data with a SSN, including things like security clearances and who's authorized in an area.
The stop-loss program has ceased? Then why was I held in Iraq and my home base after redeployment almost half a year past my ETS?
Let me be neither the first nor last to say that perfect security for a sprawling heterogeneous institution like the Federal Government is humanly impossible. Even if you have perfect algorithms (which you don't) and perfect code (which you don't) and perfect hardware (which you don't), you'll still have people who make honest mistakes.
What can you do? Try to audit every line of code and you'll still miss things. Do the most extensive background checks and you'll still miss things. If you require more training and paperwork, compliance issues take up so much of your time that you don't get any work done (and you'll still miss things).
Yes, there are problems and they need to be fixed. Yes, the government often deserves the bad grades they get from auditors. Of course not every mistake is honest, and there are some corrupt employees. But inefficiency, corruption, and idiocy creep into every large organization, and saying "fuck him" and calling people idiots is cathartic but useless.
What, for example, have you done in the arena of information security? Since this is Slashdot, you might very well be a security expert. But if you feel strongly about a secure federal government, why don't you try to make a difference instead of posting flames on Slashdot? But since this is Slashdot, you might very well be talking out of your ass. In that case, congrats on the +5 but please get a clue before flaming.
It's easy to call the government inept, and it never gets old. That's called a cheap shot. What improvements can you suggest? I agree there need to be improvements, but I don't consider myself so eminently qualified to deride others for their efforts.
--
"Extra Anus Kills Four-Legged Chick" -- Headline
(aka "just a goddamn piece of paper")
Excuse me, I believe you forgot to leave the religious aspect out of that...it should have read:
"just a damn piece of paper" -- of course we might still consider replacing the word "damn" with something that has less religious history (bothersome, etc.).
You know, THIS discussion is about an individual. I do have an improvement to suggest to the individual: ENCRYPT ANY DATA THAT IS SUPPOSED TO BE CONFIDENTIAL. This is not fucking rocket science, nor is it difficult, nor does it cost you anything but time. There is NO EXCUSE for not doing this. If I took a bunch of customer records from work (we have a database of about 65,000 casino players, many of whom have given us their SSNs so we can produce tax forms for them, or make a cash transaction over $10,000, or what have you) and lost them, not only would I be fired, but I'd probably end up slapped with some kind of lawsuit for exposing the business to liability - and I would deserve it.
As for suggestions for our government's IT departments, I'm sure I'd have plenty of them were I looking at configs. They obviously do a lot of stupid things. I won't bother enumerating possible fixes to problems that may or may not exist. But the best advice? PAY ATTENTION, and if you want to be secure, LISTEN to your IT guys. I've made security recommendations various places I've worked that haven't been taken into consideration, and on occasion they've paid for them later. (And no, not by my hand.)
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
This has nothing to do with the US military watching us. First, the computer belonged to a Veterans Affairs employee and not a US military serviceman or civilian. Second, if yor're referring to the domestic survaillance, all of the press lately is about the NSA and other civilian agencies. You do however bring up something that is quite interesting. The former East Germany was suffocated due to too much information. They had, according to some reports, up to one third of their population providing information on each other to the security services. They had so much information that they were overloaded and couldn't keep track of what was happening to themselves!
Oh kiss my fucking red white and blue ass. You haven't clue one about the hypocrisy you perpetrate. I was in Military Intelligence, my brother is an officer in the Navy with an Office in the Pentagon and my other brother is the head of the Army Reserves in the Midwest. And all of us having served learned one thing... you ARE disposable.
Anyone who believes in freedom and liberty haven't tried to be gay, athiest or of any ethnicity but white. When Virginia Beach passes no cursing laws on their public beaches, how much freedom of speech do you have? When your cops are trained at academys to practice racial profiling, how free are you?
You sir are not only ignorant but a deluysional jingoist.
This is my sig. There are many like it but this one is mine.
That doesn't mean that Microsoft makes it easy (the EFS stuff in NTFS looks pretty hokey and hard to use, and apparently isn't in XP Home, only XP Pro, and it's not clear from a few minutes' reading of the documentation whether you can tell it to encrypt your My Documents folder withough causing major chaos. (And yes, I realize that that's only part of what needs to be encrypted, and I don't trust MS's current crypto given how badly broken all their earlier crypto was, but at least it's a _start_.)) Linux/BSD? Multiple solutions are available and relatively easy to implement - obviously any secure data needs to be on a computer with a real operating system...
And the best security we've got in practice is that thieves or fences usually wipe the info on stolen machines to avoid getting caught, instead of realizing that it's usually worth much more than the stolen hardware. Encrypting or Multi-Level-Secure databases have been around for a while, but are still mostly researchy.
But Crypto's only a bandaid, and I say this as somebody who's been a crypto geek for a couple of decades. People who handle information need to think about what's sensitive and what's not, and design their databases so that nobody needs to touch sensitive data unless they actually need to touch the sensitive data. So Social Security Numbers (or your local government's equivalents) shouldn't be used as database keys, and Last-4-digits shouldn't be used as passwords, and Employee ID Numbers or Customer ID Numbers should be something entirely unrelated to SSN. That means you need a separate table connecting ID# and SSN that the Payroll department tax bureaucrats can use when they're reporting taxes, but which isn't accessible to anybody who's not handling taxes. And Medical Insurance account numbers shouldn't be your SSN, in spite of how convenient it is to all the large bureaucracies out there to start all conversations by asking for your Social. If HR needs to collect new hires' Citizenship ID#s when verifying that they are legally permitted to work in the country, or the Driver's License Bureaucrats need to collect it to verify that people who drive aren't "Deadbeat Dads" and don't speak Spanish, then that data needs to be kept separate from the less-sensitive data.
The Bush Administration and its predecessors in the military and civil service have put a lot of emphasis on "Know Your Customer" laws and requiring airlines and banks and employers and such to collect lots of private data and report it to them, maximizing the ability of everybody with a cheap Moore's-Law-Inside PC to do massive data mining, and it's going to be hard to undo all that infrastructure once we through them out of office - it's important to make sure that you can protect your own employees and customers and suppliers from accidental data loss, and deliberate theft, and planned or unplanned data mining.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
But far more important is thinking about what data needs to be used together and what data can be kept separate - that Customer SSN data of yours should be in a separate database, only used to generate tax paperwork, and not accessible to other applications (unless of course you're investigating fraud, which wouldn't be a totally surprising problem for a casino to encounter.) Not only should you not be taking it home, you shouldn't be keeping it near the less sensitive marketing stuff.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
- - whether they'll get shot at, or about
- - what country is going to do something stupid or dangerous enough to need attacking or defending, or
- - how often they'll need to be away from their families, or
- - whether their weapons will be reliable in whatever country they get sent to next (because weapons that work well in Northern Europe may suck in Vietnamese jungles or Iraqi deserts, and weapons that work fantastically well on Powerpoint presentations inside the Beltway somehow aren't the same when you take them out in the field), or
- - whether they'll get the supplies they need to do the job they've got to do, or
- - how to get their platoon to learn to stay alive while getting the job done, or
- - whether they ought to frag their bonehead lieutenant before he gets them killed, or
- - how to tell the REMFs back at the Pentagon that they don't have a clue what's happening down on the ground, or
- whether the recruiters who said they'd learn valuable new skills thought they'd get jobs improvising truck armor when they got back home to LA.
That doesn't mean that they don't care about their personnel data, especially if it affects their paychecks or promotions or pensions, but when they join the Army they pretty much understand they're joining the Army.And it's not like working for a bank or the Phone Company or a factory or a university instead gives you a lot of reassurance that your data won't get mishandled (or if it does, think again.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Article on new Seagate products was mentioned in today's Slashdot article on hybrid flash+disk drives, but farther down the article it talks about some laptop drives with built-in encryption. While I think that the OS really ought to be doing it, farming the job out to the disk is certainly a good start, and it's probably easier to use if less flexible.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If all soldiers just walked off and went home, the world would be a beter place. Since the US military is one of the biggest and certainly the most aggressive, the world would certainly be a lot safer if they just went home and did something productive.
But you are free to believe whatever propaganda your ministry of truth washes your brain with. After all you are in the land of the free, aren't you?
(And no, i'm not, and I don't know who capt crunch is)
This space is intentionally staring blankly at you
Yes, I do, although I do not believe in the concept of a 'soul'.
I have no pity for people that agreed to get paid to run a certain risk and that risk turns out bad for them.
This space is intentionally staring blankly at you
I served four years in the Infantry. My data is no doubt in the records that were stolen. I am not asking for pity from anyone. I do not believe in the concept of a soul either. I came from a family that knows that someone must protect our country from those who would do us harm. I have traveled the world and I know that there are many people who would like to destroy us. There will always be a quiet and vigilant group of people who will take the risks, carry the load, endure the pain, and give their lives so that people like you can have your opinions. Carry on with your rhetoric and anti-social rantings. Rest assured that when your in danger someone like me will come to your rescue. I will defend you, carry your load, ensure you are OK and send you on your way. I am an American, that is what we do. Take Care
I swear I didn't know it was loaded...
Yes, I am in the land of the free.
And there is always going to be some facist/extremist/dictator around the world willing to take over the weak.
Yes, the US military is the most powerful (not the biggest, that goes to China).
The last time we stayed home and did something productive, you were 2 seconds from flying an ugly flag, goosestepping, and taking German lessons. The protection we provide around the world keeps your Country's individuality and right to mumblings like the one above possible.
Again, have some respect for the protection, and freedoms that our servicemen and women provide. So next time you see one on your streets on leave, take them out for a beer and thank them.
Somehow that 'protecting' is always done in other peoples countries and the death toll is always a lot higher for the recieving party is always order of magnitude higher (most of them innocent bystanders that did not choose to take the risk) than the invading US army (that more or less chose that risk).
Your protection sounds quite similar to the protection by the mafia; both use a lot of needless violence to achieve their illegal goals.
And I am not American nor do I live there, Capice?
This space is intentionally staring blankly at you
That war you refer to happened 61 + years ago. I am much younger than that and I guess so are you. Do I owe you or your country gratitude for its actions back then? What about the first world war, or napoleons wars, or the English - Dutch wars or the Spanish - Dutch wars?
As for the fascists/dictators out there plotting to take over the weak: have a look in your own backyard and judge for yourself how your gouvernment scores on things like militarism, corporatism, rascism, corruption.
If you automatiaclly (or when challenged) assume that your millitary does a good job without questioning every move, then you are an ideal pawn to serve in your fascist state. Good luck with that.
This space is intentionally staring blankly at you
Do you support the military in your country of origin or is the anti-military stance universal? Are you a pacifist or just anti American military? The answer is seldom relevant as long as you can defend your view point. There are too many who rant endlessly about the results of American military action but have never actually been there to see the results. They choose to listen to what they are spoon fed by others and can develop extremely bitter attitudes based on information that they believe as gospel. They will not attempt to verify anything that they hear and assume that if it is anti American it must be true. This type of intellectual laziness if pervasive on our college campuses. If you have first hand knowledge it may be that you have been on the other side of American military action. I have seen the overwhelmingly positive response of civilians in other countries to the US military presence. While I also saw those who did not want us there they were in the minority and typically part of those were no longer in a position to cause harm to others.
I swear I didn't know it was loaded...
That is a really impressive use of statistics you show there. I wonder how things would look if you were not an american invader but a jihadis freedom fighter? Would american-friendly induviduals present themselves to them?
This space is intentionally staring blankly at you
I didn't present any statistics but did notice you had managed to avoid answering the questions posed. With no relevant evidence or personal experience to share you are unfortunately relagated to spouting the same theoretical ideas and "what if" scenarios I could get at any high school. I had read several of your other online posts and anticipated better. With that said perhaps you could share your ideal end point for the situation the US finds its self in currently? Would that be the destruction of the US entireley, enslavement of the population, or simply total humiliation and discredit for the last remaining super power? The US was attacked and 3000 citizens killed, what would have been the appropriate response? Do you believe forgiveness was in order? Were these Islamic extremists justified in their actions? If so how do their actions square with simlar actions in Darfur? I would be instested to hear a perspective that I cannot get from CNN, the BBC, or the office water cooler.
I swear I didn't know it was loaded...