Slashdot Mirror
Stolen VA Laptop Recovered
lancejjj writes "Remember how the VA was pinning the theft of 26.5 million veterans' personal records on a hard working-but-renegade employee whose laptop was stolen? Surprise! It turns out that the employee had written permission to bring the sensitive data home. Fortunately, the laptop has been recovered. It is still unclear how the laptop was recovered, or if any of the veterans' personal data was leaked."
Or a copy of it for publicity sake.
- Kal`Goblez
I believe it said on the FBI's report that it looked like the data had not been looked at.
Why, yes, I AM a Pagan Libertarian.
According to the FBI as reported by Reuters. The FBI said that the DB hadn't been accessed since the date it was stolen. Keep in mind, too that laptop thefts are no different than any other and the vast bulk are crimes of opportunity. So it most likely that the laptop was just at the worng place at the wrong time and the tweaker responsible had no idea as to its value.
If brevity is the soul of wit, then how does one explain Twitter?
"No, I think we'll let Delta Force handle this one."
Seriously, though -- why does it matter?
There is no way the thief who had it thought to himself "Hmm all these VA logos, some huge files with a bunch of names and 9 digit numbers. I obviously have nothing important here, I should just return this to the rightful owner." I mean it's not like this was all over the news or anything. Where would he get an idea like 'steal the identities of 26 million veterans'??? I know I can sleep a little easier (mostly because I was never in the armed services). On a more serious note, why aren't the headlines reading "VA wrongly accused employee of negligence, prepared to take full blame"? That seems to be the gist of this event.
Seriously. Attention any/all US federal legislators reading this: just mimic the EU on this one. It's a no-brainer and will win you the all-important geek vote.
there is no need to sign your posts. this isn't usenet. your username is right there above your post. stop it.
Surprise, surprise, surprise! Renegade employee? So when did the VA become a branch of the CIA?
Matters to me; my info might have been in the database. /. readership in general.
However, I agree. Old News, and not important to the
Why, yes, I AM a Pagan Libertarian.
They probably just put up a blog.
After discovering truecrypt, I realized how easy it is to have your sensitive data secured. Provided that the laptop doesn't contain spyware, only the person with password to the truecrypt volume can read it. After it's turned off, nobody else can.
And the hidden volumes feature in truecrypt makes it much harder to steal the data (not only you'd need the normal volume password, you'd also need the hidden volume password - IF there is a hidden volume, which you don't know).
I'd like to know how they verified that none of the data was accessed. Granted, it's highly possible that the thief probably had no idea what was on the laptop or may have been too scared to try selling that data, but I'd like to know that somebody with tech skills did the check. "Last modified" date doesn't mean the files weren't copied, and we never heard about anything else being stolen from the victem. There was a theft of Tricare (military medical provider... of sorts) server hard drives from a server room a few years ago. The geniuses said it wasn't a targeted data theft, but rather the theives had the intent to steal the hard drives themselves.
Yeah... sure.
"Common sense will be the death of us all"
Meanwhile, the Whitehouse published this memo last Friday. It's about time, IMHO.
One of the articles quoted the permission granting documents, saying that the analyst needed real SSNs for his work. I don't understand why that would be the case. Couldn't they have generated a fake list, verified that no two numbers were alike, and assigned a bunch of random names? It seems like the whole issue could have been eliminated from the start by doing this. Also, it's just shameful the way a bunch of middle-management types are trying to shaft the analyst when he's had written permission for ~4 years.
Meh, a real sig would take too long, and I have an MMORPG to play with....
Because one method involves Chuck Norris and immediate death for the thief. The other involves Charlie Sheen and about two hours of pouty looks and deadpan humor. We owe it to history to properly document this event!
Why? He had at least three written memos given express permission for him to do what he did. The problem here wasn't with the worker, it's with the policies and directors that signed the memos.
Meh, a real sig would take too long, and I have an MMORPG to play with....
Nothing appeared to be copied? Bah. What's keeping a would be data thief to boot up with a Linux distro, copy at will and shutdown the computer
.I use a utility called TrueCrypt on my computer. I don't use a Mac (I would if I had the money), but I think the Mac has a utility (built in to the OS to boot) that let's you encrypt the contents of your home folder. This utility (TrueCrypt) enables me to reserve a chunk of space on my HD and encrypt it. I'm pretty confident that if my laptop gets stolen, the data will be *reasonably* safe.
This is just a mix of bad infosec policies and worse OS.
the future is but past forgotten
Oh no, the best thing they could do is let him keep the job. He's the least likely person in the US to do this again. It would be different if he stole it himself.
You are checking your backups, aren't you?
Why dont you edit your front page display settings. You can select what type of articles are displayed, and who they're posted by.
-PB_TPU_40 The trick to flying is to throw yourself at the ground and miss.
That must have been some laptop. First thing that suprised me was "there have been 26.5 million veterans?". Next, even storing only "name" and "SSN" in a database is probably going to be what, 30 gig? 40 gig? That must be one tricked out laptop to hold all that. No wonder it was stolen in the first place.
You must have bought your account on eBay then. With a low-ish UID, you should know that /. has been this way a long, long time...
I got the letter stating my info was in there.
(Although I saw this article earlier elsewhere.)
Quality Hosting e3 Servers
That's funny... most other articles say that the data wasn't accessed... so no one's personal information was compromised. http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2 006/06/29/national/w085423D04.DTL
How exactly do they "know" that it hasn't been accessed?
Perhaps this was an organized gang, they could have booted off a live cd, mounted the hdd in read only mode, pulled the database onto the network and then set up a bungling thief to take the rap.
If you were working for the mob then that would seem like one of the best ways to pull this off without causing suspicion
If you dont find that laptop were going to need to pay out million in fee's and fines...
Oop. there it, setting in the corner. Laptop found and guess what no one bothered to look at the data. What luck..
Next, even storing only "name" and "SSN" in a database is probably going to be what, 30 gig? 40 gig?
Well, uhm, as a matter of fact: no. Add all the headers, padding, and indexing you want. It would pretty hard to burn up over 1k for each name/ssn pair. You're high by a factor of at least 10.
The laptop was recovered, and data has not been accessd (they think). That's not the point.
First, they cannot know whether the data has been read or not, since they could have simply copied the disk, sector by sector (as anyone with data forensics experience knows, FBI included).
Second, the fact that the data this time was not accessed is not the important thing. The important thing is that the security policy regarding this type of data is not tight enough. Maybe the next time a laptop is stolen someone will bother to access the data, or someone wanting to access those records now will bother to steal an employee's laptop, knowing that there's a good chance of it having confidential records.
This recovery of the computer does not make the data any less compromised, and it might be a very good excuse to close the case and fix nothing.
GPG 0x1B479C78
Read those EU laws. There'd be no need to go to the NSA for that data - the telcos, ISPs, and banks would already be handing that data over to the feds.
While dumbasses here in the US with Bush Derangement Syndrome blame it all on "Chimpy Halliburton BusHitler", they pine for laws that would do exactly the same thing.
The government ain't your friend, even were it to be a "perfect, progressive institution", whatever the fuck that would be. (Probably something involving kangaroo courts followed by swift executions - in the thousands. A la Che Guevera....)
It sounds like a coverup to me. They never found that laptop, and if they did, it wasn't the one that was missing. I bet after a whole bunch of politicians got in hot water over this story when it first broke, they quietly orchestrated a nice plan to sweep this mess back under the carpet where it belongs! While this case quietly goes away, the real issues (data security, privacy of sensitive data, etc, etc, etc) do not have to be addressed.
The employee had permission to access social security numbers. The employee had permission to take a laptop home. The employee had permission to use database software at home.
The VA still contends that the employee did not have permission to put the social security numbers on the computer and take it home.
Look at the timeline. He gets permission to access SSNs in February. He gets permission to take a laptop home in September. Sometime during the year he got permission to use a database program at home. It still sounds to me like he took a little personal initiative to take the SSN database home.
Still, the whole affair was handled pretty damn poorly, particularly the delay in reporting it, among other things.
-h-
Try 504MB (Assuming 11 char name - average, and 9 digit SSN). Even a MS Access DB wouldn't use THAT much space. Or rather, a MS Access DB would use that much space
Suppose the laptop owner had some bad gambling debts. Suppose the creditors involved offered him a choice: steal us some names for our ID theft operation or you sleep with the fishes. Laptop owner gets permission and brings the laptop home, leaving it in plain sight with the porch light on while he goes to get some smokes. He comes back and Horrors! the laptop, but nothing else in his house, is gone. The thugs take the hard drive out and image it, spend some time verifying that he didn't give them a bogus list, then unobtrusively return it. Everyone assumes the names are safe and goes happily about their business.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
What is needed is a far more positive identification system. Granted, it might be a piss-off to not be able to get instant credit to purchase that new thingamabob, but as things reach unmanageable proportions, something has to be done.
Never, EVER steal a piece of hardware for info without returning it(after taking the info).
It will be interesting to see the public's reaction when 26.5 million SSN are posted tommorow on a blog.
Actually you don't have to have your tinfoil hat on too tight to believe that.
The situation you describe is not at all unlike how the mafia cargo-theft operations run (or used to run...the people I know are all ex-OCTF types). Basically they'd find some truck driver who had a gambling problem, and make him a deal: he parks his truck at a certain rest area on a certain night, and goes into the restaurant to have dinner. When he gets out, his truck is missing. Sometimes they'd even arrange it so that the cargo in question that night would be particularly high-value (load of VCRs, whatever), or easy to fence merchandise.
The key question in the data-theft is whether or not U.S. organized crime is really involved in large-scale identity theft, to the point where they would have wanted to get their hands on a laptop full of data that badly. If you think that they are, then the whole scenario doesn't seem totally implausible.
I'm fairly confident, however, that the FBI is probably looking down this angle -- it's not really that hard a thing to imagine, so I expect that they're going through the employee's finances and everything else, seeing if there's some way he could have been compromised.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
bear in mind that the databse would be saving the max length for the name field, which is probably eith 50 character or 255 character. 50 would be a good number if you need to set it, 255 would probably be the default.
the SSN field may need 11 spaces if they are storing the dashes.
of course, the database probabable hade more info, like address, phone, medical ID number, Insurance info, spouse info etc . . .
The Kruger Dunning explains most post on
Did they find that the laptop was under a stack of TPS reports at the office the entire time?
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
"This is really just my final fairwell message."
/." /.
HUZZAH! another whiner gone.
"RIP
your the one thats leaving, not
RIP looser.
The Kruger Dunning explains most post on
My data just happened to be on that hard drive, so I am a little upset about it to say the least. We in the armed forces have been told that the individual was definitely NOT supposed to take that data home. It even says so on the VA website reguarding this incident. http://www.firstgov.gov/veteransinfo.shtml If he had written authorization to do so, then that is a completely different story, and all of us that were affected should be even more angry. There are procedures in place for bringing ANY government property home; whether it be DATA or PHYSICAL media. Especially privacy act information.
So which is it? He was or he wasn't allowed to? It is a bit too convenient for my taste that the laptop was recovered so magically and with the data intact.
This kind of back-and-forth "truth" on these kinds of issues gets very old very fast.
Smells fishy...
Can you get around it? Of course, however that requires someone who knows what they are doing, and plans accordingly. If they are poking around randomly and open a file, the accessed date gets updated and they can't roll it back to the original date.
So how much faith do you put in it? Well you look at the circumstances of the crime. Does it look like it was a targeted hit, to get this specific laptop and data, or does it look like a normal theft of opportunity? If it looks like a normal theft, the accessed dates are probalby highly reliable. You aren't dealing with computer pros, they want the laptop for it's hardware value, not for what it might contain.
I'm very skeptical that he needs access to "real Social Security" numbers. If they were doing application testing or statistical analysis on the data, they could have anonymized the data before copying it out of the live environment. 27 million records isn't an impossibly large data set (especially if they fit on a laptop), so it shouldn't have been too onerous to do. There's rarely any reason for a developer to be looking at protected data unless they're diagnosing a bug in production.
Excellent thinking. I believe the same applies to airlines with accidents...according to laws of probablility alone, it is almost impossible for an airplane crash to occur more than once with the same airlines during the period of, say, a month. They become the safest airlines on earth after an accident.
It sounds like a coverup to me. They never found that laptop, and if they did, it wasn't the one that was missing
Does your specially-formed tinfoil apparel help you to know these facts? The scoop is that someone turned it into the Baltimore FBI office, and they're keeping it quiet because the $50k reward was part of the picture. Their forensics people were the first ones to look at the machine, and that's what they do all day.
More likely whatever ever idiot looted the house and took the portable fencables really didn't know what to do with it, and probably saw the government markings on the machine later. Not something you can put on eBay or take to a pawn shop. And people like that are in the habit of asking their equally ass-hattish what friends to do with something like that. Obviously one of the more enterprising ones is looking to turn it into $50k.
Don't disappoint your bird dog. Go to the range.
Modern DB's don't have an internally fixed width (zero fill); that went with dBase. Also anyone that programs with 11 spaces for SSN is a moron. Oh, we are talking about the government here... Guess you are right on both accounts.
"Please ensure these safeguards have been reviewed and are in place within the next 45 days."
Not gonna happen.
Major policy changes don't happen in 45 days.
They just don't.
[Fuck Beta]
o0t!
Ok, I might be in the minority here, but I'm assuming that this was no conspiracy or well-organized hit to access veterans' SSN's. I'm guessing the perpetrator was some dumb teens or twenties punk who broke into the house looking for something he could sell for a couple bucks. This run-of-the-mill type would barely be able to use the laptop he stole to check email and play solitaire, let alone transfer files without leaving a trace of file access. Imagine his face, when flipping through the TV, he sees an article on the computer sitting in his trunk and thinks, "Hey, that looks like the place I jacked last night... wait a minute, that IS the place I hit! National news! FBI investigation! $50,000 reward for my ass ... crap!" Ahhh, priceless!
Quick question: What is the difference between a SSN and a guaranteeably unique generated string that can be associated with it in a protected database? Answer: Effectively, none. I don't see why anyone who is not actively interacting with the owner of a SSN should have access to the number itself. I do not need or want to know the passwords of the users on my system, I just need to have an effective means of (relatively) guaranteeing the security of those passwords and resetting them when desired. Both can be accomplished without seeing it, I see no reason for SSN's to be different.
Slashdot: Where anecdotes and generalizations can be freely substituted for facts, logic, or intelligence
The situation isn't over yet.
I, too, am pleased with TrueCrypt; the cross-platform feature allows removable drives to be interchanged between my (k)Ubuntu Dapper systems and my wife's Win2k system (she refuses to use WinXP). Finally we can easily store something on a CF card, pull it out and not worry about data being stolen!
6 7&highlight=truecrypt
Unfortunately, this does not work on our laptops at work; I am being coerced to use WinXP at work (damn you!) without admin privileges, and TrueCrypt refuses to install without admin privileges.
Does anyone know a workaround for this? I recognize that it's probably unlikely; if it works without admin privileges, it's probably not that secure.
Before anyone suggests that I ask the IT department of our firm: I already asked if it was okay to install certain programs. "Like what?" they asked. "Firefox," I said. "What's Firefox?" they asked. So that pretty much nixes that idea.
I did notice that GPG and WinPT install okay without needing admin privileges, so I am able to have *some* form of encryption, but it is non-ideal for various reasons.
Btw, for those of you using Ubuntu Dapper, here's a web page on how to install it easily. I ended up compiling (pretty much my first time compiling anything), and it was easier than I thought.
http://www.ubuntuforums.org/showthread.php?t=1993
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
Would this be an issue if the VA started using Apple MacBook Pro systems with FileVault turned on?
FileVault secures your home directory by encrypting its entire contents using the Advanced Encryption Standard with 128-bit keys. This high-performance algorithm automatically encrypts and decrypts in real time, so you don't even know it's happening.
Those who laugh at you for you having a Mac.. are the people who constantly call you to fix their PC.
1) "had approval as early as Sept. 5, 2002, to use special software at home that was designed to manipulate large amounts of data."
Nope, that's not explicit permission to have confidential data at home.
2) "A separate agreement, dated Feb. 5, 2002, from the office of the assistant secretary for policy and planning, allowed the worker to access Social Security numbers for millions of veterans."
Nope, that's not explicit permission to keep that confidential data unencrypted on his PC, much less to take that confidential data home.
3) "A third document, also issued in 2002, gave the analyst permission to take a laptop computer and accessories for work outside of the VA building."
Nope, that's not explicit permission to take confidential information home.
Perhaps he was given permission, but you sure can't know that based on what was reported.
As long as I don't get an activation letter in the mail telling me to report to duty. ;) (notice the wink guys I have my DD-214 very handy)
Funny I have moved 4 times since I have been released and they managed to send the letter to my currrent address.
I guess I am tracked through my tax returns.
how about an insurace company that converts SSN into ID numbers by shifting the hyphen?
Apocalypse Cancelled, Sorry, No Ticket Refunds
Yeah, but the laws of probability aren't what actually makes it safer - the first was just as unlikely as the second.
What makes it safer, both in this case, and maybe also with airlines, is the guy getting extra paranoid after there's been an accident.
We've secretly replaced Slashdot with new Folgers Crystals - let's see if it notices.
Will they let you install VMWare player, Qemu, or something like that?
The 26.5M figure quoted is possible. The VA info quoted also suggests that data on 2.1M active-duty military folks was stolen. Take that figure and subtract. You get 14.1M vets. Now the US has been in the following wars since independence:
*Revolution
*War of 1812
*Civil War (I'm not sure if the VA tracks Confederate vets or not)
*Indian Wars
*Spanish-American War
*WWI
*WWII
*Korea
*Vietnam
*Grenada
*Panama
*Gulf War
*Somalia
*Bosnia
*Kosovo
*Afghanistan/GWoT
*Iraq
Now let's assume the VA has digitized names and SSNs since WWII. Take the wars since WWII and find the figures of those who served and subtract from those who died. Add all of those figures. With that number, you will find the 26.5M figure quoted by the VA is possible, many times over.
Support the Chagossians
checks for affected veterans. bush is going to take money out of food stamps and education to pay for it.
He's not going to cut any of the huge tax cut he gave his billionaire buddies. Kids will have to pay for it.
What an asshole!
I do not believe for one minute that they found the laptop.
photosMy Photostream
That they were actually using a Microsoft Access database. Hey, I guess it finally paid off that the "modified on" date gets updated everytime you open the file, regardless of whether you actually modify anything. Hooray for Microsoft bugs! ...I mean undocumented features!
If you can read this sig, you're too close.
Statistics got their counter example too.
As this rule does not apply to Japan Air Lines. They tend to live in an alternate reality.
At one point in March I was thinking about making a website called "Jal Weekly Blunder". Not a single week without a plane loosing some stuff in midair, blowing a tire, or opening a door inadvertantly.
Better than a ride at Disneyland.
Wow. Thanks for the reply. I was expecting no replies, or perhaps some snarky replies about "of course it wouldn't be possible". Thanks also to the uncle poster for letting me know about Puppy Linux. Brainstorming in a geek community does have its merits.
In response to your question, no, they won't let me install anything, but that hasn't stopped me from installing Firefox, Servant Salamander, VideoLan Client and IrfanView (software I know from my Win2k days; there's probably better stuff out there now).
I've also installed a bunch of other things that were defeated their firewall, which apparently only lets through packets to Port 80 or Port 443, and even then only HTTP packets --I couldn't ssh into my home server via Port 80. They even tried to bloody filter out my use of webmail. Fortunately, their firewall doesn't detect the webmail system that I happen to use.
But I don't intend to stop trying to push the limits of their firewall caging me --when I get around to it, I'm going to figure out some sort of https passthrough so that I can get into my home server.
If VMware or Qemu don't need admin privileges to run, then I have no problems installing it.
In fact, if they didn't put in a disk encryption system to encrypt the entire hard drive, I'd probably be trying to crack the WinXP admin password. The disk encryption is one thing they did right: on bootup, the encryption system needs the login and password to decrypt the disk so that WinXP becomes detectable. Only then does WinXP boot. This would have solved the problem of the VA laptop being stolen (to bring things back on topic): if my laptop is stolen, it's highly unlikely that anyone would be able to retrieve any data from it. I'm not sure if Puppy Linux would be able to help me because of the disk encryption system.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
A third document, also issued in 2002, gave the analyst permission to take a laptop computer and accessories for work outside of the VA building.
CYA.
I hope he sues those bastards
Well actually:
IF x is the probability that an accident will occur in any airlines per month, and there are y airlines, then x/y is the probability My Safe Flyers will get a crash any given month.
Lets call this value Z.
Now the probability of the same incident happening again this month is Z*Z (assuming nothing has changed), and since Z is much less than 1, the number gets really small.
Right? (Its been a while since the probability course:( )
We're not there yet. I think people talking about it in these extreme terms makes it hard to discuss the issue as it is.
I cried real tears when Li Mu Bai died.
Oh Forrest!
How do you find out if a data has been accessed ?
Or if the disk has been bit-copied ?
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
The probability of the same incident happening again is still Z. The other Z already happened, so the probability, after the fact, of the first incident having happened is now 1. (Certainly it has been a while, since you cited the gambler's fallacy as a serious theory)
.25, right? wrong.
In other words:
If you flip a coin and it lands on heads, the probability of it landing heads again when you flip it a second time is
We've secretly replaced Slashdot with new Folgers Crystals - let's see if it notices.
please
I did have a VA loan for my last house, so perhaps that's one way to find me. I don't remember if the SS Statement came to the apartment address or the house address. It's kind of scary that I'm so easy for them to find. Who should I fear, the thief or the government?
Ops, I shuld have usd the prevuwe but in.
It wasn't on the news for a while, so it stands to reason it had already changed hands. I wonder if there was a finders fee? I have a coworker that had his truck stolen. The next day it was spotted near our work site and somebody let him know. (The idiots didn't see the parking hang tag?) Anyways, the truck had already changed hands and had already become either a meth lab or meth RV. (It was a suburban) In one day, it was traded for drugs and smoked in. It was nasty. Sometimes you don't want the car back. I think the final recipients of the laptop probably had clear signs of what it was and got real nervous. You don't want 26 million veterans angry at you.
Ops, I shuld have usd the prevuwe but in.
What I'm wondering is: Did the laptop have the information on it or did it have a "secure" connection to the database. Typically, people who work from home are on some kind of network. That might be worse than if the info was on the hard drive.
Ops, I shuld have usd the prevuwe but in.
I want on the lawsuit. Does anyone know how to get on it?
Ops, I shuld have usd the prevuwe but in.
In partial response to the theft,the VA recalled all laptops, which had been issued for remote access to the VA internal network, for the purpose of adding encryption and verifying the hard drive contents. It was reported in Congressional testimony yesterday that since the VA has had several class action suits filed against it, there is now at least one injunction against them prohibiting any change to the laptops as that might be destruction of evidence.
So the probability of getting 100 heads in a row is the same as getting a mix of heads and tails?
:)
We are both wrong, because it is a time function(in the airlines case, a continuous graph). It's not exactly p^2, but I was closer than you
The 26.5M figure quoted is possible. The VA info quoted also suggests that data on 2.1M active-duty military folks was stolen. Take that figure and subtract. You get 14.1M vets. Now the US has been in the following wars since independence:
Boy your math is bad. Really bad. 26.5M minus 2.1M is 24.4M. How you got 14.1M out of that is beyond me. Also, consider that Uncle Sam has admitted he honestly doesn't know how many WWI veterans are still alive (a web search on WWI vets USA or something similar will get you the VA site where they admit that) and that there are no living veterans prior to WWI. So we don't really need to worry about counting WWI vets to get a decent total, but given that Uncle Sam can't even count our living WWI vets, it does make me wonder if any of the US government figures for numbers of veterans are anything more than just a guess.
Nah, the second plane doesn't know anything about the first plane, so it's chances of crashing are the same.
The only thing which would make them difference is the first crash affecting the system that governs the probabilities on all crashes, which is does. For it not to would be equivalent to an airline having no response to one of its planes crashing - no schedule change, no maintenance reviews, no nothing. Probabilities doesn't play a role in this change in chance.
You are checking your backups, aren't you?
Nah, this one's off too. Having turned up heads 99 times in a row, the probability of getting 100 is 50%. I.e., the last 99 throws don't affect the probability of the next throw. That's th gp's point.
You are checking your backups, aren't you?
The probability of getting 100 heads in a row is the same as that of getting 99 heads and then a tail. or of getting 5 heads, followed by 3 tails, followed by 2 heads, followed by 18 tails, followed by 3 heads, followed by 7 tails, etc for a total of 100 tosses.
The probability of future events isn't influenced by past events unless there are forces outside the laws of probability themselves (like the guy getting extra paranoid in the example we're already two analogies away from) that cause it.
We've secretly replaced Slashdot with new Folgers Crystals - let's see if it notices.
Don't get me wrong...I'm not some conspiracy theorist arguing that the government is arranging an elaborate cover-up.
But look at it this way.
A common burgler breaks in and steals the laptop.
Even if he doesn't realize what he got, when the news reports come out, either he, or someone that he unloaded the laptop to realizes what they have.
They call one of their computer buddies for help with the situation.
The computer guy uses one of a number of techniques to get the data off of the hard drive without leaving an indication that the data was accessed.
Now they have the problem that due to the publicity, etc...a lot of the veterans are going to be taking measures to protect themselves from ID theft. If too many people protect themselves, then the data is too difficult to use and becomes worthless.
The best thing for them to do therefore is to "return" the unaccessed data giving everyone affected a false sense of security.
Then they can use the information they have stolen much more easily....
Dunno, just my $0.02
Meh, I can't believe we're doing this.
You made a good point by traversing the tree like that, but everybody is missing the point: 100 heads in a row is a low probability (just like alternating heads/tails etc) compared to the total of all other possibilities for the same number of events. When I say it is unlikely that 100 heads (or 99 heads and a tail) are obtained, I mean that out of the 2^100 possibilities the occurance of this pattern in particular is not distinguished, and thus unlikely (1/2^100).
The burgled guy/airplanes example is far more complex because the probability distribution equation is different. I think is is geometric with respect to discrete time periods (i.e event is a day, probability of accident occuring increases with total days passed due to influences like paranoia).
I am arguing that even if no external influences apply, the case can be simplified to heads and tails scenarios, except you can think of the coin as a shape with thousands of faces(airlines), and the proability of an accident to occur in any of them very small to begin with.
Man. And I thought analogies were supposed to simplify things. I'm gonna drive next time.
yeah - but (if we assume there aren't other influences like paranoia), the probability of an accident happening tomorrow, though quite small, is no less if there was or is not an accident yesterday. That is, the laws of probability themselves don't cause any difference (casinos love people who think they do, they tend to be real suckers at the roulette table).
We've secretly replaced Slashdot with new Folgers Crystals - let's see if it notices.
The big question for me is, why was there any data on the laptop in the first place? At my company our laptops merely have client programs that can access data on servers only when the proper passwords have been entered. If a laptop is stolen it is only valuable to the thief as hardware; no data exists on the hard drive. I find it absolutely incredible that this sort of information was actually resident on a laptop drive.
Thanks for correcting my math. My math skills have been fscked up for years. Minus the vets of WWI and before, I still think it's possible that 24.4M vets have served, but since records are pretty thin at least, I think there is no way of knowing for sure.
Support the Chagossians