Census Bureau Loses Hundreds of Laptops

Billosaur writes "According to CNN, The U.S. Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau. According to Commerce Secretary Carlos M. Gutierrez, 'All of the equipment that was lost or stolen contained protections to prevent a breach of personal information.' This comes after the fiasco involving the Veteran's Affairs Department's loss and eventual recovery of a laptop containing 26.5 million veteran and active-duty records." Given the scope of the operation, are these losses to be expected or is this an example of poor government security standards?

Heh.

[TheSHAD0W]

Don't consider them as "lost resources"; consider them a "job perk"...

Re:Heh.

[Impy+the+Impiuos+Imp]

Seriously, I'm sure the vast majority were just census takers who never returned them, and, hey, nobody ever came and got it!

Re:Heh.

[coolgeek]

Absolutely this is a case of employee theft. I think we should be writing our congressmen demanding an investigation, no way those bastards should get away with taking a perk at our expense.

Re:Heh.

[Otter]

Given that 1) they have a massive short-term workforce of census takers and 2) I doubt they were giving them 1999's highest-end hardware, I can't get too worked up about this. What would the government do with a slightly higher stack of Pentium 120s, build a bigger Beowulf cluster? As long as there was no privacy violation, this doesn't sound like such a bad loss rate for such a huge project.

Re:Heh.

[compro01]

i would definitely say that is a distinct possibility. actually, i would say that is the most probable (not to mention least worrying) version of what would have happened to the laptops.

Re:Heh.

[Mr+Pippin]

Hmmm, how many were "stolen" by the TSA goons? Is it still considered "lost" and/or "stolen" if the government steals property from itself?

Re:Heh.

Now if they could just lose 200 more...

Re:Heh.

[Jeff+DeMaagd]

I'd like to know if there was a proper argument made such that they needed to haul around sensitive information on their person. In the VA situation, why a computer needed to have the entire database of veterans is beyond me. I don't know what type of jobs in the Census Bureau need a notebook computer, I can imagine that some of these employees don't.

Re:Heh.

the worst part is, if it was them, those so called "security measures" will mean nothing since they will have the access codes anyway. let's just hope they decided to delete all of the census junk so they could have more room for the torrent porn and music.

Re:Heh.

[InsaneProcessor]

Your Government in Action! A corporation would never take such a loss. Until this and other waste stops in the government, I am going to stop paying taxes. It is not right that I should be forced pay to line other's pockets.

I dare the IRS to come after me!

Re:Heh.

[krakelohm]

Well yea because if your stealing older equipment then its alright... right? You also have to take into account that they might not be the high end equipment but the would our could be used for many more years... our tax money at work replacing stolen equipment.

Re:Heh.

[Otter]

Well yea because if your stealing older equipment then its alright... right?

Err, no. Not sure where you got that from.

You also have to take into account that they might not be the high end equipment but the would our could be used for many more years... our tax money at work replacing stolen equipment.

Again, these are census takers' computers! They're not being replaced, they'd just be sitting in a warehouse with the other hundred thousand they did get back. Even if they could be dusted off in 2010 (and it made economic sense to do so) -- how much money should the government spend on recovering every last laptop that you could replace on E-Bay for $20? Getting 99% back is plenty good for a project of this magnitude.

Re:Heh.

[treeves]

Insightful but jaded.
It's not just a security issue, it's a waste of resources. And it probably represents just the tip of an iceberg that we happen to be able to see.
Over the last five years, let's estimate the average price of a not-so-high-end laptop (let's be optimistic and assume they were being frugal) was $1000. This represents a loss of well over a million dollars - just in the hardware - not to mention the data, labor for replacement, etc. And parent thinks it's no big deal, something to be expected.
If they were giving laptops to every short-term census worker to begin with - what a waste! A PDA with the right software would be more than sufficient to do the data collection the census involves, wouldn't it?

Re:Heh.

Disclaimer: I work for Census.

People interviewing in person need a laptop to read and record the answers. (Some surveys don't work very well when done on paper.) That's the bulk of the laptops missing.

And I happen to be familiar with the standards we use - all the Title 13 data are encrypted at every shut down, the password has to be reset regularly, and the password rules are quite stringent. I've locked myself out of those laptops on more than one occasion, and I *am* an authorized user.

Further, a given laptop probably only has survey data for a couple dozen households at most - maybe a county map with addresses and householder name, but that's it. We do not collect social security numbers in any survey I'm aware of. People here care very much about losing data, and though these numbers are high the damage should be minimal. Not that I'm proud of us losing that many, of course, but I'm glad we take all the precautions we do.

And as people above said, it's likely most are ones that weren't returned at the end of an employee's appointment. Of course that'll defeat the security restrictions, but only until they forget their password and can't reset it (trust me, it happens quick).

This isn't quite like the VA situation at all, fortunately. It's not good, mind you, but it's not quite as bad as the VA's laptop.

Re:Heh.

The Census bureau runs lots of non-comprehensive mini-censuses all throughout the time between the Big One every ten years. During the 2000 Census laptops were not or were hardly used. They laptops under discussion are probably mostly newer ones of at least P III 1 GHz or better.

Not a major problem in an ideal world

[Rude+Turnip]

If the Census Bureau only asked for number of men, women & children living in a domicile...and left it at that, like they are supposed to, there would still be an outrage over this loss, but the damage to privacy would be far less.

Re:Not a major problem in an ideal world

[2short]

Where does this meme come from?

The constitution says only that there must be an enumeration every ten years "in such manner as [Congress] shall by law direct.", and there's certainly no prohibition on asking other stuff at the same time. So congress has by law (specifically, US Code Title 13) directed that the Beareau should collect a eclectic stew of information. Some of which is obviously essential to making good public policy and some of which apparently sounded good to someone at the time. The latter tends to get repealed. But in any case, at any given time, what information to collect is spelled out in law. The census beareau asks what that law tells it to ask.

what kind of protection

[CastrTroy]

'All of the equipment that was lost or stolen contained protections to prevent a breach of personal information.'

I would like to know what kind of protection is being used. Is it just password protecting windows? encrypted hard drives? This kind of blanket statement doesn't really tell me much about how safe the census data really is.

Re:what kind of protection

[phybere]

They *should* be encrypting all sensitive data on the drive with some highly secure encryption. However, it's the government. It's only our personal information, and we're only citizens so it doesn't matter how many laptops get stolen, or how much of our information ends up in the wrong hands, right?

Re:what kind of protection

[zolaris]

Professional response:

Well for those particular I can't say what is on them... however moving forward everything should be encrpyted as per OMB Memoradum M-06-16 [whitehouse.gov]. But there is no guarantee for the timetable. Simply having the requirement sometimes does not ensure that it is done.

Personal response (warning not affiliated in any way with US Government or policies):

They were probably just password protected as I remember that being on the NBC news story this morning... and we all know that Windows passwords are a joke to break.

Re:what kind of protection

[ecuador_gr]

I bet they had a Win 95/98 Password.
You know, the uncrackable ones, unless you are a "well-versed hacker" using a keyboard with a functioning "Esc" key...

Re:what kind of protection

[cyberfunkr]

They use a double encryption method.

All data is run through a ROT13 encryption method twice.

Re:what kind of protection

Census Employee here:

They use Entrust encryption with a Novell network login. I've gotten locked out several times, and I think they're pretty secure.

Also they use Windows 2000, not 95 or 98 as someone suggested.

Re:what kind of protection

[Gilmoure]

They put a password on a zip file.

Re:what kind of protection

Easy, the laptops have exploding batteries in them.

Re:what kind of protection

[flyingfsck]

No, much stronger than that. They use Double DES.

Re:what kind of protection

Somebody mod that up. As a former Census employee, they do encrypt all information after it's gathered, and there's an Entrust login required to access anything on the laptop.

Re:what kind of protection

Why should anyone's personal information be on a laptop in the first place? It doesn't matter how good the encryption is, with physical possession of the machine it's just a matter of time until it's cracked.

Re:what kind of protection

[whitehatlurker]

I would like to know what kind of protection is being used.

It's exploding batteries that protect the data by destroying the computer. You've never seen Mission: Impossible*?

(*TV show, not the Tom Cruise crap.)

heh. makes me think about ...

[Neuropol]

all those thinkpads i keep finding at the local used computer store and how nice of condition they're in!

Sheesh, I hope I haven't ever acquired one accidenatlly ...

Re:heh. makes me think about ...

[JRWR]

hrm, so thats where my p2 300mhz thinkpad came from i always did wonder why the goverment still uses win98, i found it in the trash, the hardrive was locked.

Re:heh. makes me think about ...

www.ebay.com

51396 items found for laptop

Would you like "Auctions" or "Fence it Now"?

Counting the wrong things.

[uvajed_ekil]

Maybe they should spend less time counting people and more time counting their computers. Or perhaps we should have a US Census Bureau's Computers Census Bureau. In any case, that sounds like an awful big loss of taxpayer computers, not to mention the data and the costs inherent in duplicating lost information.

Re:Counting the wrong things.

[cybrzndane]

They would lose the computers used to count the computers used to count the people.

Re:Counting the wrong things.

[BenEnglishAtHome]

You've actually hit very close to the truth. From TFA:

More than 30,000 laptops were used within the department's 15 operating units since 2001, the department said, and a total of 1,137 were stolen or missing.

I help with the computer inventory of a major agency. If at any time you took a snapshot of our inventory database, then sampled it, you'd find a distressingly large number of computers missing. Most of them aren't gone, they're just mislaid. They got taken off the network and put on a shelf in a storeroom under a box and no one could find them the last time the local inventory specialist was walking around with his bar code reader. In most cases when you read about a government operation with lots of lost computers you're actually reading about slop in the inventory database. That's not good, of course, but it's not the evidence of across-the-board incompetence that most people assume when government employees are involved.

Re:Counting the wrong things.

[swimin]

Great Idea! The solution to any problem is the creation of a government agency!

1337!

[ajboyle]

good thing they didn't lose their 1337 laptops!

It's only to be expected

[OakDragon]

I'll bet this is a direct result of their "Fill in our survey, get a FREE laptop!" promotion during the last census.

yes

[joe+155]

Given the scope of the operation, are these losses to be expected or is this an example of poor government security standards?

Yes, the standards are poor, but not as bad as it could be because at least it contains a protection on the data and it seems that no one has used it yet. But this isn't enough, because no matter what you have someone can break it. They should institute a policy of witholding some pay from empolyees as a form of fine whenever they lose a laptop. $1000 would be enough of an incentive to make sure that they stopped leaving them in coffee shops.

Re:yes

[Aladrin]

If they are that careless, no amount of fine would stop them from 'leaving it in a coffee shop'. I'm pretty sure it's legal to charge them like that, if told beforehand, but it doesn't sound very ethical. $1000 could cause someone to lose their car or house if it happens at the wrong time.

No, there are other ways to penalize them that are both legal and ethical. Reduced raise at next review, demotion, termination... A good stern talking-to.

Re:yes

[ePhil_One]

But this isn't enough, because no matter what you have someone can break it.

Which implies the goal of the computer theft is the data on it. Almost always, computer theft's target is the hardware, with the intent to resell. If its easiest for the criminal to activate the laptops "restore to factory condition", thats what he'll do rather than spend a day (or weeks or months) trying to access protected info. If the real goal was the data, you would swipe it from the coffee shop, clone the disk, the turn it in to lost and found ("Oops, I grabbed the wrong laptop!"). Then you can crack it w/o worries the worth of the data is being destroyed (re-issueing CC numbers, consumers aware their ID has been comprimised).

whenever they lose a laptop. $1000 would be enough of an incentive to make sure that they stopped leaving them in coffee shops.

It would ensure many wouldn't use their laptop, choosing to leave it locked to the desk instead. I imagine the majority of census workers are living paycheck to paycheck, and could not afford that risk.

Well, that's surprising

[ciaohound]

considering their job is to manually count every single person in the country, instead of using the lazy man's tool, inferential statistics. You'd think they'd be a little more detail-oriented....

Census Bureau Loses Hundreds of Laptops

[miowpurr]

I think it is a bit of both. Also, there is no hacker proof security setup that can GUARANTEE that noone will get into the missing laptops.

Re: Census Bureau Loses Hundreds of Laptops

[Intron]

According to FCW, security features included "Requiring a password" and "Storing census survey data in a complex format requiring specialized software to view".

So unless those hackers have access to obscure hacking devices like Knoppix disks and hex editors, the data is totally secure.

I feel safer already.

Census is leet

[imboboage0]

The U.S. Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau.

Am I the only one who read this as 1337 laptops?

Re:Census is leet

[Rob+T+Firefly]

Damn! Someone's stolen the federal stockpiles of spray-painted PowerBooks with P6 chips from the "Hackers" movie!

Re:Census is leet

No.

Re:Census is leet

[mark-t]

It was the first thing I noticed as well...

Re:Census is leet

[Foo2rama]

It turns out the the the Commerce Department was Leet untill they lost the 1,137...

Re:Census is leet

[bradkittenbrink]

Not by a long shot. Am I the only one who opened this and immediately hit '/1337' in hopes of finding this thread?

Re:Census is leet

[Bugs42]

Sadly enough, no, you're not. *Sigh* If only they'd lost 200 more, then we'd all be right.

Re:Census is leet

Nope, I did so as well...

Re:Census is leet

[lotrtrotk]

I also searched for 1337, but only because I hoped _NOT_ to find it, and I could be the first to post it.

but alas... I guess I'm not 1337 enough.

Re:Census is leet

[Trogre]

Quite probably not, but if one more laptop goes missing I bet they'll start looking in Mr Lucas' direction.

If a "suit" says so it must be true

[hodet]

From TFA:

"All of the equipment that was lost or stolen contained protections to prevent a breach of personal information," said Commerce Secretary Carlos M. Gutierrez. "The amount of missing computers is high, but fortunately, the vulnerability for data misuse is low."

Ya, OK, I know I feel better. My bet is that they all had some kind of encryption software installed on them that very little to none of the users actually use.

Re:If a "suit" says so it must be true

[smithbp]

Government security of hardware is a joke. I used to work for the Dept. of Treasury in Lanham, MD (the national office) and you could walk in with whatever you wanted and out with whatever you wanted as long as you were an employee. Contractors have to go through metal detectors and put their bags through an xray belt, but employees can walk out with whatever. There was never any encryption software that I saw except for email encryption, which was not the norm, only certain people had the ability to use it and it was only for executive correspondence. They want to track everything everyone does on their computer under the guise of protection from terrorism, but they can't protect their own information. Government is really starting to get close to the movies that no one ever thought would happen.

Re:If a "suit" says so it must be true

[hackstraw]

This kinda reminds me of the other many stories where rogue terrorists invaded the locked server rooms and stole their RAID arrays.

Oh, that was a dream, I never heard of that.

WTF are people thinking about having important data on a laptop? It may of been another dream, but I heard of laptop harddrives dying, being ran over by cars, falling off the top of cars, taxis, or whatever. Laptops are in no way shape or form a reliable place to store data. In my server room, I have RAID arrays that are backed up to tape. Why? We value our data. Laptops are for portability, and with that portability, you lose performance and data integrity. All of my important data I have on my laptop I transfer to at least another desktop disk if not a backed up RAID array.

VNC or other ways of remotely accessing data over and encrypted channel is the way to do this crap securely. Today, internet connections are everywhere. Maybe another mass theft will give these guys some clue. Maybe.

Re:If a "suit" says so it must be true

[hodet]

The only way they will get clue is if the situation becomes an embarassement. That's the way government works. Just the fact that a high ranking public servant had to explain will stir the pot somewhat. Right now they are in damage control mode. Now they will wait and see if the story subsides. If it does they will note that this method was successful for keeping things calm. If the shit really hits the fan then high level committees will be struck to discuss the issue and attack the problem. The problem will not be the breach of security but how to not look stupid in the future. They will do this by developing broad new policies for IT security that will take months to implement and will be for the most part unworkable. A big part of the plan will also deal with "risk management", which is a nice way of saying how to "not look stupid when the shit hits the fan next time". I have been a public servant for too long and maybe I am a little jaded but when you see this scenario over and over it becomes really easy to predict. The first rule of public service, don't look stupid and don't embarass anyone. Incompetence is fine just keep it quiet. I can guarantee that there will be some 'splainin to do because the big guy had to address this publicly.

Re:If a "suit" says so it must be true

[funwithBSD]

I can confirm that happened as hearing it from another SA. Not they were terrorists, but that someone got into a "secure" CIVILIAN datacenter and stole disks for the data.

They posed as "Repair" personnel from the vendor and swapped out half of a 0+1 raidset. They could easily retrieve the data. Note that they new which storage arrays to go after and where they were indicates some serious breach of security. Either an inside job or a hell of a casing.

I can say that the data was not something that should be in anybody's hands, it was of potential military value to a terrorist, of absolutely no commercial value, but it was not "secret" information either.

Re:If a "suit" says so it must be true

[Karma+Farmer]

I can confirm this happened, too. I read a guys blog, and he said that he heard it was done by Osama bin Ladin.

Re:If a "suit" says so it must be true

[DMoylan]

maybe they use rot13 twice for extra security! :-)

Security measures?

Let me guess... they put on Windows login passwords.
Since 2001? Hmm, at that time there were still lots of Win98 machines floating around even in business. You could assign a password, or just bypass the login with IIRC, pressing ESC.

The scary thing is that government moves so slowly when it comes to technology. It wouldn't surprise me that they're using some ancient encryption - decent for its age -- but completely inadequate with today's tools.

"Real" employees seldom lose their notebooks...

Temps, on the other hand, are a different story. Some of them feel entitled to keep the laptop as a lovely parting gift. Others feel the need to test the ability of the employer to retrieve the computer. When push comes to shove, it's not easy to retrieve a computer from a temp who lives in some remote part of the country -- without spending more than the computer is worth. If you have to send someone to visit in person -- game over.

No consequences means no responsibility.

[Kadin2048]

I think that a big part of the problem is that Federal employees can't really be punished, unless they're grossly negligent.

In terms of job security, it's just below being a pedophile priest; most of the time if you fuck up, you might get demoted or shuffled around ("I see there's a warehouse in Sioux Falls that needs a manager...") but probably not actually thrown out on your ass by Security.

IMO, this leads to all sort of laziness and a general lackadaisical attitude on the part of a great many USG employees -- not all of them, to be sure, but it seems like there are usually 4 bags of useless skin for every one person who's pulling the weight of 5 people. It's about the only place I've ever seen that could honestly look to gigantic multinational corporations for advice on how to be more efficient. Total sausage factory, in other words.

The laptop losses don't really surprise me, because I doubt these people get more than some sort of administrative demerit -- if that -- for losing one. I'm sure there's some sort of procedure that they go through, but I'm willing to bet that in the long run they just get a new machine issued and they go on, grinding their way towards retirement.

If you want to stop these losses, I have a plan: tell people that they get one laptop. If they lose it, they can try to do their job without one, and if they can't do it, then they can find a new job somewhere else. Like the private sector. Maybe McDonalds. Or if you can't tolerate being that extreme, just make any loss of a laptop come with an automatic demotion of one Government Service grade. There's nothing like the fear of demotion to strike fear into the hearts of bureaucrats.

Re:No consequences means no responsibility.

[garcia]

IMO, this leads to all sort of laziness and a general lackadaisical attitude on the part of a great many USG employees -- not all of them, to be sure, but it seems like there are usually 4 bags of useless skin for every one person who's pulling the weight of 5 people.

Sounds like just about every place I've worked. You have the office wanderer (the employee that is never in their office and you know you can find them in one of the offices of), the office chatterbox (the person that is always talking to someone on personal business), the office lazyass (the person who is in iTunes Store, surfing CNN, or printing some 100 page PDF on the schematics for their MAME arcade box instead of doing their jobs), and finally you have the office whiner (the person who doesn't do anything except complain to everyone (the chatterbox and wanderer especially) about how busy they are).

Then you have the people, like me, that do their jobs and go the fuck home w/o talking to anyone. We are considered the "anti-social assholes" because we get our work done, on time with praise, and make all the other douchebags look bad.

Yes, this is mostly a joke. Mod appropriately ;)

Re:No consequences means no responsibility.

> If you want to stop these losses, I have a plan: tell people that they get one laptop. If they lose it, they can try to do their job without one, and if they can't do it, then they can find a new job somewhere else.

Brilliant management plan. I trust you'll be the first to implement it by taking that level of responsibility for your own laptop if it's stolen? Good, we have you flying out of LAX tomorrow.

Re:No consequences means no responsibility.

[philwx]

Couldn't have said it better myself. Having been in the military, going to the Navy Exchange (this is the equivalent of Px, just a store on base), you would get in line to find a frowning checkout clerk, basically you've inconvenienced them by coming to their register. That's just the tip of it, most of the administrative services run by civilians for the military are much, much worse. I called one (forget the name of it) regarding a movement of personal belongings to another state and her attitude was as if I were some kind of annoying telemarketer (and not the reason her highschool dropout butt had a job). I can think of many examples, and there are probably many more I've forgotten. They are smart enough to perk up for officers though, I can say that for sure. One walks into the room and they're all professional. Looking back, it kind of disgusts me. I'm glad I got out when I did. But I digress, that's most government employees for ya. The bare minimum mantra.

Re:No consequences means no responsibility.

[boristdog]

I worked for the federal govt for 6 years. The parent post is very true.

You are encouraged to toe the line, come in on time, leave on time...and not much else. If you do a good job you are "rewarded" by being kept in that position, because they need someone who can do the work. If you screw up, the only way they can get rid of you is by promotion.

Still, the efforts of the 20-25% who know what they are doing keeps the government working. Most of them stay for the security and benefits. I still have friends there who are good workers, but too afraid to face the real world (i.e. Private Sector) and are cranking away to that retirement and pension. I'm only 42 and I could be three years from retirement right now if I hadn't quit 16 years ago. But it would be only at half pay, which would be less than 1/4 of what I make now.

So give thanks to the timid hard workers who actually make the government work. The rest of us will enjoy our risks and rewards.

Re:No consequences means no responsibility.

[CokeBear]

What about that category of people what complain about all the others on Slashdot when they should be doing work?

Re:No consequences means no responsibility.

[fragmentate]

I worked for the Department of Health Services. Obviously they have data that is ultra-sensitive since it involves classifications of all disorders (including HIV, AIDS, mental). When people "lost" laptops they weren't even given so much as a slap on the wrist. They had certain vaguely numbered forms to fill out (for insurance purposes), and then some requisitions for a new laptop to be ordered. What was obvious to me was ignored by them. These people hadn't lost anything at all. They simply got a free laptop out of the deal, and got an upgrade for work. After looking through the support system some people had lost, misplaced, or had stolen multiple laptops.

I don't work for the government now, I work in the private sector for a technology company. The difference here is that if you lose a laptop you don't get a new one "just like that." Every laptop has special tools that "phone home" if they're connected to the internet. If, and only if, after 6 months, they get no response from this laptop do you get a new laptop issued. The neat thing is these guys here have no idea that this "phone home" software is installed.

The consequences for this carelessness are pretty serious. If you lose a laptop, and it phones home from any of your login IPs, you'll find your desk cleared of all clutter, and your boxes out on the curb.

I believe my position at the Department of Health was a "make work" position -- i.e. it was established to satisfy some quota. I cared enough to resign because I don't want a fake job. I'm not happy just being there. I hear people say "man, that is the dream job. Get paid $50k/yr. to do absolutely nothing." I hear that all the time. I don't like that kind of job. It's boring, it's dull, and it leads to the very complacency that allows this lackey attitude about hardware.

I think the government is a magnet for people that want to do very little, and who don't really care about anyone else. To them, their job is an entitlement. It's like a cancer cluster. The people that cause this attitude are in denial and too busy justifying it all to care how much harm they're actually doing.

There is no end in sight; they just hired my brother in-law's wife -- she's never had a job longer than 3 weeks (literally). Yet, she's been working for the government for 6 weeks now. Go figure.

She'll have that laptop pawned in no time.

Re:No consequences means no responsibility.

[garcia]

What about those people that make assumptions about others' work weeks, hours, and breaks?! Crazy world we live in!

Re:No consequences means no responsibility.

[Mullen]

Then you have the people, like me, that do their jobs and go the fuck home w/o talking to anyone. We are considered the "anti-social assholes" because we get our work done, on time with praise, and make all the other douchebags look bad.

Actually, you are just the office Douchebag. Your co-workers don't care how much you work. You are quite, you are an asshole and you are not liked much.

Welcome to my world.

Re:No consequences means no responsibility.

[VAXcat]

You forgot the legions of sports people, who only come to work so they can talk to the other sports people about sports...all day long, day after day, every day...

Re:No consequences means no responsibility.

[sumdumass]

The government is sort of a funny thing. In one hand they will throw money around and waist it like it wasn't theirs in the first place. In the other hand they are so tight with the money you would think if you shoved coal in thier asses, diamonds would protrude the next day. Why is this important? Well, I'm willing to bet that quite a few of the lost laptops are 4 or more years old when they were lost.

Why does the age of the laptop matter? Because the story sets this up as the census bureau lost the majority of them. Now, in 2001 if you were issued a laptop that was three years old, you are likley to have a pentium pro or smaller processor (less then 250 nhz) with a video screen that you cannot deviate more then 15% from center and still see. Packing this bundle of pleasure around would most likly mean toting about 15lbs or more around when you consider attachments you needed because of the tech availible then. Now imagine carrying one of these around going door to door for 6 months and someone shows you thier 2002 model that weigths in at 3lbs with carrying case and all, Has started, compiled and burnt a music cd in the time it took for your 3 and 1/2 year old monster to boot.

Losing it was probably the only way to get an upgrade. If it was my employee doing this, they probably would be fired so i agree with you in that respect. OTOH, i have seen government computer equiptment that has been around longer then the department. I'm wondering if the lost laptops aren't more of a forced upgrade and the middle management is in on it too. In that situation, there wouln't be anyone willing to punish people.

Re:No consequences means no responsibility.

[Cecil]

Some days, I am the anti-social asshole.

Other days, I am most certainly the office lazyass.

So these aren't always fixed roles, but they sure are true on a day-to-day basis.

by the way, guess which I am today! *cough*

Re:No consequences means no responsibility.

The lazyass, anti-social office asshole???

Re:No consequences means no responsibility.

[Gilmoure]

Bingo! All I want to do is sit in my cube, take my calls, keep up with email and alerts and then go home. I don't want to escort the uncleared so they can sit on their ass 6 times a day and suck on a cig, I don't want to wander half-way across campus to hit the good snack machine or over priced grill and I sure as hell don't want some mouth breather hanging around my cube talking about millionaires playing with a ball. So yeah, I'm the unpleasant asshole that no one likes, who dresses weird (messy long hair, scraggly beard, Ornery Boy shirt (in a button down only shirt office)) and always beat everyone else's stats by 30%-50% every month. Feh.

Re:No consequences means no responsibility.

[geekoid]

My experience as a government employee is just the opposite.
I am very busy, and I have written code and implemented systems for people who care about the publics money and work hard.

I haven't seen anyone in my department not care and not do there job well.

Assuming your phoning home software story is true, I find it interesting that your company would take that kind of liability risk.

A woman keeping a job for 6 weeks is not an example of government ineffiency.

It could be that she wants to change and keep a job.

But people like you don't want to believe that, and you don't even bother to check your assumptions against budget reports, you just want an excuse to hate something.

Re:No consequences means no responsibility.

[BenEnglishAtHome]

I know I'm feeding a troll, but I can't help it. Good troll!

...Federal employees can't really be punished,...if you fuck up, you might get demoted or shuffled around ("I see there's a warehouse in Sioux Falls that needs a manager...") but probably not actually thrown out on your ass by Security...

Bullshit. There's less of people getting "thrown out on your ass by Security" in government service for lots of reasons, the main one being you can't get thrown out just because you pissed off your big boss and he has the right to throw people out. In private industry, if you have the audacity to show up at a meeting and say to everyone that your boss 5 levels up is an idiot and here's why, you'll likely get fired. In the public service arena, if you make the same statements, without being a jerk about it and while backing up your assertions with facts, then you haven't violated your contract and you stay employed. Yes, pissing off people isn't good for your government career, but it doesn't get you summarily fired. We have rules and as long as you obey them, you're safe, unlike the private sector where an asshole corporate officer can not only convince him/herself that he's God but can also wield the power to ruin people's lives without oversight.

OTOH, I've seen employees marched out in handcuffs on more than one occasion when they screwed up. I've seen desks sealed with evidence tape and left in the office where they served as an example and warning for anyone else contemplating misdeeds. I've seen a woman convicted of over 100 counts of failing to uphold confidentiality and get hauled off to jail for it. The lines you have to cross to get fired from Federal service are fairly bright and the consequences severe and swift. The most slack I've ever seen someone get cut was a long-time employee who was eligible to retire when he was caught downloading CP. He was allowed to retire and then arrested a few days later at his home.

The laptop losses don't really surprise me, because I doubt these people get more than some sort of administrative demerit -- if that -- for losing one. I'm sure there's some sort of procedure that they go through, but I'm willing to bet that in the long run they just get a new machine issued and they go on, grinding their way towards retirement.

I can't speak for other agencies, but where I work simply "losing" a laptop does get you fired. Over the last few years, I've seen many laptops lost but in every case there was a reason. We lost a hell of a lot of equipment when the New Orleans office got flooded last year. At the same time, when the flood waters rose a bunch of employees lost their laptops that were properly secured, as per procedure, in the trunks of their cars. We've had home and car break-ins. We've had muggings. But I don't remember any employee simply "losing" a laptop. In those few cases where an employee is deemed to have exercised insufficient care, the cost of the laptop is deducted from their paycheck.

Which isn't to say it doesn't happen. We've had a number of laptops get "lost," inexcuseably, when we loaned laptops to volunteers who prepare tax returns for the needy. But those weren't lost by employees and the volunteers who fail to turn them back in eventually get visited by very intimidating people with badges and guns who work for our Inspector General. I would imagine that something of the same dynamic happened at Census - short-term employees who are just one step above volunteers and are not dedicated to a life of public service may very well fail to take proper care of their equipment. It's inexcuseable and career employees generally don't screw up like that. (Generally. There are always exceptions.)

Re:No consequences means no responsibility.

[geekoid]

I see the process of people getting removed from a government postition.
Personally, I got very tired of the private sector. People being removed for political reason, whole departments getting slashed so the numbers looked good to prospective buyers, people being let go because they make more then X dollars, being lied to, benefits vanishing, working 70 hours weeks and finding out that everyone must get an 'average' on their revue regardless of the work done, do 80% of the work, but not getting promoted because I don't go to the same church as the boss, etc...

Yeah, I make 20% less but when you consider benefits, regular work, and the person achievement I feel when I implement something that saves taxpayer money 20% is nothing.

Re:No consequences means no responsibility.

[gstoddart]

The difference here is that if you lose a laptop you don't get a new one "just like that." Every laptop has special tools that "phone home" if they're connected to the internet. If, and only if, after 6 months, they get no response from this laptop do you get a new laptop issued.

Just out of curiousity, what do your employees do for 6 months without a laptop? Do they get a note from their manager saying their work was all late because the dog ate their laptop?

What if they get a hit from it, but they can't track it down, and it doesn't look like it's still in your posession?

I'm all for not handing out laptops like candy, but I should think if someone needed a laptop enough to get one, and it goes away, that they might still need one.

Cheers

Re:No consequences means no responsibility.

[fragmentate]

They learn to do their work on their desktop machines. It's not really that complicated.

They (or their direct manager) had to make a case for needing the laptop. It is explained to them that they are wholly responsible for that laptop. The fact of the matter is we're strict on the issuance of laptops because we know the truth about laptop use. Out of 122 laptops issued only 16 of those have EVER been utilized out of the office. The loss of laptops here in 2 years? Five. But only three of those count. The other 2 were lost to employees that resigned, or were fired while the laptop was not in reach (disgruntled employees).

Once it's made clear that they may be financially liable for their laptop, they take special care of them. None of those three had to pay anything because they had clearly been stolen.

The numbers show that people may think they *need* a laptop, but actually don't. (specific to this company)

Re:No consequences means no responsibility.

[gstoddart]

They learn to do their work on their desktop machines. It's not really that complicated.

They (or their direct manager) had to make a case for needing the laptop.

Ah, I see the difference. At my company, everyone gets a laptop by default. You have to try harder to get a desktop unless you're a developer or something.

In our company, your laptop is frequently your only machine. So if you were to lose it, you wouldn't have anything to work on. I guess if laptops are the exception rather than the rule, it would make sense to be a little more strict about them.

Cheers

Re:No consequences means no responsibility.

[ostertag]

The two biggest reasons I see for irresponsibility and/or laziness among government employees where I work:

1) too much bureaucracy

For example, the Navy Supply Information Systems Activity has 4 levels of bureaucracy to which it's accountable: the Naval Supply Systems Command, the Department of the Navy, the Department of Defense, and lastly the federal government. The Navy Supply Information Systems Activity is therefore affected not just by its own organization, but also by the even more massive organizations above it. Many managers seem to spend a lot of time ensuring they comply with these other levels of bureaucracy.

2) no one ever seems to be disciplined or fired

I cannot state factually why this happens, but my opinion is that it seems like it takes too long to fire someone. Indeed, the numerous levels of bureaucracy create a complex process for firing someone as well as numerous avenues for employees to fight it. In my mind, if I supervised an employee that I thought should be fired, I wouldn't want to try to fire him/her only to have him/her continue working for me while I'm trying to fire him/her. It's likely the employee would be upset about this possibility, and it's also likely he/she would be miserable to work with from the day when he/she found out until the day he/she was fired.

Re:No consequences means no responsibility.

[fragmentate]

My experience as a government employee is just the opposite. I am very busy, and I have written code and implemented systems for people who care about the publics money and work hard.

I also worked very hard, as did many of the people on my team. But I realized early on that the work I was doing was "make work." I'm a software engineer that was sorting text files, and removing "outdated" comments from SQR (SQRibe) files. I was clearly not doing "engineer" level work. I resigned because it wasn't rewarding, and I was getting way too much for what I was doing. I wanted to advance my career. I moved on.

Assuming your phoning home software story is true, I find it interesting that your company would take that kind of liability risk.

Safe assumption. There is no liability risk at all. The machine is the property of the company, not the user. Think "Lo-jack"...

A woman keeping a job for 6 weeks is not an example of government ineffiency. It could be that she wants to change and keep a job. But people like you don't want to believe that, and you don't even bother to check your assumptions against budget reports, you just want an excuse to hate something.

I didn't give you enough background on this woman for you to draw any conclusions, especially not the one you've drawn. But, for the sake of clarity, I'll elaborate.

She's 32 years old, she has 3 kids, each has a different father. She has never, ever, had a job for more than 3 weeks. Most jobs, she's not even held for 3 days. No, this is not an exaggeration. She landed many jobs she never even showed up for. She milks the system (do I have to describe what this means to you too?).

Her current job, working for the Arizona Department of Transportation is a job born of nepotism. She gets payed $39,900 a year to [literally] put stamps on envelopes. When she's done, she just gets to sit around (her words, trying to convince my wife she should apply there too). This girl is lazy, and always has been. And she knows ten more just like herself. (birds of a feather?)

Her keeping the job for six weeks is a perfect example of government inefficiency. She's a deadbeat, and she finally found a place where she fits in. Hell, she's already missed 6 days of work... So she's only actually worked 5 weeks. I know, for a fact, that her relative is a hard working individual. Sadly, when this girl ends up quitting, or getting fired, it'll reflect poorly on that relative...

I don't need an excuse to hate anything... of that, you can be sure.

Re:No consequences means no responsibility.

[SnarfQuest]

If you want to stop these losses, I have a plan: tell people that they get one laptop. If they lose it, they can try to do their job without one, and if they can't do it, then they can find a new job somewhere else. Like the private sector. Maybe McDonalds. Or if you can't tolerate being that extreme, just make any loss of a laptop come with an automatic demotion of one Government Service grade. There's nothing like the fear of demotion to strike fear into the hearts of bureaucrats.

Better plan: Laptop is checked out to them, if they lose it, they bought it (at a premium price, including all the software). Automatically deducted from their salary. You'd see a lot less "lost" laptops. Also would wourk better if they used a non-windows CPU (ARM, MIPS, PowerPC, etc.).

Re:No consequences means no responsibility.

[Razed+By+TV]

... and finally you have the office whiner (the person who doesn't do anything except complain to [Slashdot] ... about how busy they are).

Sounds like we've got ourselves a whiner!

Re:No consequences means no responsibility.

[BenEnglishAtHome]

2) no one ever seems to be disciplined or fired

I cannot state factually why this happens, but my opinion is that it seems like it takes too long to fire someone. Indeed, the numerous levels of bureaucracy create a complex process for firing someone as well as numerous avenues for employees to fight it.

Excellent, excellent point.

Feds get fired two ways. One is to screw up royally and get escorted off the property.

The other, however, is for performance problems. It most certainly is harder to fire someone from federal service than in the private sector because of those civil service protections. The alternatives, however, are worse.

The "spoils" system, where all the government jobs go exclusively to cronies, causes massive problems. There have been many city governments in the past where if Party A is in power, no one from Party B gets a city job. When Party A goes in, the first thing they do is fire everyone who's a member of Party B and hire all their friends. The disruption in services is severe.

The same thing is possible at all levels of government. Imagine the incredible disruption of vital services that would happen if federal employees could be easily fired. Bush goes into office and right away every registered Democrat is out of a job. It would be chaos.

Theoretically, all firings should only be done if objective criteria are met. Meeting those criteria removes the ability of spiteful or politically motivated managers to unjustly remove people. This is good. This also prevents anyone from being fired quickly. I think that's a reasonable price to pay. This is government, after all. The steady and reliable flow of services is far more important than efficiency.

In my mind, if I supervised an employee that I thought should be fired, I wouldn't want to try to fire him/her only to have him/her continue working for me while I'm trying to fire him/her. It's likely the employee would be upset about this possibility, and it's also likely he/she would be miserable to work with from the day when he/she found out until the day he/she was fired.

That's a big problem. It's a very uncomfortable situation when an employee is placed on a 90-day performance plan (pretty much the standard first step towards a firing). However, it also means that the firing, if it is truly justified, will stick. Under a 90-day plan, the manager is required to explicity say "This is where you're screwing up and you have to fix this or I'll fire you." That means the employee knows exactly and unambiguously what he must do to improve his performance enough to stay employed. It's uncomfortable but it's also objective.

Under this system, it's not possible (or, at minimum, it's so much work to fake up the documentation that no boss is going to go to that much trouble unless they're a real psycho) for a manager to fire someone based on silly personal biases like "You're not a good fit" or "I just think you're not working out around here." I think that's a plus and worth the discomfort and inefficiency.

A side note: During their first year of employment, workers are "probationary" and may be fired with two weeks notice without articulated cause. That tends to weed out the real losers right up front.

Re:No consequences means no responsibility.

[InfiniteWisdom]

Laptops cost $750 or so. People cost about $75,000 per year. I'd consider it more important to keep people productive and happy than protect the precious laptops. But that's just me.

Re:No consequences means no responsibility.

[fragmentate]

Each person gets a desktop machine valued at $1250 (or so). A case has to be made for an additional $1200 (or so) to be spent on a laptop. If 106 out of 122 are leaving the laptop at work right next to their desktop machine 99.9% of the time, they clearly did not need a laptop.

Re:No consequences means no responsibility.

[AmberBlackCat]

There was an accountant at one of my former jobs who was all four.

Re:No consequences means no responsibility.

If you were really getting praise and making others look bad you wouldn't be "the anti-social asshole". Odds are good that you're the guy who does things his own way because "it's obviously much superior, if only everyone else wasn't too stupid to recognize that."

Most of us are a combination of the above. You're the "anti-social asshole" because you don't have the social skills to fit in with anyone else so you simply assign them categories of contempt and plug away obliviously.

Re:No consequences means no responsibility.

[anildip]

Just want to add a little on what was said earlier...well maybe those who lose their laptop will have a pay cut for that particular month based on the laptop market value. Also for those that manage to save their laptop from being stolen they get some kind of reward at the end of the day.

1137out of a total of how many?

[winkydink]

5% shrinkage per year is considered doing a good job when it comes to managing laptop losses.

Re:1137out of a total of how many?

[EMeta]

That's what I was thinking. Census bureau employs a lot of people. But more than that, how much is a 2001 laptop worth anymore? I don't think loosing that is any big deal.

Re:1137out of a total of how many?

[pointbeing]

5% shrinkage per year is considered doing a good job when it comes to managing laptop losses.

Considered a good job by whom? I work for an agency under Department of Defense, supporting about 3,000 users. We've lost three laptops in the last five years, two of them by the same contract employee. That employee no longer works here.

I can't speak for Commerce but DoD requires FIPS 140-2 encryption of data at rest on mobile devices. We redirect mobile user's My Documents folder to a network share, turn on data synchronization and encrypt both the local and remote directories. All users are briefed on the requirement to store data in that encrypted location.

There are real issues with encrypting an entire drive and how the hell you recover the data if the user dies/quits/forgets his password. At least the way we do it selected domain admins can decrypt the data on the network share if required.

But - IM frequently less than HO losing almost 4% of an agency's mobile computing resources is completely unacceptable. Somebody needs to get spanked over this one.

Re:1137out of a total of how many?

[Karma+Farmer]

It's only 1,137 out of 30,000, over a period of five years. That's an 0.75% loss rate, or less than one in a hundred per year.

Moreover, it sounds like only a third had personal information on them. For all we know, two-thirds of these laptops may be 15 years old 286's, and sitting in a warehouse next to the Ark of the Covenant.

Re:1137out of a total of how many?

[patrixmyth]

Do your 3000 users leave the office every day and travel to unfamiliar neighborhoods where they fan out to canvas every house? Do they do this after 3 weeks training for a temporary job lasting 3-9 months? If you lost 3 laptops with classified data from a secured DoD facility, then YOU have the unacceptable loss percentage, and should avoid tossing stones at an agency with an entirely different and uniquely challenging set of circumstances, hey or not! Live and let bitch, as I always say.

Philosophical Joke of the Day: I used to feel sorry for myself because I had no shoes, then I met a man with no feet, and took his shoes.

Re:1137out of a total of how many?

[pointbeing]

Nobody said the three lost laptops contained classified data and nobody said they were in a secured facility - classified laptops don't leave the security vault where they're stored. *All* the users issued laptops work at least one day a week from home - they transport their laptops all the time. The users fly on airplanes and stay in hotel rooms.

Uniquely challenging set of circumstances? How much training to you have to have to learn to not leave a laptop unsecured?

Re:1137out of a total of how many?

[patrixmyth]

So what you are saying is that I've criticized you without having a full grasp of the conditions that you do your job? Right, sorry about that. :)

Re:1137out of a total of how many?

[Shimmer]

Classified laptops don't leave the security vault where they're stored

Come again? What's the point of a laptop that's tied to a specific location? Buying a laptop when a desktop machine would suffice is a complete waste of money.

Re:1137out of a total of how many?

[pointbeing]

Come again? What's the point of a laptop that's tied to a specific location? Buying a laptop when a desktop machine would suffice is a complete waste of money.

It has to do with physical security - you can store a laptop in a high-security safe when you're not using it. It costs more than a desktop PC but less than hardening the building ;-)

Re:1137out of a total of how many?

[pointbeing]

So what you are saying is that I've criticized you without having a full grasp of the conditions that you do your job? Right, sorry about that. :)

Touché ;-)

That's still a lot of missing laptops, though.

Re:1137out of a total of how many?

[noidentity]

5% shrinkage a year? It's a good thing they're having to replace them, otherwise they'd be tiny little things after just a few years!

Re:1137out of a total of how many?

[jumpingfred]

It has to do with physical security - you can store a laptop in a high-security safe when you're not using it. It costs more than a desktop PC but less than hardening the building ;-)

In the olden days (early 1990s) people had to remove the hard drive and place it in the safe when they left the office. We did not have the convience of putting the whole thing in the safe.

Re:1137out of a total of how many?

[shadow_slicer]

Yes but your users aren't taking the laptops out into the slum infested inner cities and leaving them inside locked vehicles while they attempt to locate people to ask questions. If the users are just taking their laptops to and from work, and maybe to their children's soccer game, then your loss rate is expected. For the Census conditions are vastly less secure, so their loss rate may be reasonable.

Re:1137out of a total of how many?

[pointbeing]

In the olden days (early 1990s) people had to remove the hard drive and place it in the safe when they left the office. We did not have the convience of putting the whole thing in the safe.

Been there, did that. Laptops are a whole bunch easier - shut it down, sign it in, lock it up.

I'm old enough to remember classified typewriter ribbons ;-)

Re:1137out of a total of how many?

[Shimmer]

Maybe I misunderstood you. You said the laptops NEVER leave the vault, even when they're in use. I guess you meant to say that they only leave the vault when someone is using them?

Re:1137out of a total of how many?

[pointbeing]

Classified laptops never leave the high-security vault. They're stored in a safe in that vault when they're not in use. Unclassified laptops can go anywhere.

Only 200 laptops short of being 1337...

Bada bing.

Laptops for sale!

[le0p]

Is this a bad time?

Laptops will be lost or stolen

[jumpingfred]

Laptops will be lost or stolen there is not much you can do about it. If the security depends on these not being lost or stolen the policies need to be changed.

Hrmf

[JRWR]

You know i think they do this so they can buy more laptops from IBM, also theres the fact that the goverment is better then that if they wanted to be, like software if EVER connect online would report the laptop to the FBI, where they can trace it down to your house!

Re:Hrmf

[geekoid]

the only way to do that is to enable it on the board on all laptops.
Do you want a laptop that broadcasts to the FBI everytime you log in?

And if they ordered special laptops just for that purpose, they would cost 4 times as much and everyone would scream.

Re:Hrmf

[JRWR]

wow a 2$ chip could do this, shoot it should be programmed into the bios

Re:Hrmf

[geekoid]

I know the technology exist to do it, but the retooling cost to make a small order of laptops would make each laptop cost very high.

If they put it into every laptop manufactured, then there are other concerns.

Also, the chip they would want to use costs $5.78 if bought in bulks of 1000.

But the chip is the cheap part.

Are they sure?

[mrroot]

"According to CNN, The U.S. Commerce Department has lost 1,137 laptop computers since 2001"

Are they sure? Maybe they miscounted...

bada-bing!

OK, sorry about that.

meh

[snark23]

How many laptops lost per household is that?

~

Seriously, though, I wonder what kind of security they had?
Was it designed by someone competent using well-known strong encryption, or was it designed by the same clowns who brought us DVD-CSS and Diebold?

I seem to recall that the DoD software for (classified) security clearance applications still uses 56-bit AES1 --- e.g., someone with significant (but not unobtainable) resources could crack the encryption. And if that's what the Department of Defense considers secure, it's not likely the Census bureau is doing any better...

Re:meh

There is no such thing as 56-bit AES1.

AES uses 128, 192, and 256-bit keys.

DES uses 56-bit keys and has been withdrawn as a federal standard.

One more reason to not fill out my cenus...

Really is my race anyone's biz?

Re:Hmm... Federal Government...

1137 laptops lost in 5 years. That's 227 per year.
12 months in a year. That's 18 laptops a month.
Considering that there are ~20 working days in a month, that's nearly one laptop lost
per working day for the last 5 years.

Fraud, waste and abuse.

Running some quick numbers....

[Malfourmed]

From the article:

More than 30,000 laptops were used within the department's 15 operating units since 2001, the department said, and a total of 1,137 were stolen or missing.

Let's assume that at any given time there were about 20,000 laptops in use at the Commerce Dept in the five years since 2001. (30K laptops were used in that period, but some would have been swapped out during that time.)

1,137 missing over this period is a bit over 200 per year, or about 1% attrition per year.

Given the scope of the operation, are these losses to be expected?

I'd say yes. We're talking mobile pieces of equipment, easily hidden in a suitcase or even in coat these days.

The level of data compromise, as opposed to physical asset loss, is another matter, but then the article doesn't quantify that.

Re:Running some quick numbers....

[TilJ]

Exactly. This discussion should be about any compromised data, not lost physical assets with a retail value quickly approaching the "disposable asset" level.

The fact that they even know the laptops are missing shows that they have better asset inventory control and reporting than many organizations I've worked with. If they also inventory sensitive data and can tell you if any (and what type) was on the laptop, they're another step up. At that point, it's fairly simple to ensure that the ensure is strongly encrypted and the whole incident becomes one of reporting a loss of a few dundred dollars worth of plastic and silicon.

Re:Running some quick numbers....

[RWarrior(fobw)]

The other issue to recall is that Census hires hundreds or thousands of contractors nationwide to actually carry out Census Bureau surveys (which are often conducted on behalf of, and paid for by, other government agencies). I once did a housing survey for Census that was actually being used by HUD. The reason for this is that Census has the skill and experience in doing large-scale surveys that other agencies don't have; it is a more effective use of resources to let the experts do their thing than reinvent the wheel. For once, a government practice that makes some sense.

While generally these contractors are hard-working, honest Americans (citizenship is frequently a requirement), stuff happens. One of the laptops in the quoted statistic was mine; it was stolen out of my locked car parked around a corner from my respondent, while I stood at somebody's door asking about how many bedrooms they have. This isn't anybody's fault (except the thief), it is simply one of those things that happens.

A certain amount of loss or damage to any office asset is to be expected over a period of five or six years, and this is especially true of any asset that is fragile, mobile, has a high perceived value, and can generally be mistreated through being dropped, thrown around, spilled on, etc.

The fact that even seemingly large numbers of units disappear over a period of several years doesn't mean anything by itself, especially if the parent is right in its figures. A 1% loss is well within the limits of what should be acceptable. As a percentage, we lose at least that many paperclips out of any given box.

Obvious answer

[Phroggy]

Given the scope of the operation, are these losses to be expected or is this an example of poor government security standards?

How many laptops does the Department of Commerce have, total? What percentage of these were lost or stolen over the past five years? What percentage of laptops owned by other government agencies were lost or stolen during the same time period? What percentage of laptops owned by a private company (say, for example, WalMart) were lost or stolen during the same time period? If 1,137 out of however many the DoC has is unusually high, then this is a problem.

Perspective

[LaughingCoder]

I know the lost information is the real story, but as far as taxpayer's dollars being wasted/lost - 1100 ThinkPads is about $2M dollars. The federal government's "burn rate" is about $4.2M per minute (based on a 2.25 trillion annual budget, which was the 2005 outlays), so this constitutes less than 30 seconds of spending.

EFS and FileVault: Why aren't they the default?

[dpbsmith]

I was going to stay

1) Use a MacBookPro

2) Turn on FileVault

3) Problem solved.

But it appears as if there's an equally effective solution in Windows:

kb 307877 simply Click Start, point to All Programs, point to Accessories, and then click Windows Explorer, locate the file that you want, right-click the file, and then click Properties, on the General tab, click Advanced, Under Compress or Encrypt attributes, select the Encrypt contents to secure data check box, and then click OK If the file is located in an unencrypted folder, you receive an Encryption Warning dialog box. Use one of the following steps: If you want to encrypt only the file, click Encrypt the file only, and then click OK. If you want to encrypt the file and the folder in which it is located, click Encrypt the file and the parent folder, and then click OK.

(yesyesyes, if you detailed the procedure for enabling FileVault it would be nearly as long).

But, I'm 100% serious about this, why don't both Microsoft and Windows enable file encryption by default?

(Full disclosure. Do I use FileVault? No. Why not? Well, to tell the truth, I'm worried about bugs and glitches. There is safety in numbers. If Macs had FileVault enabled by default, then any bugs in it would cause problems for millions of users, and Apple would find out and fix them quickly. As it is, I suspect about 0.01% of all Mac users use it, and I've felt for a long time that one of the keys to avoiding OS trouble is to stay in the mainstream and avoid using anything that lots of people aren't using--unless I have a good reason).

Re:EFS and FileVault: Why aren't they the default?

[dupont54]

Why they don't enable it by default?
I guess that's because the encryption must use the login password as the key... And as stupi^H^H^H normal people routinely loose their password, they would also lose all their data when in need of a password reset.

Re:EFS and FileVault: Why aren't they the default?

[Sancho]

Performance is probably a big reason that it isn't enabled by default. It might not be a huge deal on workstations or desktops where there is no gaming, but for gaming machines, you want faster load times, and on laptops with slower hard drives, the effect of EFS is going to be noticeable.

I used file encryption for awhile, but the speed issues really turned me off of it. It also reduced my notebook's 'unplugged time' by quite a bit. I'd guess that these issues are a really good reason to turn this off by default, and that's not even bringing up conspiracy theories with the NSA/FBI or compatibility issues with non-US deployments (is EFS available outside the US, given that silly munitions export thing?)

Re:EFS and FileVault: Why aren't they the default?

[tehcyder]

1) Use a MacBookPro

2) Double the National Debt.

>>Runs and hides.

Re:1137 out of "over 30,000"

RTFA. It says 1137 is out of "over 30,000". That's no more than 3.79%

Drudge.

I've noticed, lately, that /. has become a clearing house for Drudge articles and headlines . . . folks, if it's been on Drudge for over a day, it's baked. Don't submit it.

No big deal

[T5]

I know this sounds bad, potentially losing census data and all, but as a recipient of several of the computers used in the 2000 census (essentially hand-me-downs when they were done with the census to other Department of Commerce offices), there wasn't any personally identifiable information on the machines when we got. No laptops were in our transfer, but the desktops and servers were clean. We were asked to make sure that the hard drives had been wiped. All of the ones that came to us were.

I'm willing to bet that the number of "lost" machines is really much lower than the report stated. I just looked at our inventory and changes we submitted over the last couple of years (dead machines especially that need to be removed from inventory) haven't been made in the master lists yet. I'd chalk this up to carelessness with the inventory database more than carelessness about actual machine loss. After all, we're talking about 5-7 year old laptops. Who's really using those old boxes anyway?

Expected?

[mikesd81]

Something like this should never be expected. That's the exact opposite. We should expect that our information be kept private and locked up somwhere.....of course this is the gov't and they have their own rules...

Re:Expected?

[geekoid]

Yes, because this never happens in the private sector.

similar to governement credit card problem

[peter303]

For a while governement employees were making all kinds of dubious charge to their work credit cards. Expecially in the Katrina cleanup when limits were loosened.

My company directly reimburses the credit company, but only for "approved" expenses. Sometimes things are not approved and the employee must pay it then.

Re:similar to governement credit card problem

[silentounce]

Yeah, like the Staff Sergeant I heard about when I was in the Marine Corps. Breast implants should not go on a government charge card. I have no idea why she thought she wouldn't get caught. Suffice it to say, she wasn't a SSgt or in the Corps much longer.

Re:similar to governement credit card problem

[Weedhopper]

That SSGT was a moron. If she'd just been patient and put herself on the wait list, she could have had military surgeons do breast augmentation for free.

Heh.

[keyne9]

Government needs to spend less time worrying about it's citizens and more time making sure its employees do their fucking jobs.

That's a lot

[Kohath]

1100 laptops is a large number

I don't think the census bureau can really be expected to handle that many of anything.

Re:That's a lot

Apparently you can't be expected to handle reading.

Hint: The Census Bureau didn't lose 1100 laptops.

Re:That's a lot

The headline says it did

Extra protection

[ubrgeek]

"All of the equipment that was lost or stolen contained protections to prevent a breach of personal information." - Each was given a Dell or Sony battery ...

No consequences means no outsourcing.

"The rest of us will enjoy our risks and rewards."

Yes. Let's ALL keep that in mind next time the subject of outsourcing comes up on slashdot.

Laptops

[finkployd]

What does anyone, EVER put important (especially sentitive) data on a laptop? Do you have a locked and secure server room? Perhaps it should go there....

Sheesh.

Finkployd

Re:Laptops

[Phroggy]

Perhaps because employees need to actually USE sensitive data when they're away from the office (which is why they had a laptop in the first place). Have you ever tried working with large documents that are saved only on a file server that you're connected to through a VPN from a public wifi connection? And forget about getting anything done on an airplane, or anywhere else where broadband Internet isn't readily available.

So at that point, why have a laptop at all, if you can't really use it to get work done?

No

[geekoid]

Based on those numbers the standards are good. 5% loss of laptops is considered good in the industry.

"They should institute a policy of witholding some pay from empolyees as a form of fine whenever they lose a laptop. $1000 would be enough of an incentive to make sure that they stopped leaving them in coffee shops."

First of all, you seem to think they were lost in this manner as a matter of course.
What about robbery?

Second, you can not put a fine on something and have people suddenly not be careless. It happens. If it is a pattern of behaviour for a person, then you take steps.

I take a laptop home when I am on call, but if they instituted a policy that I had to pay to replace it if it was stolen, than I wouldn't take it home, and let someone else be on call.

Re:No

[modecx]

How about this:

You don't get your pay reduced or otherwise fined ***IF*** you can provide a theft report from the local police? I mean, that seems like a prudent thing, someone elses' expensive technology is in your hands. And if the employee is responsible for the theft, they're liable to be charged for false reporting on top of theft. In other words, not fun.

That should be enough of a deterrent to the casual office thief, erm, that is, the hapless and careless person who "loses" multi-thousand dollar devices entrusted to them by someone else, and people who really have had that property taken from them by a third party don't get screwed in the end.

Hmm federal employees with sticky fingers?

[FullMetalJester]

That seems a little rediculous, I mean who the hell loses 1200 laptops in 5 years? Time to start handing out pink slips and jail time.

Probably a commerce records problem

[Spazmania]

I used to work at the Census Bureau. I didn't see anything like this in the IT groups -- they were pretty sharp. More likely this is a recordkeeping problem at Commerce where obsolete laptops were returned, properly disposed of and recorded correctly at the Census bureau but the knowledge didn't make it in to DOC records. It wouldn't be the first time.

Of course, this is a mildly uninformed opinion. I haven't worked at Census for a while and I had nothing to do with laptops when I did. I'm just saying there's something fishy with the notion that Census lost a thousand laptops. I don't buy it.

Besides, excluding the decennial survey-takers (temporary employees during the decennial census) there aren't than many people at the census bureau with government-issued laptops. Everyone would have had to disappear one laptop and some folks would have had to disappear two.

Re:Probably a commerce records problem

I don't buy it.

neither do the owners of the "lost" laptops.

THAT'S. THE. PROBLEM.

Mmm conspiracies

[MikeRT]

TIA was "abolished"

TIA's biggest hurdle was a lack of data due to public outcry

Anyone think that these "losses" might be a cover for covertly putting untold millions of records into the hands of the groups working on these spying projects?

Re:Mmm conspiracies

Yeah, cause there's just no way to get the data from these PCs into TIA's hands without permanently giving them the laptops.

You really need to loosen the tinfoil hat a notch or two...

Hello, identity theft!

[Lurker187]

I'm more concerned about the "nearly 250 from the Census Bureau containing such personal information as names, incomes and Social Security numbers". I heard a sound bite about it from the Commerce Dept. statement this morning, they said not to worry, the data is, and I quote, "password protected".

Yeah, that's real comforting.

A Laptop for every child...

How about a laptop for every lazy ass Federal Employee? What a goal. And I still wonder why I pay $4000 per month in taxes to the Gov.
Time to go on strike! No more taxes until every laptop is found! Asswipes.

Government loses

[Anon-Admin]

The government loses computers all the time.
VA Contractor Loses Computer Containing Personal Data
August 7, 2006
A government contractor hired by the Veterans Administration (VA) to help process insurance claims announced that a desktop computer containing information on as many as 38,000 veterans had disappeared from its home office.

Energy Department lost computer equipment
At least 18 pieces of "computer processing equipment," including at least one laptop, are missing from the Energy Department's Office of Intelligence (IN), and department officials do not know whether any of it was used for or contained classified information, according to a new report from DOE's inspector general

Government Hit by Rash of Data Breaches
WASHINGTON (AP) - The government agency charged with fighting identity theft said Thursday it had lost two government laptops containing sensitive personal data, the latest in a series of breaches encompassing millions of people.

So why the House Panel Approves Electronic Surveillance Bill The government can not even keep track of their own computers. Let them monitor, then some one will lose the computer it is on.

Maybe, with the all the problems the government is having keeping track of their computers, we should ban the government from using computers. It seems to be helping the terrorists.

Needs some acounting and analysis

[Random+BedHead+Ed]

We should probably find an appropriate federal government agency and assign them to keep a regular count of how many Census Bureau laptops have been lost using some sort of mandatory survey, plus provide periodic analysis of the demographics of the laptop users and ...

Oh wait. Never mind.

nefarious hackers publish data from laptops!

Those nefarious hackers who stole the Census Bureau laptops have apparently cracked the encryption and already published all the personal, private data online! Here is the link.

hundreds?

[j00r0m4nc3r]

Would they still have said "hundreds" if the number was like 1,000,000?

"losses to be expected

[l3v1]

Given the scope of the operation, are these losses to be expected or is this an example of poor government security standards?

I sure hope you're only kidding and this is onyl a rhetorical question. Losses to be expected ? Is this a war ? One should really "expect" his data to be stolen ? One should easily just "forgive" state/government security policy weaknesses ? And we should just believe their word when they say all of those laptops contained data protection measures ? Oh come on.

Are they sure

[endrue]

... that is the exact number of missing laptops?

- Andrew

Not so Heh.

Yeah... it's only (approx) $2 million of tax payer money... nothing to get worked up about. Just as long as no important data was stolen... losing tax payer's money is no big deal... it's the data that really counts.

Whatever...

Re:Not so Heh.

[sumdumass]

Yea, 2 million dollars. I say we launch an investigation, Those usualy cost three times that mutch.

By the time we get everyone worked up over it, maybe we will have spent over 10 million dollars or so. If we are lucky, congress will stop all thier lawmaking duties and hold hearings on why we lost what amounts to a fraction of a percent of the yearly budget over a period of 5 or more years.

BTW, the reason people aren't saying 2 million dollars is a large sun of money is because it equals less the one cent of each tax payer's yearly burden over the same time frame that they were lost in. Now if it gave away enouhg information to have your identity stolen and cost you 500 or 5000 dollars, then it would matter more. Losing 2 million in laptops is bad but it could be a lot worse.

Hmmm

[Yvanhoe]

All of the equipment that was lost or stolen contained protections to prevent a breach of personal information.

Like what ? a BIOS password ? A prosecution warning ? or was it really something serious like encryption that can't be broken in a few days ?

At least they're doing their job

[Flwyd]

Most other departments would have reported the loss of "over 1,000" laptops. At least we can count on the USCB to know just how many grew legs.

But what was their average age? And how many laptops filled out the Race and Ethnicity section? Are the Toshibas worried about racial profiling?

Obvious question, obvious answer

[Osiris+Ani]

Given the scope of the operation, are these losses to be expected or is this an example of poor government security standards?

Yes.

There's really nothing about any of this that denotes a requirement for these two conditions to be mutually exclusive. In fact, both statements clearly can be — and actually are — quite true, and it's probable that a causal relationship exists between the latter and the former. Most US government agencies are not known for being paragons of efficiency; the larger they become, the worse they're managed. The worse they're managed, the more their standards and parctices become lax, which is unfortunate, because data asset management and retention is tricky enough for even a well-run mid-sized organization.

Re:Obvious question, obvious answer

[geekoid]

most Government agency are more efficient then the private sector.
Look at the financial records for you local government and see how close they where to there budget.
Then compare that to the private industry.

I am a recent government employees, and after 20+ years in the private sector, I am amazed at how well the government works by comparison.

Yes, there are problems, but they are not nearly as bad as people want to think.

Re:Obvious question, obvious answer

[Osiris+Ani]

most Government agency are more efficient then the private sector.

Having worked with various municipal, state, and federal government agencies on numerous projects, I simply don't share your opinion on the matter. In my experience, a relative few are efficiently run, and as they get larger in size and scope of responsibility, the probability that they're more likely to get mired in bureaucratic muck grows asymptotically.

right.....

[neocontrol]

I'm sure someone may have mentioned this..... employees had their laptop "stolen". 1100 laptops to go missing is kind of excessive. That's your tax dollars working for you.

Re:right.....

[geekoid]

less then 5% laptop losses is considered good laptop management, for anyone. Considering this is over 5 years, it is a sign of excellent laptop management.

Re:right.....

[neocontrol]

Well if that's the case, I retract my statement. I just don't see how that can happen in the first place, then again, I'm not a stupid user who "doesn't know any better".

Lose laptop = fired

And.. Anyone leaving a laptop containing someone else's personal info in a car unattended = fired (even if not stolen).

One can dream.

I'm a lazyass

[The+Raven]

I'm a lazy bastard. Luckily, my primary job is technical support, which I do extremely well, happily, and without complaint (yes, I enjoy Internet Technical Support, no I'm not delusional or ill). So, between calls, I slack.

We used to have the office 'anti-social asshole' who did his job well and without complaint, but he got fired. We still have the office whiner (our highly unqualified, also lazy, network admin). And we have a few other more middle-of-the-road average guys mostly do their work, mostly don't gab, mostly don't goof off, etc.

I miss the office bastard. I have to do the work he used to do. That doesn't fit well with my 'lazy' persona.

Myrddin

Re:Government loses

[geekoid]

So do private companies.

Of course private companies don't have to report it, so clearly they must not have this issue.
sigh.

Lost Information and ID Theft

[Soloact]

I think that we'll just keep seeing more and more of this sort of thing in the news, as it seems that personal information is what the government wants to hoard. They will continue to push this "lost" information as potential ammo for identity theft. This way they can get more and more folks to buy into the manufactured "crisis" and get those people to reveal more and more of their own personal information to government databases for their own "personal security". This will lead to more people accepting the idea of being chipped with trackable implants, so that they won't be robbed of their identity. Give up liberties and privacy for security, yep, we all know where that leads. Look around today, are we freer than we were? (IMHO)

This is probably not as big a deal

This is probably not as big a deal as certain other laptop leaks. These laptops are probably the ones that "field enumerators" carry with them as they make house calls gathering data for whatever litle project the Census is doing at the moment. I speculate that the data each one carries is only the few households the enumerator visited before the last time they turned their data in.

I worked in the 2000 Census and for that operation the collected records (not on laptops at the time) were turned in daily, checked to make sure there were no obvious errors (like the front page saying there are 4 in the household but say, 2 or 7 individuals were detailed further in), and shipped to the data scanning centers that same day or the next.

I would expect that similar procedures are used now with the electronic data being "turned in" daily, or at worst weekly. If I am correct about that, it would mean that the number of individuals exposed to their details is quite a bit smaller than other recent problems, even if every laptop taken had as much info in it as it normally had at maximum.

Which is still not good. My point is only that I think it's less.

YES!

[antdude]

I also read that way too. Just need 200 more laptops. :)

Same here.

[antdude]

I was going to mention it, but I would think someone already said it. :P

If they could only lose 200 more...

[Pvt_Waldo]

...

Oh do the math and figure it out!

You're probably the 1 in 5.

[Kadin2048]

Based on my experience working closely with people in the USG, it's people like you that really keep the whole thing afloat ... however, for every one person like you, there are probably 3 to 5 people just sitting around, sucking down salary dollars and filling out mindless paperwork until they can retire.

I don't think anyone would say that all government employees are total idiots; that's obviously untrue -- if it was, nothing would get done. And no matter how little you like the government, it does get stuff done occasionally. So there are people working hard for the USG, but I think they're really getting the shaft.

There are some exceptions to this ... in the areas where the government is the only entity doing a particular kind of work (like, say CIA or NGIS stuff), people tend to be really good, because they're there because of the subject matter. But for just general administrative/paperpusher stuff, anyone with half a brain could earn more money in the private sector, meaning that the people left in government service are, in my experience, mostly there because it's safe and comfortable and they can't be fired. People who really couldn't survive in the real world, in other words.

I think that you're very likely one of the 20% or so of USG employees who do 90% of the work.

Not l33t enough.

If only they had lost 300 more laptops...

It's government

What did you expect???

Well, at least ...

[oz_paulb]

... they had an accurate count of the laptops.

Don't give them any more information than you must

[PHAEDRU5]

The last time we had a census, I filled out how many people lived in the house, and nothing else. The form was *very* intrusive, asking all sorts of demographic and lifestyle questions.

Weeks later, a census worker showed up at my front door. Instead of having her with fava beans and a nice chianti, I simply refused to answer her questions about household income, number of bathrooms, races of people living in the house, etc. When she mentioned a possible fine for non-compliance, I quoted the census part of the US Constitution, and asked her where she got the authority to do anything but count heads.

My wife was a little worried at the time, but she just sent me a one-line email: "Thanak God you didn't tell them anything."

I used to work for the Census Bureau

I would not worry TOO much about personal, private information being on these laptops.

There is a pretty thick security firewall between the novell and windows systems that 'normal'(administrative) Census Employees use and the heavily secure and locked down Unix systems that hold the Census data. They're very free with laptops for employees there, secretaries, accountants, whatever.
They tend to pretty much approve them for anyone who has anything close to a legitimate excuse for one. They have a huge IT budget, and they spend it. The inventory control in general there was fairly lax when i worked there and loaner laptops, for example, would often just 'disappear', but at WORST there would be some employee information on the systems, not any Census data. Most of those people just used them to do homework or run off flyers for church functions or whatever.

The guys that run the actual secure Census systems are very serious and very competant folks that take their jobs very, very seriously and are very good at what they do. I would be SCHOCKED if they lost any private Census data.

This is a waste problem, and not a security problem.

The article is uselessly vague

[Beryllium+Sphere(tm)]

"because of encryption technology, the risk of data misuse was considered low, it said."

Unless the encryption was automatic, then someone careless enough to lose a laptop might have been careless enough to skip the encryption.

Confidentialy Notice

[towsonu2003]

All of the equipment that was lost or stolen contained protections to prevent a breach of personal information

which is:

This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately and delete all copies of this message.

at the end of every file that contains personal information.

Yet another reason I tell them to piss off

[davie]

Not only do census takers ask questions to which they are not entitled answer--by any stretch of the Constitution--they store the information on laptops that any recently-fired hamburger flipper fucktard can walk around with and lose or trade for a couple rocks of crack.

I think I can answer your question Zork

[merlin_jim]

Given the scope of the operation, are these losses to be expected or is this an example of poor government security standards?

Well I haven't even RTFA yet but let's see what the summary says shall we?

According to Commerce Secretary Carlos M. Gutierrez, 'All of the equipment that was lost or stolen contained protections to prevent a breach of personal information.'

Any security incident that does NOT result in disclosing personal information sounds like an excellent security standard to me...

Probably a commerce records problem ... WORSE!

[pbhj]

Hmm, so it's not that they can't asset-track but that they can't keep proper records. That's so much better for the census bureau!

Not that I care, I'm in the UK ... where stuff like this never happens [rolls eyes].

Re:Probably a commerce records problem ... WORSE!

[Spazmania]

I didn't say the Census Bureau failed to keep proper records. I said that the Department of Commerce failed to keep proper records. All the Census Bureau equipment (all the way down to pagers) has DOC asset tags and the DOC tracks it with an inane annual inventory. Yes, that's right, more than 10,000 employees and every year a team of people goes around and collects the asset tag numbers from every single computer. Your tax dollars at work.

security

[aaronhaze]

All of the equipment that was lost or stolen contained protections to prevent a breach of personal information.

... a Windows password. :-)

Census did not lose 1000 laptops

Reading through the comments here, it looks like most people didn't read all the details. Commerce as a whole lost 1000 laptops over the past 5 years, not Census. Census was only about 200 of those, and those are the one that had the potential to have personal information on them.

We had to report a few laptops lost for this data call, just because they were on our inventory sheets but nobody could find them. Chances are that they either were gotten rid of properly but not cleared off of the inventory, or they're sitting somewhere in our building and nobody found them during the last inventory. It's possible some are out there in the wild, but I'd be surprised.

Checks and Balances

"is this an example of poor government security standards?"

This many occurances makes it look intentional. It's only fair they let us spy on them too.

Lost, or not properly tracked...

[RexRhino]

Are they lost, as in someone stole them? or simply not properly asset tracked? The article doesn't make it clear.

Bet they are depreciated below accounting controls

[fishbowl]

I bet there's less skullduggerry here than the article implies. For instance, my company probably has 800 Toshibas that it bought for employee use in 1997. Some sort of second generation Pentium-1, Win95 machines.
Do you think the company knows where any of those machines are today? Do you think anyone actually cares?

Is 3% Loss Rate *normal*?

[billstewart]

It seems awfully high to me. (I can't really bitch, because I had a work laptop stolen a couple of years ago, and I've had one or two coworkers who've also had them stolen, but it still seems high.) If they're seeing loss rates in that range, they definitely should be running encrypted file systems, not just boot passwords. The person who stole mine was definitely in the quick-grab hardware resale market, not the information theft market - I hope the person he fenced it to had the sense to wipe the drive and install pirated Windows :-)

I can see that kind of loss rate if the problem is employee theft by short-term temporary census workers or some similar special case.

You've got to be kidding

[Roadkills-R-Us]

Do you really think anyone in the GAO can even *see* numbers that small?

Now if the census bureau were having to take a census of laptops, they'd find them all in short order!

HDs Encrypted to NSA spec, Census Employee

I am a census employee and the Hard drives are encrypted using a method devised by the NSA. It would be extraordinarily difficult to gain access to the data on the stolen laptops' harddrives, we take security very seriously and encrypt it at the same level you would expect state secrets to be protected at.

Not really lost!

I have to post this anonymously because I might soon work for the Fed.
You have to understand what is going on here. It is getting close to elections, and congressmen are going rabid in the search for scandals that will get their names in the paper.

A certain waxy congressperson has suddenly "seen the light" and has started an "investigation" into gov't loss of "privacy data". This is amorphously defined as anything that can be stretched to look alarming in the newspapers - even an employees own phone number or email address stored in a text file on his own laptop can become a government leak of "privacy data".

Agencies are then "investigated" by demanding that they show the whereabouts of every laptop they have ever owned. A major portion of their IT staff is set to the full time task of hunting down this information for weeks since laptops are a distributed resource. If they can't find the paper work that they filled out when they disposed of any of the laptops they have to list them as "missing"...

So in the hands of overzealous clowngress members the information "Federal agency loses the paperwork that proves they erased the hard drives on on 1/10 of 1 percent of their laptops they disposed of", gets magically transmuted to "Federal agency loses 300 laptops which MAY have contained PRIVACY data!!!"

Such horror , susch drama, such B&llsh@t!
The real story here isn't lost laptops, its the millions of dollars spent by federal agencies jumping through hoops so policiticians can get their names in the papers!