Census Bureau Loses Hundreds of Laptops

Billosaur writes "According to CNN, The U.S. Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau. According to Commerce Secretary Carlos M. Gutierrez, 'All of the equipment that was lost or stolen contained protections to prevent a breach of personal information.' This comes after the fiasco involving the Veteran's Affairs Department's loss and eventual recovery of a laptop containing 26.5 million veteran and active-duty records." Given the scope of the operation, are these losses to be expected or is this an example of poor government security standards?

Heh.

[TheSHAD0W]

Don't consider them as "lost resources"; consider them a "job perk"...

Re:Heh.

[Impy+the+Impiuos+Imp]

Seriously, I'm sure the vast majority were just census takers who never returned them, and, hey, nobody ever came and got it!

Re:Heh.

[Otter]

Given that 1) they have a massive short-term workforce of census takers and 2) I doubt they were giving them 1999's highest-end hardware, I can't get too worked up about this. What would the government do with a slightly higher stack of Pentium 120s, build a bigger Beowulf cluster? As long as there was no privacy violation, this doesn't sound like such a bad loss rate for such a huge project.

what kind of protection

[CastrTroy]

'All of the equipment that was lost or stolen contained protections to prevent a breach of personal information.'

I would like to know what kind of protection is being used. Is it just password protecting windows? encrypted hard drives? This kind of blanket statement doesn't really tell me much about how safe the census data really is.

heh. makes me think about ...

[Neuropol]

all those thinkpads i keep finding at the local used computer store and how nice of condition they're in!

Sheesh, I hope I haven't ever acquired one accidenatlly ...

Counting the wrong things.

[uvajed_ekil]

Maybe they should spend less time counting people and more time counting their computers. Or perhaps we should have a US Census Bureau's Computers Census Bureau. In any case, that sounds like an awful big loss of taxpayer computers, not to mention the data and the costs inherent in duplicating lost information.

It's only to be expected

[OakDragon]

I'll bet this is a direct result of their "Fill in our survey, get a FREE laptop!" promotion during the last census.

Census is leet

[imboboage0]

The U.S. Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau.

Am I the only one who read this as 1337 laptops?

If a "suit" says so it must be true

[hodet]

From TFA:

"All of the equipment that was lost or stolen contained protections to prevent a breach of personal information," said Commerce Secretary Carlos M. Gutierrez. "The amount of missing computers is high, but fortunately, the vulnerability for data misuse is low."

Ya, OK, I know I feel better. My bet is that they all had some kind of encryption software installed on them that very little to none of the users actually use.

No consequences means no responsibility.

[Kadin2048]

I think that a big part of the problem is that Federal employees can't really be punished, unless they're grossly negligent.

In terms of job security, it's just below being a pedophile priest; most of the time if you fuck up, you might get demoted or shuffled around ("I see there's a warehouse in Sioux Falls that needs a manager...") but probably not actually thrown out on your ass by Security.

IMO, this leads to all sort of laziness and a general lackadaisical attitude on the part of a great many USG employees -- not all of them, to be sure, but it seems like there are usually 4 bags of useless skin for every one person who's pulling the weight of 5 people. It's about the only place I've ever seen that could honestly look to gigantic multinational corporations for advice on how to be more efficient. Total sausage factory, in other words.

The laptop losses don't really surprise me, because I doubt these people get more than some sort of administrative demerit -- if that -- for losing one. I'm sure there's some sort of procedure that they go through, but I'm willing to bet that in the long run they just get a new machine issued and they go on, grinding their way towards retirement.

If you want to stop these losses, I have a plan: tell people that they get one laptop. If they lose it, they can try to do their job without one, and if they can't do it, then they can find a new job somewhere else. Like the private sector. Maybe McDonalds. Or if you can't tolerate being that extreme, just make any loss of a laptop come with an automatic demotion of one Government Service grade. There's nothing like the fear of demotion to strike fear into the hearts of bureaucrats.

Re:No consequences means no responsibility.

[garcia]

IMO, this leads to all sort of laziness and a general lackadaisical attitude on the part of a great many USG employees -- not all of them, to be sure, but it seems like there are usually 4 bags of useless skin for every one person who's pulling the weight of 5 people.

Sounds like just about every place I've worked. You have the office wanderer (the employee that is never in their office and you know you can find them in one of the offices of), the office chatterbox (the person that is always talking to someone on personal business), the office lazyass (the person who is in iTunes Store, surfing CNN, or printing some 100 page PDF on the schematics for their MAME arcade box instead of doing their jobs), and finally you have the office whiner (the person who doesn't do anything except complain to everyone (the chatterbox and wanderer especially) about how busy they are).

Then you have the people, like me, that do their jobs and go the fuck home w/o talking to anyone. We are considered the "anti-social assholes" because we get our work done, on time with praise, and make all the other douchebags look bad.

Yes, this is mostly a joke. Mod appropriately ;)

Re:No consequences means no responsibility.

[philwx]

Couldn't have said it better myself. Having been in the military, going to the Navy Exchange (this is the equivalent of Px, just a store on base), you would get in line to find a frowning checkout clerk, basically you've inconvenienced them by coming to their register. That's just the tip of it, most of the administrative services run by civilians for the military are much, much worse. I called one (forget the name of it) regarding a movement of personal belongings to another state and her attitude was as if I were some kind of annoying telemarketer (and not the reason her highschool dropout butt had a job). I can think of many examples, and there are probably many more I've forgotten. They are smart enough to perk up for officers though, I can say that for sure. One walks into the room and they're all professional. Looking back, it kind of disgusts me. I'm glad I got out when I did. But I digress, that's most government employees for ya. The bare minimum mantra.

Re:No consequences means no responsibility.

[boristdog]

I worked for the federal govt for 6 years. The parent post is very true.

You are encouraged to toe the line, come in on time, leave on time...and not much else. If you do a good job you are "rewarded" by being kept in that position, because they need someone who can do the work. If you screw up, the only way they can get rid of you is by promotion.

Still, the efforts of the 20-25% who know what they are doing keeps the government working. Most of them stay for the security and benefits. I still have friends there who are good workers, but too afraid to face the real world (i.e. Private Sector) and are cranking away to that retirement and pension. I'm only 42 and I could be three years from retirement right now if I hadn't quit 16 years ago. But it would be only at half pay, which would be less than 1/4 of what I make now.

So give thanks to the timid hard workers who actually make the government work. The rest of us will enjoy our risks and rewards.

Re:No consequences means no responsibility.

[CokeBear]

What about that category of people what complain about all the others on Slashdot when they should be doing work?

Re:No consequences means no responsibility.

[fragmentate]

I worked for the Department of Health Services. Obviously they have data that is ultra-sensitive since it involves classifications of all disorders (including HIV, AIDS, mental). When people "lost" laptops they weren't even given so much as a slap on the wrist. They had certain vaguely numbered forms to fill out (for insurance purposes), and then some requisitions for a new laptop to be ordered. What was obvious to me was ignored by them. These people hadn't lost anything at all. They simply got a free laptop out of the deal, and got an upgrade for work. After looking through the support system some people had lost, misplaced, or had stolen multiple laptops.

I don't work for the government now, I work in the private sector for a technology company. The difference here is that if you lose a laptop you don't get a new one "just like that." Every laptop has special tools that "phone home" if they're connected to the internet. If, and only if, after 6 months, they get no response from this laptop do you get a new laptop issued. The neat thing is these guys here have no idea that this "phone home" software is installed.

The consequences for this carelessness are pretty serious. If you lose a laptop, and it phones home from any of your login IPs, you'll find your desk cleared of all clutter, and your boxes out on the curb.

I believe my position at the Department of Health was a "make work" position -- i.e. it was established to satisfy some quota. I cared enough to resign because I don't want a fake job. I'm not happy just being there. I hear people say "man, that is the dream job. Get paid $50k/yr. to do absolutely nothing." I hear that all the time. I don't like that kind of job. It's boring, it's dull, and it leads to the very complacency that allows this lackey attitude about hardware.

I think the government is a magnet for people that want to do very little, and who don't really care about anyone else. To them, their job is an entitlement. It's like a cancer cluster. The people that cause this attitude are in denial and too busy justifying it all to care how much harm they're actually doing.

There is no end in sight; they just hired my brother in-law's wife -- she's never had a job longer than 3 weeks (literally). Yet, she's been working for the government for 6 weeks now. Go figure.

She'll have that laptop pawned in no time.

Re:No consequences means no responsibility.

[sumdumass]

The government is sort of a funny thing. In one hand they will throw money around and waist it like it wasn't theirs in the first place. In the other hand they are so tight with the money you would think if you shoved coal in thier asses, diamonds would protrude the next day. Why is this important? Well, I'm willing to bet that quite a few of the lost laptops are 4 or more years old when they were lost.

Why does the age of the laptop matter? Because the story sets this up as the census bureau lost the majority of them. Now, in 2001 if you were issued a laptop that was three years old, you are likley to have a pentium pro or smaller processor (less then 250 nhz) with a video screen that you cannot deviate more then 15% from center and still see. Packing this bundle of pleasure around would most likly mean toting about 15lbs or more around when you consider attachments you needed because of the tech availible then. Now imagine carrying one of these around going door to door for 6 months and someone shows you thier 2002 model that weigths in at 3lbs with carrying case and all, Has started, compiled and burnt a music cd in the time it took for your 3 and 1/2 year old monster to boot.

Losing it was probably the only way to get an upgrade. If it was my employee doing this, they probably would be fired so i agree with you in that respect. OTOH, i have seen government computer equiptment that has been around longer then the department. I'm wondering if the lost laptops aren't more of a forced upgrade and the middle management is in on it too. In that situation, there wouln't be anyone willing to punish people.

Re:No consequences means no responsibility.

[Gilmoure]

Bingo! All I want to do is sit in my cube, take my calls, keep up with email and alerts and then go home. I don't want to escort the uncleared so they can sit on their ass 6 times a day and suck on a cig, I don't want to wander half-way across campus to hit the good snack machine or over priced grill and I sure as hell don't want some mouth breather hanging around my cube talking about millionaires playing with a ball. So yeah, I'm the unpleasant asshole that no one likes, who dresses weird (messy long hair, scraggly beard, Ornery Boy shirt (in a button down only shirt office)) and always beat everyone else's stats by 30%-50% every month. Feh.

1137out of a total of how many?

[winkydink]

5% shrinkage per year is considered doing a good job when it comes to managing laptop losses.

Re:1137out of a total of how many?

[pointbeing]

5% shrinkage per year is considered doing a good job when it comes to managing laptop losses.

Considered a good job by whom? I work for an agency under Department of Defense, supporting about 3,000 users. We've lost three laptops in the last five years, two of them by the same contract employee. That employee no longer works here.

I can't speak for Commerce but DoD requires FIPS 140-2 encryption of data at rest on mobile devices. We redirect mobile user's My Documents folder to a network share, turn on data synchronization and encrypt both the local and remote directories. All users are briefed on the requirement to store data in that encrypted location.

There are real issues with encrypting an entire drive and how the hell you recover the data if the user dies/quits/forgets his password. At least the way we do it selected domain admins can decrypt the data on the network share if required.

But - IM frequently less than HO losing almost 4% of an agency's mobile computing resources is completely unacceptable. Somebody needs to get spanked over this one.

Laptops for sale!

[le0p]

Is this a bad time?

Are they sure?

[mrroot]

"According to CNN, The U.S. Commerce Department has lost 1,137 laptop computers since 2001"

Are they sure? Maybe they miscounted...

bada-bing!

OK, sorry about that.

Running some quick numbers....

[Malfourmed]

From the article:

More than 30,000 laptops were used within the department's 15 operating units since 2001, the department said, and a total of 1,137 were stolen or missing.

Let's assume that at any given time there were about 20,000 laptops in use at the Commerce Dept in the five years since 2001. (30K laptops were used in that period, but some would have been swapped out during that time.)

1,137 missing over this period is a bit over 200 per year, or about 1% attrition per year.

Given the scope of the operation, are these losses to be expected?

I'd say yes. We're talking mobile pieces of equipment, easily hidden in a suitcase or even in coat these days.

The level of data compromise, as opposed to physical asset loss, is another matter, but then the article doesn't quantify that.

EFS and FileVault: Why aren't they the default?

[dpbsmith]

I was going to stay

1) Use a MacBookPro

2) Turn on FileVault

3) Problem solved.

But it appears as if there's an equally effective solution in Windows:

kb 307877 simply Click Start, point to All Programs, point to Accessories, and then click Windows Explorer, locate the file that you want, right-click the file, and then click Properties, on the General tab, click Advanced, Under Compress or Encrypt attributes, select the Encrypt contents to secure data check box, and then click OK If the file is located in an unencrypted folder, you receive an Encryption Warning dialog box. Use one of the following steps: If you want to encrypt only the file, click Encrypt the file only, and then click OK. If you want to encrypt the file and the folder in which it is located, click Encrypt the file and the parent folder, and then click OK.

(yesyesyes, if you detailed the procedure for enabling FileVault it would be nearly as long).

But, I'm 100% serious about this, why don't both Microsoft and Windows enable file encryption by default?

(Full disclosure. Do I use FileVault? No. Why not? Well, to tell the truth, I'm worried about bugs and glitches. There is safety in numbers. If Macs had FileVault enabled by default, then any bugs in it would cause problems for millions of users, and Apple would find out and fix them quickly. As it is, I suspect about 0.01% of all Mac users use it, and I've felt for a long time that one of the keys to avoiding OS trouble is to stay in the mainstream and avoid using anything that lots of people aren't using--unless I have a good reason).

No big deal

[T5]

I know this sounds bad, potentially losing census data and all, but as a recipient of several of the computers used in the 2000 census (essentially hand-me-downs when they were done with the census to other Department of Commerce offices), there wasn't any personally identifiable information on the machines when we got. No laptops were in our transfer, but the desktops and servers were clean. We were asked to make sure that the hard drives had been wiped. All of the ones that came to us were.

I'm willing to bet that the number of "lost" machines is really much lower than the report stated. I just looked at our inventory and changes we submitted over the last couple of years (dead machines especially that need to be removed from inventory) haven't been made in the master lists yet. I'd chalk this up to carelessness with the inventory database more than carelessness about actual machine loss. After all, we're talking about 5-7 year old laptops. Who's really using those old boxes anyway?

similar to governement credit card problem

[peter303]

For a while governement employees were making all kinds of dubious charge to their work credit cards. Expecially in the Katrina cleanup when limits were loosened.

My company directly reimburses the credit company, but only for "approved" expenses. Sometimes things are not approved and the employee must pay it then.

Extra protection

[ubrgeek]

"All of the equipment that was lost or stolen contained protections to prevent a breach of personal information." - Each was given a Dell or Sony battery ...

Probably a commerce records problem

[Spazmania]

I used to work at the Census Bureau. I didn't see anything like this in the IT groups -- they were pretty sharp. More likely this is a recordkeeping problem at Commerce where obsolete laptops were returned, properly disposed of and recorded correctly at the Census bureau but the knowledge didn't make it in to DOC records. It wouldn't be the first time.

Of course, this is a mildly uninformed opinion. I haven't worked at Census for a while and I had nothing to do with laptops when I did. I'm just saying there's something fishy with the notion that Census lost a thousand laptops. I don't buy it.

Besides, excluding the decennial survey-takers (temporary employees during the decennial census) there aren't than many people at the census bureau with government-issued laptops. Everyone would have had to disappear one laptop and some folks would have had to disappear two.

Hello, identity theft!

[Lurker187]

I'm more concerned about the "nearly 250 from the Census Bureau containing such personal information as names, incomes and Social Security numbers". I heard a sound bite about it from the Commerce Dept. statement this morning, they said not to worry, the data is, and I quote, "password protected".

Yeah, that's real comforting.

I'm a lazyass

[The+Raven]

I'm a lazy bastard. Luckily, my primary job is technical support, which I do extremely well, happily, and without complaint (yes, I enjoy Internet Technical Support, no I'm not delusional or ill). So, between calls, I slack.

We used to have the office 'anti-social asshole' who did his job well and without complaint, but he got fired. We still have the office whiner (our highly unqualified, also lazy, network admin). And we have a few other more middle-of-the-road average guys mostly do their work, mostly don't gab, mostly don't goof off, etc.

I miss the office bastard. I have to do the work he used to do. That doesn't fit well with my 'lazy' persona.

Myrddin

Yet another reason I tell them to piss off

[davie]

Not only do census takers ask questions to which they are not entitled answer--by any stretch of the Constitution--they store the information on laptops that any recently-fired hamburger flipper fucktard can walk around with and lose or trade for a couple rocks of crack.