On-line Opinion Magazine…OK, it's a blog
Random header image... Refresh for more!

Yeah, Right – Trust Us

From CNN – VA laptop recovered; FBI says data not accessed:

The FBI, in a statement from its Baltimore field office, said a preliminary review of the equipment by its computer forensic teams “has determined that the data base remains intact and has not been accessed since it was stolen.” More tests were planned, however.

Newly discovered documents show that the VA analyst blamed for losing the laptop had received permission to work from home with data that included millions of Social Security numbers and other personal information on veterans and military personnel.

There is no real way of knowing if everything on the disk was copied. You can check the date/time stamp on files and audit trails, if they have been activated, on the data base, but there’s no real way of knowing what went on with that drive.

It’s also nice that they found out that their data administrator didn’t break the rules, the rules were just terrible. Incompetence is rampant because this stuff is basic, things you learn in introductory courses.

4 comments

1 andante { 06.29.06 at 5:50 pm }

Bumbler that I am, even I could figure out how to copy a hard drive without leaving tracks.

Let’s hope they’re right, for a change, and this just isn’t another made-for-TV happy ending.

2 Bryan { 06.29.06 at 7:16 pm }

All we can do is hope. No one needs the aggravation of identity theft.

3 Steve Bates { 06.29.06 at 11:23 pm }

One irony is that this makes the entire VA look bad. The folks I know at the local VA who handle veterans’ personal information take data security very, very seriously; they are both crestfallen and furious that this happened at all. One dumb (expletive) is all it takes to ruin the reputation of an institution.

Another irony: among that many veterans, surely some will suffer identity theft completely unconnected to this database, but no one can be sure of that, either. Suspicion will attach to this screw-up from now on.

At least the FBI did not have the temerity to assert that the data had not been accessed. Let’s face it: no one can know whether the data has been accessed.

4 Bryan { 06.30.06 at 12:20 am }

Well, if the software on the computer has an audit trail, you could tell if it had been accessed through the software, but there’s now way of determining if the entire thing was copied to another device.

The computer should have been password protected and the data base encrypted even if it never left the building.