Sunday, March 20, 2005

Ineffective Security

I saw this article in the Boston Globe on Saturday: Boston.com / News / Nation / Identity theft in Las Vegas raises terror concerns. "Burglars rammed a vehicle through a back wall at the DMV early on March 7 and drove off with 1,700 blank Nevada licenses, the equipment needed to make licenses, and a computer hard drive that contained the Social Security numbers and other personal information of more than 8,000 people who had obtained licenses there since November."

It goes on to quote some idiot: "Say it's a terrorist cell that ends up with this information. They can use it to rent cars or trucks". The problem with such a statement is it can be used for anything. Should we start presenting IDs at restaurants because terrorists might eat there?

There were other things in the article to make anyone knowledgable of computer security cringe. "they did not believe the hard drive contained any personal data. But [they] did not delete the data each night, as officials had thought." Nothing like not following procedures to create a good risk. ''But who would've thought someone would take a truck and drive it in the back of an alarmed building? It's a hard lesson to learn." Yes but encrypting your data would have been an obvious way to lessen the impact, unless you left a password on PostIt next to the computer.

At least there was something not alarmist in the article: "When I consider some of the issues I worry about, some driver's licenses aren't high on the list," [a homeland security specialist] said. ''It's so easy to forge driver's licenses these days. If you want to know how to get a phony driver's license, all you have to do is ask a teenager."

No comments: