Davis highlights problems of data leakers

Commerce’s 1,137 missing laptop PCs are symptomatic of lax policy enforcement

Federal Agency Data Breach Notification Act of 2006

The Commerce Department disclosed last month that it has lost more than 1,100 laptop PCs in the past five years, including 672 from the Census Bureau. Of the missing Census laptops, 246 contained personally identifiable information. Those lost laptops raise concerns about how well prepared the bureau will be to safeguard personal information on handheld computers during the 2010 census.

Census officials did not comment about the recently reported equipment and data losses beyond what Commerce officials said when Rep. Tom Davis (R-Va.) announced the losses in September. But lawmakers and Census officials clearly recognize the risks of using handheld computers for the upcoming decennial census.

Census officials are taking precautions against personal data loss by designing a data-collection system that minimizes the time that handheld wireless PCs store data, said Warren Suss, president of Suss Consulting. Census has made strides to ensure that personal data leakage won’t happen during the 2010 census.

The bureau plans to keep most personal data off the devices by automatically transmitting encrypted information via a secure private network to a central database immediately after census takers collect it.

“That will minimize the risk in terms of requiring extensive data to be maintained on laptops in the field,” Suss said. “We should be in better shape for the next census than we are now.”

Commerce officials downplayed the potentially harmful consequences of the recent equipment losses that Davis cited by saying that factors such as password protection and, in some cases, encryption technology would limit any potential misuse of data that was on the missing equipment.

“All of the equipment that was lost or stolen contained protections to prevent a breach of personal information, and we are moving to institute better management, accountability, inventory controls, 100 percent encryption and improved training,” said Commerce Secretary Carlos Gutierrez, in a recent public statement.

However, Gutierrez’s comments offered little reassurance to security experts such as Ted Julian, vice president of business strategy at Application Security. “If the beginning and the end of your strategy is securing laptops, you’re doing a great job at reacting to the news at hand, but you’re arguably missing a huge swath of the data security problem,” he said.

Julian said agencies should only store sensitive personal data in a secure central location where people cannot remotely access it. The more decentralized the data, the more problems agencies will have with security, he said.

Davis expressed his lack of confidence that the government could keep sensitive personal information safe. “The American people deserve better from their government,” he said.

Suss, however, said information security problems will diminish as the government adopts more network-centric policies for managing data. “The long-term solution is going to have to rely on maintaining more information in the network rather than on individual devices,” Suss said. “It’s an important direction for the government to take, but it’s going to take time.”

Davis wins House support for data breach notification

Rep. Tom Davis (R-Va.) drafted the Federal Agency Data Breach Notification Act in July to require agencies to quickly notify individuals when a data loss might have compromised their sensitive personal information. The measure authorizes federal chief information officers to enforce the law.

After learning about the Commerce Department’s loss of 1,137 laptop PCs, Davis inserted his breach notification bill into the Veterans Identity and Credit Security Act of 2006. The breach notification bill would amend the Federal Information Security Management Act of 2002.

“If we’re going to ask and — sometimes demand — information from the public, we owe them a better way of knowing when that information goes missing,” Davis said in a recent speech on the House floor.

The bill Davis sponsored passed the House last month and moved to the Senate.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1986, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group