You’ll tell us what we ask for, citizen, and we’ll tell you what we please. From the NYTimes:
In 2007, Robert M. Nelson, an astronomer, and 27 other scientists at the Jet Propulsion Laboratory sued NASA arguing that the space agency’s background checks of employees of government contractors were unnecessarily invasive and violated their privacy rights.
Privacy advocates chimed in as well, contending that the space agency would not be able to protect the confidential details it was collecting.
The scientists took their case all the way to the Supreme Court only to lose last year.
This month, Dr. Nelson opened a letter from NASA telling him of a significant data breach that could potentially expose him to identity theft.
The very thing he and advocates warned about had occurred. A laptop used by an employee at NASA’s headquarters in Washington had been stolen from a car parked on the street on Halloween, the space agency said.
Although the laptop itself was password protected, unencrypted files on the laptop contained personal information on about 10,000 NASA employees — including details like their names, birth dates, Social Security numbers and in some cases, details related to background checks into employees’ personal lives. …
japa21
Okay, I am not a computer geek, but I have to ask why that information would be on the laptop itself. It would seem to me that it would be in a main NASA computer somewhere and could be accessed by the laptop owner remotely, but not on the laptop specifically.
If that is the case, then security measures could be put in place as soon as the theft is discovered to make sure whoever took the laptop is unable to access the main files.
For the computer geeks out there, is that implausible?
Origuy
Why does anyone need employee confidential data on a laptop? It should be on a secured server behind locked doors. My work laptop, which has little or nothing that anyone would care about, has BIOS level encryption. Nobody gets past the initial password prompt and if they pull the hard drive, good luck cracking the encryption.
Edit: japa21, not only plausible, but it should be mandatory in this case.
Zifnab25
@japa21:
There’s plenty of ways for the data to land on an individual laptop. Firstly, working over a network – particularly a highly secure network – can get really laggy and annoying. So people will regularly pull a file over, work on the file, and then export it back again. Secondly, because people recognize latency is an issue, many programs will store a temporary copy of a file on a local machine while it is being view/edited/whatever. If you have ever opened a PDF in a web browser, an actual copy of the PDF was downloaded to your machine somewhere and read locally.
Those are just two reasons that leap to the top of my head. But the short of it is that we haven’t reached a level of high speed internet connectivity to allow people to operate entirely off of thin clients connecting to remote systems.
Cermet
First off, not having background checks would have done zero for this case – the critical data stolen (or lost if the thief just wipes it so they can use the computer) was just normal data that everyone provides to an employer; second and most importantly, the policy of allowing anyone to take such data without encryption is the issue here. Now-a-days this is required for such information so someone screwed up and not getting personal data would not have change this fact.
This critical information should never be on portable computers much less taken out of the building.
Mnemosyne
This is not just a government problem. One of the sales reps at G’s office had a laptop stolen, which had a bunch of patient information on it, including Social Security numbers and addresses.
The Giant Evil Corporation I work for got sued because the encoding of our ID cards included our Social Secuirty numbers and could be scanned without our knowledge. The especially stupid part of that is that we were all issued personnel numbers to avoid having our SSNs be potentially available to anyone who got hold of our ID cards, but they never bothered to change the protocol for encoding the IDs until they got sued.
Etc.
PeakVT
Do not put important or sensitive information on laptops. The End.
I bet 99% of laptop thefts are for the equipment, not the information, but one can never know when the information is actually the target.
Related: a new compute cluster can crack every 8-character Windoze password in less than 6 hours.
Butch
I’m just at the tail end of resolving a case of identity theft that it my case was fairly minor by comparative standards. It’s a nightmare.
The Moar You Know
@japa21: Sadly, the “remote wipe” thing for an actual laptop is pretty implausible. The information in question flat-out should not have been on a laptop, but as we have found over and over and over and over and over again for the last decade, banks, governmental agencies and health care providers routinely do this shit all the time no matter how dire or embarrassing the penalty.
The “password protected” thing is a joke. Google “NT Passcracker” and by using that tool even the most inexperienced noob can have that stolen laptop open in ten minutes.
Jack the Second
My workplace uses four policies together to keep things pretty secure.
1. You maintain control of your laptop at all times. Don’t lend it to a friend, don’t leave it on a table.
2. No sensitive data on laptops. Even if you lose control of it, there shouldn’t be anything on it to steal. It’s just a dumb terminal for accessing the corporate network.
3. Full disk encryption on every laptop. Some people will willfully or accidentally put some sensitive data on laptops.
4. Remote wipes of laptops. If your laptop is lost or stolen and connected to a network, everything on it can be deleted remotely.
None of these policies is particularly expensive or difficult to implement nowadays.
Todd
Conservatives have long told us that there is no right to privacy, Blackmun’s opinion in Roe notwithstanding. In fact, I remember a whole bunch of them, including the Glibertarians, laughing at the notion of the penumbra of privacy, and the Glibertarians happily signing on to the notion that Roe was a heinous assault on personal liberty, in that having an organ of government declare that there are aspects of private lives into which government cannot intrude is a huge assault on Freedom, and Americanism, and Liberty, and all that is good.
Hypatia's Momma
@japa21:
It’s not simply a “computer geek” question; any information relating to Human Resources/Payroll should not be transported off-site by any employee.
Mnemosyne
@Cermet:
Just repeating this for emphasis. No deep background check was done on me for my job at the GEC, but I would be just as screwed as those NASA employees if someone had my personnel information on a laptop that got stolen.
It’s not like our employers having our SSN, birthdate and address is somehow unique to government work.
NorthLeft12
I hate to sound like a conspiracy obsessed nutjob, but this almost sounds too perfect to be true.
It’s as if a big FU was sent to the scientists for daring to question the genius management of NASA.
It would be interesting to know if NASA management personal information was on that laptop, or if it was just restricted to scientists and other lesser human beings…………….. that is if the laptop and data were ever really “stolen”.
slag
I was shocked the other night when, while participating in a Kickstarter campaign, I was sent to an Amazon checkout site that required my Social Security number. WTF?
Villago Delenda Est
@Origuy:
This is one of those mysteries that has baffled mankind since Grace Hopper found a moth inside the innards of that vacuum tube firing tables calculating machine back in the 40’s.
Why, indeed, is anything considered confidential on anything but a well secured mainframe guarded by giant two-headed attack dogs?
redshirt
Some hacker actually had the control codes for the ISS last year. Fun times!
Villago Delenda Est
@The Moar You Know:
Scriptkiddies strike in the dark of the night!
Villago Delenda Est
@Todd:
You’ve articulated the primary problem with glibertarianism: It’s totally fucked up as a “philosophy.” They’re distressed that actual philosophers start convulsing with laughter when the name “Ayn Rand” is mentioned as a philosopher.
Mnemosyne
@NorthLeft12:
If that’s the case, it’s going to be a very expensive FU for NASA — the VA had to pay out $20 million in compensation to the veterans whose information was stolen from a VA laptop.
? Martin
@Jack the Second:
In theory. The problem with public sector budgeting is that it can be incredibly difficult to secure the limited funds needed to do something even this basic. And most public sector operations have bottom-up IT rather than top-down, which makes it harder yet.
The fundamental problem I’ve found is that user-interaction roles get primary funding and everything behind the scenes is some combination of nonexistant of desperately underfunded. Think about our public education debate. We talk about funding per pupil and student-teacher ratios, classroom time, access to resources. But someone needs to maintain teacher HR records, student records, and so on. Any money that does go to education gets very publicly dumped as close to the student as possible as everyone desires. Spending that money on the back-end gets vicious criticism even from the left, so its politically impossible to actually build anything there. And when the budget cuts come through, guess where the cuts are the deepest?
Does anyone think things are NASA are really that different from your local elementary school?
qwerty42
The only way these issues are ever resolved is by firing some managers. And not low-ranking ones either. It has to be a significantly visible consequence. And why this stuff is on a laptop? My guess is the data was on a spreadsheet or, if they are really up on things, an Access “db”. Possibly because it is “too hard” to read the data as stored in tables/views on DB2 or Oracle.
geeze.
Amir Khalid
@Mnemosyne:
This might amuse you. About decade go the Malaysian government made us all get the new Mark 2 national identity cards(ICs, as we call them). The Mark 1 IC, introduced by the British as a security measure during the Communist insurgency, had a serial number (your “IC number”) that you’d use to identify yourself in personal transactions, filling out forms etc. The Mark 2 IC number starts with your date of birth in DDMMYY format, followed by a two-digit code for your state of birth, and a serial number. So anytime a Malaysian fills in a form they’re giving away two items of personal information: date of birth and place of birth.
Brachiator
@PeakVT:
We are soooo beyond this. People put or access sensitive information by means of all kinds of devices, including smartphones, tablets, and maybe even game consoles. And let’s throw in various iterations of cloud storage and file sharing.
And the background to many possible security breaches, as posters here have noted is an attitude that says, “it can’t happen to me” or “I’m in a hurry” or “I can’t be bothered with the security crap that is preventing me from getting my work done.”
And on top of this is the attitude by many that privacy and security are so last century. Devices and software are engineered to maximize sharing and accessibility.
And all of this is a side issue to the original JPL case, which I think makes a pretty good case that the government’s claim to excessively personal background information is unnecessary, intrusive, accomplishes nothing, and may be stupidly made accessible to ID thieves and other goons.
Amanda in the South Bay
@Brachiator: I feel the same way about security clearance background checks.
? Martin
@qwerty42:
1) We don’t buy desktops any longer. There is no performance benefit to them. There is barely a cost benefit to them. They are less flexible for employees that work in multiple locations. We’re centralizing our HR operations. Almost every one of our HR staff will be traveling to work sites in 18 months.
2) I haul around vastly too much stuff in spreadsheets (also on my laptop as I have no server to store it on – but I keep everything in a highly encrypted virtual partition, which I can back up as an encrypted partition – it’s relatively secure). I could store the stuff in a database, but I can’t get funding for Oracle. I could store it in mysql, but I can’t get funding for a server, or server hosting even at my own employer because we have insufficient rack space. Being in .gov, we’re not allowed to put this data offsite, so we can’t rent RDS from Amazon.
This is not the rightwing argument that government workers are too stupid and lazy to write SQL. It’s the argument that for all the false reasons noted here about how stupid government is, nobody will fund government efforts as a consequence. I just, yesterday, got $25K in funding to actually get some of this in databases. I’ll use that money on services and equipment and do the labor in my free time, because I’ll burn through it in days if I hire it out. Could I get even 20% of an FTE to build this? Nope. No continuity. We’re going to lurch from temporary funding to temporary funding, building short-term solutions for lack of long-term funding.
It took me 6 years to get that $25K and I’m going to start today on the next $25K of funding to replace/upgrade this equipment because in 6 years it’ll be needed.
All because SQL is “too hard”.
Jay in Oregon
@Brachiator:
There’s also the rise of “BYOD”, or Bring Your Own Device, in a lot of workplaces. Organizations that are strapped for money to upgrade IT resources are starting to allow employees to use their own laptops/smartphones/tablets for work purposes.
I have work-related material on my laptop—I take after-hours calls from time to time—though nothing really sensitive. And even that is kept in Wuala, a Dropbox-style service that uses client-side strong encryption. (I also use it for receipts, tax info, the accumulated notes and emails from my recent mortgage refinance, etc.)
http://www.wuala.com/referral/AJG5C7FF6PKFN63K3455
FYI, that is a referral link; it gets you 6GB instead of 5GB of storage, but people don’t have to use it if they don’t want to.
Brachiator
@Jay in Oregon:
Good point. There is BYOD all over the place, even in organizations that are not strapped for cash (and I wonder whether some IT people are frazzled at having to support BYOD devices).
Smartphones and tablets have also accelerated more offsite and in-the-field work. I know sales people and managers who work from home a couple of days a week. Sometimes they take laptops home with them, other times they do remote access. All of this convenience comes with some security concerns.
ETA: I seriously loves me some Dropbox.
Meg
I worked at JPL before. The new security check they introduced at that time was beyond the normal ones we already all went through when we first got hired. I don’t remember the details now. But it required everyone who already worked there to go through another intrusive check. The information they seek including your drug usage, any small encounter with the law enforcement, and the statements from your friends and neighbors (not relatives or family members) about your qualification to work at JPL. The letters need to be mailed from the writers themselves to JPL or NASA so you do not know what they say about you.
For me, I don’t even know more than two neighbors that I trust and know well to ask for their statements. On top of it, why would any one of them be qualify to judge if I am qualify professionally or morally to work at JPL? If i am secretly evil or inept, i mostly likely wouldn’t broadcast it to my neighbors.Anyway, the mere mentioning of this thing makes me very upset.
Jay in Oregon
@Brachiator:
I love Dropbox, too; I use that for files I intend to share with others (friends and family) and use Wuala for the private stuff.
Wuala isn’t quite as user-friendly, but that’s partly by necessity; the cached data is stored in an encrypted file (disk image?) and so you must launch the client app to gain access to it.
PurpleGirl
At one point a member of the Board of Trustees of my former employer thought that we should have the field staff enter volunteer names into the database on their home computers after working in the field (i.e., at a school) during the day. This person thought we could save on data keyboarders. We (the central office admin staff) patiently explained why it would be a bad idea. What ultimately convinced the Board member was our mentioning that we could do that with the donor database too — and that she was the Board member who didn’t think the office staff should have access to donor information at all. Let’s not mention that not all the field people had computers at home, laptops or otherwise. Not everyone was computer fluent. Did they really want us to have some 50 copies of the volunteer database out there that had to be reconciled to the master db?
Brachiator
@Jay in Oregon:
I also meant to add, thanks for the tip about Wuala. I will definitely check it out. It might come in handy with work that I sometimes have to do.
@Meg:
Yes. The additional irony is that some JPL employees had lived in countries with repressive authoritarian regimes and knew from first hand experience how stupidly intrusive this stuff could be, and how easily it could be misused.
The other irony is that the “need” for these extra intrusive background checks impacted long time employees who had passed all number of clearances before and who did not do work on any sensitive projects.
And some people tried, and still try, to defend these procedures not with any rational objective or security concern, but with lame BS like “well, you don’t have to work for the government if you object to their getting all up in your business.”
redshirt
If only they’d used “The Cloud”!
Hypatia's Momma
@Brachiator:
For human resources and accounting, though? That’s… stupid.
Meg
@Brachiator: You are exactly right.
And we are really grateful that these group of scientists fought back with a big investment of their own money and time so some of the most intrusive measures were stopped.
But the thing I don’t understand the most is why the Obama administration feels they need to defend this Bush era draconian policies.
Roger Moore
@japa21:
I want to know why in hell they weren’t using whole disk encryption. I have it on all my personal computers, and it’s pretty transparent once you’ve unlocked the system. And if they aren’t using it because their operating system doesn’t support an acceptable version, then this is a sign that they need to either pressure their operating system vendor or switch OS to something that allows them to use reasonable security.
Roger Moore
@Hypatia’s Momma:
That’s not a workable solution. Any reasonably sized organization needs to have a backup plan that includes off-site backups to restore things in the event of a disaster. Maybe you need to include some kind of protection against data theft- that’s what encryption is for- but you can’t leave payroll and HR out of the plan.
burnspbesq
@Jay in Oregon:
The other benefit to using Wuala is that its servers are located in places that (1) aren’t likely to experience a severe earthquake or catastrophic weather event and (2) that are subject, in whole or in part, to EU data-protection laws.
Gindy51
@Jack the Second: As far as remote deletion, doesn’t that work only if the computer is hooked to the internet or tries to gain access to your company’s network? What if the thief turns it on away from a live network and just prints out the sensitive info or transfers it to another machine?
Hypatia's Momma
@Roger Moore:
Which is not at all the same thing as any individual employee transporting the information off-site willy-nilly. I’m not sure how that easy-to-understand distinction is so readily lost on you but, hey.
BGK
All of you tend to underestimate the pure hydraulic force of end user bitching and moaning.
I work for a small company that deals with personally identifiable information. We give most people laptops now, as the cost differential is small over a desktop. They all have smart card readers. Our security badges have embedded smart chips. We got smart-card-reader keyboards as the cost difference was laughable. We licensed whole disk encryption as part of our endpoint security suite. We have a slick (as its engineer, I have a little pride in it) PKI that takes exactly no maintenance.
We don’t have whole disk encryption.
Why?
Users forget their security badges all the f*cking time. Rather than deal with the tiny bit of grief of getting a temporary badge, they tap on the goddam glass entry doors and get let in. Then they borrow someone else’s badge when they need to go to the can, or out for a butt. We tried a smart card pilot, and the pissing and moaning over having to get temporary badges was deafening. As we’re mostly salespeople, they claimed with straight faces it was affecting revenue. Dumb president believes them, end of pilot.
We can’t have nice things.
redshirt
I worked briefly in a very high security facility and first, there were no laptops. Second, there were really no computers. Each machine was a VM and it was wiped and re-built nightly. Lastly, no non-approved devices were allowed, specifically USB drives.
Not going to occur in most offices, but if you’ve got any kind of security concerns (hello NASA!), at least use a BIOS level encryption for any laptop. It’s an inconsequential cost/effort and provides great security.
But don’t worry! Most users will simply tape their encryption password to the laptop regardless.
low-tech cyclist
Hey, that’s nothing. I don’t know why it hasn’t gotten bigger play, but in South Carolina, a stolen password led to the exposure of tax records of 4.5 million tax filers and another 1.9 million dependents, not to mention 3.3 million bank account numbers.
Nikki Haley proceeded to blame the IRS – for not imposing Federal mandates on South Carolina requiring that certain encryption standards be used at the state level.
States’ rights in action.
Schlemizel
The the laptop drive itself was not encrypted and allowed to hold this data should be grounds for summary execution. There is no excuse for this sort of leak.
Thats a separate issue from the collection of the data but anyone with half a brain would not permit sensitive data to rest anywhere unless it is encrypted.
Death is too good for them.
LanceThruster
People, please. National security is not rocket surgery. Just submit to the draconian privacy intrusions and all will be well. Only those with something to hide (as evidenced by taking offense at such minor intrusions) need be concerned.
Mike G
Sensitive database information should not be stored on a laptop in any situation. I can’t see any valid reason why an entire copy of the database would be off the server (apart from well-defined server backup procedures).
There are multiple good reasons, above and beyond security, why you don’t want different versions of a database floating around in different locations that have to be reconciled.
Users should access the specific data they need on the secure server, using a Virtual Private Network (an encrypted network ‘tunnel’ connection) if they are out of the office using the public internet, and laptop disks should be encrypted. Multiple layers of security.
liberal
@Schlemizel:
But these things are bound to happen if appropriate controls are not in place.
Having an encryption solution on a particular device is an “engineering control.” But you need administrative controls, too, such as “No laptop shall ever be issued without disk encryption first being installed.” If you don’t have good admin controls like that, and make carrying them out the responsibility of people other than end-users, failure is inevitable.
liberal
@Mike G:
Agree 1000%, but try telling that to all the people I work with who refer to spreadsheets as “databases.”
liberal
@BGK:
We use them at my place, and frankly it is a giant pain-in-the-ass.
Yeah, sure, it might be worth the effort, but I don’t see any evidence that the folks at the top here did any kind of meaningful threat analysis, as opposed to “let’s do this, this, and this to cover our ass.”
Of course, in your case if you’re in charge of the PKI, you’re pretty close to the ground, probably know the threat landscape pretty well, and have different mileage on the badge issue.
liberal
@redshirt:
LOL.
Bokbokbok
Having worked for NASA as a contractor, I can tell you this: the government is paying for identity theft protection for most government workers in perpetuity because of stuff like this.
They offer three years of protection every time data is compromised like this, and it keeps happening, despite NASA’s best practices specifically prohibiting putting any of this stuff on a portable computer for any reason.
My main beef with HSPD-12 (the background check that the JPL contractors found onerous) is that it asks questions about your background that are NONE of the government’s business for low-level, non-ITAR work. Every person who has been through HSPD-12 gets an FBI jacket, because that’s who does the investigation. And, like most of NASA’s contractors, I’m a citizen, have been all of my life, have vets in my family, and was under the same suspicion as foreign nationals working right alongside me.
HSPD-12 was a make-work program for the FBI – a gift from George W. Bush that ensured everyone who has ever done anything for the government had a head start on government data collection on their life.
Bokbokbok
“Agree 1000%, but try telling that to all the people I work with who refer to spreadsheets as “databases.””
Um, a spreadsheet _is_ a database. A flat-file, non-relational database, but a database nonetheless.
kc
That is inexcusable.
kc
@low-tech cyclist:
I think it didn’t get much play in part because Nikki Haley sat on the news for weeks after finding out about the breach and didn’t release it until a Friday afternoon.
Schlemizel
@liberal:
Ah, so you understand security also! Fantastic!
Yes you need both the policy & the tool. The person who allowed this to happen should stand in front of the person who keep that data unencrypted & left in a car when they shoot so they don’t have to waste a second bullet on the morons
pluege
privacy is for losers. Just ask any wingnut, especially the cretin 5 on SCOTUS.
lol
I don’t know why I assumed GuardianEdge was standard for all federal laptops.
J R in WVa
Real RDBMS backups are useless to data thieves because you need substantially the same DB to load them, anmd even having loaded them, you then need DB security to access the data, and about a year of support to understand what you got.
I had a senior manager once send an email to a federal employee with a live internet link to one of our pages in it. Said ignorant federal employee asked dumb senior manager if that was a security threat. Dumb senior manager forwarded question to me, without the original email containing link to public web page.
I said “Send me a copy of the email and I’ll let you know.” because it was rude to tell senior manager that this was the dumbest thing I ever heard of. Time passes, days. Then I get an envelope with threats on the outside about the dire consequences of anyone but the addressee (me) opens it.
Inside is a print-out of the email, where obviously I can evaluate the security threat of the ink?!?!
NOT!!!
The senior manager was gradually eased further and further from any real responsibilty and then went away, but sadly, she was not an isolated case.
Wildly stupid, just like putting HR data on a laptop then removed from secure space. It happens every day. People are SO stupid about computers, they act like it’s magic and no one can take advantage of it, when a moment’s thought (the real problem, no one thinks they’re paid enough to think) would tell anyone how dumb it is to take secrets out where anyone can steal them.
And no one wants to pay for anything but pretty shiny things!
liberal
@Bokbokbok:
My preference is to use the word “database” for “relational database.”
If you want to call it something, call it “data” or “spreadsheet”.
liberal
@Schlemizel:
Actually, my concepts of tool and policy come from safety engineering. I don’t have any formal training at all, but you can see it in wood shops, I assume. Guards over blades are “engineering” controls, instructions what to do/not do are “administrative” controls/policies.
liberal
@J R in WVa:
Not quite sure that’s true. OK, literally if you read the data into the RDBMS, you won’t have permission to look at the data, if it was set up OK, but there’s got to be easy workarounds. Just like having a BIOS password on a machine without encrypting the hard disk isn’t really enough.
liberal
@J R in WVa:
That’s the real problem here. An additional point related to “no one cares about this/is willing to really invest resources” is that it’s a thankless job. Just like being a “good” statistician is—your job is then to tell people that the lovely results they just got are not statistically significant.