Here is a case where the last measily broken shreds of my faith in the power of the United States Government (and specifically the military) to understand and implement technology are utterly and completely shattered. A happy little company called TriWest is very upset and worried about some evil peruptrators of cyber-identity theft. It seems that these powerful and malicious hackers broke into their computers and stole sensitive data, including the personal records, social security numbers, and medical histories of some 500,000 U.S. military personnel.
Do you want to know how they did it? Do ya? I’ll tell you. They broke into the office and stole some computers. Yes, apparently common thieves in search of equipment to unload on the black electronics market are now super cyber-criminals. And how did they get this information? Was it through a sophisticated virus, or at least some crazy cryptographic scheme? No, the information was just sitting there, in the clear, meaning without any form of security or encryption or anything, right on the hard disks. Well isn’t that just special.
Our government, and the companies it employs, care so much about the safety and security of our personal and private information that they don’t even bother to put a fricken password on it. Look, if it had been properly encrypted with reasonable software, there would be no possible way for the theives, or anyone else in this world outside of perhaps the NSA, to access it, and this would not be an issue. TriWest would restore the data from a backup tape and go about their business, and no one would give it a second thought. Not even Al-Qaida could get to that data.
Instead, its a national emergency. Because, ya know, no one could have possibly expected that vandals might potentially, I don’t know, vandalize an office. Not in this great country! Those terrorists!
Here is one of the affected with a take on this.