If you haul hazardous materials you know that the Transportation Security Administration, a component of the Department of Homeland Security, oversees the background checks that have been required following the terrorist attacks on 9/11/01. And if you, like me, have submitted to one of these background checks you know that a good deal of personal information is necessarily gathered by the TSA contractor conducting the investigation. All well and good. I don’t mind jumping through the hoops ’cause I don’t really want someone who hasn’t been thoroughly investigated hauling stuff that can go boom. Or poison thousands. Or disintegrate roads and bridges. You get the idea.
But I want to know that the people charged with protecting the public from terrorism are equally interested in, and capable of, protecting the identities of good folks like you and me; and with this recent news I have to wonder.
According to the eWeek article it seems that a TSA contractor, the Integrated Biometric Technology division of L-1 Identity Solutions, has experienced the theft of not just one but two laptops containing the personal information of 3930 truck drivers who paid good money to have a background check performed so they could receive the security clearance required to haul hazardous materials. Now, I understand that unforeseen events can occur. I’m not really so upset by the fact that laptops were stolen but I’m completely in the dark as to the reasoning, or lack thereof, that allowed personal information to be stored on unencrypted hard drives.
The contractor had supposedly deleted all the information contained in the two stolen laptops but, after the TSA conducted an IT forensic investigation, it was “ascertained that the deleted information could be retrieved if a thief had the proper training.” TSA Public Affairs Manager Ann Davis has stated that “even though [there's only a] small chance of [the data being misused], we did notify all affected individuals and advised them of what steps to take to protect themselves, and we mandated that contractors need to encrypt any and all data in addition to any deletion procedures that might be in place.”
Great. That still doesn’t make me feel all that good about the competence of those entrusted with our Homeland Security. I want to know why, in 2007, they’re just getting around to requiring the encryption of personal data. That’s inexcusable.
Popularity: 42% [?]
“if a thief had the proper training.”, a quick google search shows the only training you need is to download a free disk recovery tool and run it on the drive. Encryption is so easy to do these days, they are just afraid that someone will forget their own password and lose the data themselves. It is just a case that the names and info on those drives are just bits of info to a bureaucrat, they don’t see the data as being real people.