Feds' Edict To Encrypt Hard Drives Gets -- You Guessed It -- Ignored

from the surprise! dept

Back in May, the Transportation Security Administration did its best to gloss over the fact that it lost a hard drive containing personal information on some 100,000 of its employees by putting out a press release about it at 7 o'clock on a Friday evening. Now, a few months later, it's disclosed that the drive wasn't encrypted (via Threat Level), in contravention of a White House order from last summer saying that all devices containing personal data need to be encrypted if they're taken outside secure areas. As we've noted, these sorts of edicts and guidelines are meaningless unless they're actually followed, and non-compliance brings real repercussions.

Filed Under: data breaches, identity theft
Companies: tsa


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    SailorRipley, 18 Jul 2007 @ 8:32am

    Bitching about the costs and the logistics

    I see plenty of reactions here going on and on about the logistics, the planning, the costs, the roll out, testing, etc... to encrypt every computer.

    However, the order/edict is: "all devices containing personal data need to be encrypted if they're taken outside secure areas".

    (to keep in with the TSA example:) Just how many TSA computers do you think have the personal information on some 100,000 of its employees and are taken outside of secure areas?

    I don't know how many computers/drives we're talking about here, but objections to the cost and logistics to encrypt every computer/drive aren't relevant, (unless said personal information would be stored on every single TSA computer/drive).

    I would assume that in effect it's only a small portion of all TSA drives/computers that have said personal information (so even if all those drives do leave secure areas, the actual required work is much smaller than assumed here).

    And if the majority of TSA drives have large amounts of people's information on it, there are larger fish to fry (global TSA stupidity) than figuring out how to encrypt drives, because that would be treating a symptom, not the (stupidity) disease.

    PS: Brian, why would you need a fully encrypted drive? If the confidential data is encrypted, that is sufficient, encrypting the rest of the drive at bests obscures the issue slightly, and as we know, security by obscurity is never good...

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.