Feds' Edict To Encrypt Hard Drives Gets -- You Guessed It -- Ignored

from the surprise! dept

Back in May, the Transportation Security Administration did its best to gloss over the fact that it lost a hard drive containing personal information on some 100,000 of its employees by putting out a press release about it at 7 o'clock on a Friday evening. Now, a few months later, it's disclosed that the drive wasn't encrypted (via Threat Level), in contravention of a White House order from last summer saying that all devices containing personal data need to be encrypted if they're taken outside secure areas. As we've noted, these sorts of edicts and guidelines are meaningless unless they're actually followed, and non-compliance brings real repercussions.

Filed Under: data breaches, identity theft
Companies: tsa


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Enrico Suarve, 18 Jul 2007 @ 9:45am

    Re: Bitching about the costs and the logistics

    Good point - perhaps we have missed the mark slightly, although depending on their business processes it may actually be an awful lot of drives that have 'some personal data on them' - granted not all would have 100,000 records but thats not the edict

    You are right however - I think perhaps we are just applying the 'what would we like to see happen' logic rather than 'follow the edict' which would have been more appropriate for this post

    Re encrypting just the data though - this is not usually a good, reliable method, for the reason that in these cases the key is either likely to end up stored on the same drive as the data, or be one the user can remember (i.e. easy). Bear in mind that you don't have as many timedetection constraints with data thats on a drive in your hand, so brute forcing becomes a viable option. Full hard drive encryption is the avenue I would go down for immediate strong & reliable protection and then work to build in other safe guards such as individual data encrption later

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.