INDIA COMPUTER LAPTOP THEFT A PROBLEM The Hindu Business Line : Hold on to your laptopHold on to your laptop
R.K. Raghavan

CAN any of us deny that the laptop is an amazingly efficient tool that has made survival a distinct possibility in a world that has become horrendously competitive? Diminishing in dimensions but growing in capacity and speed, it is a marvellous conception that does not cease to evolve itself to make modern organisations more and more focused.

But then how secure is the laptop? The Graduate Office of the University of California at Berkeley recently reported loss of a laptop that had data, such as names, social security numbers and dates of birth of more than 98000 past and present students.

The Oklahoma State University similarly lost the record of about 37,000 students stored in a laptop. Late last year, an Auckland (New Zealand) doctor lost his laptop that contained valuable research material on meningococcal disease. There cannot be a more disastrous event affecting public health measures.

Safeware, an insurance agency of Ohio (US) that specialises in protecting sophisticated hi-tech equipment, estimated that 591,000 laptops just disappeared in 2001, and 600,000 in 2003! Also, 57 per cent of all computer-stored information that was stolen over a period was from laptops.

A Computer Security Institute (CSI)-FBI study revealed that the value of machines stolen during 2004 was $6.7 million, and the CSI puts the financial loss per stolen computer at $89,000.

Add up to this the many instances of owners just forgetting to pick up their laptops after checking in at airports. The Denver International Airport security staff took custody, over months, of 96 laptops left behind by stressed or absent-minded passengers.

Airports and hotels are the most vulnerable spots. However much you would like to physically hold on to your machine, there is a brief minute you lose control, as you are about to board a flight. This is when you place it on the conveyor that takes it through the scanner, and you yourself are busy submitting yourself to frisking.

Although you are only a few feet from the conveyor, you can lose sight of your machine. In these precious moments, your machine is liable to be either stolen downright or substituted, both of which imperil the data that you have so assiduously collected and stored.

Only a few hotels have an exclusive arrangement for protecting laptops. A short-custody facility alone is available in most hotels, courtesy the concierge. For longer spells of absence from the hotel, there is the gratuitous advice that we should carry our laptops with us.

I am more concerned with loss of laptops in huge offices, even ones that have impressive physical security arrangements.

According to Kryptonite, a lock manufacturer for different equipment that includes laptops, 40 per cent of the systems are lost by individuals while working in office.

My own impression is that we have not reached this dangerous situation as yet in India. But we could, in course of time, if we do not bolt our stables effectively.

Insider jobs (done mainly by disgruntled workers) are more difficult to investigate, because of the obvious delicacy in subjecting one's own employees to interrogation.

Registering the laptops brought into the office and physically checking them when they are taken out is a reasonably effective anti-theft measure.

But then, how many senior executives are willing to submit themselves to this salutary prescription? It is always this human element that frustrates all security arrangements and facilitates larceny.

If you have lost a laptop, what are the prospects of getting it back? Not much. According to the FBI, very few stolen computers are recovered.

I know, however, of one report of success. This was earlier this year in Toledo (Ohio), thanks to software (CyberAngel) that was designed to send an alert to the Tennessee firm that had produced the software, if anyone tried to get into a machine with a wrong password.

On receipt of this alert, the exact location of the criminal was found out through the telephone number he had used to log on to the Net. The bonus for the police was that he had been involved in a number of burglaries in the area where he stole the laptop, and these were also solved following his arrest.

There is another tracking software called Computertrace built by another American company. This is embedded technology that interacts every 15 minutes with a monitoring centre run by the company, by furnishing data on the location of the IP address, Windows log-in information and the e-mail address of the criminal who had stolen the laptop, provided he comes online.

If the threat of theft is real, how does one protect his laptop? Enterprising companies have come out with products such as a laptop security cable, so that your machine can be securely attached to a heavy object, such as a table or desk. This is something like the chain with which cycles are fastened to a pillar in public places. Motion detectors, alarms and hard drive locks are other devices available in the market.

So much for the physical security of laptops.

What about those who are not interested in the hardware, but would like to steal data that is stored? This is an absorbing area about which I will have a lot to say, some other time. Before that, here is a tail-piece from Bruce Schneier's Secrets & Lies (John Wiley, 2000)

During the 1991 Gulf War, the UK Defence Ministry lost a computer containing sensitive briefing information. This was stolen from a Royal Air Force car.

A countrywide search was made without success. There was naturally a lot of adverse publicity, damaging to the Military's ability to protect information.

The tide soon turned in favour of the Government, when the thief returned the machine with a cryptic note: "I am a thief. Not a bloody traitor!"

Whoever said patriotism was the monopoly of the honest?

The author is a former Director of CBI who is now Adviser to Tata Consultancy Services Ltd.