NORTH CAROLINA FEDS NOT CAREFUL ENOUGH WITH DATA http://www.hendersondispatch.com/articles/2006/06/10/news/opinion/opin01.txt

Feds not careful enough with data

For the second time in recent weeks, a federal agency has admitted that sensitive data has been lost or stolen.

A hacker reportedly stole a file containing the names and Social Security numbers of 1,500 people who work for the Energy Department's nuclear weapons agency. The data was stolen in September, but the loss was only revealed this week.

The Veterans Affairs Department lost confidential personal data of millions of veterans recently when an employee took a laptop computer home to work on a project. The employee ignored computer security protocols stating that data was not to be removed from the office, and the privacy of veterans has suffered as a result.

In the Energy Department case, the employees' sensitive data was swiped from an unclassified computer at the National Nuclear Security Administration in Albuquerque, N.M. Thankfully the hacker didn't crack into the systems where classified data - such as specifics on America's nuclear arsenal - are stored; presumably the security on those machines is a tad more strict.

Nevertheless, the incidents are part of a long and embarrassing history of insecure data on federal government computers. The Government Accountability Office continues to warn federal agencies that their computer network security is insufficient, and even when progress toward better security is made, weaknesses remain.

In March, the GAO issued a report warning the Internal Revenue Service that “controls over its key financial and tax processing systems located at two sites (are) ineffective. Š Collectively, these weaknesses increase the risk that sensitive financial and taxpayer data will be inadequately protected against disclosure, modification or loss.”

In August 2005, the Federal Aviation Administration was warned that “significant security weaknesses Š threaten the integrity, confidentiality and availability of FAA's systems Š”

Most of these GAO report titles include assertions that “progress” has been made in securing government computer systems and data. But the recent newsmaking incidents - and the GAO's reports themselves - show us there's much more to be done.

The federal government has a responsibility to provide the utmost protection for its citizens' personal information stored on computers at agencies like the IRS - information that if stolen could lead to identity theft - and to safeguard computers and controls like those at the NNSA and FAA - systems that if compromised might get people killed.