RHODE ISLAND DANGEROUS DATA http://www.projo.com/opinion/editorials/content/projo_20060613_eddata.128b58b5.html


Dangerous data
01:00 AM EDT on Tuesday, June 13, 2006

The latest turn in the veterans' data-theft fiasco -- news that active-duty personnel are affected as well -- is making security specialists shudder. Using their stolen personal information (names, Social Security numbers, birth dates), hostile governments and terrorists could theoretically track down military personnel or their families at home.

No one yet knows where the stolen data may have landed. They were stored in a laptop computer and external hard drive that were taken from a federal employee's home May 3. Along with personal data on as many as 26.5 million veterans, the equipment apparently contained information on up to 2.2 million military personnel -- nearly 80 percent of those now on active duty. Included are more than a million members of the National Guard and the reserves.

The data breach is the nation's second largest thus far. Last summer, data on 40 million credit-card customers were compromised, after computers at CardSystems Solutions were hacked.

As the scale of the potential damage continues to grow, new questions are being raised about the government's lax approach to security. Among them: Why the delay in notifying potential victims -- as well as the head of the Department of Veterans Affairs? Why is the extent of the breach being reported piecemeal?

The VA analyst who lost the data had improperly been taking home information for three years -- an unforgivable lapse, considering the numerous reports of purloined private-sector data in the same period. In case after case, stolen laptops have been to blame.

But the analyst, who lost his job, and his supervisor, who recently resigned his position, are only a small part of the problem. Federal bureaucrats at several agencies, not just the VA, have known for some time that their computer systems were insecure. Why they have failed to act should become a subject of intense public scrutiny.

Possibly, agency chiefs did not want to show up their private-sector counterparts, who have lobbied so heavily against controls. Encryption technology could stop much of what is going on, but companies have not wanted to pay for it. Neither, perhaps, has Congress.

Last month, the White House convened its first task force on identity theft. The president vowed strong action -- as he has before. Congress, meanwhile, with the president's blessing, has passed mostly toothless measures to counter identity theft. It has even thwarted state attempts to impose stronger safeguards.

Complaints from victimized consumers, horrific though they are, have thus far been insufficient to move lawmakers. But now that the personal safety of millions of service people could be at risk, perhaps Americans can look forward to the kinds of protections a digital age demands. All must hope the price will not be too high.