Search This Blog

Monday, August 20, 2007


A White House directive gave government agencies until September 22 to figure out just how to secure Americans’ personal data, according to a story in In typical Bush vagueness, they are to use their “best judgment” to get the job done. But it is the kind of direction we have come to expect from this administration, particularly when it applies to the good of the consumer. It does show the complete incompetence of his advisers, the presidential aides we assume have lived through the same incidents of government laptop losses that we have. Rep. Tom Davis (R-Va) doesn’t want to overreact: “If we allow them to do their job and give them appropriate training, they can do a better job than we can in Congress.” I would certainly go along with that. This White House epistle goes on to recommend certain things that should be done to alleviate the problem: things like encryption and limiting remote access. WOW! Why didn’t anyone else think of that? And then the Federal Trade Commission (FTC) puts in its two cents with a 12 page compliance plan. Startlingly new ideas like: notifying individuals and third parties in a breach, and identity theft risk analysis. The FTC also held some meetings for its employees to take stock of the sensitive data with which each has contact. They plan to hold more, using posters with questions like: "You left your FTC BlackBerry on the Metro--What do you do?" The unsurprising answer at the bottom: "Tell your manager." Pathetic. Tim Grance, manager of systems and network security for the National Institute of Standards and Technology (NIST) did have an observation that is worth mentioning about encryption. No matter what form you use—and right now it is probably the best of security measures available—it won’t be effective without the right keys that actually do the locking. So, much ado about the problem, with a host of ctiticism on what’s being done. I wouldn’t be doing this if I didn’t think I had a better answer. Which is…give consumers control over their names and personal data, and compensate them when it is sold. The former solves the bulk of the identity crisis, and the latter makes an age-old wrong in junk mail right.

No comments: