VA's Plan To Advertise Value Of Data Leak Worked

from the in-hindsight dept

Back in May, following the theft of one of its employee's laptops containing personal data on 50,000 veterans, the VA tried a new version of security-via-obscurity. It first said that chances where the thieves had no idea about the data, and probably just stole the laptop for its resale value. They then followed this up by doing their best to make them aware how valuable it was, putting up a $50,000 reward and pumping it up in the press. The FBI said at the end of June the machine had been recovered, and now, the thieves have been apprehended, and told police they didn't know they'd gotten anything more than a random laptop until -- yes, you guessed it -- the theft got publicized. Admittedly, companies or governmental groups in this situation are in a bit of a bind. They need to own up to people whose information they've lost that they are at risk, but should exercise a bit of restraint in putting the story out so they don't alert otherwise ignorant thieves to the real value of the computers they've stolen. Though undoubtedly any attempt at restraint is likely to be interpreted as a cover-up or ignoring the problem. The real solution, of course, is to prevent the data leaks. While the question of whether or not the data in the VA case is at risk seems to be answered, the bigger question remains: why did an employee have the personal information on 26.5 million veterans on a laptop, let alone at their home?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Ralph, 7 Aug 2006 @ 9:24am

    Does it BELONG to the VA or are you saying VA is?

    Apostrophe abuse!

    link to this | view in chronology ]

    • identicon
      Lay Person, 7 Aug 2006 @ 9:34am

      Re: Does it BELONG to the VA or are you saying VA

      Uhhhh....

      It belongs to the VA...

      link to this | view in chronology ]

    • identicon
      mikhail, 7 Aug 2006 @ 1:18pm

      Re: Does it BELONG to the VA or are you saying VA

      Ralph's comment clearly illustrates a key factor;
      Ralph's an idiot.

      To end on a kind note, hopefully Ralph's preparing for his epic journey into middle school as the freedom of summer draws to a close (or even lower on the totem pole, from one who still has at least a faint bit of belief in the educational system).

      link to this | view in chronology ]

  • identicon
    eb, 7 Aug 2006 @ 9:37am

    Why?

    Maybe because he's an idiot? From what I read, he was apparently working on some sort of "vanity" project, trying to validate the results of a survey.

    link to this | view in chronology ]

  • identicon
    EasyJim, 7 Aug 2006 @ 10:04am

    Ralph with the itchy trigger finger

    Sir, with all due respect, it is correctly: the plan that belongs to the VA. In other words, the VA's plan.

    Just as written originally.

    No apostrophes were harmed in the making of this post.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Aug 2006 @ 10:11am

    While the employee might have been an idiot the real blame rests with the VA who never should have allowed such data to be contained anywhere but a secure server.

    link to this | view in chronology ]

  • identicon
    Nathan Kully, 7 Aug 2006 @ 10:22am

    3.5 months later...why now?

    I can't say this enough, if that data was encrypted we wouldn't have to listen to any more BS about this issue. I am sick and tired of hearing different information on this stupid laptop, yes the VA was dumb and let this information get out, but this has to be at least the 3rd or 4th different story on how they got it back.

    First it was claimed that someone turned in the laptop that he bought from the back of a truck when he saw the $50,000 reward. Now they are saying that there was a tip that allowed the government to somehow get the data back...oh and they've yet to specify exactly how they got it back on June 28th. Get your story straight because I am having trouble believing a darn thing that the government announces these days.
    http://www.techknowbizzle.com/2006/07/times-getting-even-tougher-for-vets.html

    link to this | view in chronology ]

    • identicon
      my2cents, 7 Aug 2006 @ 1:41pm

      Re: 3.5 months later...why now?

      I totally agree. But encryption or no encryption, there's no reason that information should have even been on a laptop.. let alone, allowed to leave the building. I understand people want to telecommute or whatever, but when you work in certain positions handling sensitive, confidential, or even secret information, there's no way that should even be an option. The exception being someone like the head an agency with some kind of security detail, or security procedure. Other than that, everyone else needs to bring their ass to work.

      link to this | view in chronology ]

  • identicon
    G.I. Joe, 7 Aug 2006 @ 10:31am

    VA = Vaginal Atrophy

    VA still means the State of Virginia to most people. Is it soooo hard to type Veterans Administration? You're not in the military (obviously they're incompetent too), so write a friggin' article AND SPELL S**T OUT YOU MORONS! I'm tired of acronyms with multiple meanings. There is too many. Don't contribute to the madness and stupidity. Keep it up and I'll cut the phone line to your mobile home when you're busy screwing your father's best goat.

    link to this | view in chronology ]

    • identicon
      Theoden, 7 Aug 2006 @ 11:02am

      Re: VA = Vaginal Atrophy

      Actually, Virginia is a Commonwealth, not a state.

      "There is too many" is not correct either, so before you jump on someone else's 'mistakes' you should correct your own, Joe.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Aug 2006 @ 11:40am

        Virginia not a state?????

        Virginia is too a state. You can't count to 50 stars on our flag without it. However, a few of the southern states (including Virginia) do use the term "commonwealth" as a title of the state. But it's still a state. The only actual commonwealths around the USA (by dictionary definition) are places like Puerto Rico and the Northern Mariana Islands, which are stand-alone territories voluntarily related to the USA, not states under direct USA control.

        Info source: http://encarta.msn.com/dictionary_1861599003/Commonwealth.html

        I think maybe you should take your own advice and a do a little research so you can come up with an intelligent response instead of just mouthing off like you know everything and then end up being wrong.

        link to this | view in chronology ]

    • identicon
      Hop Sing, 7 Aug 2006 @ 2:43pm

      Re: VA = Vaginal Atrophy

      That has to be the stupidest comment I have read! The most constructive comment you made was the period at the end of the sentence. Next time you think you have something important to say just go ahead and bang your head against a wall. Better still cover your nose and mouth, cross your legs and fart. Maybe that will clear your mind. In the meantime here are a couple of other acronyms you might like. Sorry I didn't spell it out, thought maybe you can sound them out for yourself.
      F.U. A.H., M.F.P.

      link to this | view in chronology ]

  • identicon
    Lay Person, 7 Aug 2006 @ 10:43am

    #7 VA = ?WHAT?

    G.I. Joe:

    This is TechDirt. Stories and matters about technology.
    Technology as well as the military use nothing but acronyms.

    I'm quite certain that once a person recognizes the context, the use of the acronym becomes clear. It may be unclear to those unintiated to the story.

    I never questioned the acronym yet I imagine sthat there are people who question it. Perhaps if the contributor at least writes the entire reference once in parentheses to eliminate any doubts.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Aug 2006 @ 11:45am

      Re: #7 VA = ?WHAT?

      The VA (which may be headquartered in VA) could have avoided the widespread AV coverage of this if the VA had performed a proper VA on the data storage methods in general and this laptop in particular.

      Lexis Nexis shows no reference to Nessus with this story.

      link to this | view in chronology ]

  • identicon
    NewJerseyKid, 7 Aug 2006 @ 11:19am

    I don't know why I cared enough to post this, but Virginia is a state. Get over yourself.

    http://en.wikipedia.org/wiki/Commonwealth_%28United_States%29

    link to this | view in chronology ]

  • identicon
    Justin, 7 Aug 2006 @ 11:34am

    Wait, this isn't a story about a Vein Assknocker? Shoot.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Aug 2006 @ 12:25pm

    Virginia is a state, period.

    "Commonwealth" is just a fancy title. As you can see, it dates way back. Just try counting the stars on our flag without Virginia and see if you make it to 50. Virginia is a state that just happens to refer to itself as a commonwealth at times. By dictionary definition, every state in the USA can be considered a commonwealth, but they are still states. For that matter, the USA as a whole could be called a commonwealth.

    I think a more accurate usage of the term would be for places like Puerto Rico, which are associated with the USA but are not states. For info on this, see below:

    http://en.wikipedia.org/wiki/Commonwealth_%28U.S._insular_area%29

    link to this | view in chronology ]

  • identicon
    the awkward observer, 7 Aug 2006 @ 1:09pm

    again???

    link to this | view in chronology ]

  • identicon
    NewJerseyKid, 7 Aug 2006 @ 1:28pm

    Actually, it's a state with "commonwealth" in its formal name. To quote Fight Club, "Putting feathers up your butt does not make you a chicken." The People's Republic of China is hardly a republic, and whatever Virginia might like to call itself, to qtfa:

    "Four of the constituent states of the United States officially designate themselves Commonwealths"

    They are states, which formally designate themselves as commonwealths ... but states, nonetheless.

    link to this | view in chronology ]

  • identicon
    my2cents, 7 Aug 2006 @ 1:33pm

    the VA by any other name is just the same.

    Why are people so quick to judge other people’s writing. The whole purpose of writing, talking, or even gesturing is to communicate a certain point. And during that communication, it is assumed that every participant, or in this case-- every reader on this site, is on some basic level of general knowledge, and shares a common interest. Granted, the author should have spelled out Veterans Administration the first time he used it in the article, followed by "(VA)", as we all learned in school. But as someone mentioned, this is a tech site. And we're all here as techies, not literary bards. The point of the article surrounds key words such as-- stolen. data. government. veterans. laptop. security. recovered. NOT “VA”, “the VA”, or “the VA is”. Let's try to get over ourselves. One other thing while I’m on this soapbox: People work, people are preoccupied, people are tired, or whatever the case may be. So we're all prone to misinterpreting things regardless of how smart we think we are. A coworker with a Masters degree who works the night the shift with me was reading an article aloud to the rest of us on night. She was feeling so smart and confident, probably congratulating herself on how fast she was reading and how intelligent she sounded when she came across the word "indicted" (in-DIE-ted). She mispronounced it-- "inDICKted" and we all busted out laughing….including her when she realized the brain slip.

    link to this | view in chronology ]

  • identicon
    Lay Person, 7 Aug 2006 @ 1:45pm

    Easy...

    Easy on Ralphie you guys.

    What if he's like the Ralphie on the Simpsons, he's probably sincere yet misinformed.

    link to this | view in chronology ]

  • identicon
    Acronyminalist, 7 Aug 2006 @ 1:56pm

    VA

    Even though I live in VA and have basically nothing to do with the V.A., it seemed easy enough to figure out which this meant.

    On the actual topic: It is extremely difficult to control the copying of business data by employees. Although anything can be hacked, encryption makes it more difficult to use data on a stolen device or removable media. I suppose this well publicized incident will influence many organizations with sensitive data to evaluate the effort of doing this vs. the risk of not doing it.

    link to this | view in chronology ]

  • identicon
    Aaron, 7 Aug 2006 @ 2:28pm

    Commonwealth vs. State

    So...is a tomato a fruit or a vegetable? And once it's turned into pizza sauce, does it really f'ing matter?

    On to the article! I think on balance, putting out the word is a good thing. Data leaks, even if all the best security policies are in place, will most certainly happen. It's better to be (or even just appear) serious about the matter than just hoping nothing bad happens.

    Just like individuals making software security leaks public alerts hackers of an exploit, it also puts pressure on the company to fix the problem. Embarassing mistakes are only bad news if you don't fix the problem.

    The VA can come out of this more secure, where if they had not said anything, they probably wouldn't change the culture that brought it on in the first place.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.