IF THEY CAN'T EVEN KEEP THEIR OWN DATA SAFE, WHAT MAKES US THINK THEY CAN KEEP *OUR'S* SAFE?! COMMON SENSE SAYS THAT PUTTING *ALL* THE INFORMATION ON ANIMALS AND ANIMAL OWNERS IN *ONE* PLACE JUST MAKES IT EASIER TO ACCESS FOR THOSE WHO WOULD USE THAT INFORMATION FOR EVIL INTENTIONS! THE FOLLOWING ARTICLES MAKE OUR CASE FOR US! PLEASE NOTE THE DATES ON THESE.
HOT OFF THE PRESSES -
USDA lacked controls to protect stolen data: report
WASHINGTON (Reuters) - The U.S. Agriculture Department lacked controls to protect personal information on stolen computers and often failed to notify individuals whose information had been compromised, the department's inspector general said on Tuesday.
The office of inspector general said in a report that it reviewed records from the Farm Service Agency, Natural Resources Conservation Service, Rural Development and Information Technology Services and found 95 computers were stolen between October 1, 2005, and May 31, 2006.
"These agencies lacked policies and procedures to adequately notify proper authorities and affected parties when thefts of computer equipment occurred," Assistant Inspector General Robert Young said in the report.
The findings showed there were limited controls in place to ensure that employees did not download Privacy Act/Sensitive information on their computers.
It also found USDA's Office of Chief Information Officer relied on the individual agency's own due diligence in tracking and reporting computer equipment that had been stolen, as well as determining whether it contained sensitive information.
In a letter to Congress last summer, USDA estimated eight cases of Privacy Act/Sensitive information that had been compromised since 2003. The inspector general found an additional nine cases in its limited eight-month review.
Most of the data pertained to department employees and USDA customers and included addresses, Social Security numbers and other personal information.
The report proposed the four USDA agencies use better encryption in their computers and develop a procedure to notify affected parties when computers are stolen.
August 16, 2006
The government keeps telling us that our data is safe with them (Data Insecurity - Trust Us!) and that RFID technology will work. In Australia with their NAIS similar system (NLIS) a large proportion of the RFID tags are failing to read resulting in economic losses and wasted time for farmers. Now this news from Germany:
A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.
The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery. But Lukas Grunwald, a security consultant with DN-Systems in Germany and an RFID expert, says the data in the chips is easy to copy.
“The whole passport design is totally brain damaged,” Grunwald says. “From my point of view all of these RFID passports are a huge waste of money. They’re not increasing security at all.”
Grunwald plans to demonstrate the cloning technique Thursday at the Black Hat security conference in Las Vegas.
Remember: They’re here from the government to help us…
Hat tip to Kim
POSTED: 9:56 p.m. EDT, September 21, 2006
CENSUS BUREAU LOSES HUNDREDS OF LAPTOPS
WASHINGTON (AP) -- The Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau, officials said Thursday night.
The Census Bureau, the main collector of information about Americans, lost 672 computers. Of those, 246 contained some personal data, the department said in a statement. However, no personal information from
any of the missing computers has been known to have been improperly used, the department said.
The number of people affected by the equipment losses could not be determined, the department said.
"All of the equipment that was lost or stolen contained protections to prevent a breach of personal information," said Commerce Secretary Carlos M. Gutierrez. "The amount of missing computers is high, but fortunately, the vulnerability for data misuse is low."
More than 30,000 laptops were used within the department's 15 operating units since 2001, the department said, and a total of 1,137 were stolen or missing.
Fifteen handheld devices used to record survey data for testing processes in preparation for the 2010 Census also were lost, the department said. The department was in the process of contacting the 558 households with data recorded on the missing devices, although because of encryption technology, the risk of data misuse was
considered low, it said.
A half-dozen other federal agencies or departments have reported data thefts and security breaches involving personal information in the last six months.
The Veterans Affairs Department suffered the biggest loss with the theft in May of a laptop and external drive containing information for 26.5 million veterans and active-duty troops. Burglars stole the equipment from the home of a Veterans Affairs employee, but the computer was later recovered and showed no signs of having been
accessed for the personal data.
Other government departments reporting the loss of computers with personal information include the departments of Agriculture, Defense, Education, Energy, Health and Human Services and Transportation. The Federal Trade Commission also has lost laptops with sensitive data.
Copyright 2006 The Associated Press.
Monday, Aug. 7, 2006 3:05 p.m. EDT
VA Data for 38,000 Veterans Missing
Affairs Department subcontractor lost a desktop computer containing their sensitive personal data.
VA Secretary Jim Nicholson said that Unisys Corp., a subcontractor hired to assist in insurance collections for VA medical centers in Philadelphia and Pittsburgh, reported the missing computer last Thursday. The computer was being used in Unisys' offices in Reston, Va.
It is not yet known what happened to the computer, Nicholson said, adding that local and federal authorities are investigating.
The computer is believed to contain names, addresses, Social Security numbers, dates of birth, insurance carriers and claims data including medical information for veterans who received care at the hospitals in Philadelphia and Pittsburgh during the past four years.
According to initial estimates, the data covered about 5,000 patients treated at Philadelphia, and 11,000 treated at Pittsburgh and another 2,000 deceased patients. The VA is also investigating whether the information also may have covered another 20,000 who received care through the Pittsburgh medical center.
The disclosure comes after a string of recent data breaches at the VA, including the May 3 theft of 26.5 million veterans' personal data from a VA employee's home in suburban Maryland. The laptop and external drive containing that information has since been recovered, and two teens were arrested Saturday as part of what appeared to be a routine burglary.
In recent weeks, the VA has also acknowledged losing sensitive data for more than 16,000 veterans in at least two other cases in Minneapolis and Indianapolis.
Nicholson said in a statement Monday that the VA was working with Unisys to notify those veterans affected and to provide credit monitoring if appropriate.
"VA is making progress to reform its information technology and cyber security procedures, but this report of a missing computer at a subcontractor's secure building underscores the complexity of the work ahead," Nicholson said.
© 2006 Associated Press.
COMMENT BY COL. RANDY GIVENS (RET.):
The USDA keeps claiming that our data will be secure, once they get it stored in their National Animal Identification System (NAIS).
That is an amazing claim, since Congress has given USDA a failing grade in computer security for the past 5 years, and USDA’s computers were broken into/hacked in early June 2006. See the bold and underlined text in the two articles below.
The first article talks about USDA and its failing grade, the second article points out how the US Government recently failed to protect the personal data in government computers in at least 3 other government agencies – including the National Nuclear Security Administration!
What’s worse is that the NAIS system, as currently proposed by USDA to get around protests of our data in a US Government computer system, will have our data stored in the USDA computers (through “exercises”) and also in hundreds of separate data systems in each state, most of which will be owned, operated, and “secured” by private organizations. USDA has failed to secure their data for 5 years. The National Nuclear Security Administration has failed to protect its data.
Who in the world can believe that our data will be safe in this unholy hybrid of Private and Government computers under NAIS?
Remember, if bad guys can take data out of a computer system, they can also put it IN that computer system. So much for reliability of NAIS computer systems in case the government ever tries to use it to counter a terrorist attack on our food supply.. All the bad guys have to do is put false information in the computers, then sit back and laugh when government employees come knocking on your door to slaughter your animals, based on the false information inserted into their leaky computers by the bad guys.
Our only protection for our personal and business data is to keep it out of NAIS computers.
The only way to do that is for everybody to get involved and contact their federal and state officials and ask them to Kill NAIS NOW!
Randy Givens, Paige, TX
GOVERNMENT HIT BY RASH OF DATA BREACHES
By HOPE YEN
The Associated Press
Thursday, June 22, 2006; 8:07 PM
WASHINGTON -- The government agency charged with fighting identity theft said Thursday it had lost two government laptops containing sensitive personal data, the latest in a series of breaches encompassing millions of people.
The Federal Trade Commission said it would provide free credit monitoring for 110 people targeted for investigation whose names, addresses, Social Security numbers _ and in some instances, financial account numbers _ were taken from an FTC attorney's locked car.
The car theft occurred about 10 days ago and managers were immediately notified. Many of the people whose data were compromised were being investigated for possible fraud and identity theft, said Joel Winston, associate director of the FTC's Division of Privacy and Identity Theft Protection.
"Basically these were attorneys who were going to file a lawsuit, and they had relevant evidence on their laptops," Winston said, noting that the FTC employees did not violate security procedures by storing the password-protected laptops in their cars.
"We will be reassessing what procedures we have to make sure reasonable measures are taken to protect data," he said.
The disclosure comes amid a widening data breach that is expected to cost the government hundreds of millions of dollars. In all, five government agencies have reported data theft, including the Veterans Affairs Department, which on May 22 acknowledged losing data on up to 26.5 million veterans.
_ At the Agriculture Department, a hacker who broke into the computer system, obtaining names, Social Security numbers and photos of 26,000 Washington-area employees and contractors. Victims will be offered free credit monitoring for a year after the break-in in early June.
_ At Health and Human Services, personal information for nearly 17,000 Medicare beneficiaries may have been compromised in April when an insurance company employee called up the data through a hotel computer and then failed to delete the file.
_ At Energy, Social Security numbers and other data for nearly 1,500 people working for the National Nuclear Security Administration may have been compromised when a hacker gained entry to its computer system last fall.
Officials said June 12 they had learned only recently of the breach.
On Thursday, a House panel was cautioned that credit monitoring alone may not be enough to protect Americans whose names, birth dates and Social Security numbers were compromised at the hands of the government.
"The worst-case scenario is that the veterans file finds its way to a public distribution source, such as the Internet," said Mike Cook, a co-founder of a company specializing in data breaches.
"If this happens, the stolen identities will lose their connection to the VA data breach and groups of fraudsters might actively trade that data among the fraud community," he said. "More people might have access and could misuse those identities on a grander scale."
The Senate Appropriations Committee approved $160 million in emergency funds for credit monitoring for veterans on a 15-13 vote; some Republicans objected because the VA has said it can use existing funds to pay for credit checks.
"I don't think it's acceptable to tell our veterans we lost your personal information, and by the way, we're going to cut your health care to pay for it," said Sen. Patty Murray, D-Wash., who sponsored the amendment to an agriculture spending bill.
On Wednesday, the VA announced it would provide free monitoring for a year, taking responsibility after the data was stolen from a VA employee's home in suburban Maryland. The VA said it would also hire a contractor to do data analysis to help pinpoint identity theft; the agency, however, did not offer specifics, saying it wanted to see what bids they receive.
Noting "it's not going to be cheap," VA Secretary Jim Nicholson pledged not to take the money from current VA programs. So far, the department has already spent $14 million to set up a call center and notify veterans by letter, and it's spending an additional $200,000 a day to maintain the call center.
During the House hearing Thursday, Cook said identity theft victims typically don't become aware they've been hurt until six months after their data was stolen, when creditors come calling for money owed. At that point, it's likely the thieves will have moved on _ having made just a few purchases so they don't attract notice _ and started using another victim's information.
As a result, a credit monitoring service would raise a red flag after it was too late, Cook said. He said data analysis technology was available to help identity theft as it occurs, particularly in the typical cases in which thieves use
stolen identities to fraudulently obtain credit cards and then make purchases.
Rep. Steve Buyer, chairman of the House Veterans Affairs Committee, said he believed the VA and Congress should consider additional safeguard measures _ even if it means costing taxpayers more.
"The concern is, are we creating a false expectancy _ that if the VA does credit monitoring, I am safe?" said Buyer, R-Ind. "I still have great fears."
There have been no reports of identity theft so far from the VA data breach, one of the nation's largest. But Nicholson acknowledged this week that authorities _ who believe the burglars were not specifically targeting the sensitive data _ are nowhere close to apprehending those responsible.
Associated Press writer Libby Quaid contributed to this report.
On the Net:
For veterans or Agriculture Department employees suspecting identity theft:
http://www.firstgov.gov or 1-800-FED-INFO
Data Breach Victims Need to Monitor Credit -
DATA COMPROMISED FOR 26,000 AT USDA!
By Zachary A. Goldfarb
Special to The Washington Post
Friday, June 23, 2006; Page A23
A hacker breached the Agriculture Department's computer system and may have taken personal information on 26,000 employees, retirees and contractors, the department said, making it the latest federal agency to have had personal data compromised.
The potential loss is less dramatic than the one that occurred last month with the theft of a laptop computer and hard drive containing personal information on up to 26.5 million veterans and military personnel from the home of a Department of Veterans Affairs employee.
The Agriculture Department, which alerted employees to the breach Wednesday, said those affected will receive a year of free credit monitoring. VA announced a similar plan Wednesday after weeks of criticism for its failure to safeguard private data. On an individual basis, credit monitoring can cost more than $75 year.
"We may cover more than necessary, but really our point is to protect the personal data of employees," Boyd Rutherford, Agriculture's assistant secretary for administration, said yesterday. He said law enforcement and the department's inspector general are investigating the breach and have no leads on the hacker.
In the VA case, Congress may step in to help pay for the credit monitoring. Late yesterday afternoon, the Senate Appropriations Committee voted 15 to 13 to amend the 2007 agriculture spending bill to provide $160 million in emergency funding for the monitoring. Only two Republicans voted in favor; the others were concerned that the amendment would prejudice the bidding process in hiring a credit-monitoring service. The full Senate must still pass the bill.
The information contained in the breached Agriculture database is used for the department's badges for people living in the D.C. area. Employees elsewhere are not affected. The database contained names, Social Security numbers, pictures, office locations, work telephone numbers and other information. Some of this information would be helpful to identity thieves in setting up fraudulent accounts.
On the first weekend of this month, officials at US-CERT, an arm of the Department of Homeland Security, spotted an unusual pattern of traffic into Agriculture computers. They notified technology officials at Agriculture, who
called in the vendor of the security software running on those machines.
The officials originally thought the intrusion had been limited and did not compromise the personnel database. But a more thorough analysis was ordered. "It was inconclusive," Rutherford said. "We couldn't rule out whether someone accessed the personnel system. So we immediately notified the employees and others affected."
In addition, the department set up a call center for queries about the breach (800-333-4636) and is making information available on the Web at
A report card on information security prepared by the House Government Reform Committee has given Agriculture a failing grade for the past five years. Rutherford said systems coordinators throughout the department have been
directed to ensure that any systems containing sensitive data are well secured against intrusion.
In other data security news, the Federal Trade Commission reported yesterday the recent theft of two laptops containing personal data of about 110 people gathered during law enforcement investigations. Among the data were names, addresses, Social Security numbers, dates of birth and financial account numbers. The FTC promised to offer those affected a year of free credit monitoring.
Data Insecurity - Trust Me!
By Walter Jeffries
Jun 22, 2006, 13:09
Oh the irony...
USDA Notified Headquarters Employees of Possible Personal Information Breach
WASHINGTON, June 21, 2006 -- Agriculture Secretary Mike Johanns today directed that notifications be sent to Washington, D.C. area employees of the U.S. Department of Agriculture (USDA) whose personal identity information might have been compromised when USDA computer systems were illegally accessed. Johanns also committed to providing one year of free credit monitoring services to potentially affected employees.
Johanns was informed today of the possible breach during a briefing on the status of a forensic investigation into the incident. He was first notified of the incident on June 6, at which time he was assured that personal identity information had been protected. However, subsequent forensic analysis leaves uncertain whether personal information was protected, prompting today's notification. The intrusion took place during the first weekend in June.
The personal identity information potentially accessed includes individual's names, social security numbers, and photos. Worksite information that is readily available to the public is also contained within the database. Approximately 26,000 current and former Washington, D.C. area USDA employees and contractors are potentially affected. -- USDA Press Release 6/21/06
The USDA and state Departments of Agriculture are asking a lot of personal questions of livestock owners. They say are going to store the information in databases that will be accessible online so that all animal event reports will be made electronically for efficiency. They say, "It is secure, trust us!"
40 Million Accounts Exposed
Of those exposed accounts, about 13.9 million are for MasterCard-branded cards, the company said in a statement. Some 20 million Visa-branded cards may have been affected and the remaining accounts were other brands, including American Express and Discover. -- CNet
I have some bad news for the government, there is no such thing as a secure database connected to the internet. Not just that, but if there are any humans involved the security is compromised even for a disconnected database. Even a "100% secure" system can be compromised by willful insiders or by those who are simply careless or stupid. Connecting it so that people can access the system electronically, a.k.a., over the internet, just makes violating the system that much easier. Big targets are even more appealing than small ones. The USDA wants to make a really, really big target for agri-terrorists. YOU are in the cross hairs on that target.
Human Curiosity Virus
We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.
The next hurdle we had was getting the USB drives in the hands of the credit union’s internal users. I made my way to the credit union at about 6 a.m. to make sure no employees saw us. I then proceeded to scatter the drives in the parking lot, smoking areas, and other areas employees frequented.
After about three days, we figured we had collected enough data. When I started to review our findings, I was amazed at the results. Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers. The data we obtained helped us to compromise additional systems, and the best part of the whole scheme was its convenience. We never broke a sweat. Everything that needed to happen did, and in a way it was completely transparent to the users, the network, and credit union management. -- Dark Reading
Banks & Credit Card companies lose data all the time. Every month we read about more of these security violations. This week I got a letter from one of our banks letting me know our identity may be stolen because they had an 'oops' event and 2.6 million customer account records were stolen by hackers. They offered me a free credit report as compensation. Gee, thanks. The government, of course, will be more careful and do better. Right.
IRS Loses Data
The computer was lost during transit on an airline flight in the western United States, IRS spokesman Terry Lemon said. No taxpayer information was on the lost laptop, Lemon said. The IRS believes the computer contained information on 291 employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth. -- MSNBC
The first interesting thing about this report is they say that "No taxpayer information was on the lost laptop." I guess IRS employees and applicants don't pay taxes. But Freudian slips aside, we have to remember the old axiom about, "We're from the Government - we're here to help you." Unfortunately the government just doesn't get the fact that we don't want its help losing our sensitive data. Of course, they'll help afterwards, right? Like they did the victims of Katrina.
VA Loses Data
Heads should roll at the Department of Veterans Affairs for the unprecedented level of incompetence that was displayed with the loss of Social Security numbers and other personal information, including from as many as 2.2 million current U.S. military personnel.
Perhaps as galling as the loss of the data itself is the fact that it took a month for the VA to figure out that the personal data for as many as 1.1 million active-duty military personnel, 430,000 National Guard members and 645,000 reserve members likely were part of the electronic data stolen May 3 during a burglary of a department employee's house. The 60-year-old analyst was not authorized to take home the laptop and external drive that contained the data and has been fired. -- The Leaf Chronicle
What the government doesn't seem to understand is that centralized database is an open invitation to terrorists, both domestic and foreign. Couple this with 10-kilometer kill zones so the terrorists and animal 'rights' activists can computer map a ideal kill plan for spreading bio-terrorism. Factory farms, feedlots and big producers should be very scared because while they might have tight security, under the USDA's depopulation plans it will only take an infection even in wild life to condemn all the livestock at a nearby Agri-Corp. It isn't just the little guys that are going to suffer in this scenario. Cargil & Tyson beware.
USDA Loses 300,000 Records
The Agriculture Department said Wednesday it had accidentally released the Social Security and tax identification numbers of 350,000 tobacco farmers.
The agency said it inadvertently released the data in response to Freedom of Information Act requests about the tobacco buyout program. The information went to eight different people or groups. -- Herald Sun
Some people will tell you that someone can just Google the information but that is a lame excuse for a lack of security. Just because we can look someone up on Google Maps, etc doesn't mean people are going to feel good about putting all the data in a handy easy to reference and hack central location. The USDA and state databases put all our information in nice neat central, hackable systems for terrorists.
Stolen Server Sparks Fears
Nearly 1 million prospective AIG customers could be at risk. A thief recently stole a computer server belonging to a major U.S. insurance company, and company officials now fear that the personal data of nearly 1 million people could be at risk, insurance industry sources tell NBC News
The computer server contains personal electronic data for 930,000 Americans, including names, Social Security numbers and tens of thousands of medical records. The server was stolen on March 31, along with a camcorder and other office equipment, during a break-in at a Midwest office of American Insurance Group (AIG), company officials confirm. -- NBC News
To give an analogy, my nine year old can write a software program to generate all possible credit card numbers, dates and security codes using an algorithm and then test them to check for validity by doing small charges (this has been done by criminals) through the credit card validation network across the internet. But that is slow hard work. Having access to a database giving a specific set of valid numbers is fare more valuable. A database, of name, address, cc#, date, security code is much, much more useful for a criminal than a simple list of numbers.
Jackson Workers Data Stolen
Jackson Health System employees could be at risk of identity theft after two laptops containing personal information were stolen in December. The Jackson Health incident comes amid a spate of recent laptop thefts that has put the personal information of millions of Americans at risk and reveals the particular vulnerability of portable computing devices. -- Miami Herald
People no longer trust businesses or government to securely store their data because of the large number of cases of known losses of large amounts of personal data. The more data per record that is added the scarier it gets and NAIS has a lot making it very invasive.
D.C. Workers' Data Stolen
A laptop containing the Social Security numbers and other personal data of 13,000 District of Columbia employees and retirees has been stolen, officials said. The computer was stolen Monday from the Washington home of an employee of ING U.S. Financial Services, said officials with the company, which administers the district's retirement plan. The company did not notify city employees of the theft until late Friday because it took officials several days to determine what information was stored on the laptop, ING spokeswoman Caroline Campbell said. The laptop was not password-protected and the data was not encrypted, Campbell said. Two other ING laptops containing information on 8,500 Florida hospital workers were stolen in December, but the employees were not notified until this week, said ING spokesman Chuck Eudy. Neither laptop was encrypted, he said. -- APNews
Your data doppleganger may be out there already, taking out loans, spending money, using credit cards in your name. Banks have an extreme financial incentive to stop this sort of thing yet they are completely impotent. The government, a bunch of bunglers by committee, wants to create more databases that will be compromised releasing more data about us into the wild and then expects us to "trust them?" Right...
Payroll Data Accidentally Faxed
A national payroll company accidentally faxed personal and payroll information to a Nashua man, exposing workers to potential identity theft.Paul Dullea, a financial planner who lives in Nashua, said he received 121 pages of information Thursday from Automatic Data Processing Inc. The pages had the names, addresses, Social Security numbers and income information for at least 80 people who work for companies in Illinois, California and Florida. -- AP Wire (First seen in Valley News off line)
Walter Jeffries raises pastured pigs, sheep, chickens and children at Sugar Mountain Farm in West Topsham, Vermont. He writes a blog of stories from a small Vermont farm at http://SugarMtnFarm.com/blog/ and is fighting against NAIS at http://NoNAIS.org on the web. To see a copy of the USDA's NAIS draft proposal go to http://usda.gov/nais.
© Copyright 2002-2006 by Magic City Morning Star
COMMENT BY SUE KARBER, JUNE 23, 2006
The real irony is the ones who want total control over the entire animal population and human population will not have to hack a computer to get all NAIS information. THEY are the ones we will be forced to pay to get the information they are after in the first place and they are the USDA,Inc and their Global Corporate Partners, keepers of the data bases….. The keepers of the data bases are those who want total control and will have it, and the packers will be able to really control who lives or dies in the sales of animals, who will get blamed for sickness. What will happen to all those tags with all the info. Just switch one tag for another at processing site and ruin the one you want to eliminate. Safe and secure, my fanny. Within a year all inventory can be calculated to the dime. Tell buyers not to touch premise id #…….. and that farmer is ruined. Lose reports, claim no report made and the small guy is fined out of existence. Premise id not renewed and farmer is ruined. This program is beyond hackable, it is death by complying from the get go.
HOW SECURE IS YOUR PERSONAL INFORMATION?
By Lynn Stuter
June 27, 2006
Over the course of the last year mainstream media has reported the loss of data from banks, credit card companies, and more recently the Veterans Administration in Washington, DC. It was three weeks after the theft of a laptop containing the personal information of some 26.5 million veterans before the public was made aware. Then, over the course of the next two weeks, it slowly came forth that not only were veterans affected but also approximately 2.2 million active duty and reserve personnel whose data was also on the laptop. What was never reported by the press but was learned through a letter from the Veterans Administration to veterans possibly affected was that the data stolen also contained the personal information of spouses, greatly increasing the number of people affected beyond the 28.7 million veterans, active duty, and reserve personnel originally reported.
On June 21, 2006, it was reported that someone breached computer security measures at the United States Department of Agriculture (USDA), and may have obtained the social security numbers and personal information of some 26,000 employees and Washington-area contractors. The USDA will, when implemented, oversee the National Animal Identification System or NAIS.
On June 23, 2006, it was reported that the Social Security numbers and other personal data for 28,000 sailors and members of their families was found on a civilian web site. Accompanying this report was a statement that “As many as a half dozen federal agencies have been affected by computer data losses in recent months.” (Associated Press; Lolita C Baldor; June 23, 2006)
How did this data end up in the wrong hands?
In the case of the banks, credit card companies, and the USDA computer security systems were breached. In the case of the Veterans Administration, the information was downloaded from VA computers to a laptop and removed from the Veterans Administration by an employee who did not have authorization to do so. Subsequently, the employee’s home was burglarized and the computer equipment housing the data was stolen. In the case of the Navy personnel, it is not known how the information was obtained but obviously was obtained from government computers.
What is so very obvious here and so very significant is the ease with which computer security systems — specifically for the purpose of keeping sensitive data safe — can be breached; how easy it is to transfer sensitive data to portable devices and walk out with it; how irresponsibly and carelessly sensitive data is being safeguarded. It is not inaccurate to say that personal information, held in a database, is not, under any circumstance, secure no matter what the holder of that data contends. And there is not a security system built that cannot be breached as has been more than adequately demonstrated time and again.
People are often told that their information, held in databases, is confidential. Confidential does not mean secure; nor does it mean anonymous; nor does it mean that the information cannot be used by the agency holding the information in a manner the individual might find inappropriate. In the case of the VA loss of data, the Department of Defense supplied the Veterans Administration with the addresses of former military personnel (veterans) who might be affected. Subsequently, an e-mail was sent out to some veterans by the Department of Defense; the e-mail addresses were obtained, at least in part, from a database of “log on” e-mail addresses captured when retired military personnel sought access to benefit information on the DOD website. In both instances, the use of personal information for other than intended use was done without the consent of those affected which makes it very clear that personal information in the hands of any government agency is not confidential irrespective.
With more and more records and personal information being data based, the likelihood of that data falling into the wrong hands greatly increases. Identity theft is one of the fastest growing types of crime in the United States today. And there is no easier or faster way to get access to information amenable to identity theft then through breaching security measures employed to protect data.
When we talk about data basing information, what kind of information are we talking about? Everything you can possibly imagine. The National Center for Education Statistics (NCES), under the auspices of the U.S. Department of Education, has for some years now, published the Student Data Handbook for Early Childhood, Elementary, and Secondary Education. While one might presume this publication to be rather limited in what it seeks, it isn’t. It is very extensive in the data it seeks.
Who is data basing information? Everyone. Every government agency out there, companies, health care professionals, credit card companies, banks, lending institutions, you name it, they database it. Following is just some of the instruments being used to gather and data base information:
RFID (radio frequency identification) chips
Microchip implants — both human and animal
Computers in automobiles
On line purchases
Membership cards (grocery chain cards, club cards …)
Political party membership lists
Medical records — dental, health, auditory, mental, hospital, pharmacy
Do not call lists
Cookies on computers
Spyware on computers
— just to name some.
Can all this information be compiled in one place? All that is needed to compile all information on any given individual is the ability to interface computer systems, requiring interface technology. For example, the data the NCES seeks comes from companies such as Pearson Assessments (formerly National Computer Systems) who scores state assessments and is provided personally identifiable information on students by school districts. NCES is a government agency. Pearson Assessments is a privately held company. The transfer of data is via computer interface technology. At the same time, the data acquired by NCES is housed by such as Boeing Computers — owned by Boeing, a private company, and the National Institutes of Health — another government agency, both with whom NCES has computer interface capability.
All that is necessary to make that information accessible to any other entity is the capability to interface computers such that the receiving computer can correctly identify and assimilate the data being transferred.
Another example, reported recently by main stream media, concerns access to the telephone records of AT&T, Bellsouth and Verizon by the National Security Agency (NSA). Such was accomplished through computer interface technology. On June 23, 2006, the New York Times reported that the U.S. Treasury department has been secretly trawling through the bank records of American citizens just as they have been trawling through the phone records.
Is your data, held by a private enterprise secure from the prying eyes of government? No. The access to data allowed by AT&T, Bellsouth and Verizon and banking institutions violates the Foreign Intelligence Surveillance Act (FISA) of 1978. Did that stop it from happening? Obviously not. Today it is phone records and bank records under the guise of the fighting terrorism; what will be the excuse tomorrow?
As pointed out by Jonathan Schell in his article “The Hidden State Steps Forward”,
But if he [the Commander in Chief] can suspend FISA at his whim and in secret, then what law can he not suspend? What need is there, for example, to pass or not pass the Patriot Act if any or all of its provisions can be secretly exceeded by the President?
Is your data, held by a private enterprise secure from the prying eyes of government? Absolutely not when there is no accountability for government officials, elected or otherwise, who violate the law. And there has been no move to hold President George Bush accountable for violating the law and the privacy of millions of American citizens.
Why does the government want all this information? Systems governance is dependent on data. The gathering and analyzing of data is essential to keeping systems in balance — assessing whether goals on the road to the “created future” are being achieved and what needs to be done if they are not. In his book, A Strategy for the Future; the systems approach to world order (copyrighted in 1974), Ervin Laszlo predicted that by the mid-1980’s computers would be sophisticated enough to be able to perform this function in the interests of keeping systems in balance, measuring progress toward futuristic man-made goals, and leveraging systems that were not performing accordingly. Laszlo was a little off in his time line, the level of sophistication sought being reached in the mid- to late-1990’s.
One of the most important aspects of the gathering and data basing of information is that it be personally identifiable. Now, with illegal aliens becoming an issue that has people across the United States up in arms, the National ID is being pushed as a means of identifying illegal aliens. To that end, the cause of implementing a National ID card is being taken up by people who should know better. You cannot logically go from a need to identify illegal aliens to numbering every American citizen to identify illegal aliens. The logic is simply not there. This is the same flawed logic that says we should register all guns to keep guns out of the hands of criminals.
The gathering of data also has a side to it that people would do well to consider — one of the reasons the National ID card is being sought is so people who tend to throw cogs in the wheel of systems governance (resistors, dissidents) can be identified and remediated (brainwashed, terminated, incarcerated) to the proper (acceptable) ideology. Systems governance must, by its very nature, be totally inclusive — all really does mean all. To this end, the National ID card is being pushed by elected officials and government bureaucracies.
This is no different than the identification and extermination of Jews and dissidents in Hitler Germany! How can we possible ignore a president who thumbs his nose at laws intended to protect the American people from a despot such as Hitler?
People ask, “What can we do?” Systems governance demands data. The absence of sufficient and reliable data will result in systemic failure.
1. First and foremost, do not give out personal information indiscriminately.
2. Provide information on a “need to know” basis.
3. If the information is not needed to address the situation, don’t give it.
4. Make those requesting the information tell you why they need the information and for what purposes it will be used, now and in the future.
5. Guard your information zealously and that of your children.
6. Do not allow your children to participate in surveys, state assessments, and other non-objective assessment tools at school.
When anyone tells you that your information is “secure” in their hands, do not for one minute believe it.
© 2006 Lynn M. Stuter - All Rights Reserved
Mother and wife, Stuter has spent the past ten years researching systems theory with a particular emphasis on education. She home schooled two daughters, now grown and on their own. She has worked with legislators, both state and federal, on issues pertaining to systems governance and education reform. She networks nationwide with other researchers and citizens concerned with the transformation of our nation. She has traveled the United States and lived overseas.
Web site: www.learn-usa.com
SAILOR'S SOCIAL SECURITY NUMBERS ON WEBSITE
By LOLITA C. BALDOR, Associated Press Writer
Fri Jun 23, 10:56 PM ET
WASHINGTON - The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian Web site.
The Navy said Friday the information was in five documents and included people's names, birth dates and Social Security numbers. Navy spokesman Lt. Justin Cole would not identify the Web site or its owner, but said the information had been removed. He would not provide any details about how the information ended up on the site.
Cole said there was no indication so far that the information was used illegally, but individuals involved were being contacted and encouraged to monitor their bank accounts and credit cards.
Meanwhile, the General Accountability Office said it removed archival records from its Website this week containing some personal identifying information of fewer than 1,000 government workers. The data included some individual names and Social Security numbers.
The breach regarding the Navy comes amid a rash of government computer data thefts, including one at the Agriculture Department earlier this week in which a hacker may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors.
As many as 26.5 million veterans and current military troops may have been affected by the theft of a laptop computer containing their Social Security numbers and birth dates. The computer was taken from the home of a Veterans Affairs Department employee in early May, and officials waited nearly three weeks before notifying veterans on May 22 of the theft.
As many as a half dozen federal agencies have been affected by computer data losses in recent months.
In a letter Friday to Defense Secretary Donald H. Rumsfeld, one member of Congress asked for details on the Navy incident, and questioned whether the Defense Department will make sure a free credit help is provided for those affected.
U.S. Rep. Edward Markey (news, bio, voting record), D-Mass., said he had asked Rumsfeld two years ago about the implications of federal agencies outsourcing data collection and processing activities. While there is no indication that outsourcing was the problem in the Navy case, Markey said he wants to know what effect that would have on the security of information on military personnel.
The Naval Criminal Investigative Service is investigating the breach. The initial discovery was made by the Navy Cyber Defense Operations Command, which routinely monitors the Internet for such problems.
The Navy said individuals can place a 90-day fraud alert on their credit reports, and provided information on companies to contact. Cole said there has been no decision made yet on whether the Navy will pay for credit monitoring.
Information on how to watch for suspicious activity can be found at the Navy Personnel Command's Web site, http://www.npc.navy.mil.