Government information collection and its risks

UCLA laptop theft exposes ID info

This article is an example of the problems that can occur when information is kept in digital databases. The article reports on the theft of a laptop containing a database of blood donors with their name, birthdate, blood type, and social security number - a recipe for identity theft. The database was protected with a password but was not encrypted. There aren't enough details in the article to determine just how easy it would be to get the data (i.e. whether it's stored as plaintext or whether the password would need to be cracked), but I'm sure it's not very difficult.

This touches on the question of security standars and regulation. Should we require that organizations collecting this level of personal information comply with some standards for protecting it? What would constitute an acceptable standard?

1. Any system using password protection combined with plaintext storage of the data (what I assume is implied by the article) is clearly insufficient.

2. Encryption of the data would help, but what would be the decryption method? Many user-friendly encryptions decrypt with a password, which is fairly insecure - even if the password is not the user's last name, even if the password is not left on a post-it note on the user's computer, it can still probably be brute-forced. Something like an external USB flash drive storing the decryption key would be better - but still, people would leave the key in the laptop and both would be stolen. Policy could mandate removal but we all know how far that would go in practice.

3. Remote encrypted storage is an option. But there are issues with that too, mostly concerned with how that would be accessed. If the stolen laptop could still be used to access the database, then we're no better off. That's easy to prevent, though - have laptop-specific account access and disable the account when the laptop is stolen. If the laptop cached information, it could be acquired without remote access. The cache could be cleared after use, but there might still be traces of the data, or the laptop could be left on and running (though this could threaten any system). We'd need local encryption of any cached data, but that has the same problems as above. We could try not to cache anything, but I'm not sure how hard that is. Seems possible.

Enough speculating for my own amusement. I don't really know anything. And nobody appears to be trying to solve this problem anyway.