Keeping Private Information Private

You might have read the somewhat recent news stories about people's private information being either stolen or leaked from four different entities. One incident involved consumer data collector ChoicePoint, which somehow managed to divulge the personal information of more than 140,000 people. It took the company quite some time to determine how many people's data was actually leaked.

Another incident involved LexisNexis. Intruders managed to break in to the company's computer systems, where they gained access to roughly 32,000 people's private information. Intruders also broke in to the computer systems of Chico State University (California) and gained access to the private information of nearly 60,000 people. And a laptop went missing from the University of California, Berkeley. As you might suspect, the laptop contained private information--of more than 96,000 people.

These stories boggle the mind. In the first three incidents, the computers were accessed through the Internet. Crucial systems that, if breached, would affect thousands or even millions of people should under no circumstances be accessible via the Internet. There are other ways to provide necessary access to the information without adding the gigantic risk of a global open network. The Internet serves a fantastic and incredibly useful purpose. However, I don't think part of that purpose should include connecting every computing device on the planet. Intrusion incidents seem to make that notion very clear.

The incident at Berkeley points out a different problem that has a simple solution. Don't keep sensitive information, such as the private information of more than 96,000 people, on a system that can be stolen by anybody capable of lifting a few pounds of weight. Even though the stolen laptop was supposedly in a "secure" area, it went missing. This incident points out the need for people to consider exactly what they keep on mobile computers, why they think they need to keep the data on such devices, and the worst-case scenarios of the computer and data being lost.

People could argue that even a regular large server could be stolen. That's true. But someone is much more conspicuous walking out of a secure area with a big heavy computer box. On the contrary, anybody can hide a laptop in a briefcase or backpack or under a jacket. In addition, regular computers and rack-mounted systems can be bolted into place such that they can't easily be taken or their covers removed to gain access to their internal devices, such as hard drives.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.