Government Flunks Its Own

By Lisa Vaas  |  Posted 2005-05-06 Print this article Print

Security Grades"> "Gathering that information and putting it into state DMVs with a skyrocketing incident rate of identity thefts is a really bad idea," said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, an organization which has long opposed the idea of national IDs. Its not that the database information cant be encrypted, security experts point out—its that the government has proven untrustworthy in doing so.
"Yes, there are methods to protect the data. There are documented best practices," Oltsik said. But in determining whether or not to trust government to protect the data, he said, one need look no further than its poor performance to date.
"The metric Id give you is FISMA [the Federal Information Security Management Act]," Oltsik said, referring to legislation that mandates that government agencies be graded on their ability to protect data. "The Department of Homeland Security has gotten four Fs in a row. If theyre not securing data, do we really want to trust state RMVs with this data?" Indeed, the Nevada DMV initially reassured residents that information stolen from the DMV near Las Vegas was encrypted, making it virtually useless to thieves. State DMV chief Ginny Lewis subsequently told news outlets that Digimarc Corp., which provides digital drivers licenses for the state, had informed her that the information was not encrypted and was easily accessible. "The practical reality with this issue is the information is already in these databases," said Ted Julian, vice president of strategy for the database security tools vendor Application Security Inc. "Do you want it in 50 of them or in one of them? I dont know which of those scenarios is better." The bigger issue, Julian said, is that databases are directly under attack. "Thats where the goods are," he said. "[Thieves] are hunting for valuable data they can sell or can otherwise benefit from. Lets face it, that typically sits in a database." A roadblock to securing databases is a false sense of security derived from firewalls, Julian said. Obviously, he said, building firewalls on the perimeter doesnt mean the back-end database is safe, given that "every headline of the week, theres a database break-in," he said. "Which is not to say the perimeter stuff is a waste of time. Its necessary, but no longer sufficient." Check out eWEEK.coms for the latest database news, reviews and analysis.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel