Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Veterans Sue VA over Data Loss



 By: Wayne Rash
2006-06-06
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Veterans Sue VA over Data Loss
  2. ' An Utter Disregard for '

Rate This Article:
Poor Best
Veterans Sue VA over Data Loss
( Page 1 of 2 )

The suit asks that the U.S. Department of Veterans Affairs be forced to use at least minimal security to protect records.WASHINGTON—Claiming that the U.S. Department of Veterans Affairs "flagrantly disregarded the privacy rights of essentially every man or woman to have worn a United States military uniform," veterans groups filed a massive class-action lawsuit June 6 in the U.S. District Court for the District of Columbia.

The lawsuit, which comes days after the VA reported that the personal information of 26.5 million veterans was stolen from an employees home, seeks damages of $1,000 for every person listed in the missing database files.

The suit also asks that the courts prohibit the VA from handling any personal privacy-protected data except under court supervision, and that the court create a set of "consensus minimal security standards" under which the VA can operate.

The suit is a result of the theft of a laptop computer from the Maryland home of a VA employee who had taken the information home so that he could work on a presentation. The computer contained the names, Social Security numbers and dates of birth for millions of veterans and some spouses, as well as some disability ratings.

The employee reported the loss of the laptop and its accompanying external hard disk to police and to his supervisor as soon as the theft was discovered, but that fact was not made available to higher levels of management until weeks later.

Resource Library:
According to information in the complaint, the VA employee had been taking the personal information home routinely for at least three years.

The suit says that the "VA arrogantly compounded its disregard for veterans privacy rights by recklessly failing to make even the most rudimentary effort to safeguard this trove of personally identifiable information from unauthorized disclosure."

According to the suit, the information was unencrypted and easily available.

In the complaint, the plaintiffs request that the court require the VA to publish the nature of every database it has that contains veterans personal information, and to reveal what information they contain and why they need the information.

The complaint also asks that the court prohibit VA employees from removing information, or even from carrying iPods, memory sticks, USB devices and the like to the office.

According to the plaintiffs attorney, Douglas Rosinski, the primary thrust of the suit is to force the VA to handle veterans personal information properly.

"The thousand dollars is there because its available and its a hammer," Rosinski told eWEEK. "Its primarily and principally an effort to invoke court supervision of the VA."

Click here to read about how a stolen Fidelity laptop exposed HP workers.

Rosinski said that what makes the data loss even worse is that the VA says it isnt sure exactly what information was actually lost.

"That they dont know what they lost is a violation of the privacy act," Rosinski said. "Theyre supposed to keep records of who is authorized to use this information. That indicates that there are huge long-term information security and privacy act deficiencies."

Rosinski noted that the VAs Inspector General as well as the Government Accountability Office have been pointing out the deficiencies in the VAs security for years.

"Were saying as a matter of fact that the VA cant do this right," he said.

Other federal agencies have been forced by the courts to protect information when improper breaches have occurred. The Department of the Interior was ordered to shut down all access to the Internet when one court determined that private information held by the Bureau of Indian Affairs was not being protected against improper disclosure over the Internet.

Next Page: An utter disregard for security.





  Reader Comments: Veterans Sue VA over Data Loss
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Wayne Rash
 


x}ks㶲*Q3皢H=m-y3cigR[HHbL:$e[O/Oon|I"%1ܝIlKx4Fwh4#ooD.01tE1]zooHRcoLßsJ:Az#:,o)> #Yخtj5w6Glr{'At=NN5%j'~]m3cz}_6ژz29o0 f E63FE ^Q)xyO<azN\)E̎ȏBG9iEGAcgF}g*;6m(, Jx/(?F#Ds?CovN5{Ѐ`V,mqDN-G ,ȓ ڭBx1҂_!BBׄ{G}A%;_g' j8N&QF F:t,#A ]ݱ&R,R͌iAw4ԬiQz3g # -}2E9$7 V\jRx2'A8:_̠ce[7'0e5^~7vmklj%؈Eozcnhބї ;曎 L\:/GyÙÊ[~/ݱˇjP8.VKBYTyxx? -;Sp[^ԢzSq9g}rԾx';A:;YJL~#/@DrT*4ND&ͧĆI^:'H5=(釭~ZKEKXS ӘgQ$!hI#F/Xpri[򳩥}o\tzmotgH>߈ekby1(ժ=TRJg3Bz7ugKU{#gjꜶ{H KtH Wh:M?)NZk_n#>扯 "BzBp4<01BpJJz7py@eM}rNTꊬ2Sr{熻HKzcgfMEzݫ^?]{6,qH$0U`I). Ƹ:,m:a:?oRq *AG'-djˠqayƄAG7{yO(:NR'm:;)5>l;>D!ʠ광b\禯4@!>&M`9#Asi>[ -= rX $zzN==H6ZЉ׃jc˦MB:ǽښB<(Q5ݻCiyy1բwπ́Y4꺎]{2X3tv64-Ps86 q0yz[ dRJG!"5i]NP@Br68 -;4rr0y"!b\k2['5\xB#;\~,PύVr)b -xkb|)l eX&zϏLlV^, U to35mT=oZx y7>޹Hl^a l$w)fh Df)Ի 37Һlg;./=҇9 2V[ S Hj`>nX2W/p~W.Y 3DXVHdGf!d! =f L7(֖ W9\Xg䖅ʁZO%aYXwXOڠaMVd0q6Nq :Shh8ECW4ʡz ~24i"kBV{#VSH^\>?oWur@H"oh moԜZa֜u)`|4 4)I iYlctzx:Jq0MfjLjx\'M{,_*p_Mo}d2l\jeVUR+JssV8 4@ r; )T.T^χgϧ3j:(E7sN4-O|Ag:s RLmC48EHhQ+mfeͨPY*X[ 3D{2nP -Ōұәʦw^SvԿ~1Gl4ݴۄ#֭CV9QpD30۠Lzji-fWʈZSNAf2 EEp~6=2e]PT,Z_9#Dzl̠W$cifhSҴ> M> g携iH* !/^a姚+5GAܣnǨwB 7nB@Łƨ,u MT3$!UԶͺwPĈ!A5a |d6]D{Z퀇gHiADbRpp BzE.`t>*j*eDX0@@hSt ∛.ZE^~~Z K i`GzTh}Qɐ Q1gxWyd{.3IZ+kftE)WKJZ5 ;ˏxWEBIͨ8P0zxp8 3txkmJm+ #.j$ c?`SYt/ÎT){s9O*RYGY VPŖGasg'iF&:D?! P"hRpí22U\zJu;NP,';w>+>siQIV0 5-"JqaނQ'sCŵ9 Ϻ]GLj}u2¾_[N ^t n)h5# #2>dr)-5[~'"H9k+lu'ܫS r1n;" ۽b\Fdka6pY, JH-GU4dߙ'ksW֧IT[{V€>ReRoS Y-q'&.҄^.31fG:}8_*)5Fڽv?"IG{FY,,.mDUPU,UU\z,pUUT#mm0gWFh4` W&C n?9E 1wTIKW̏>.w?5ϰx3mNb 4PF tmV qͫ2;f̭[qfiyV}m4dH$6P~'+*$XԚkEI= O kiwA*}/*\EIvITTS7=5g>AWXy*?~*1⃪NrPT]{ 3K0`!T=*yO"P?oV* |2(|"!C)c'dql'?lGD +{x^.R@C+#I zQ ?xtŊ +\}Z+=M_BP`l&s,O /@ ~5}ϼ5͎\m~GQV m??"ESuYsof{mntx0vy? 0ʳǽ?V2 Ї_U#R>&i%u.Vc0K!{gU> 2`i8Fjx{LC >JfWKfչz/:lAE8p0\ !>РI^ 8͛+%E_;&u߽w9&x!5/:﯎XxG]9h7oOM1)vpRdNȔst}`BRSB[KվĂ.K^ל8"Z*\3 nX,*~:фW;¶X XoH=(_1a c{ v P)'$N9̝c/;ABLR`2"(BRHte+HkO7MNx{| Mr /Uщ<^ $~+1y*~y:~_dxD 'BIY{p3WيqzRt/P?xHؾ6}tz?&IZ ō76w JE PAR9kũp-ޱi'sfx!u,(qЁB;KQSB&TՔI8'28JU42eI?U4㓈PVH'dAzͫJc]eyjt.6V"#n&0?v\% F q6/@1Rr';$!Ţ@N^K`UK iV.4" R̄2O5/Yy^9̗{hUêNSDұ!h Xl-rgkS@ ?{:`No[[ı߆؅ /O.yyraGVɭi23S6P놣ð< #QܵDb)J4f8?꒫n4/Ҽ?1LNڰc$H~ Z0{%|&^߆M>@uA*GIlk'伉~+ћ^Q/,dk3fo?c_; >--8t砞CR_#ۋ1$$(j^VP""s攤\텗ƣ ;܏FxLߴ/AoҁW&-3m3ju8_2}K7+{ E<cO72]awB!R6Kܲȥ9/s\5"nx+Z^(|ҫeꀞ< h`#[#Ri\xlQ֛j62#SOR1\j[ɢci62CXؑr"Lư2^C%F[euw+[cgcc;/F%%oz&Sϱm @|אr/(mtBqV0p1~boE[ά1!Ifmio-(oǜx5%2k.W/o-).w?j{nn.{7te }f[~'voQnp8_q<7 ~+hFY:Ө+rL4ԓ+dZ|*96)4}SBS[5 ȵvyvt=wD7^._}kjo` iѩn A'T)U ux>7ןWvyO'`<육]88327/;31x=Uhg30k@hn._{NJ|<Z,Yɐ ' 'a7 0uS8Po>1 D#ZLl%6 3l`y*Hh@n2@|c+vKJT#qC+ǒYfj9ՏzV'E~<5&+FLQi#";sUޮ{MgW Q+$b7R0qʵRBB_$$TJ8Q1 'D,#5P8:Mpד:FjCZ嬾z] ΅ ^W HT.ݠq`H3n1s6v)z)X c3B7ĉx MMMM Ulrzy\t-"!;mLzf\hw1ؕ̈^ӫaCr!"A$Džֺ`J-jeVWAW SOP3&@8M`jCr0.vۼ}t0 لBOcjpg=dz\@Z@mIŗSY:u9Вnѳ@$^;.$ل'aO_=KŨ[ݒJ_hDƻ^G@-2j 6 {3?(Yl1#X,zP/r>k3x0[RT/Y|r.ד[LkJr˕:lJX,-#7[/oM$$!)\ `#@NhRzK*y1(;uJ; Ë;"A؍¯kzwo0Mkl(M}qe-^/wl;Ԧ%\А~M|D"}06C8᫑BFǻ;Vx}3֜w7XC5 :&OV5C 1 o\>ny@Rנ߱h^O<}ȷnc˂_v 8R 'x;FZ8`)jOO5)˶Ym}ߙ{[J{͐sZg9r䞽!fcş-_2z6FQQIH :[4H}l| ]Yt( 2ä=&LS{TT4[oꨯL7N.J<=K&Qh#J; 9c$cs05Ԉ Rka,f|DZRk,s3TI<ޅWcz9jyԡ8mhjX$F\kA3C?m*[&~^fN)?r>PP.F(_jwߎc`ƶC0经UztגcŃ3FgBp|п{wn/+~݊۫)Hh#E5Nvp*ƒlG*n-D5n͜Ot 6APt;rkz9~K:h17,9)?d0L~eEx[j . Nb1q:.ȹfkрHz3.>#bV̯a¸>UX;3>y( T]3Zqh&״!L.FWf<⛩c >F+PSC,6I$~@dЅ=Tx>Н\G< )VZaq(Z75 ^]@8?AnKiHy?{BǠF> c nqt`w7Az$G:p No@`m̬܏HGbSx}po Cd2zވn4`0: joE֙I 8bHqϓ+2s!XPubA#Aq7ڷf\o{~}C +@.™6><3-8C 2~=OK ˊ\X+,w~m='кdo>rK-~圥Б`5"'r) |۷nzB՝ cpT`sԪd5&(qik8csˇ-̔4k̃2qEܹep?GΎOe~tQy`qpϒwf~:t^-tV#?jwK?{?.;9Pq.1%LjJ9 t!/HFzNsbUnz?gSdď'0 2K1c~EWBMAJR :(!xW`NJR]7/|.݁G`Yݬ(f/#_[iL$R, ?$5GF쎆dSԵa,|،X\;,0A39ސ&9iIIstI{W5} &RKG٩;'Us5LG_ mmP0U;Tj^+V_m^9^d@/7Jmfw!OoZS?M?e=}F\㼓iVF>?t2z!szȀ]2c~.aY\f1K ̠Oѫ_}OGF%_f^eU\]e_O7CtAt35u}\C7@?7Ӄ2߃2g__@_3ʇ}ߧ&> Y@{ f wAN2!ofY7No\8'\$^YOY:? yV)@~N͠ lc3\) sԿw2~RA\v[}иCJWX<-u&l\af(+@B^@w1t1$!_=ك^V+0N`}k~?T߭Ҿj^ ,ўOE~]aGSY,B8Cw_aɠ1zIg'O!4Gc aQXWJ=m ~o8cP5c[&In6J*V*r;~O;A$cΡ0*+P#=a`J\L3DAH3 .cm#_%  5ϡn",#q<@ފ5zG Rx.nmEw+c AV7/Xtjn,dvv_C| y%܀{;c|rB̽ys TL&͠nC7a6UUD-ݟ:)bnɠGSs}# ՄwYADӸfȡ{ԑ=z8~3mJN!ʸAP8l1Aө67r10 M/ޓG#L,iMu60+:Ah֮'{nw\AaƐc{DUIɑ,9R>gKdg X5GCaw.F ]C/{1(]xm8|fK0ԱG.p;љ%փݍjb5ɟ R*|L)|)mĤGƤA{փX#ˑZCXXNƄ_oð@o=N6"V۝/) u[~#^҃`lKAzflk8ӵs yku&pɟ3b)/Հ`;?2=cstI5,ŻBo;Hm@kI i<4!a&n_Ϙ Ӟ?'3@p]9, !"q0v=K*_l x ,)$LXzwx W@Cǹ~rh%ݙrDQR֊,!!1˄I MЦ=+L͂|wlFƒ_0#;DB  Vi vEgFӹ&=N$yX>1FN@6FыpOaƵ{BGhϑ8ثj56qOmmKYZQږ:@6a;W"I/3 I7⏄{H, cAa)W|B{l;{K^n(t09,"s<`2x̴5[Pŗ;wiS)GNJp`)hFy=Y u+ 76R,>i Fyc<Z@n0$ m]G_Ϲ5C\ī1=٭cQ0"p,^^f hz|}ρ XsCQ &ɷ ]]CHʍt$/Astk 6[ W"3ۂc`4OUpOSvc ΋;Hꚙ/69qgSg _(,뀜ϖWt2ml/ºzyOׂ=QdzFa2Za=>gvC%=sc.'ı(w gc],RCi>eэ1}ap*0O` IQy6;|,$ݐbZ"N؊kfrmuSk 0M݄rѳ":pkq=jzИH pw<;g^_^X ϩ}_|Iެd;J zs=N8~p D X+; ^E{mg.gݫtּ\|>.u @+`7΃hQ^vPQ, s{Vju {={T7vqr9zͳ}GbPlL{'4nEg,(3lw'Rջ{l'p `5-?-۔5M\"Z/!yzP.զr,3g sk&lFR2\c n_tl?!>1(