Spitzer’s Security Problems — and Lessons Learned

The date: March 12, 2008. The scene: the second Data Protection Conference at the Irvine (Calif.) Hilton, right across MacArthur Boulevard from the “Hey there, Pilgrim” airport — John Wayne International. I’ve been covering the event this week.

Some 660 registered attendees and speakers were moving to and fro, going in and out of seminars, gathering in little groups to talk shop, and grabbing coffee and snacks in between sessions.

During a break, one of the more interesting groups of IT security folks I found myself in wasn’t talking about the usual-suspect topics. New York Gov. Eliot Spitzer had just become the ex-governor earlier today, and the talk was all about him and his high-end call girl-centric personal foibles.

“I’m sorry, but I cannot conscientiously vote for a public servant who is sworn to uphold the law, who then turns around and violates those laws by engaging in what he engaged in,” one data security expert stated. A couple of others agreed.

“I think a man has the right to do anything he wants, as long as he keeps it private, doesn’t use public funds and doesn’t let it affect public policy,” another man said. One other person agreed.

“I think he should have called me when he got elected,” a third guy said. “I would have kept him out of this mess totally by locking down all his communications completely. The FBI would have never had a clue.” Most of the guys in the group agreed.

There’s one other thing, however: It later came out that Spitzer had probably been doing his extra-marital thing at the Emperor’s Club for as many as 10 years.

I’d say he had some fairly effective security practices for getting away with it all those years.

But the take-away lessons in all of this: Fairly good security simply isn’t good enough, and clandestine call-girling probably isn’t a good idea — especially for a public figure.