Readers Call for Vision; Disagree on USB Security

Opinion: The eWEEK mailbag is mixed on the gumming up USB drives for security; readers call for tech leaders to show more vision.

Mail call. Time to dip into the e-mail bag and let the readers talk back to the writer. The two columns that have drawn the most, um, vibrant response were on two very different topics.

One column dealt with the USB storage devices that turned up for sale outside a U.S. military base in Afghanistan. It was bad enough that the devices were lost, but the real threat was that these devices appeared to contain very sensitive military data.

The Los Angeles Times broke the story, and my modest suggestion (based on input from some Wall Streeters) was to glue up the ports until a more elegant fix is developed. Ive edited down some of the comments on these.

Gregory Penk, who emphasized that he was writing as a private citizen, rather than in his capacity with the Navy, had this to say: "One of the primary things that the government, and, in my case, the Navy, hammers into our heads is the requirement for OPSEC—Operational Security. We receive an--nual training on all facets of OPSEC, and we feel a personal responsibility for the data we see on a daily basis. Therefore, when I read that USB drives were being sold on the streets of Afghanistan, I was personally appalled. … Turning off the USB ports on our desktop or laptop PCs isnt the answer to this problem. I would compare this solution not to anti-lock brakes or airbags but to putting sugar in your gas tank to prevent you from causing an accident. ...

"The solution to this problem is more simple than that. First, find out who sold these drives and punish them in accordance with the applicable United States law; second, make sure that anyone who has access to this data is appropriately cleared and trained and understands that they are personally responsible for safeguarding it. Youll never stop someone who wants to take data and use it for personal gain or with bad intent. But punishing the thousands of employees who rely on USB drives, CDs, DVDs and other means of storing, moving and transferring data appropriately is not the answer."

Michael Willett, research director at Seagate Technology, pointed me to the Trusted Computing Group. "The Trusted Computing Group has a Storage Work Group that is actively de-veloping specifications to address security on storage devices, including USB-attached storage," he wrote. "Locking storage devices to a given host is one of the use cases being addressed."

My other column that drew a big response was one expressing dismay with the rise of "incremental managers" looking for small wins, rather than the big visionary expressions of technology development and direction of times past.

"You [make] an extremely valid point," wrote Gordon Rudd, who works at Internet Defense. "I say that after spending nearly 30 years in IT. When I started, the space program and working on defense projects were the hot jobs, where you could be part of something that was almost universally viewed as extremely important work."

Joel Kline, assistant professor of business and digital communications at Lebanon Valley College, made a connection between visionary leaders and rock stars. "Those of us that worked in those fields felt we were part of something that was bigger than ourselves, and we really enjoyed that feeling. Of course, the hot jobs moved over the years, but there were always spaces within the tech sector that one could lose ones self in and be a part of something that was really important and larger than the individuals involved," he wrote.

"Your editorial about tech visionaries is dead on. McNealy, Gates, Ellison and other luminaries need to start thinking big (again)," he continued. "I find tech companies are a bit like rock bands. They have this huge creative burst in their early years and then simply trail off. Yes, they still produce good stuff in later years, but its not as creative or groundbreaking as their early stuff. When rock bands get stale, they break up. Unfortunately, companies have investors to please and cannot do this."

Editorial Director Eric Lundquist can be reached at


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.