FAUX OUTRAGE….The Veterans Affairs Department lost 26.5 million personal records a few weeks ago when a midlevel analyst decided to copy a database and take it home to work on it. Congress is outraged:
“Just unbelievable,” said Sen. Larry E. Craig (R-Idaho), chairman of the Senate Committee on Veterans Affairs.
….”I don’t think the secretary is really up to this job,” said Rep. Ted Strickland (D-Ohio), a member of the House Committee on Veterans Affairs.
Added Rep. Bob Filner (D-Chula Vista), another panel member: “You say you take responsibility, but then you tell veterans to ‘go call your creditors.’…The most dramatic thing to take responsibility is to resign.”
Well, I don’t blame them for being outraged, although it’s worth noting that every computer system has people with the privileges necessary to access and copy sensitive information. Still, even though the VA isn’t the CIA, computer security sure shouldn’t be taken as casually as the VA apparently takes it.
That said, I wonder just how genuine Congress’s outrage really is? After all, the main problem with the loss of the data is identity theft, and there are plenty of things Congress could do to make ID theft a thing of the past. All of them would require some regulation of the credit industry, though, and the most effective measures would effectively do away with “instant credit” too, since the best way to prevent fraud is to require more than just a signature on a piece of paper in order to open up a charge account. If, instead, granting credit required an independent confirmation of identity, either in person or through some trusted intermediary, the problem of ID theft could be reduced almost to zero (though stolen credit cards would still be a problem). At that point, the theft of personal information would become an annoyance, not the nerve-wracking, years-long catastrophe it is today.
But….regulate the credit industry? Good God, man, do I know what I’m suggesting? I can’t actually expect Congress to be that outraged, can I?
Even worse, if we really want to get serious about ID theft we’d have to effectively put an end to instant credit ? though that doesn’t really strike me as such a horrible thing. But I’ll bet if the penalties for granting fraudulent credit were big enough, the credit industry would suddenly discover it wasn’t such a bad thing either.
UPDATE: Of course, ID theft isn’t the only problem here. The VA needs to get their computer security house in order regardless.