Saturday, January 14, 2006

Federal Government Web Site Vulnerabilities Revealed in Recent News Reports Lay Bare the Sad State of Data Security

Security vulnerabilities that recent reports have revealed about federal government Web sites are unacceptable. The news, combined with ongoing corporate greed and negligence, bodes ill for the state of data security in a computer environment teeming with identity thieves.

Negligence and ignorance, not to mention greed on the part of industry, are horrible excuses for identity theft. We are seeing outrageous, unnecessary levels of incompetence and inattention.

On Jan. 13, The New York Times reported a security hole discovered at the General Services Administration (GSA). Government contractors’ financial information was found to be viewable and modifiable at the GSA’s Web site. The story followed news last week in Wall Street & Technology reporting Social Security numbers had been displayed at the U.S. Department of Justice’s Web site.

I have appeared on CNBC’s “On the Money” multiple times over the past two weeks to discuss identity theft. The rampant, out-of-control use of the Social Security number as a primary identifier and multipurpose account ID is unnecessary. The situation these practices breed makes the identity thief’s job easy.

A recent article in titled “Hijacking your Social Security number” provides a history explaining how the Social Security number has evolved to become a universal, all-purpose identifier. According to the Wall Street & Technology report, the Privacy Act aims to block the kind of Social Security number breach seen at the DOJ’s site but “is frustratingly fuzzy and comes with a dozen exceptions.”

Obviously, the Privacy Act is often misinterpreted or not enforced. If we want to stop identity theft, we need to make sense and use common sense. We need to make our own rules and tactics clear-cut.

We have no choice but to give large organizations our personal identifying and financial information. In return, the least that government and industry could do is to safeguard our information. And yet, despite all the high-profile breaches we’ve seen, we also see a continuing failure to implement simple measures that would curb the problem.


<< Home

This page is powered by Blogger. Isn't yours?