As widely reported, personal data about some 26.5 million veterans fell into the wrong hands as the result of a mistake by the federal Department of Veterans Affairs. Apparently a Department employee had brought home computer disks containing the personal data (contrary to Department policy) and his home was burglarized. See this Washington Post story and the Department’s statement about the incident for full details.
Dan Solove offers his usual sharp observations about this huge privacy violation. I would add one more: data security and identity theft are often referred to, in a sloppy way, as problems arising from the internet. This is mistaken. The present incident has nothing to do with the internet. Nor did other recent headline-making data breaches, including the ChoicePoint fiasco. My favorite recent story is the delivery of the Boston Globe to newsstands wrapped in paper that had come from the recycling bin — and happened to list subscribers’ names and credit card information!
To be sure, digitization of information increases the risk of security breaches enormously. In an analog world, millions of files would have taken up huge rooms and this government employee could not have slipped them into his briefcase. (Indeed, in a pre-digital world the information could not have been collected and processed very easily so the government would possess less of it in the fist place.) But it is crucial not to blame this digitization issue on the internet. While in theory networked computers might be vulnerable to hacking by identity thieves, that is not the way it usually happens, at least so far. This fairly comprehensive list of known breaches suggests that a large proportion of those that do involve hacking occur at universities — I would surmise they are committed by students breaking into the school’s computers trying to snoop or change grades or pull a prank (echoes of WarGames, except the movie came out before today’s undergrads were born) rather than sophisticated thieves trying to steal identities for financial gain.
The biggest threat is far more prosaic. It’s lost packages, dumb employees, poor security, and plain old-fashioned stealing. It’s the fact that so much personal data is aggregated and stored to begin with. Just as the persistent myth of “stranger danger” interferes with fighting more predominant forms of sexual assault such as date rape, so too we must guard against thinking of identity theft as the domain of high-tech hackers — whatever the sensationalism of the 11:00 news and mass-market paperbacks might suggest in either case.
Filed under: Privacy