Hey everyone! I hope your Thursdays are going well so far. Time for your twice-weekly roundup!
One day, an entire week will go by without one story of a state or federal agency screwing up its security, but alas, that week is not now. In the sunny state of Florida, a brilliant thief has managed to swipe a "mobile device" that contained the records of youth and employees inside the Department of Juvenile Justice. It has since been revealed that the phone was not password-protected, nor was the information encrypted, as required by state computer security standards. While that may be the case, there's no telling how often those standards are enforced or even stipulated. The press release itself is from the DJJ, so they have an investment in making this the personal mistake of an employee, rather than a problem within the whole agency. I feel like I've written the same piece on state computer security standards every week, just with different names and places. Perhaps that's the case. I'm not sure what it's going to take to have a sweeping reform of security standards across the board, but with enough of these incidents occurring, change is coming quickly in small bits. Up to one-hundred thousand identities are at risk right now, and that's the cost. That's the worst part of any of this, whenever security breaches occurs: it isn't just lost taxpayer money -- it's people who suffer because of outdated or faulty practices.
Well, if it means the practices will change, maybe it'll end for the better. Heck, for all we know, the thief who stole the device may not even know what he or she has. It might've just been a cool phone to pick up.
Speaking of outdated computer law, a particular law is coming under scrutiny as a result of Aaron Swartz's suicide, which I hope to address next week. The law itself was written nearly three decades ago, before the existence of the Internet. It has, since it's passage, been revised and re-revised until it's virtually useless. Unfortunately, a useless law is still admissible in court. This law is broad enough to make lying about your identity on Facebook (or a dating website) into an illegal act. Now, while honesty is everything we believe in at Chiros, illegalizing the ability to have alternate identities on social networking sites is a scary direction to go in. At the very least, it's potentially damaging to the liberty we have enjoyed on the Internet thus far. It's time that we looked at our outdated law, and overhauled it to reflect our present and our future as a world steeped in technology. There's an argument in our national discourse concerning the validity of the Second Amendment in the face of gun technology that simply didn't exist 250 years ago. While I haven't the information or the time to address that, I know that our laws from thirty, fifteen, or even five years ago are woefully unequipped for the future of the Internet. We need a way to adapt with the times.
Have a good weekend,