« Check our 19 free tips for staying safe online | Main | HTC Diamond: Some sparkle, some downsides »

October 09, 2008

Homeland Security chief: Plugging ID leaks will take some time

Michael_chertoff_dhs_sec Yesterday, at a meeting with online reporters in Washington, DC, Secretary of Homeland Security Michael Chertoff acknowledged that government needs to make major changes in the way it manages confidential information if it is to prevent leaks of sensitive data. (The event was held on the occasion of Cyber Security Awareness Month.

Just how problematic that management now is was exposed by our latest report on identity theft. We found that at least 44 million consumers' records had been lost or exposed by federal, state, and local government over the past three years. In one glaring example from 2007, the Transportation Safety Security Administration (part of the Department of Homeland Security) had lost a hard drive containing 100,000 records of personnel data.

"Part of what we need to do is we need to change from a model in which your assets are controlled by your, for example, Social Security number, which is a very weak way to control your assets," Chertoff told me and six other journalists who cover online security, "to a way in which your assets are controlled by some combination of a biometric, a token, and maybe some secret knowledge that isn't kept in a database."

He emphasized that what he called a "paradigm shift" would mean that an accident such as losing a laptop needn't result in the exposure of confidential information.

However, Chertoff didn't think that all of the security improvements he described would be made anytime soon: "In the short run, you want to protect the information by encrypting it and securing it," he added. "But in the long run, I think you want to move away from a model which I consider inherently vulnerable, where the very information that you're trying to protect is the information you have to disseminate in order to validate yourself."

In future posts, I'll have more on what Secretary Chertoff had to say about online security, as well as updates on what's happening in Washington that will affect cyber security.

For advice on how you can avoid ID Theft, and protect yourself online, see our new, comprehensive Online Security Guide.

—Jeff Fox

For complete Ratings and recommendations on appliances, cars & trucks, electronic gear, and much more, subscribe today and have access to all of ConsumerReports.org.
Print This Page
Posted at 2:05:40 PM in Computer Security | Computers and Internet | Internet/Online | Online Security | Web/Tech | Wired/Wireless Network

Comments

Post a comment

All comments are reviewed by our moderators, and will not appear on this blog unless they have been approved. Comments that do not relate directly to the blog entry's contents, are commercial in nature, contain objectionable or inappropriate material, or otherwise violate our User Agreement or Privacy Policy, will not be approved. Approved posts generally appear within 24 hours of receipt. For general inquiries not related to this blog, please contact Customer Service.

If you have a TypeKey or TypePad account, please Sign In

About this blog

Consumer Reports' electronics reporters, editors, and testers will quickly report on new developments and trends.

RSS Feed

Recent Posts

Consumer Reports Electronics Blog Categories

Consumer Reports Electronics Blog Archives

-    November 2008
-    October 2008
-    September 2008
-    August 2008
»    View All

More Consumer Reports Blogs