More on the VA data compromise

By LB on June 28, 2006 10:15 PM | | TrackBacks (0) | Sphere: Related Content

The AP reports it has documents showing the permission level of the VA analyst in the stolen laptop case:

WASHINGTON - The Veterans Affairs worker faulted for losing veterans' personal information had permission to access millions of Social Security numbers on a laptop from home, agency documents obtained by The Associated Press show.

The story summarized the documents:

The documents show that the data analyst, whose name was being withheld, had approval as early as Sept. 5, 2002, to use special software at home that was designed to manipulate large amounts of data.

A separate agreement, dated Feb. 5, 2002, from the office of the assistant secretary for policy and planning, allowed the worker to access Social Security numbers for millions of veterans.

A third document, also issued in 2002, gave the analyst permission to take a laptop computer and accessories for work outside of the VA building.

"These data are protected under the Privacy Act," one document states. The analyst is the "lead programmer within the Policy Analysis Service and as such needs access to real Social Security numbers."

There's also going to be a hearing in the House tomorrow featuring the testimony of VA Secretary Jim Nicholson and others.

The piling on and upchanneling of blame is starting as well:

"The gross negligence in this case are the people above him," said Rep. Bob Filner (news, bio, voting record), D-Calif., the acting top Democrat on the House Veterans' Affairs Committee. "They gave him express permission to take the information home. When it was stolen, he reported it right away."

"They're trying to pin it on this one guy, but I think it's other people we need to be looking at," he said.

Meanwhile, President Bush requested funds to help the VA deal with the fallout:

Separately, the president asked in a letter to House Speaker Dennis Hastert, R-Ill., for the $160.5 million to help the VA cover the costs of credit monitoring and fraud watch services.

The money would be taken from programs in the departments of Agriculture, Health and Human Services, Labor, Transportation, Treasury and Veterans Affairs whose money would otherwise go unused or from programs previously set for elimination, according to Scott Milburn, spokesman for the Office of Management and Budget.

And the requisite bickering to go along with it:

Some Democrats said money to pay for veterans' protection should not come at the expense of other programs.

"It's outrageous to first expose millions of Americans to credit fraud and identity theft and then to try to cut food stamps, student loans, and youth programs to pay for it," said Sen. Patty Murray (news, bio, voting record), D-Wash. "This is a new problem that needs to be solved with new money."

The budget is fixed each year, and even discretionary funds get spoken for pretty quickly. Be afraid whenever a politician is looking for "new money". At least the rationale for the funds is a good one:

Nicholson told lawmakers this week that the money would cover monitoring for about half of the 17.5 million people whose Social Security numbers were compromised. He said it also would pay for out-of-pocket expenses ranging from $10,000 to $20,000 for those whose identities are stolen.

If there are any identities stolen - and so far, none have - this sounds like it would take care of all but the very worst cases.

Kinda makes you wonder how much the lawyers who brought suit have the troops' interests at heart - remember, they've blocked the VA from publicizing this assistance out of concern that it would diminish their award.

Additionally, from the descriptions of the documents the AP gives, I'm unconvinced that the unnamed worker had permission to take the personal data home with him, as the article suggests. The first document apparently deals with software - not data. The second gives permission to access social security numbers - something that would be necessary for work performed at the office, AP doesn't directly say that the permission extended to home in the document's description. And the third simply gives permission to take the laptop ouside the facility - something that would be required if he was subject to travel on department business. All three seem fairly ordinary.

My problem with AP's description is the lack of anything that looks like a smoking gun. The type of documents described above would be government forms or boilerplate letters, and very specific in scope. If any of the documents gave specific permission to take the live database home, why no quote?

Hopefully some of this will get clarified as the AP updates the story, or during the testimony in the House tomorrow. I'm still fairly angry about the situation, but not ready to assign blame until I learn more.

Categories:

0 TrackBacks

Listed below are links to blogs that reference this entry: More on the VA data compromise.

TrackBack URL for this entry: http://www.dontgointothelight.com/cgi-bin/mt/mt-tb.cgi/5152

About this Entry

This page contains a single entry by LB published on June 28, 2006 10:15 PM.

Putin: Hunt down and destroy the killers was the previous entry in this blog.

Stolen VA laptop recovered is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Credits

Web hosting by
Hosting Matters

Powered by Movable Type 4.01

101st Fighting Keyboardists

fighting101s.jpg

BlogNetNews Delaware

Feeds

Powered by FeedBurner

Directory of Politics Blogs

Get Free Shots from Snap.com

Search

E-Mail

Email LB

Blogroll