Ludwig von Mises Institute
Separation of School & State
Israel at the UN
Cascade Policy Institute
Voluntary Trade Council
Mises Economics Blog
The Angry Economist
Civilian Gun Self-Defense
In The Pipeline
Fall of the State
Voluntary Trade Blog
Free Money Finance
Encrypt it, Stupid!
I got this lovely letter in the mail today:
As compensation, they're going to provide me 90 days of free credit monitoring. I've heard about exactly this scenario happening to other companies several times over the past few years, but this is the first time it's happened to me.
I'm frankly not very worried that I'll be a victim of identity theft. Even if the tape was acquired by criminals, they would make use of only a vanishingly small number of identities, so the odds of me personally being affected are very near zero.
That said, there's no excuse for this. It's a reflection of very poor business practices — particularly because this has happened several times and has been very public news. There's a ridiculously easy way to prevent it from occurring again. It's called data encryption.
Encrypt the data when the tape is written. Ship the tape with instructions for the recipient to call you when the tape arrives. When they call you to confirm receipt, mail them the decryption key.
Having the tape or the key alone is worthless. You need both in order to read the the data. Shipping them separately ensures that no single error in shipping will put the data in criminals' hands. Confirming receipt of one before sending the other ensures that even in the presence of widespread shipping errors, the data won't be compromised.
If either the tape or key are lost in shipping, don't re-send it. Just start the process over from the beginning, with new tapes and a new key.
It's Shocking! Outrageous! that people aren't more careful with data. This is (or ought to be) easy stuff.