Cap'n Arbyte's


Local interest

Other sites


Encrypt it, Stupid!

I got this lovely letter in the mail today:

We are writing to let you know that a computer tape containing information about you and your mortgage account with ABN AMRO Mortgage Group, Inc. has been lost while being transported by DHL courier service to a credit reporting company. We deeply regret that this situation occurred and are keenly aware of how important your personal information is to you. We have no reason at this time to believe this information has been misused. Even so, we want to inform you of the situation, provide background about what happened, suggest some steps you can take and assistance we can provide to protect yourself from identity theft now and in the future.

As compensation, they're going to provide me 90 days of free credit monitoring. I've heard about exactly this scenario happening to other companies several times over the past few years, but this is the first time it's happened to me.

I'm frankly not very worried that I'll be a victim of identity theft. Even if the tape was acquired by criminals, they would make use of only a vanishingly small number of identities, so the odds of me personally being affected are very near zero.

That said, there's no excuse for this. It's a reflection of very poor business practices — particularly because this has happened several times and has been very public news. There's a ridiculously easy way to prevent it from occurring again. It's called data encryption.

Encrypt the data when the tape is written. Ship the tape with instructions for the recipient to call you when the tape arrives. When they call you to confirm receipt, mail them the decryption key.

Having the tape or the key alone is worthless. You need both in order to read the the data. Shipping them separately ensures that no single error in shipping will put the data in criminals' hands. Confirming receipt of one before sending the other ensures that even in the presence of widespread shipping errors, the data won't be compromised.

If either the tape or key are lost in shipping, don't re-send it. Just start the process over from the beginning, with new tapes and a new key.

Problem solved.

It's Shocking! Outrageous! that people aren't more careful with data. This is (or ought to be) easy stuff.

Tiny Island