FBI Investigating Missing State Department Laptop

According to the spokeswoman, State Department regulations prohibit processing classified information on computers that are not designed to handle sensitive data. But she could not confirm that the policies cover the encryption of specific files.

Last month, a laptop containing sensitive data about Northern Ireland was stolen from an agent of Britain's MI5 internal security bureau while he was buying a train ticket at London's Paddington station. The machine was never recovered, but the information it contained was understood to be heavily encrypted and believed to be secure.

In the U.S. case, the laptop was reported missing from the State Department's Bureau of Intelligence and Research. The bureau, which handles highly classified reports, was criticized last year by the department's inspector general for lax handling of "sensitive compartmented information" that the laptop reportedly held.

In response to this and other recent security breaches at the department, Secretary of State Madeleine Albright asked the Assistant Secretary for Diplomatic Security (DS), David Carpenter, to conduct a thorough review of security at the department. Carpenter has put together a team of senior security experts from various government agencies. The review, which began in March, is expected to be completed shortly.

"The safeguarding of sensitive information is the personal responsibility of every employee in the bureau," said State Department spokesman James Rubin in a statement on Monday. "It is crucially important to U.S. national security that our employees take this responsibility and take the necessary steps to protect the information."

The spokeswoman added that the DS information security staff is currently conducting a training and awareness program throughout the State Department. She noted that each office in the department assigns a staff member to serve as a unit security officer to ensure security policies are observed.

"We are committed to improving our security," said the spokeswoman. "As there is a possibility that classified information may have been compromised, this matter is now the subject of a joint FBI and DS investigation."

"The missing laptop is the latest in a long string of security failures at the State Department," said Rep. Benjamin Gilman (R-N.Y.), who heads the House International Relations Committee, in a statement on Monday. "It is obvious that the department lacks a professional environment that is sensitive to security concerns."

Gilman was referring to a number of recent security breaches. Last year, for example, FBI agents found a Russian diplomat, whom they believe was a spy, inside the State Department. They also discovered a listening device in a conference room that the man may have been monitoring.

"Such security lapses are not acceptable," said Gilman, who says he will hold hearings next month to probe the department's security. "Whatever changes are necessary at the State Department to better protect our nation's secrets should be undertaken."

Arjen K. Lenstra, a cryptographer and vice president of the emerging technology group at Citibank Corp., said he believes most people at the State Department do not encrypt data on their laptops because it is a cumbersome process. He said he was uncertain about Citibank's official policy on laptop encryption, but noted that employees are encouraged not to let the machines out of their sight.

"Laptops are stolen all over the place, it is a risky business," said Lenstra. "I keep my laptop at home - it's too insecure to travel with."

Lenstra noted that passwords that keep thieves from accessing a computer hard disk are easily broken, and a thief can also remove the hard disk to access the data later. Even if the data is encrypted, Lenstra pointed out, most people select short, obvious passwords that can be cracked by password programs. "Users always make this stuff insecure," he said.

Lenstra added that only people using long passwords have a chance of keeping the data secure, but Microsoft Windows systems do not support the generation of long passwords.

"Unless the data is encrypted on the disk with a strong password," said Lenstra, "there is no way you can protect yourself."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ann Harrison

PC World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?