FAS | Government Secrecy | June 2000 News ||| Index | Search | Join FAS


San Jose Mercury News
June 15, 2000

Secrets Proving More Difficult to Safeguard
as Data is Shifted from Paper to Electronic Files

BY SETH BORENSTEIN
AND THERESE POLETTI

People used to guard business secrets and highly classified documents with their lives. Nowadays, even national security secrets are getting lost or left in homes, hotels, taxis and train stations.

The reason? When secrets shifted from paper to electronic files, the new technology allowed workers to carry their offices around with them. But they forgot to bring along the sensitivity to security that secrets are supposed to entail.

Today's secrets may be every bit as sensitive as in years past, but computer users find electronic secrets harder to safeguard than tangible paper documents. People prize convenience and access over security, and tend to regard their computers and files as personal property rather than their office's.

Those are big mistakes.

"There are a lot of people who seem to have a very sloppy attitude toward security,'' said one of the nation's top computer-security experts, Peter Neumann, principal scientist at SRI Computer Science Lab in Menlo Park. "We haven't seen anything yet. This is tip-of-the-iceberg stuff.''

In the blink of an eye, a laptop can disappear from an airport or even an office, which is where Michael Corby, vice president of global security at Netigy, a consulting firm in San Jose, was robbed of his laptop while visiting an East Coast firm.

"I put down a laptop on a desk and turned around to dial a phone and someone lifted it while I was on the phone,'' Corby said. "I've seen some really bad things, especially in public transportation places, like airports and bus terminals, where people presume that just because they have a laptop in a bag, they can set it down somewhere and no one is going to care.''

Some companies, such as the ultra-competitive Intel Corp., fiercely guard their data. The world's largest semiconductor maker discourages its employees from working on confidential documents while traveling on airplanes. Its laptops have complex encrypted passwords, with the goal of making the machine unusable by anyone except the designated employee.

The company also has a check-in procedure at its Santa Clara headquarters, where visitors must register their laptops with security, to avoid any potential problems when they leave the building.

Government blunders

Increasingly, thieves are not just out to resell the computer hardware for a few hundred dollars -- they are espionage types, hired to steal corporate or government secrets, which is not that difficult when computer owners are careless.

The problem has become particularly noticeable in recent months in government agencies that are supposed to guard some of the nation's biggest secrets.

For instance:

In some cases, when laptops disappear so does critical data. But companies also try to protect themselves by backing up the most sensitive material.

Several months ago, eGroups Inc., a San Francisco-based company that lets people create e-mail groups, had a break-in at its offices, where three laptops were stolen. But because of the company's network data backup system, the theft did not cause as many problems as it could have.

"I'd love to say that we had the Mission Impossible laptop that self-destructed after being broken into,'' said Jade Dauser, vice president of corporate services at eGroups. "But we have a pretty healthy data security program, so everybody is backed up. If anybody's laptop is stolen, we have a backup system. It's automatic, the users only know it's there when they need it.''

But analysts and security consultants say that this is not the norm in corporate America or government. American security is stuck in the paper age, said Steve Aftergood, director of the Project on Government Security at the Federation of American Scientists in Washington.

Secrets in the spotlight

"Our security procedures are still predicated on protecting hard copy documents,'' Aftergood said. "They don't seem to be adequate to ensure the protection of electronic information.

"It's because it's an extremely difficult job,'' Aftergood said. "Back in the good old days, (spy) Aldrich Ames physically had to carry shopping bags of classified documents out the door of the CIA. Nowadays one can transmit 10 times the amount of information on a tiny cartridge.

"People who came up in the world of traditional secrecy markings have to make a certain mental adjustment in dealing with classified information in electronic form,'' Aftergood said. Sometimes they don't, but mostly because of "sloppiness and incompetence'' not spying, he said.

While lost government secrets are in the spotlight, the same thing "happens every day in the corporate world,'' said Richard Heffernan, president of a Branford, Conn., consulting firm that specializes in information security.

Heffernan, who has consulted with about half of the Fortune 500 companies, said: "I don't think I've ever been to a company that's not had some sort of inadvertent disclosure of important information by employees'' via computer files.

The problem, experts say, is as serious as computer viruses and hacking.

Contact Therese Poletti at tpoletti@sjmercury.com or (408) 271-3718 and Seth Borenstein at sborenstein@krwashington.com.




FAS | Government Secrecy | June 2000 News ||| Index | Search | Join FAS