Forgot your password?
typodupeerror
Privacy Government Security United States Your Rights Online

US Gov't Makes a Mess of Classifying Sensitive Data 100

Posted by Soulskill
from the bureaucracy-at-its-finest dept.
coondoggie writes "Protecting and classifying sensitive information such as social security numbers shouldn't be that hard, but (perhaps not surprisingly) the US government has elevated complicating that task to an art form. It seems that designating, safeguarding, and disseminating such important information involves over 100 unique markings and at least 130 different labeling or handling routines, reflecting a disjointed, inconsistent, and unpredictable system for protecting, sharing, and disclosing sensitive information." This was the conclusion of a recent report (PDF) by the Government Accountability Office, which also "found areas where sensitive information is not fully safeguarded and thus may remain at risk of unauthorized disclosure or misuse."
This discussion has been archived. No new comments can be posted.

US Gov't Makes a Mess of Classifying Sensitive Data

Comments Filter:
  • Protecting what? (Score:5, Insightful)

    by turbidostato (878842) on Monday September 13, 2010 @08:15PM (#33567678)

    "Protecting and classifying sensitive information such as social security numbers shouldn't be that hard"

    I know the historical context that makes social security numbers to be declared "sensitive information" in the USA but when will you start to attack the real problem?

    Your social security number is an identification token; it should be the exact opposite to sensitive information! No wonder you have so many problems related to SSNs.

  • by siddesu (698447) on Monday September 13, 2010 @08:20PM (#33567720)

    Protecting and classifying the odd few petabytes that probably move daily in different formats across several hundred collecting agencies and several thousand user organizations is a tad more involved.

  • by by (1706743) (1706744) on Monday September 13, 2010 @08:34PM (#33567824)

    The problem is that the SSN is so closely tagged to everything you do, just knowing it makes stealing an identity way too easy.

    I'm not positive that's the problem -- as turbidostato pointed out, it's supposed to be an identification token, not a password. Trouble is, banks, CC companies, etc. commonly use this (perhaps coupled with something lame like DOB) as just that.

    For example, from your clearly visible email address, I know you have a livejournal [livejournal.com] account (contains your birthdate, hometown, full name, etc.), you frequent Amazon [amazon.com] (which shows a picture of you, some personal info, etc.), and so forth -- all from a simple google search.

    Thing is, I can't easily steal your identity, because you've only supplied your handle, but no password. I believe that's what turbidostato's saying; we should be able to talk about our SSN the same as our email address, as our handle and password should be (but aren't) separate.

  • Sooo (Score:4, Insightful)

    by ascari (1400977) on Monday September 13, 2010 @08:41PM (#33567868)
    From the comments so far one would think the article was about SSNs. If you RTFA it's about procedures and bureacracy surrounding classified information including sometimes conflicting classifications used by different fedarl agencies. SSN was just an example for gods sake.
  • Hah! (Score:2, Insightful)

    by davmoo (63521) on Monday September 13, 2010 @08:50PM (#33567936)

    And this is why I refuse to believe any of the popular conspiracy theories about our government. The United States government can't keep secrets secret.

  • by Dragoniz3r (992309) on Monday September 13, 2010 @09:12PM (#33568078)
    Yeah, but then everyone bitches if they try to raise taxes... I mean, obviously, the solution is for governments to be more efficient with the money they do have, and to pay their people properly, but for some reason it's easier to cut people than programs...
  • by timeOday (582209) on Monday September 13, 2010 @11:24PM (#33569018)
    The parties with 3 different types of 'Sensitive' may or may not ever exchange information in the first place.

    What if we surveyed private industry, how many different ways would we find to label sensitive data? Would the economy be more efficient if time were taken to force everybody onto a single standard?

    People talk about "the government" like it's a single entity. Then they divide up problems in different ways and assume a single department should be responsible for each sub-problem in their arbitrary breakdown. I.e. "six different agencies are responsible for X" (implying that's ridiculous). In practice, no large complex problem can be attacked without some degree of autonomy pushed down the chain of command - which necessarily implies some redundancy and inconsistency. Until everything is controlled by a single massive computer, that will always be the case.

    Don't get me wrong, I recognize the need to constantly search for improvements to the system. But it's not necessary to be shocked and outraged every time some government auditor finds a way to improve whatever he just audited.

  • by clarkkent09 (1104833) on Tuesday September 14, 2010 @05:07AM (#33570910)
    On the contrary, the government pays people too much. On average, public sector pay is higher than the private sector pay for equivalent jobs: http://www.usatoday.com/news/nation/2010-03-04-federal-pay_N.htm [usatoday.com]

COMPASS [for the CDC-6000 series] is the sort of assembler one expects from a corporation whose president codes in octal. -- J.N. Gray

Working...