SAIC Loses Data of 4.9 Million Patients

An anonymous reader writes "Government contractor SAIC just can't seem to get a break. Still fresh off of the Citytime scandal, they've now had a data breach in which backup tapes holding 4.9 million personal health records were stolen from an employee's car. To add insult to injury, evidently the tapes were not encrypted either: 'Tricare did not indicate whether SAIC encrypted the information on the stolen tapes, but Raley said, "It's very hard to encrypt a backup tape."'"

LOL

[afidel]

Hard to encrypt tape?!? Every LTO5 and most LTO4 drives support hardware AES encryption!

And they all support rot256

[davidwr]

rot256 is for arbitrary 8-bit binary data.

"rot256 - like rot13 but 19-20 times as much rot!"
- rejected slogan, rot256 working group

Re:

[cjb658]

Maybe there's a patent for encrypting patents.

Re:

[mlts]

Bingo. For basic encryption, I logged onto the tape silo, typed in a passphrase, enabled encryption, and called it done. Transferring the key via SPIN/SPOUT to the drives does the rest.

If I wanted better encryption, I can use a key management system, changing out keys for written tapes, but yet keeping them on the appliance for reading. Of course, a backup of the keys are made and stored.

Even without LTO's built in encryption, every modern backup program supports some type of AES level software encryptio

Quote not attributed to SAIC

[Johnny Mnemonic]

From TFA:

Raley is "director of healthcare solutions at IT integration and security company Axway" and the quote "very hard to encrypt tape" is attributed to him, not SAIC.

SAIC has not said if the data was encrypted on the tapes or not.

If you use Axway as a vendor, you should fire them.

Re:

[MetalliQaZ]

Hard to encrypt tape?!? Every LTO5 and most LTO4 drives support hardware AES encryption!

I think he may have meant one of two things...

1) He was thinking about encrypting tapes when they are already outside of the system. If an employee wanted to remove them from the secured facility, then how would he encrypt them in place without disrupting the production system?

2) He may be looking at it from their internal point of view. They probably have a large, old, proprietary, expensive system (what else in a government operation?) that doesn't support encryption and is not easily upgraded without a

Re:

[shawn(at)fsu]

Never mind that was stated in the first link.

Re:

[DragonWriter]

Exactly! Encrypting tape backups is required by HIPAA anymore.

No, its not. Under the HIPAA Security Rule, Encryption and Decryption is an "addressable" rather than a "required" specification of the Access Control standard mandated under HIPAA (see, 45 CFR Sec. 164.312(a).)

So, in fact, entities holding PHI are required to either implement encryption or document why it isn't "reasonable and appropriate" for them to do so. (see 45 CFR Sec. 164.306(d)(3).)

Encrypting data, whether at rest or in motion,is necessa

Very hard to encrypt a backup tape?

[grimmjeeper]

Seriously?

What kind of knuckle dragging moron can't figure out how to encrypt the data stream they're backing up?

Re:

[Raistlin77]

Seems to be that it was an ignorant attempt at sarcasm, as in "How do you encrypt plastic?" Clearly he's the kind of knuckle dragging moron that shouldn't be making statements regarding the topic at hand.

Re:

[Synerg1y]

Lol, this guy took the tapes out to his CAR, would you feel ok walking around with your companies database in your briefcase?

I wouldn't, I'd VPN in to grab it, not carry it, and I'd make sure I'm using a hardened windows to do it too. That kind of liability can really put a kink in somebody's day.

This fine gentleman though, not only removed the tapes, he put them in his car.

Now with that thought pattern do you REALLY expect him to know about encrypting tapes?

Some people just shouldn't be allowed to be arou

Re:

[dave562]

Lol, this guy took the tapes out to his CAR, would you feel ok walking around with your companies database in your briefcase?

I have to take drives to and from the data center with confidential and sensitive data on them. They are TrueCrypted with strong pass phrases, but just having the data in my possession makes me hesitant to go anywhere other than directly to/from the data center and office. Stop at Starbucks? No way! What if someone steals the drive during the 5 minutes it takes me to get my coffee

Re:Very hard to encrypt a backup tape?

[Bucky24]

When was the last time we read a story, "Iron Mountain lost backup tapes uber confidential data."??

Every time that happens they kill all the witnesses. So no one ever knows...

Re:

[dcsmith]

When was the last time we read a story, "Iron Mountain lost backup tapes uber confidential data."??

Every time that happens they kill all the witnesses. So no one ever knows...

Taking security through obscurity to a new level.

Re:

[morethanapapercert]

Since the first person to witness the crime would the thief, I'm actually OK with that....

Re:

[Martin Blank]

When was the last time we read a story, "Iron Mountain lost backup tapes uber confidential data."??

Based on a quick search, at least as recently as 2009. And then 2008 before that. And 2007, 2006, and 2005 (twice) before that.

http://datalossdb.org/organizations/128-iron-mountain [datalossdb.org]

We use Iron Mountain and they're generally good (and the local warehouse is only a couple of miles away), but it's still a good idea to encrypt any tape that leaves the facility, whether or not it contains personal data. A system

Re:

[dave562]

it's still a good idea to encrypt any tape that leaves the facility, whether or not it contains personal data.

Agreed. Encrypting the backup is standard practice. Or at least it should be if the admins are competent at what they do.

Re:

[Seedy2]

Unfortunately there are id10ts out there (typically upper management) who once heard the phrase offsite backup from one of their golf buddies, and thought it meant "have the IT staff take the backup home with them, in case there's a fire". Continuing with some variation of: "Besides, if we need something restored they can get it back faster than iron mountain"

The hours I've argued...

Re:

[seifried]

Well: Google says... [google.ca] "Iron Mountain has lost a backup tape belonging to GE Money with approximately 650,000 JC Penney customer records on it, and 150,000 of those records include customer social security numbers." Among others.

Re:

[Seedy2]

Not claiming they are perfect, just saying the not-so-well-thought-out "additional measures" are less than helpful, as a rule. :)

Re:

[JonySuede]

you'd VPN a few LTO5 tapes, wow, I would like to have such a nice internet connection....

Re:

[Hatta]

Never understimate the bandwidth of a briefcase full of LTO tape. If it's encrypted, it should be absolutely no problem physically transporting the backups off site yourself.

Don't get me wrong, this guy is an idiot. But the fact that he had backup tapes on his person, in his car, is not evidence for that.

Transporting the key

[tepples]

If it's encrypted, it should be absolutely no problem physically transporting the backups off site yourself.

Which reduces it to a problem of securely transporting the key.

LTO can do it on the drive

[Colin Smith]

And most of the big vendors and even many free software systems support key management. So no, it isn't very difficult. You just have to give a shit.

very hard to encrypt

[Oxford_Comma_Lover]

Yeah, encrypting a backup tape might take another hour or two to configure... not at all reasonable overhead for 4.9 million patient records

Espionage?

[N8F8]

What's the probability that someone breaks into your car and steals computer tapes?

Re:Espionage?

[Nkwe]

What's the probability that someone breaks into your car and steals computer tapes?

Maybe not as high as an employee selling the tapes and claiming that they were stolen.

Re:

[N8F8]

I had a similar thought. Highly suspicious.

Re:

[shawn(at)fsu]

Why would an employee that has access to the data steal the tapes and not make copies.Esp with all the attention even saying the tapes were stolen would cause. "Never attribute to malice that which is adequately explained by stupidity"

Re:

[BBTaeKwonDo]

If a copy is found, it may be possible to determine when the copy was done and by whom. E.g., "Suzy's record was added on the 3rd and Bobby's was added on the 4th. This copy has Suzy's record but not Bobby's, so the copy must have been taken on the 3rd. Who did the backups on the 3rd?" By saying the tapes were stolen, it's much less suspicious if a copy is found.

Re:

[dave562]

Depending on the environment, it is very easy to detect a copy operation. Due to the sensitive of the data we deal with, we have controls in place. Every time a drive is attached / detached from the server it is recorded. Internet connectivity is prohibited. ACLs on the servers prevent mounting remote file systems, and even if they could be mounted, the mount would be logged.

In my environment, it would be much easier to "lose" a backup tape than to simply copy the records. Of course, that is not entire

Re:

[mlts]

Any firm that doesn't have a chain of custody of tapes is failing ITIL 101.

For example, on premises, tapes should be either sitting in the silo, inserted in a tape safe [1], or in the blue containers with a seal on them waiting for the IM van.

Not rocket science here. It is disappointing seeing organizations not follow this.

[1]: Businesses need an on premise tape safe. This is less for security (since the safe should be located fairly near the data center, and behind locked doors), but for protection in c

Re:

[jank1887]

maybe theirs do too. via... a car.

Re:

[compro01]

The only car that this kind of backup tapes belong in is an armoured one.

Re:

[Nutria]

Who leaves their backup tapes in a car anyways?

People who work for niggardly companies or government agencies?

Re:

[hrvatska]

Yeah, I was thinking that either they're covering up some other incompetence or this was an inside job. I'm inclined to think that someone knew those tapes would be in that car at that time. But then there's Hanlon's razor, never attribute to malice that which is adequately explained by stupidity. And this was pretty stupid.

Re:

[MozeeToby]

I'd say there's 99.9% chance that the thief didn't know what they were grabbing. Break a window, grab any bags or boxes you see and get out of there is how most operate. Of course, there's a 0.01% chance that the thief knows exactly what they were going after and has been casing the mark for weeks waiting for the right opportunity. And then there's a the overlap of maybe 10% that didn't know when they grabbed it but are completely away of it by now, either through media reports (not that the media should

Re:

[hedwards]

I suppose, but who's going to steal tapes without knowing what's on them? Without more information it's hard to say, but it's a lot less likely that a smash and grab is going to be triggered by seeing tapes, unless the thief has some idea what's on them.

Laptops OTOH, I totally see how those would be stolen by somebody not knowing what's on them.

Re:

[TClevenger]

What's the probability that someone breaks into your car and steals computer tapes?

If they're sitting in plain view? Somebody busted my window to steal less than a dollar in change that was sitting in the center console. And that was in a car that was already missing the radio because of a previous break-in.

My professional opinion

[subreality]

It's very hard to encrypt a backup tape.

I think I speak for everyone when I say: Fuck you, no it's not. I don't have any problems encrypting my personal backups even though I have nothing more private to protect than porn. You people are supposed to be professionals. Telling people their data is safe because it would require "special hardware and software" to read the tapes is pathetic. Get your shit together, sir.

Re:

[rk]

I worked on a networked backup and recovery system and in the 1.1 version of our product, we integrated encryption both of the data streams from remote systems, and of the data on the tape itself.

This was 10 years ago. If you bought recovery software from a competent vendor, it's not hard at all.

Re:My professional opinion

[mlts]

Nail. Head. Hit.

"special hardware and software" gets me...

A LTO-5 drive and access to GNU tar or cpio is an alt-tab away for a number of IT people.

Re:

[dkleinsc]

Sledgehammer. Head. Hit.

At least, that's how I'd like to react to an organization whom I'm paying (indirectly via my taxes) failing in their legal requirements to keep this data absolutely secret. And in a way that is obviously stupid: They had no business storing things unencrypted on a backup tape, and no business having their offsite backup solution be "stick it in the back of somebody's car". I'll put it this way - my organization deals with information far less important than that, and we treat our bac

Re:

[Bucky24]

require "special hardware and software" to read the tapes

Eh, technically it does. You could also say that a CD requires special hardware and software to read. It's just that the hardware and software in question is fairly easy to obtain...

Re:

[Leebert]

HIPPA

Rule #1 of HIPAA: If you misspell it, you can't speak authoritatively about it.

/facepalm

[idontgno]

Did you just say ""It's very hard to encrypt a backup tape."? In public? Out loud? With a straight face?

Re:

[jd]

After their competitor, CSC, walked off with a few billion from the UK in exchange for vapourware, saying that with a straight face would have been almost easy.

Encryption

[mehrotra.akash]

Now, I dont know anything about tape drives, but how can it be difficult to do the encryption?

Simplest process would be to just zip them up with 7-zip, split into archives the size of the tape and apply a password to it.

May not be the strongest security, but still better than nothing

Re:

[MikeB0Lton]

Backup processes are typically automated and do not use 7-zip, but instead use backup utilities that cost $$$ like NetBackup. Most enterprise grade backup software can utilize software encryption for the backups. Tape drives can do the same on the hardware side if you bought the feature. Besides offloading the encryption algorithm to the tape drive, it also opens the door for storage deduplication for the volumes holding the disk based backups (encryption would obfuscate the data in the blocks rendering

Offsite backup

[Smallpond]

When we stored tapes at an offsite backup, they were picked up in a locked metal box by uniformed security guards who delivered them to their protected site. These days it has shifted to VPN. Never heard of just having tapes sitting in an employee's car. What was the offsite backup? A shoebox in his closet?

Re:

[Anonymous Coward]

I used to work at a firm that sent the backup tapes home with the tech.
She stored them under her bed.
I told her that was a great place because if her husband ever came home early and found a strange man in the bedroom she could say he was just there to get a backup.

Re:

[HornWumpus]

Raises hand. That's exactly what I did (offsite backup into shoebox in my closet). Of course the tapes were encrypted, it was 1987 and we were a small business with little sensitive data (still our customer DB was valuable, if only to competitors).

I interviewed with SAIC about 10 years ago. Let me say that the place reeked of stupid. I told them I had already found a job when they called back for second round.

Re:

[HornWumpus]

I imagine SAIC has more then one location.

I chose unemployment over SAIC. Having sense met a number of former SAIC employees I am confident I made the correct choice.

really?

[rickb928]

"It's very hard to encrypt a backup tape."'

Then encrypt the data, nimrod. These people actually get paid? Since when do they store HIPAA-related data and NOT encrypt it in the tables or wherever.

Exporting data to a nonencrypted anything is wrong. And backup tapes need not have raw data on them. Probably they shouldn't.

Re:

[compro01]

Since when do they store HIPAA-related data and NOT encrypt it in the tables or wherever.

When it is profitable to do so.

Criminal charges for HIPAA violations?

[schwit1]

Who was responsible for transporting and losing unencrypted data with PHI in an unsecured environment? Should be jail time for the boss who approved this.

HIPPA Consequences?

[goldspider]

So is SAIC going to be fined for their illegal (if unintentional) disclosure of patient medical records?

Ha ha! Almost got ya there, didn't I? Of course I know the answer already!

Re:

[hedwards]

I doubt they will, but there have been recent fines handed out for HIPAA violations, so hopefully.

The only way that businesses will take this sort of thing seriously is if there are real fines and preferably prison time for the executives in charge of this mess.

Re:

[hedwards]

Of course they can, there are plenty of ways of being compliant with the privacy regulations without having to be a huge organisation. The reason why we need actual enforcement and possible jail time is that without a pretty freaking huge stick, these companies aren't going to comply.

My information has been lost by at least a half dozen different companies in the last decades, nearly all of whom are required to take some pretty significant PII in order to do business with me. One of whom was a former employ

Really???

[Maximum Prophet]

The risk of harm to patients is judged to be low despite the data elements involved since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure.

I've worked with some weird systems before, but none so weird that I'd consider it that hard to get something off the tape. Even if the data structures are too strange to find everything, you might be able to link names with SSNs.

A few facts distilled from TFA

[idontgno]

and a couple of questions.

For those who don't know, Tricare is the "health insurance" that pays for providing health care for members of the military and for those retired military members that pay premiums. However, I don't remember SAIC having any contractual role in administering the Tricare system. Perhaps they were contracted by DoD to perform some kind of historical data analysis, and authorized access on that basis... but the reports make Tricare out to be the party at fault, so that would imply that

Re:

[idontgno]

It's gauche, but I'm gonna follow up to myself to ask the questions that came to mind.

• What precise role did SAIC have in this? As I mentioned, I don't remember SAIC being involved in Tricare administration "back in the day".
• Why, exactly, does Tricare think HIPAA privacy protections don't come into effect in this case? If this had been Blue Cross/Blue Shield, you can be damn well sure the HIPAA police would have been down there with sirens screaming. The only difference is that Tricare is a government-admin

Re:A few facts distilled from TFA

[Tekfactory]

Well if it's a strictly Government program HIPAA isn't its regulatory framework. They'd still have a requirement to protect Personally Identifiable Information under FISMA act of 2002 and OMB Memorandum 06-16 which came out after the VA lost their records. Among other things M06-16 requires you to encrypt senstivie data on mobile media and data in transit.

Re:

[YrWrstNtmr]

Anyway, TFA says that 4.9 million people were affected, but also that the tape contained health records from facilities in the San Antonio, Texas region for a 19-year period. 4.9 million people seems like a really large number for the service catchment area of one city, even if it has several primary military care facilities and a large semi-transient military population. Maybe if they include the induction medical records of Air Force recruits at Basic Training at Lackland AFB, for instance.

That's only 2

Ohio Plans To Encrypt After Data Breach

[Joe_Dragon]

when something like this happen a few years ago!

http://it.slashdot.org/story/07/12/11/2144255/ohio-plans-to-encrypt-after-data-breach [slashdot.org]

Re:

[compro01]

Great. We just need to have it happen 49 more times and then the entire country might have gotten a clue and implemented something vaguely resembling proper security.

Hard to encrypt backup tapes?

[utkonos]

Surely you jest? Getting amanda to encrypt your backups [zmanda.com]. Is just a matter of reading some howto files on amanda's website. And, just peeking over at bacula's website [bacula.org], I can see that they have a similar sort of setup [bacula.org]. I don't use bacula, but I'm sure it is a matter of following the directions just like with amanda. It is not clear how anyone can consider encrypting backup tapes as a difficult process. For that matter, with TrueCrypt [truecrypt.org], OpenSSL [openssl.org], GnuPG [gnupg.org], FreeBSD's geli [wikipedia.org], and linux's dm-crypt [saout.de] encryption in ge

Jail

[Fnord666]

Someone seriously needs to go to jail for a long time.

Can you spell HIPAA?

[luis_a_espinal]

Seriously, this is a major violation of HIPAA regulations (major as in "complete brain fart").

For such important data, why not a bonded courier?

[mrflash818]

Geez!

Absolute BS on hard to encrypt the backup

[Fallen Kell]

Someone beat the guy over the head with a clue-stick and stop the PR spin-wheel from being so absolute obvious. Just about EVERY enterprise level backup tape system supports built-in hardware encryption! You don't even need your software level stack to do it. The hardware itself encrypts the tape as it writes the data based on the firmware settings you configure on the device. It then automatically de-crypts it when it reads that tape later as it uses the same access keys/settings you gave it originally. So

Again?

[djl4570]

How many times will tapes be stolen from a car before these people wise up? http://www.computerworld.com/s/article/108101/Update_Thief_nabs_backup_data_on_365_000_patients?taxonomyId=084 [computerworld.com] About 365,000 hospice and home health care patients in Oregon and Washington are being notified about the theft of computer backup data disks and tapes late last month that included personal information and confidential medical records. In an announcement yesterday, Providence Home Services, a division of Seattle-based Prov

Re:

[account_deleted]

Comment removed based on user account deletion

consultant / contracts / sub contracts buck passin

[Joe_Dragon]

consultant / contracts / sub contracts seem like buck passing. But let the new guy, intern handle holding the off site back up?

Why not at least give them to a permanent or more long term worker or where they to smart to take responsibility for the back ups. But the intern will do just about any thing to try to get a perm job.

Now just having some keep the off site in there home and or car is a poor place to cheap out. Now if you want them to take it to a safe off site place have them do as part of the work d

Oh shit, I RTFA!

[billcopc]

the tapes were stolen from an SAIC employee's car during a burglary the night before.

What kind of idiot leaves tapes containing confidential data in a car, OVERNIGHT ? I wouldn't even leave a half-eaten sandwich in there overnight...

Gotta love government, contracting out to the biggest crooks and morons they can find.

I've worked with SAIC, I wasn't impressed

[plopez]

I had the misfortune of working with a consulting company who worked for a large oil and gas company doing water quality work. We were supposed to integrate with their EMIS application. First off it was only a month before the rollout that they contacted us to get some real life data. They had mindless inheirted off of air testing data and knew nothing about water testing. This is a marker of OOP newbies. They also didn't understand that the regulatory requirements changed with the seasons due to high flow/

Woohoo!

[CarlDenny]

4.3 Million patents gone! Sayonara you innovation starving sunsabitches!

Wait, what?

Jesus....

[nedlohs]

Tape backups are trivial to encrypt - the tape just stores data after all and doesn't care if you encrypted it before the tape sees it. Or turn on the encryption option and hope the vendor didn't screw it up.

Now of course once you have encrypted backups the encryption keys become very important. Losing them at the same time as you lose data you need restored (because you lost the machine where you kept them for one simple retarded scenario) puts you in a world of hurt - so there's some costs/benefits to con

They've obviously obfusticated the data, obviously

[tibit]

Retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure

-Who wants to bet that all you need to pull the data out is something like: dd if=/dev/tape | strings, perhaps with conv=ascii given to dd... and maybe gunzip or bunzip2. Sigh. Specific hardware: tape drive and a scsi card. Software: any recent unix would do. Knowledge of data structure: they obviously Huffman-coded all their SQL dumps, right? Haha.

Re:

[tibit]

The fact that it's VMS is irrelevant I'd think. The fact that MUMPS is involved -- well, everything depends on whether they are taking some sort of a database snapshot, or a dump. If it's a dump, it'll be human readable. If it's a snapshot, I'd still expect it to use some sort of records with strings stored without further ado. Most uncompressed databases I've seen are readable once passed through strings, though data from each row is not necessarily contiguous. All in all, I don't doubt that anyone who car

Very Hard to Encrypt A Backup Tape?

[Greyfox]

Perhaps if you're retarded. Were his records among those stolen? Perhaps we'll be able to check in a couple of months.

And what the fuck were they doing in an employee's car, to begin with?

How many HIPAA violations does this incident constitute. At what point does SAIC lose their ability to do business with the US Government?

Re:

[grimmjeeper]

You really shouldn't insult Geek Squad like that.

that what they get hireing based on degrees

[Joe_Dragon]

people who do stuff like this must of not done alot of tech work or did not go to a tech school.

CS will teach you theory and may some hands on stuff but a tech school will tech you about the right way to do safe back ups and the basic of data safety.

have back up tapes employee's car why? there has to be a better way to have a off site back up plan? if you want a employee to take it to off site place pay them (Time + miles) to do at the end of the day of a fixed time with NO OTHER WORK LOAD AT the same time.

Re:!surprised

[MagikSlinger]

SAIC's greatest FAILs:

• FBI Virtual Case File [wikipedia.org]
• NSA Trailblazer [wikipedia.org]
• NYC's CityTime [ieee.org]

Wow. The hits just keep coming...

Re:

[tnk1]

Yeah, but they usually go to places like Iron Mountain via more or less secure transport for offsite storage. Why this guy actually had those tapes in his car is an entirely different issue, and probably one where convenience won out over proper procedure. Which is assuming that SAIC actually had a procedure, of course.

This does look like legitimate grounds for potential lawsuits: the fact that patient data needs to be secure is hardly an obscure set of laws and requirements.

As for the "require knowledge

Re:

[JDAustin]

I'm a SAIC employee and I manage the servers in our office. Corporate policies are that backups are to never leave the server room, much less the office. This policy was put into place a few years ago (along with desktop encryption) after some 401k data was taken from a stolen HR computer.

Re:

[Nutria]

Corporate policies are that backups are to never leave the server room, much less the office.

And if there's some physical disaster (fire, flood, etc, etc)?

Re:

[3nails4aFalseProphet]

For some organizations, it is a weighted risk. Which would be worse: some random car thief thinking he stole somebody's 8-track collection, or not being able to find/remember the right password to restore the data in a legit DR situation?

Although, even with my defending them above I have to ask... WTF was going on with tapes left alone in an employee's car? Most places use a data storage company to transfer and store tapes.

Also, Axway's Raley was either misquoted or she's an idiot. What is Tricare

Re:

[gregfortune]

I didn't see any mention of encryption in the PDF linked off of that quote either. Wonder where it came from?

Re:

[gregfortune]

Ah ha, it came from the second link rather than the PDF it appeared to be linked to. Come on guys, at least link silly quotes like that to the right article.

---- http://www.informationweek.com/news/healthcare/security-privacy/231700161 [informationweek.com]
Tricare did not indicate whether SAIC encrypted the information on the stolen tapes, but Raley said, "It's very hard to encrypt a backup tape." Tricare did not respond to a request for comment on the HIPAA issues.
---

Brilliant :(

Re:

[compro01]

Paper doesn't get lost en masse and it's harder to mine and manipulate on wholesale levels.

Right, it would be impossible for idiotic companies to make a photocopy of records for backup purposes, then lose them due to braindead handling.

Re:

[Dr_Barnowl]

Well, no. But 4.9 million at once? Stretching credence for paper.

Lookup 'dumpster diving'.

[HornWumpus]

It was common. Likely before your time.

PHB's used to demand regular hard copies of detail that they would never read. Pulling them out of dumpsters was standard corporate espionage. I bet it still is.

Re:

[Thud457]

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway. [wikiquote.org]

and off into the sunset...

Re:

[gstoddart]

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.

Especially if it's one of these [0-60mag.com].

I saw one of these on a business trip not long ago ... 500+ HP of performance station wagon. The mind reels.

There might not even be all that much latency at those speeds. ;-)

Re:

[mirix]

Europe has some pretty sweet wagons. Superior vehicle class for soccer moms vs. minivans and SUVs, I'd think.

Too bad the big 3 left a horrible fake wood-panelled taste in america's mouths.

Re:

[nedlohs]

So they catch fire if you feed them already encrypted data I take it?

Re:

[nedlohs]

Taking twice as long to do a backup is hardly catching fire.

Re:

[Kalriath]

Sure, if they're old Tandberg drive tapes, but LTO tapes are extremely reliable. Where I work we wouldn't dream of writing backups to anything else (not least because it would be expensive to match the 1.2TB capacity of each tape).

Re:

[Kalriath]

Upgrade? There's nothing to upgrade to... for backups, LTO tapes (1.2TB capacity per tape) are virtually the be all and end all. Magnetic platter disks are far too unreliable long term (or hell, even medium term) to trust this sort of data to, and sending the backup over the wire to an offsite location would be both prohibitively expensive and take too long (working in a hospital that handles this many records, our backups run to approximately 7TB per day).

The "wow" is in just how clueless you are as to a