July 17 18, 6AM — An earlier post headline indicated that the order discussed in this post had to do with encryption when it really had to do with moving sensitive data to a secure location not on the main network. The headline has been corrected; the post is otherwise unaffected. Because the order discussed in the post was not implemented, sensitive info was present in what was stolen. Although it would take specialized knowledge to access the data stolen because of the nature of the device stolen, the data on the device was not encrypted.

____________________________________

Forgive me, but this seems way too convenient (HT RAB):

Workers on the state’s new payroll and accounting system were told in April to remove Social Security numbers and other sensitive information from the main network but didn’t do it, records released yesterday suggest.

As a result, the data ended up on a computer backup tape that was stolen late June 10 or early June 11 from a state intern’s car, affecting more than 1 million people or businesses and costing the state an estimated $2.2 million so far.

Also, on June 15, the 22-year-old intern, Jared A. Ilovar, passed a three-hour polygraph test about the theft, correspondence obtained through a Dispatch public-records request shows.

The records contain an e-mail that David L. White, executive program manager for the Ohio Administrative Knowledge System, sent to four workers April 4 telling them to move sensitive files to a secure part of the system.

“I want all files that can be identified with SSN data put into a secure directory today,” White wrote.

After Gov. Ted Strickland announced June 15 that the backup tape containing sensitive information was stolen, White sent a copy of that April 4 e-mail to Budget Director J. Pari Sabety.

So this order was known by the Director of the Office of Management and Budget, who I believe reports directly to the Governor and not made known to the public until now — and it had to be obtained through a public-records request? Why wasn’t this revealed much, much earlier?

The Office of the Inspector General’s Thomas Charles tells us that his is an independent agency. It had better be looking into how (or if) the Governor was kept in the dark, and how (or if) the supposed order was ignored without follow-up, or it will not be doing its full, “independent” job. If those things are not within his scope, we’ll never learn what we really need to know about the “Who knew what and when?” elements of this episode.

The Governor should be ensuring that this is done — with or without the Inspector General. If it takes an independent OUTSIDE investigation, Mr. Strickland should make it happen. At this point, Ohio’s chief executive appears to the person-on-the-street to either have been systematically kept in the dark by people under him, or to have himself manipulated the release of information to the public. Neither alternative is palatable, but the first would at least exonerate him. If we don’t learn otherwise, anyone who assumes the worse alternative (info release manipulation) would not be out of line.

In either case, identity thieves could have had, and perhaps did have (but we don’t know it yet), a field day with the personal information of those who didn’t learn that their personal information had been compromised 10 days to three weeks earlier than their portion of the data compromise was announced.

___________________________________________

UPDATE: Tammy Obeidallah at The Daily Advocate is acting as if the data IS encrypted (last para):

State officials believe it is unlikely that someone could access the encrypted data, as doing so would require specialized knowledge and equipment.

Zheesh.

___________________________________________

Previous Posts:
- July 13 — The State of Ohio Data Theft — One More Time: Independent. Investigation.
- June 25 — Ohio’s State Data-Theft Update, Including State Contact Info (PLUS: AP’s Unsolicited Damage Control and Dispatch Whitewash)
- June 22 — W-W-W-Wait a Minute: When Did THIS Data-Theft Number Go Up? (Answer: Maybe It Didn’t It Sure Did)
- June 21 — What the ???? (Ohio Data Theft Update; Time for an Independent Investigation)
- June 19 — What the ???? (Stolen State Data Was NOT Encrypted)

Wal-Mart is going to start selling religious toys. Can’t wait for the hysterical reax to this.

__________________________________

In June, Microsoft (up to 13.2% from 10.3%) is reported to have gained search share from Google (down from 50.7% to 40.5%) and Yahoo! (down from 26.4% to 25.1%), but:

It was “due in large part to Live Search Club, a program launched by Microsoft in late May to engage and reward users of Live Search,” comScore said.

Compete, another Internet metrics company, last week also reported that Microsoft had seen its share of the U.S. search market rise. Most of that gain was attributable to Live Search Club.

Users of Microsoft Live Search Club claim that people are using macros and other software to automate Live Search Club queries for the sake of collecting prizes awarded for playing Live Search-based games.

Even if the gain is legit, will searchers stay only as long as the freebies are attractive? Can Microsoft continue giving stuff away indefinitely? Google isn’t Netscape.

______________________________________

Good news from the chip world — Intel has begun aggressively reducing prices on its best stuff, the Quad Core processors, about 40% or so. That should translate to cheaper and more powerful PCs rather soon.

______________________________________

John Fund finds Democratic budget-cutting:

The new Democratic Congress has finally found a government agency whose budget It wants to cut: an obscure Labor Department office that monitors the compliance of unions with federal law.

In the past six years, the Office of Labor Management Standards, or OLMS, has helped secure the convictions of 775 corrupt union officials and court-ordered restitution to union members of over $70 million in dues. The House is set to vote Thursday on a proposal to chop 20% from the OLMS budget. Every other Labor Department enforcement agency is due for a budget increase, and overall the Congress has added $935 million to the Bush administration’s budget request for Labor (DOL’s budget in 2004 according to Wiki was almost $60 million. — Ed.). The only office the Democrats want to cut back is the one engaged in union oversight.

Figures.

________________________________________

The Iraqi government, at 8-for-18, is being characterized as a laggard in meeting benchmarks. Then what do you call Congress, which, as Mike at Flopping Aces notes, is batting 1-for-10 against benchmarks it set for itself?

Related: Here’s a Dan Riehl-produced video (Riehl’s post is here) of the progress of security handovers in Iraq that you’ll NEVER see reported by the Associated Press or other Old Media outlets.

Consumers of exclusively Old Media “news” will have to admit that they had no idea Iraqis were handling their own security in so much of the country. Maybe someone should do a similar video charting ICE’s success in rounding up illegals in the US who are under orders to be deported for comparison. It would be an easy one to make, as it would require only one still shot.

From Danville, PA:

Tuesday, July 3, UPDATED: 5:01 p.m.

Covered with cuts and bruises Sophia Sausser, 2, is still at the Janet Weis Children’s Hospital at Geisinger Medical Center near Danville. She’s been there since Sunday when a car crashed into her family’s horse and buggy while trying to pass it. It happened just south of Sunbury. The collision sent Sophia, her parents and two siblings to the hospital.

“Our carriage was totally destroyed,” Sophia’s father, Harry, said. “Pretty much nothing of it was left. Most times when that happens there’s fatalities.”

Harry Sausser said he found his baby boy about 20 feet from the carriage after the crash. The infant was stuck in the spokes of a wheel, and wasn’t crying. Harry feared the worst.

“I thought that day he was going to be taken from us,” Harry said with tears in his eyes. “But it just wasn’t the Lord’s will at that time.”

Now the family calls Harry IV, who is three weeks old, the miracle baby. There’s barley a scratch on him.

Go here for the rest of the story.