Hard Drive Encryption In Stolen ISU Laptop. Is Alerting Students A Disservice?.

The Indiana State University at Terre Haute is alerting current and former students that they may be victims of a data breach.  A laptop computer used by a faculty member has been stolen.  It seems to me that ISU is crying wolf, in a sense, if what I’m reading is correct.  Supposedly, encryption solutions like AlertBoot hard drive encryption was used to secure data on that laptop.  Plus, other security measures like fingerprint scanning and password?protection are featured on all laptops handed out to ISU faculty members, for what they’re worth (not much, I would say…your mileage may vary on this).

 

And yet, university officials are alerting over 2000 students and alumni about the incident.  If the university had opted to use laptop encryption they wouldn’t have felt the need to do so.  So did they?  Or did they use something else, perhaps file encryption, and find out that the sensitive file was not actually encrypted?  The article does not specify.  The lost information included names, grades, e-mail addresses, and student ID numbers of those who took economics classes between 1997 and spring 2008.

 

ISU has not been lax when it comes to data security.  There’s the encryption, password?protection, and the biometric scanner on the laptop.  Plus, ISU stopped using SSNs as student ID numbers beginning in 2003.  However, that still leaves vulnerable all the people who were students between 1997 and 2002—again, if encryption was not used.

 

When asked, a spokesperson answered, somewhat circumspectly, that the faculty member had violated university policy: storage of private and sensitive data is prohibited on laptop computers.

 

With all of this going on, I can’t shake the feeling that ISU has gone from doing a great job to doing a great disservice.  If security measures—credible ones—were not on that laptop, I’d imagine that all of this hullaballoo would be necessary.  But that’s not the case.  If the correct type of encryption software was used, an explanation is not necessary.  It is what it is: a laptop got stolen.  This is not unusual.  A recent article claimed over 1000 laptops are lost or stolen every day at US airports alone.  Professors are not immune from theft.  And, theft and loss are the exact reason why people are recommended to encrypt the data on their computers in the first place.

 

So, is ISU doing a disservice?  I’m sure there will be many differing opinions out there, but that’s the way I feel.  Why scare your alumni and students if the security measures make it a non?event?  You still want to discipline the professor, since he broke the rules, but otherwise…?

 

It reminds me of that scene in “Hancock” where Will Smith is trying to get permission from a fallen officer as to whether he can touch her in order to save her.  In certain situations, you just don’t have make a show of “alerting” people of what’s happened and what your intentions are.  In fact, doing so is just counterproductive.

 

Related Articles:


http://www.tribstar.com/local/local_story_197153753.html



Comments (0)


Let us know what you think