Hi Bernard, Without beating a dead horse or dissecting a frog twice, I think your answer covers most issues. No system is perfect, but it seems like a fair amount of thought went into this. With luck this will be reviewed from time to time to adjust it to changing threat models and newer technology.
Sorry if I misread what was intended as a joke to be something serious, but it is often that a throwaway line reveals not so obvious truths. As a result I have learned to ask about potentially questionable comments. Now, to move totally away from your comments, it's too bad we can't get roughly the same type of rational response as yours to the 50,000 plus pages of code and private letters the IRS holds. Thank you for the prompt, cogent and revealing response. Allen Owens Bernard B wrote: > --- Allen <[EMAIL PROTECTED]> wrote: > >> Hi Bernard, >> >> Based on your posts I'm sure that you are an honorable person; >> however, it concerns me when you say, "They don't care enough to be >> torture-proof." >> >> To me this could result in events like are occurring at the US State >> Department Passport office where people are pawing through files and >> records they have no legitimate business reading. >> >> I'm not in favor of excessive secrecy as that is to the detriment of >> society as a whole, I think. I do think that people will take and blow >> rumors up all out of proportion to the reality behind them and that >> correcting the record can be real tough to almost impossible. >> >> My question to you is, are these agents ethical enough to prevent this >> kind of disinformation from damaging the citizenry? > > Interesting. The line in question was, essentially, tossed off as a > humorous observation on our privacy priorities. I need to be careful > about that considering how easily such statements can be misinterpreted. > > I don't know who said that analyzing humor was like dissecting a frog > (no one enjoys it and the frog dies) but I guess it's time for me to > break out the scalpel. > > Our Agents, Officers, Special Agents and others who do field work or are > trusted with sensitive data are taught certain priorities within an > ethical framework. The notion that someone would torture one of our > people to get at the information on their laptop is mostly ridiculous > but if it did happen, I would expect them to immediately reveal their > passwords. Our Officers endure the highest level of day-to-day danger; > when I did that job, I was attacked more than once. They are taught > that their life is worth more than their "stuff." An Officers > Commission (their ID), for example, is a powerful little thing in many > circumstances. Yet if we get mugged while in the field, we are to give > it up with no hesitation. Our ethics, as reinforced in extensive > training, hold that the life or safety of an employee is worth far more > than their ID, their equipment, or even the information on their > computer. If it's a choice between being tortured or giving up their > passwords, we expect them to start talking. Many resources will > subsequently be devoted to finding and prosecuting the perpetrators. > > So, as a matter of policy, our employees are not *supposed* to care > enough to be torture proof. Our employees are more important than our > information. > > Now, moving from the nearly-unthinkably silly (I say "nearly" because we > do have some on-point training and policies for employees who travel to > certain parts of the world) to the day-to-day, I want to make it clear > that the "not caring enough" attitude that is appropriate when faced > with torture does not apply when it comes to day-to-day data security. > > In fact, our people are held to very high standards. The case you cite > of pawing through passport records is a great example. That sort of > thing is very unlikely at the IRS. We do ongoing data matching on our > people and their accesses to computerized records. Any access to an > IDRS (Integrated Data Retrieval System) record is run across the > personal profile of the employee to find matches or patterns of unusual > accesses. If an employee, for example, accesses the files of a neighbor > (even someone they don't know in any way), an investigation is > automatically triggered. Geographic data is part of the data matching > used to make sure unauthorized accesses do not happen. Additional > matching, against things like family members, assigned casework, etc., > is also done. Employees just don't look at tax records unless they need > them to do a job. > > As the prominence of customers goes up, so do the precautions. The > files of famous people are flagged and accesses are not just screened > but reviewed by a case worker. At the very top, if, pursuant to an > audit, you have occasion to handle the tax returns of a President, past > or present, you can expect to have a very intimidating Special Agent > with the Secret Service standing next to you the whole time. There will > also be a Special Agent with the IRS next to you (and probably a small > squad of others somewhere nearby, drinking coffee and waiting to move on > to the next processing point.) Literally, if you turn a page and read > something you don't need to do your job, you'll be instantly arrested. > > Yes, I know this from first-hand experience. > > Our track record for ethical treatment of taxpayer records was, > admittedly, forced on us. Without going into too much detail, President > Nixon severely misused the agency for nefarious purposes. As a result, > Congress passed a number of oversight measures. Our data security is > certainly not perfect but considering our size and the sensitivity of > our data, we are well out in front on these issues. We had about a > 20-year head start compared to most organizations and are *far* more > sensitive to privacy and security issues than most people realize. The > way Congress beat up on us, post-Nixon, put us on a path toward the > practical respect of private citizen data a very long time ago; today, > we view being put on that path so early as a blessing. > >>From a technical perspective, a number of practical procedural and > technical solutions are in place. All laptops (technically, all > computers that leave IRS-controlled space) are encrypted unless they are > going to a jurisdiction where importing encryption is illegal. All > removable media (CDs, USB keys, even floppies) are encrypted for people > in identified user groups; that will apply to everyone, by default, in > the near future. All desktop workstations will be fully encrypted by > this summer. Data on paper is kept very secure. There is a culture of > data protection here that leads people to, for example, automatically > turn documents face down when you walk up to their desk. Nobody makes a > big deal about it; it's just the way we work. > > Of course we're not perfect. We've hired extensively over the last few > years and some of the kids we've hired didn't "get it" quite quickly > enough. Some unauthorized accesses have happened and there's been an > uptick in people fired for that reason. That doesn't concern me; it > actually means we're finding the people who screw up. > > Over the course of my career, I've seen about a person a decade > perp-walked out of a building in handcuffs for selling data. It's rare > enough that it sticks in the memory. It's certainly not common. > > So, to address your specific question (and I'm not perfectly sure I > understood the question, so I apologize in advance if I've > misinterpreted) - No, I don't think what I said is fodder for any > rumors. I don't accept that it qualifies as disinformation because we > certainly don't expect our people to hold their passwords secure in the > face of torture. We do expect them to be ethical enough to protect > sensitive data adequately and consistently in accordance with policy; > that expectation is rarely wrong. When it is, harsh penalties are > imposed and everything that contributed to the lapse (training, > technology, procedures, everything) is examined under a microscope and > changes, if needed, are made. > > Actually, I'm pretty proud of our record and our dedication to data > security. > > Is the frog dead yet? > > Bernard Owens > USTreas/IRS > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
