Begin forwarded message:
From: Lance Hoffman <[EMAIL PROTECTED]>
Date: January 3, 2007 7:42:05 AM EST
To: [EMAIL PROTECTED]
Subject: Re: [IP] DHS puts even more eggs in one basket...
As someone who serves on an advisory committee to DHS and whose
password would be monitored -- IF you accept the GCN article at face
value -- I was more than a little interested in this, especially
since I don't recall hearing anything about it before. So I went to
the DHS website and searched on the system named in the GCN article
and immediately up popped a Privacy Impact Assessment that doesn't
say anything about me having to give up a password. The word
"password" appears exactly four times in the Acrobat document and
seems to describe very standard password controls. The GCN article's
headline is misleading. (Actually the GCN article is misleading.)
The GCN headline is " DHS tracking system will keep eye on IT
workers", and that is the thrust of the article. However, if you read
the PIA, a system is described whose purpose is to allow emergency
responders and others to use information from each other, rather than
one whose purpose is to maintain security over system access. From
the abstract of its PIA at http://www.dhs.gov/xlibrary/assets/privacy/
privacy_pia_st_dhelp.pdf,
The DisasterHelp.Gov (DHelp) website or web portal is operated by the
Science and Technology Directorate of the Department of Homeland
Security.1 It is intended to assist political and civil service
leadership, emergency managers, homeland security advisors, and first
responders in the execution of their disaster management
responsibilities. The information on this website will be used to
enhance disaster management on an interagency and intergovernmental
basis by helping users find information and services. The types of
personally identifiable information used will include contact
information for these individuals. The collection of this personally
identifiable information is the reason for this privacy impact
assessment.
Lance J. Hoffman
Distinguished Research Professor Computer Science Department
The George Washington University Washington DC 20052
Phone 202 994-4955 Fax 202 994-4875
My home page is www.cs.gwu.edu/people/faculty-detail.php?personID=102
GW is a Center of Academic Excellence in Information Assurance
Education
Scholarship Info for US citizens: www.seas.gwu.edu/scholarship
On 1/3/07, David Farber <[EMAIL PROTECTED]> wrote:
Begin forwarded message:
From: Ross Stapleton-Gray < [EMAIL PROTECTED]>
Date: January 3, 2007 12:11:26 AM EST
To: [EMAIL PROTECTED]
Subject: DHS puts even more eggs in one basket...
According to Government Computer News, the Department of Homeland
Security is creating a new database "to allow the Homeland Security
Department to monitor the names, passwords, citizenship information
and other data on thousands of IT workers with access to the
department's systems."
http://www.gcn.com/online/vol1_no1/42852-1.html
Passwords???
Ross
----
Ross Stapleton-Gray, Ph.D.
Stapleton-Gray & Associates, Inc.
http://www.stapleton-gray.com
http://www.sortingdoor.com
-------------------------------------------
-----------------------------------------------------------------------
You are subscribed as [EMAIL PROTECTED]
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at:
Archives: http://archives.listbox.com/247/
Modify Your Subscription: http://v2.listbox.com/member/?
&
Unsubscribe: http://v2.listbox.com/unsubscribe/?id=125232-ae3ff294-
uyswntsx
Powered by Listbox: http://www.listbox.com
-------------------------------------------
-----------------------------------------------------------------------
You are subscribed as [email protected]
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at:
Archives: http://archives.listbox.com/247/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=783980&user_secret=1d28ebd3
Unsubscribe: http://v2.listbox.com/unsubscribe/?id=783980-1d28ebd3-yfne8l59
Powered by Listbox: http://www.listbox.com
