A series of audits by the Department of Justice (DOJ) has documented stunningly lax security for laptop computers owned by federal law enforcement agencies. A 2007 report by DOJ’s Inspector General pegged the number of laptops lost, missing, or stolen from the Federal Bureau of Investigation (FBI) at 160 over 44 months. In many cases, the FBI “could not determine whether the lost or stolen laptop computers contained sensitive or classified information.” A 2008 DOJ audit of the Drug Enforcement Administration found 231 laptops went missing over 66 months. Another audit that year of the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) found 418 laptops gone over 59 months. The reports are strewn with examples of missing or stolen computers that went completely or partly undocumented, making it difficult to determine if the laptops held secure information. And in many instances, the missing laptops had not had encryption technology installed that would keep someone from accessing sensitive information — on criminal targets or government informants. According to a 2008 Government Accountability Office (GAO) report, about 70 percent of laptops and handheld devices across the major government agencies lack recommended encryption software. Ultimately, these missing, unencrypted laptops increase the risk that national security might be compromised or that Americans might have their identities stolen.
Follow-up:
The GAO reported in June that agencies are working on installing appropriate encryption software, though “none had documented comprehensive plans.” As a result, said the report, “federal information may remain at increased risk of unauthorized disclosure, loss, and modification.”