Fidelity: worry, Google: stupid (and duke of uke)

Welcome to today's IT Blogwatch, in which Fidelity loses a laptop, and Google makes people stupid. Not to mention a little something for ukulele aficionados...

The title of Jacob's blog entry says it all: Simply staggering: "It looks like a laptop loss at Fidelity exposed personal information for almost 200,000 people enrolled in a Hewlett-Packard-sponsored retirement program ... What's more, Ernst & Young has reported *yet another laptop loss* exposing personal information for all 38,000 BP employees in the US ... Now, I’m not imagining that laptop losses are anything new. has some history on laptop losses here. What’s staggering to me is the fact that companies so carelessly store personally identifiable information on laptops. Ernst & Young, in particular, has acted egregiously by claiming nothing bad has happened to the data on the missing laptops, because the laptop is password protected. *blink* ... Even their brazen, flimsy excuses like 'the file name containing their info did not indicate what type of information was on the laptop' ... don’t surprise me. I was originally surprised that they would be so short-sighted as to invite more scrutiny and government legislation into their operations and the work of every company that stores personal data, but then I realized that companies like EY stand to gain substantially from additional data security regulations. I wish I could say the same for the individuals impacted by recent events."

» John Monaghan: "These stories have been in  the news for many years and come out of many different organizations (Banks, state agencies, retail organizations, etc.).  The stories are a repeat of the same offense ' a laptop was stolen containing...'.  Ok, there is a serious problem here and a simple solution that should go lengths in improving security ... If it's on a laptop, it must be encrypted ... If a few of them get smacked hard with penalties (jail time for officers maybe) then the message will sink in ... there has been a major effort undertaken to protect the integrity and security of the data ... We are all capable of doing a better job."

» Douglas Schweitzer suggests: "Absolute software offers a recovery service called LoJack for Laptops that helps law enforcement recover stolen laptops ... sounds really good it won't do you much good if the data has already been stolen – and savvy thieves work quickly. For this reason you should also take the extra step of encrypting all sensitive data so that said data will be difficult or even impossible to decipher while you’re trying to retrieve your laptop ... TrueCrypt, an open source utility that creates a virtual encrypted disk within a file and mounts it as a real disk. For additional reading, look here."

» Fidelity Observer: "Seems like Fidelity doesn't really take the security of its customers' data very seriously ... Fidelity claims that the 'license for the software which contained the data has expired. As a result, the scrambled data is difficult to interpret... it is in a form that is generally unusable.' ...  I am already disappointed that Fidelity sends customer data to India, a country which has ineffective criminal penalties for data that is stolen or illegally sold. Now I find out that employees can walk out of the office with a laptop containing sensitive information of its customers."

» Joshua Feinberg: "Many are questioning why important information such as this was on a laptop at all. A Fidelity spokesperson sent an e-mailed statement asserting that the company typically doesn't make it a habit of keeping information on laptops and limits the availability of such information to times when it is required for meetings with clients that involves the data directly ... Fidelity has also added extra security measures that require new and added authentication to gain access to the HP accounts in question." [Shutting the gate after the horse has bolted?]

Does Google make people dumb? asks Amit Agarwal: "When graduate students at Tel Aviv University were asked to find on the Web, with no time limit, a picture of the Mona Lisa, the complete text of either 'Robinson Crusoe' or 'David Copperfield', and a recipe for apple pie accompanied by a photograph, only 15 percent succeeded at all three assignments ... In the good-old days of AltaVista, a searcher had to learn how to construct a search statement, like, say, 'Engelbert Humperdinck and not Las Vegas' for the opera composer rather than the contemporary singer. It took practice to produce usable results. Google has changed the game ... Ed [Edward Tenner of The NYTimes] even dislikes the Google PageRank method. His argument: Instead of looking at which papers are cited most often in the most influential journals, it measures how often Web pages are linked to highly ranked sites - ranked by links to themselves. As a solution, Ed would like Google himself to educate users about the power -- and frequent advisability -- of its advanced search options. It would be a shame if brilliant technology were to end up threatening the kind of intellect that produced it."

» Larry Borsato thinks lazier, not dumber: "Google (and other search engines presumably) make it so easy to find information that people disregard the quality of the information, but assuming they have an answer they dig no deeper ... I believe that this would make them lazy, but I can't see how it makes them dumber. Even if the information is completely incorrect, that just makes them misinformed ... And even with incredible algorithms, if can still only make a best guess of what is most relevant. And blaming the tool because people don't use it correctly is just silly ... at the library, using their online card catalog to help him find books for a project. We could have stopped looking after we found the first book. But he wanted more in-depth information so we searched further, and into related areas. If I stopped at the first match I found in the card catalog, does that make me dumber?"

Buffer overflow:

And finally... Monday morning fix for Ukulele addicts [amazing stuff]

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at Also contributing to today's post: Judi Dey, our very own Antipodean (safely returned from the rigors of Oz's Commonwealth Games success).

Copyright © 2006 IDG Communications, Inc.

Shop Tech Products at Amazon