The Trip

By Baselinemag  |  Posted 2006-12-06 Email Print this article Print
 
 
 
 
 
 
 

WEBINAR: Live Date: December 14, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT

Modernizing Authentication — What It Takes to Transform Secure Access REGISTER >

Technology teams at Chevron, Hendrick Motorsports and the Bank of New York are named in our annual report of the starkest I.T. lessons of the last year. Did those companies shine or earn demerits?

-Ups">
The Trip-Ups
18,000
Pivotal votes feared lost by an e-voting system in a disputed congressional election.

"Not again!" That was the collective moan from Florida, where the state is embroiled in yet another controversy involving electronic voting machines.

Many observers of last month's elections declared the use of electronic voting systems a success, based on the fact that there was no widespread meltdown as some critics had predicted. New voting machines were, in fact, used in nearly one-third of U.S. precincts, and most problems were described as hiccups or human-related errors.

But in elections, there can be no room for error, and once again e-voting failed to earn a vote of confidence.

In Florida, for example, election officials were trying to figure out what went wrong in a bitterly contested congressional race. Democrat Christine Jennings lost to her Republican opponent, Vern Buchanan, by just 373 votes. But for some reason, more than 18,000 voters in Sarasota County, or 13% of those who cast ballots, did not seem to register a vote in the congressional race. They cast ballots for the Senate and more obscure races, like electing hospital board members, but not for their member of Congress.

Election officials were investigating a number of causes, including a lack of interest in the congressional race, and poorly designed software that may have made it difficult for voters to find the congressional section of the election. However, voters in neighboring counties did not show the same lack of interest, and election officials received more than 100 complaints from voters who said their congressional choice did not show up on the summary screen at the end of their voting.

It didn't help that there was no paper backup for the electronically cast votes in the Florida race, meaning lost votes were, indeed, lost.

Other glitches abounded. In Marion County, Ind., for instance, officials in 175 precincts were forced to turn to paper when workers had difficulty firing up their electronic voting machines. In Ohio, problems with

e-voting machines in Franklin County were so prevalent that the telephone system crashed for 90 minutes under the weight of resulting phone calls, the Columbus Dispatch reported. And in a number of states, polling hours had to be extended because technical malfunctions with the electronic machines forced harried election workers to resort to paper ballots.

Bruce Schneier, chief technology officer of computer security firm BT Counterpane, says that while there may have been fewer problems with electronic voting machines this time around, that hardly qualifies the technology as a success. The greater problem is that the machines cannot be properly audited. "Electronic voting machines don't leave evidence—and that's the problem," he says. "If votes were lost or manipulated in any way, we don't know." —Mel Duvall

26.5 million
Number of Social Security numbers exposed because of a stolen laptop at the Department of Veterans Affairs.

In this era of hyper-concern over identity theft, you might imagine that federal government agencies entrusted to safeguard public records would long ago have figured out how to protect the names and Social Security numbers of millions of Americans.

You'd be wrong. The U.S. Department of Veterans Affairs became this year's poster child for lost data after May's theft of an employee's laptop from home; the laptop contained the personal records of 26.5 million veterans and current servicepeople, records on some of their spouses, and the disabilities for which veterans were being compensated.

The embarrassing data breach set off a mad scramble on the part of the Veterans Affairs Department to shore up its lax security measures, while assuring Congress that the agency was doing everything possible to prevent a similar incident in the future.

Damage Control

As part of the initial patch-and-fill effort, the VA spent $9 million to staff a new call center to handle inquiries, as well as another $7 million to mail letters to individuals affected by the data loss.

The VA also initially asked Congress for an additional $131.5 million to provide credit monitoring services to veterans. The credit monitoring plan, which later was scrapped, was viewed as a means to prevent identity theft among the 26.5 million military people whose records had been stolen. Fortunately for the VA, the thieves weren't big-time identity crooks out to make megabucks hawking the personal records of veterans over the Web for a couple of hundred bucks a pop. In fact, the FBI, which recovered the laptop, was reasonably sure the data hadn't been misused or even accessed.

But the lesson was clear. "Humans don't always conform to policies, so we need some technological controls over someone who may not comply with the policy," says former White House security adviser Howard Schmidt, whose personal information was taken in the break-in.

Since the incident, the Veterans Affairs Department has:

  • Beefed up security and privacy awareness training for employees.

  • Made employees affirm that they understand and are committed to security and privacy.

  • Encrypted hard drives on laptops that leave the premises.

  • All it took was a routine home burglary to get the government to take information security seriously. —Doug Bartholomew
    $12 billion
    The cost overrun, to date, of Britain's ill-fated national health-information systems project.

    What was budgeted at $12 billion is now at $24 billion and counting. That's what England's National Health Service (NHS) has spent to implement the biggest non-military I.T. project ever—and what some are arguing may be the biggest I.T. disaster on record as well.

    Called the National Program for Information Technology (NPfIT) and begun three years ago, the 10-year project is supposed to digitize England's entire health-care system; deliver electronic NHS lifelong care records for every patient in England (50 million-plus of them); offer patients and doctors the capability of ordering prescriptions online; and allow patients to schedule appointments and procedures electronically through a service called Choose and Book.

    Originally budgeted at just under $12 billion, NPfIT has been plagued from the get-go by delays, cost overruns and vendor concerns. Among the problems: After claiming it was losing upward of $450 million on its NPfIT contract, which stipulates that vendors don't collect until they deliver, the project's biggest contractor, Accenture, walked away in September—turning its back on $3.75 billion in potential revenue. There has also been a two-year delay in the development of the Lorenzo health-care application suite by U.K.-based iSoft, the largest health-care vendor in Europe.

    More recently, according to newsletter E-Health Insider, 18 of the 24 major hospital patient administration systems (PASes) were not delivered at the end of October as scheduled. The systems are being installed by the project's remaining primary vendors, Computer Sciences Corp., Fujitsu and BT. At the same time, iSoft, the company at the heart of the NPfIT overhaul, has been seeking a takeover deal that would rescue it from mounting debt, says U.K. newspaper The Guardian. The company announced a pre-tax loss of about $600 million for the year ended April 30, 2006. —Laton McCartney



  • <123
     
     
     
     
     
     
     
     
     



















     
     
     
     
     
     

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters