Security Watch | Matt Hines » Congress questions security of backup tape sales

January 23, 2008 | Comments: (0)

Congress questions security of backup tape sales

TAGS: Security

Congresswoman Betty McCollum (D-Minn.) has reopened an interesting can of worms on Capitol Hill by sending a letter to the Government Accountability Office requesting an investigation into the potential security implications of a program under which federal agencies are reselling used magnetic data tapes to the public.

According to McCollum's letter, an unofficial test recently conducted on a handful of tapes sold via the program found a wealth of sensitive data still resident on the storage media, including bank account numbers, personal information of government employees, travel expense reports and a range of other financial documents.

The forensic test of the tapes, which are supposed to be wiped clean before re-sale, was conducted by officials at Imation, a maker of removable storage technologies.

McCollum maintains in her plea that the sensitive data mined from the tapes was unearthed using "readily available equipment and information," implying that anyone else with such knowledge could easily replicate the feat.

The Congresswoman directly questioned a previous 2007 GAO review -- launched at the request of the Dept. of Homeland Security based on similar security concerns -- that found that the tapes were indeed wiped of any information before they were made available for sale.

The GAO said that its tests found that the tapes were sufficiently wiped clean of any data, and that they should pose only a low security risk as long as the involved agencies followed established guidelines for erasing any data on the devices.

McCollum claims that the Imation test took only one-and-a-half business days to find the sensitive data, and that it was conducted using only a standard PC and well-known forensics techniques.

"If federal agencies are selling used magnetic storage tapes on the open market with this level of recoverable sensitive data available to anyone with minimal technical skills or equipment, we should all be alarmed and demanding greater accountability," McCollum said. "Federal agencies could be under the impression that the sale of these used tapes is secure, while the fact remains that substantial amounts of highly-sensitive government [data] may be circulating in the open market."

The Congresswoman is "strongly urging" the GAO to launch a broader investigation to ensure that tapes sold by agencies including the Federal Reserve and U.S. Air Force do not contain valuable or sensitive information.

Among the issues that McCollum has asked the GAO to review are which agencies should be allowed to resell their tapes, what processes are used to erase any data on the devices, and how the tapes are reviewed to ensure that they have been wiped before sale.

McCollum is asking other members of Congress to help push the GAO for a second review. Among the politicians copied on her letter were Sen. Joseph Lieberman, chair of the Senate Committee on Homeland Security and Government Affairs, and Sen. Susan Collins, a ranking member on the Senate Committee on Homeland Security and Government Affairs, who had requested the initial 2007 review.

Posted by Matt Hines on January 23, 2008 09:17 AM

RATE THIS ARTICLE: