NYT takes aim at VA

Following another lost laptop containing vet data, The NYT editorial page this morning takes aim at the VA under the headline "Rebooting Veterans Affairs."

It sounds like the summer sequel to a techno-horror film: The Veterans Affairs Department has lost yet another computer filled with data that identity thieves would pay handsomely to rifle. The first missing computer, a laptop that a V.A. worker blithely took home, had information on millions of veterans and active soldiers. After an anxious six-week search, it was recovered last month, supposedly uncompromised. Two teenagers were charged with taking it from the V.A. worker's home.

V.A. Secretary Jim Nicholson, abashed at not being told of the theft for two weeks, apologized and vowed that his agency would set the "gold standard" for securing vital government records. Fool's gold, so far. The latest V.A. data trove reported at large is a desktop computer that somehow disappeared from a subcontractor's supposedly secure area, leaving an estimated 38,000 medical patients at risk in Pennsylvania. There have been at least two other cases of lost V.A. data involving 16,000 people in Indianapolis and Minneapolis. All this is no surprise to the agency's inspector general, who has written four years of audits warning that V.A. data security is riddled with uncorrected problems.

The harrowing mishaps are doubly alarming for raising questions about the state of computer security across the rest of the federal bureaucracy. Congressional outrage will prove useless unless far firmer safeguards are demanded — from mandatory encryption of identity information to physical security for computer outlets. Critics' demand for management change at Veterans Affairs is hardly the full solution for such a pernicious and potentially far more widespread problem.