An incredible screwup

Stop me if you’ve heard this one before.

An employee violates office rules by taking home an office laptop containing sensitive information about citizens. Thieves steal the laptop. Suddenly trusting citizens are plunged into risk of becoming victims of the crime of our time: identity theft.

On May 22, more than 26 million U.S. military veterans got the news that they had been thrust into harm’s way once again by their government _ this time, by the culpable mindlessness of one Veterans Affairs Department employee. A week earlier, some 50,000 people who live in Washington’s Maryland suburbs got word that it had been done to them _ not by their government, but by their bank, or more precisely by the culpable mindlessness of one bank employee. The cases and the crimes that made victims of the VA’s veterans and the bank’s customers appear eerily identical.

In Washington, VA Secretary Jim Nicholson wrote a letter informing all affected veterans of the crime that left them vulnerable to identity theft and credit card fraud. A VA employee violated department policy by taking home a laptop computer containing the names, birth dates and Social Security numbers of all veterans who were discharged after 1975. The laptop was reported as having been stolen from the employee’s home in Washington’s Maryland suburbs. Nicholson wrote that the FBI and police believe “this was a random burglary and not targeted at this data.”

In suburban Maryland, Mercantile Potomac Bank President Kenneth C. Cook wrote a letter dated May 12 to his bank’s clients, informing them of a theft that occurred a week earlier: “Dear Valued Client: On May 5, 2006, a laptop computer belonging to Mercantile Potomac Bank was stolen from an employee in what appears to be a random theft. The laptop, which contained sensitive customer information including your name, address, social security number, account number(s) and balance(s), and credit loan limit(s), was removed from the Bank’s premises by the employee in violation of internal policies.” Cook wrote that the bank would pay for a customer credit monitoring and identity theft protection service for one year.

So here we are, citizens of the 21st century _ all of us either victims or on the verge of victimhood, due to circumstances beyond our control. The numerology of our lives is loaded into computers we have never even met. Those computers are in the hands of people we have never even met. And those people may be willful or dysfunctional or, as occasionally happens, both.

On Monday, just a few blocks away from where the VA was announcing the laptop theft put at risk the identity of 26.5 million veterans, a brand new presidential task force convened its very first meeting. It was, of course, President Bush’s Identity Theft Task Force. Its chairman is Attorney General Alberto Gonzales. Its membership includes just about everybody who is a secretary of anything.

Actually, you might call it the second meeting, because the group also met at the White House on May 10. That wasn’t a working session, but a show-and-tell in which the president and task force heard from citizens who became victims of identity theft that robbed them of both their names and their money. “Identity theft is a serious problem in America,” said the president. “I have just listened to the horror stories from fellow citizens who have had their identities stolen.” The president promised a new and aggressive crackdown on identity theft. He spoke with the same urgency he had used when he addressed the same problem in 2004 and 2005.

Meanwhile, back at Veterans Affairs, the inspector general has long been critical of the department’s information security, especially its lack of urgency at fixing known problems. In a November 2005 report, Acting Inspector General Jon A. Wooditch wrote that the “VA has not been able to effectively address its significant information security vulnerabilities.” He noted that eight months earlier, his office had made 16 recommendations, but “all 16 recommendations for improvement remain unimplemented.”

Time out. We need to revisit that notion expressed just paragraphs ago, the one that blamed the identity theft crisis of the veterans and those bank customers on the “culpable mindlessness” of one employee at the VA and the bank. That’s clearly wrong.

It is the collective, culpable mindlessness of our bureaucracies _ governmental and corporate _ that is to blame. They’ve long known of the problem. But they just keep passing the buck while the laptops keep walking out the door.

(Martin Schram writes political analysis for Scripps Howard News Service. E-mail him at martin.schram(at)