US sets deadline to halt data theft

The US government has set an early August deadline for government agencies to encrypt sensitive data after the embarrassing theft of millions of veterans' personal information, but experts warn a quick technology fix will not cure security problems, a Reuters report said.

The report said that while encryption and other security technology could help, slipshod handling of data and equipment, poor training and the slow moving government bureaucracy were seen as the main causes of vulnerability.

"The White House directive is a good first step, but we're concerned about the time frame," John Dasher, director of product management at encryption software maker PGP, was quoted as saying. "Do they have funds budgeted and allocated‾ These are the nuts and bolts of the procurement process."

Companies, including PGP, are eager to sell existing encryption and other security software to the government that can be deployed in a matter of weeks. But several executives interviewed by Reuters said agencies must first consider basic concepts of data security before buying software.

"I'll bet many organizations can't even tell you where sensitive data is," said Chris Voice, CTO at security software maker Entrust. "Not only should certain data be stored and encrypted properly, but certain people should not have access to it to begin with it."