It will typically cost an identity thief around $2.99.

An article in today’s New York Times announced that researchers discovered that anyone can unlock data encryption on a PC hard drive merely by opening the case and blasting the chips with a can of compressed air, causing the data to remain in memory, allowing easy access in unencrypted form. Of course, this involves physical access to the computer.

I’m guessing we’re going to start seeing machines with securely sealed cases and other physical mechanisms to foil this approach.

Meanwhile, this makes me feel *so* much better about all those stories of laptops, loaded to the gills with thousands of consumer credit card numbers and other personally-identifying data records on the hard drive, and then stolen while travelling homeward with some road warrior.

Legally, I’d like to see a company in possession of my credit card number and other personally identifying data warrant and represent to me that they don’t allow data to leave their physical premises. Particularly since in the US (unlike the EU), I don’t have any effective legal controls to hold a third party entrusted with my data accountable for losing it. I’ll certainly be adding language covering this to my requirements of the vendor in my clients’ user-side development contracts.

As long as there are going to be laptops, there are going to be issues of data leaks and identity theft. (Privacy Rights Clearinghouse has documented data breaches of an estimated 218,000,000 data breaches in the US alone, here.)

Anyone know whether this can be avoided by better software or chip design?