While alarming on a number of levels, this falls right in line with other instances of the administration crossing proverbial lines in an attempt fight terrorism. Whether that conflicts with our civil liberties is a can of worms that will be left well enough alone here. Rather, what's interesting in this situation is how the violations occurred in the first place.

Most of the information came from transcripts of domestic phone calls and emails, and financial transactions. As reported by the Washington Post, the majority of the violations -- about 700 of more than 1,000 - were instances in which telephone companies and Internet providers gave FBI agents phone and e-mail records they did not request and were not authorized to collect. The agents, of course, accepted the bonus information without a word.

What does this tell us? People don't even know what they're sitting on in terms of sensitive data, nor do they know the proper protocols for how to handle that data. And how could they? Certainly, none of the individuals in this situation knowingly violated federal law -- they likely were trying to be as accommodating to federal agents as possible.

It's a typical case of processes not keeping up with technology. And ironically, the solution may very well be more technology. Ideally, those employees with the telephone companies and Internet providers should not have been able to transfer the information -- or at least should have been alerted to the sensitivity of the data being accessed. More and more, commercial businesses and government agencies are realizing the need for access controls, but applications that set policies for how data is treated once it's accessed are less often incorporated into security solutions -- at least not to the fullest extent. These need to involve parameters not only for how (or if) users can transfer information, but also for what information can be downloaded, saved and even printed. Such applications are out there -- many in place to protect confidential information housed in government systems -- but they need to be more widely implemented.

From lost government-issued laptops to FBI agents flipping badges in the name of security, users can't be the ultimate enforcer of data protection.