Personal details of the 600,000 people who have applied to join the armed forces over the last ten years were stolen with an MoD laptop earlier this month, it was admitted late on Friday. The computer was stolen from the car of a junior naval officer, which was parked outside his house overnight in Edgbaston, Birmingham. It isn' …
riddled with unauthorised copies
I think there is a very simple cause of all these loses.
Now that almost all government computing services are run under PFI contracts where requests for new processing or additional queries are additional-cost items, it makes sense for most offices to keep a private copy of the database to reduce the cost of accessing the data.
I predict that government offices are riddled with unauthorised copies of databases.
Its either stolen..or sold
The gov seriously think we can trust an ID card system ? when they cany even protect departmental ones ? is this gov mad ? after all the data thief last yesr, earlier this year, one would imagine that all laptops will have the latest and best encryption, not to mention that anyone not authorized to have the data, should NOT be taking them outside secured area, nevermind parking it outside their house or a car park.
Any one checked the Local Bargain Pages for this yet LOL
Come on guys...
SecureDoc, TrueCrypt, PGP... it ain't fucking hard.
Oh well , I was going to say pack him off for a nice long voyage but since the mighty blighty Royal Navy is but a wraith like shadow on the water and weaker then the floating remains of the once mighty Imperial Japanese Navy at the end of another conflict last century , so thus as we speak that won't happen !
Perhaps a nice long holiday as an inmate in the Tower of London is more appropriate here !
As there is nothing much to see just another useless incompetent wanker pretending to be a sailor and adherent to the "Peter Principle" , move along now !
Or as Paris would say down on her pretend farm reality show "Sh*t happens"
Lets just start over
Issue new ID for everybody. New bank account numbers, New phone numbers. New street addresses. Rename cities. Sale on hair dyes and wigs. Distribute 2 for 1 vouchers on face lifts.
Bring Back the Big Iron
A lot of these problems would be solved by the government going back the the big, heavy, hardware of the past. You know the idea--run everything on a server with some sort of terminal hardware rather than a desktop computer.
And if the personnel database had to be kept on a computer that needed to be plumbed into a decorative fountain for cooling, there's be few worries about laptops. I think they've sold off all those Green Goddesses.
While we're at it, chaining your mobile phone to a concrete block should reduce the number of thefts.
And the rest
"The Ministry of Defence admitted yesterday that it was urgently checking the information thought to be held on more than 400 laptops stolen from the department in the past five years, including at least 68 stolen in 2007 alone."
If it was his own laptop...
Then he might take more bloody care over it. Left overnight in his car? Would he have done that with his own kit?
Make him pay five times the cost for replacement and they may actually look after the kit then. Oh, and then bang him up in a cell for two years too, for negligence under the Naval Discipline Act 1957.
I also want to know why they hold the data for that long, especially if the application was unsuccessful or the applicant withdrew.
It's all a joke really
Tell me so, then we can all wake up happy in the morning and have a laugh along with those hilarious guys and gals who like to teaze us by just pretending that our data is insecure...........................
You'd have thought that there would learn
A laptop was stolen from a Wing Commander David Farquhar's car containing the Desert Storm plans - and that was 17 years ago
"The government may be running out of novel ways to lose identity data. ®"
No, they are just rehearsing for when they have got so much that it doesn't all fit on the server. Sort of like the prison over-crowding crisis, only for electrons.
My guess is that the official response to this will be to re-instate Crown Immunity! And freshen up the Official Secrets Act. Just in case its terrorism related. Oh, did you know it could all have been prevented, if only we had ID cards?
I see a conspiracy!
The gov is letting all this data get "lost" to soften us up and get used to the data loss so that when ID cards are forced on us and they SELL the data from them we will not care.
Tell 'em what's on it
So a laptop was stolen... the thief thought he had a simple laptop to wipe and resell...
Now after all the media, he knows that there is valuable data, which could be sold, used etc. for far greater profit.
There are times when I feel that we the public are better off NOT knowing exact details in favour of not making the situation worse for those whose details were on the laptop.
And all this is just the tip of the iceberg...
I mean, bear in mind these are just the cases we hear about.
I could tell you guys a story about a new government IT system that's currently live but woefully incomplete and a data protection joke, but it'd probably cost me my job. Lets just say it's only a case of security through obscurity that's preventing a free-for-all on sensitive information relating to pretty much everyone in the country.
I'm weighing up my options on how much the tabloids might pay for the story.
There may be
method to all this madness. what it may be, who knows but seriously, all that data over the years so easily "lost" "misplaced" "stolen" from an entity who's security is supposedly equal to none?
It's not the officer's fault
What were the details of 600,000 people doing on a portable device to start with? This sort of data should live in a secure environment. What's the point of the MoD paying a fortune for firewalls and other network security, and locking down the physical security of their buildings - CCTV, guards, ID passes, etc, when they stupidly allow valuable data to reside on a laptop.
Unless their laptops are on a 30 metre steel cord and can't be taken outside of MoD premises or the strongest possible level of hard drive encryption is used, they should expect this sort of thing to happen all the time.
Oh, it does, and they do. My mistake.
Seriously, organisations this incompetent shouldn't be allowed computers. I'm still hacked off at the child benefit fiasco. I haven't seen any heads roll from that screw up. That was a management issue. They should expect moronic staff to do stupid things so they should have procedures to stop it from happening. Like forcing staff who require access to such a database to pass a competency test like they do in some organisations that take security and IT Risk Assessment seriously. Jokers, the lot of them! (My god, they're running the country! Aargh!)
Clear case of overworked MoD personnel
Everyone on El Reg is being terribly harsh to the real victim in this - yes that unnamed MoD worker who is forced to personally handle the cases of some 500,000 wannabe squaddies.
Think about it - how would you like to know the well-being of half a million people is your responsibility? Doubtless the poor fellow was so stressed at being made to carry his work home at night that he made the perfectly understandable mistake of forgetting to take his laptop with him when he popped into the local Spar (or another one of the metropolis' innumerable high-quality all-night self-service consumer boutiques) for a family pack of ProPlus and a barrel of full-fat own-label cola.
Hold on, my associates wish to raise another possibility (although I am shocked to think that they would consider it), that this is a clear case of irresponsible data security with excessive numbers of personal records being duplicated, processed and stored on unsupervised machines.
I think I much prefer my scenario; one where Gerald (I think it should be a Gerald) works tirelessly to serve Britain's finest armed only with only a hot laptop, a cup of Mellow Blend and a chocolate HobNob.
So let's not berate Gerald, let's pray that the Civil Service (especially that magnificent edifice the Home Office) is staffed solely by Geralds!
But the government is infallible...
But the government don't lie or keep secrets. The word incompetent doesn't apply to them.
It seems to me if they want everyone to have ID cards the least they can do is learn to protect such data first. I'm not just referring to the gov, every organisation should prove they can before we uniformly hand over our privacy.
If it was secure, I might not have such an issue with id cards as long as there isn't come kind of law about having it on you and getting it checked every where. I think a smart card built into it that I can assign services like drivers license, health care, bank cards and show credit and so forth all into the one card. I hate carrying so many cards and such all of. I guess the current advantage is that each having it's own security. But that would have to be secure. I'm not happy that my existing info in my wallet is very secure. Frankly right now I don't trust any organisation, including gov, with anything. Too many have their own interests that are not entirely for my benefit.
Actually I might just go burn the contents of my wallet. Hmm maybe I should burn the wallet too since it might have the impression of my bank cards in the leather.
The government has been very lucky. Ten years ago the IRA would have paid a small fortune for the home addresses of certain serving army personnel.
applied not joined
'applied' that and the fact the details were on a laptop; it makes you wonder what the fu*k is going on.
If you saw this happening on a TV series or movie would you believe it ?!
The UK 'X' files :
The Truth (and bank account details) Is Out There;
Trust No One (with your details) ;
I Want to Believe (no one's this thick)
Imagine the government running an ID card system!!
disk encryption, anybody?
Last time I installed an operating system on a laptop (about a month ago, perhaps a little longer) I was offered the option of full disk encryption. I entered a fairly long and non-obvious password and now I know that if my laptop is ever stolen, the trivial and worthless crap on MY laptop will be completely unrecoverable.
How about doing this to laptops with important information on them?
Testing our complacency
Maybe all this data loss is just another way of demonstrating our complacency, that we will put up with just about anything and that they have us just where they want us. Why? Who knows. Maybe to show the overlords that the time is right for colonization? What family jewels we haven't sold, we seem to be giving away for free now.
Taxi! Take me to the free world please driver.
What I can't understand
Is why on earth they keep copying ALL of the data to portable devices like laptops. I can understand if someone needs to go home and do some work on the information, but surely their IT department should be producing them a slice of the database containing the information they need.
If they want more, at least make them dial into a server connected to the Internet, sure you can't make an internet server 100% secure, but it's gotta be safer than these copy's on laptops...
Don't you think it's
about time to require a civil service data security course mandatory for further employment it's not beyond them no one has made it a tarring and branding issue yet it's coming.
Re: Tell 'em what's on it
To be fair (WHY???) they didn't release any of this info for 10 days so there's a reasonable chance the HD has already been wiped.
Not the first time...
Back when we were prepping ourselves for the invasion of the falkland islands, the MoD lost a laptop then aswell.
This one also contained vital information, THE invasion plans! A massive police search went out looking for the guy that nicked it from the backseat of a car.
The police officer who arrived to question the chap who'd had the laptop on the backseat asked;
"Is there anyone we should notify?"
"Yeah... I think the prime minister should know."
It's bound to happen again.
As I noted before christmas, and it did. And it will happen again. I wonder how many of our outraged contributors wander around with data files they shouldn't, leave their laptops where they shouldn't.... The government, private companies, clubs, charities, in fact just about everybody has been loosing peoples records for years and years, but it is only in the past few years with the widespread adoption of computing by private individuals that it has become a real issue. Loose a tape with this data on, in the past who can read it, certaily only someone with the right tape drive and O/S. Now virtually everybody uses the same O/S and puts things on DVDs or CDs that can be read by any computer.
It would be nice if some of our more vitriolic contributors actually said constructive things, rather than made stupid comments about the ability of government to protect data, ultimately it isn';t goverment you have to worry about, it's people. The government already has all the procedures in place needed to protect your data, and they do the vast majority of the people involved do the vast majority of the time. But it just takes a moments lapse, for the most mundane of reasons, for a mistake to happen. I suspect most of these commentators have never lost any data for any reason, exceeded the speed limit or ever done anything wrong. Its nice to lay blame, to crow about others misfortunes, but a darn sight harder to put yourself in their place and work to see that it doesnt't happen again. The officer involved will never make that mistake again regardless, but others will.
Roundabout stalker alert!
"The motorist who found them, however, claims he found similar documents in the same place last November."
How does he do this just stop in the middle of the roundbaout, hazzard lights a blinking and get out????
"Back when we were prepping ourselves for the invasion of the falkland islands, the MoD lost a laptop then as well. This one also contained vital information, THE invasion plans!"
Er...I didn't think we were the ones who invaded the Falklands, were we?
And I think anyone using a "laptop" in 1982 would probably have risked injury.
It will happen again?
' government already has all the procedures in place needed to protect your data, and they do the vast majority of the people involved do the vast majority of the time'
Then it might be rather nice if they implemented them once in a while. Allowing a junior officer to have access to 60,000 database entries and just dump them to his laptop?
We're not talking human error here. Human error simply exposes the issue. We're talking about systematic and repeated failures in control. Is that the Government's fault? Damned right it is........
Incidentally, has 'I left the laptop in the car overnight' the modern equivalent of 'the dog eat my homework?'
It would/should have been
A very secure laptop with non-trivial passwords for the BIOS, hard-drive and operating system. Lots of numbers...
If not then I expect heads will roll, not just his.
Don't ask me how I know...
Trust the bloody Navy....
Thanks chaps. There was a reason I signed up to the RAF, and not the bloody Navy. There I was stupidly thinking they wouldn't retain any pertinent data 7 years later!
I imagine if the data was encrypted, it would have been announced sharpish. At best, it'll be a password protected excel sheet.
I suppose on the plus side, whoever nicked it will get nid of sharpish. If they got caught, I imagine they could do them on all sorts of lovely charges for handling MOD property and 'data'. (Porn links and trojans from experience)
Data protection racket
Now correct me if I'm wrong but doesnt the DPA require that data should not be stored for longer than necessaery and also (more importantly) that it should be accurate.
How can many (copied) versions of data that isnt synchronised be kept up to date??
£5 per entry
Well the price of a 'Number plate to Address conversion' is apparent worth £5 a pop according to the DVLA. So think what all these magic details are worth per person!
And they trust all this data to Junior naval officers? It only takes one of them to cash in on that data and it's lost.
Hey, just set up shop, sell the data on people who applied for Navy jobs to any company that wants it. There's always data held by government that commercial companies would like to get their hands on for their own commercial gain, if the DVLA can do it, then why not the Navy?
If car parking companies can make a business out of fining people who park in Tescos and the DVLA makes it an automated system so that it can be very very profitable, then think what new business opportunities can be created by selling their bank, and health data?
You could sell it to insurance companies that want to avoid risk takers (applying for army? Risk taker!).
You could sell it to drug companies that want to test risky drugs. (Where will we find people who take risks? I know Army recruitment has a database for sale).
You could sell it to anti-war groups who want to target soldiers with propaganda.
You could sell it to litigation companies who want to sue for 'Gulf War Syndrome'.
The opportunities are endless! It's double plus Blair goodness!
Heads should roll!
I fail to see why CD's of data ever need to go in the post. They cant suggest for one second its more secure then sending it over the net with encryption. I mean heck we can all download a couple of gigs worth over night now so whats the problem? Laptops should NEVER hold a database of sensitive stuff unless essential and then it must be at least a complex 16 + character password and encrypt the entire disk plus bios locks. USB memory cards and sticks should be banned from containing any public persons data...........period. They must lose hundreds of these things a week and most are FAT32 and open.
Those that need access to data on a large public scale should only do it via a centralized server with a couple of layers of VPN. Then if a lappy goes missing there is nothing on it at all to worry about its just a dumb box.
@disk encryption, anybody?
"I entered a fairly long and non-obvious password"
the penguin doesn't work in support obviously.
apply this to thousands of machines and you need to have some type of system for techies to guess this password (based on serial number or asset tag, lose the sticker for either and you are screwed), which means its not secure. Techies change jobs and talk too.
If the user enters it, when the machine goes to another user later on when that person leaves, then no-one knows the password. The user forgets the password (long and non obvious), then you are screwed when you have a whining user saying "but I need that data, can't you do anything"
Ok for home users (unless they forget the long and not obvious password), not so good across an enterprise
All that horse-crap they feed the Private Sector...
about being secure and making us all bend over backwards just to get some insignificant data. Then they send it in an unencrypted CD, unprotectivley marked, and without any security.
It wasn't nicked because the theif probably couldn't be arsed!
@It's bound to happen again.
Good points, well made, I agree.
Also, JSP440 (MODs security framework/policy document) states that disk encryption must be used. Since we don't know otherwise at this stage, I'd bet the disk is encrypted.
@ Bracken Dawson
No - imagine them running a National Identity Scheme, which is what it officially is.
We'll tell you who you are!
@ It's bound to happen again
If you loose a tape you can use a pencil to wind it up again ...
But seriously, there are things that are top priority in every job, things where you can't afford any slips. Mistakes happen, but that's why you have failsafe and contingency plans.
Why not keep data in...
... a DATABASE!!! Not on laptops, or CDs, or DVDs, etc. This way, the data can be accessed by secure clients, and not by any old johnny breaking into a car. Come on guys - we should be bang up to the jet-age by now.
On a brighter note, the worst that could happen is that someone could pay money into their bank accounts. Oh, hang on....
It's blatantly intentional!
Can you think of a BETTER way to FORCE the biometric ID card into circulation than having it be the ONLY way to ensure that the copy of your personal information taken AT THAT TIME is correct?!
Yeah, it's black helicopter time, but it's not paranoia if they really are after you. Which they are, whether you like it or not.
By the way, I do realise there's nothing we can do about it now, which is why i'm retraining and moving to Australia. Sod this place.
Encryption isn't the solution
Reading through the comments over the weekend about this theft. A lot of people have been suggesting the use of Encryption. Encryption is a means of slowing down the theives from accessing the data, but if they want to get to the data then they will know how too, it may take days, but they can get to it.
Anyone looking for a method of securing laptop should look at a method of ensuring the data is removed should the machine fall in the wrong hands. The best tool I have seen for this is backstopp (www.backstopp.com). They also have a white paper suggesting methods on how these stories can be stopped. We found them extremely useful.
Something has to be done to protect our identities and our bank accounts.
Gerald is a stupid twat
When I was a humble placement student and had a work laptop, I always took it home. Even if I'd already made two trips from car to third-floor flat with heavy shopping in the pouring rain, I always went back for the laptop. Why? Because that was what I was supposed to do, because laptops are expensive and more to the point, it had confidential financial information on our clients on it.
And this isn't just a bit of nose-in-the-air "would never happen to me" oneupmanship, because sailors are supposed to be trained to obey orders without thought or question. "Don't leave your laptop in the car" should be a fairly easy order to comprehend, only slightly more difficult than "Don't jump off the boat into that big blue thing".
If I'd lost that laptop, my employer could easily have lost some of their business and I would hope that I would never be allowed to work in the industry again. I expect Gerald, being a government employee, will get off with a slap on the wrist. What he needs is a good keelhauling.
You're right, completely right. But this is the public sector so would be unlikely to adopt such software without a multi-million pound investigation as to its feasability.
We are all saying encryption because it is at least a step in the right direction!
his gives me an idea
If we steal every laptop we see in train stations, left on car seats, on park benchs and where ever else fools leave their laptops we will have more data about the UK population then the ONS?
"When I was a humble placement student and had a work laptop, I always took it home. Even if I'd already made two trips from car to third-floor flat with heavy shopping in the pouring rain, I always went back for the laptop."
You left your laptop in the car whilst you unpacked the shopping?!?
What you need is a good keelhauling.
God you lot are soo Thick!
The Goverment has watched this forum and seen the evils of "M$" and how super duper, answer for everyting, super-secure, never goes wrong Open Source is.
So therefore, by default, if you share everyones bank details, Passport numbers, Home Adresess, choice of contraception,etc. etc. then by using the Open Source method, it will be perfectly safe and secure.