Encryption software anyone?
Gordon Brown’s government has lost another batch of sensitive information, this time courtesy of one of his own cabinet ministers. A laptop belonging to Hazel Blears, the Communities and Local Government secretary, was stolen from her constituency office in Salford over the weekend, it emerged this afternoon. The Press …
Encryption software anyone?
there is no point in making it secret if the tw*ts can't keep it secret. If it was open information then no one would bother looking at it as it would not be worth looking at as everyone would know what it contains and there would be no advantage to anyone.
Look, if everyones CC details, DOB, Bank, Address etc was openly available what would be the point in identity fraud, we would all be able to defraud the fraudsters and the value of the information would be 0.
While we are at it lets get rid of money, and shops, and 'pooters and t'internet.
Right I am off to live in Brazil in the Mountains close to Peru and shoot arrows from my trusty bow at unmanned drone aircraft.
Now shall I paint myself red, blue yellow, orange, green or purple?
Mine is the tin of body paint by the radiator.
I feel sorry for all those poor British double agents, who traded their integrity for the dream of owning a Swiss Chalet or estate in the Bahamas. What foreign spy would pay them for their secrets, when all the spy has to do is ride the circle line until some idiot drops a dossier?
'The BBC however reported that “the machine contained a combination of constituency and government information which should not have been held on it". These included “sensitive documents relating to defence and extremism,” the Beeb said.'
So Hazel's been using her computer in breach of her conditions of employment - I say a nice light firing is in order.
It needs to fall into the wrong hands, Top Secret data relating to this special project or the other, winging its merry way to Mr Alan Qaeda.
Oh look, a lovely big explosion here or there.
Then it will be our fault for not being vigilant enough, same as global warming's our fault for leaving a telly on standby..
Oh no, never their faults, big companies/government doing exactly how they please, it would be nice if we lived in a world where this shit doesn't matter, but it does and they need to get their heads out of their arses and protect us for fucks sake, WITHOUT eroding our freedoms in the process.
It seems pointless to complain, nothing will change, until I take a personal march down to London and kick that fat twats hairy arse out of #10. Even that wouldn't matter, we'll just get another arsehole in power instead.
Anyway, I'll be the first off this hell hole of a planet the day FTL drives are invented.
Culturally, the first UK government failing is that they misunderstand data. They truly believe that 'official' information belongs to THEM. This means to include that information about YOU, once held by ANY HMG department it is 'official' and belongs to HMG and that it relates to, or refers to, you is now irrelevant. The second cultural failing is they seem unable to distinguish between 'policy' (see 3) and putting policy into practice (see 4). The third cultural failing is a lingering belief that security-by-obscurity works. (Contrast the Canadian Security Policy (available on the www), the opening sentence of which says something along the lines of: "The CSP exists to safeguard the security and welbeing of Canadians" with the opening CHAPTER of the UK equivalent (that I will not name but will let you know is NOT available on the www), which woffles on and on (you need to take my word on this, most of you) about 'official information' without bothering to defnie what 'official' actually means or ever mentioning 'people').
Technically, the UK government failing is that they think abandoning an encrypted laptop in a tapas bar (or similar) is not the same as abandoning a piece of paper on the 10:42 Waterloo to Strawberry Hill (or similar). Narrowly, they are correct, the failing is misunderstanding the public perception. The crypto on la Blears machine will be deemed to 'downgrade' SECRET to RESTRICTED. That the machine is at RESTRICTED means our Minister should have, as a bare minimum, PUT IT AWAY, in a locked filing cabinet would probably suffice.
Procedually, the UK government failing is that they have all sorts of policy in place, but it is not effectively pursued. You would not want all the HMG 'policy' printed in hard copy on A4 to land on your head - it would HURT. The policy requires frequent audits, checks, balances, awareness refreshers &c to be conducted. Sady, reality at the coal face is that lip service is paid to 'policy'.
The personal failing is that significantly less than 1% seem to actually CARE.
You really can't. My flabber is well and truly gasted.
"...the contents of the PC are protected..."
What are the odds they'll have to admit a rather significant yellow sticky is also missing, it's contents not so protected?
Quick, everybody to the 'government laptop' section of Ebay.
Stu's right. Why the hell are people that don't know how to encrypt data or work with data on servers without downloading it to their portable laptops being given access to secret data in the first place?
Set the BIOS password, set the BIOS password ...
(In fact, don't even _issue_ the laptop to the politico without having this set, and recorded in a repository looked after by someone who understands these things, say someone from GCHQ)
Why is your government suddenly so forthcoming about laptops gone missing? Methinks there may be a hidden agenda to bludgeon the public into acceptance of the perception that privacy is impossible.
Probably just downloaded pron on that machine anyway
Hazel blears losing top-secret, potentially dangerous or atleast important information, or, there not being anything of value on what is undoubtedly an expensive, paid-for-by-tax laptop bought so that it could be worked on. Except her holiday plans and pictures she hasn't yet added to myspace.
Of course i'm being sarcastic! i don't honestly expect there to be work on it.
with all of your biometric data, says Gordon.
British politicians should be kept away from IT in much the same way, and for much the same reasons, that children are kept away from sharp objects.
I agree with John. There is something else (I don't know what it is yet) that they have been told to force through (by their bosses at the Berlaymont Building). Its being timed for now so that they can bring out some grave announcement to try to spoil David Davis's efforts to put the civil liberties issue firmly onto the public agenda.
Don't give them ANY data on the laptop. Buy them a 3G card and keep all the data safely away on a server - unable to download it; in fact, punish them - make them run Citrix over 3G so all the PC gets is the image of the data. Yes, there may well be images in the Windows Swap file, but we're talking about Restricted data, not SECRET data.
Either that or install TrueCrypt on all the machines - it's SO EASY ! OK, the NSA can read it but we trust the NSA... don't we ?
Last thing, make it a disciplinary offence not to keep data encrypted. You can't stop laptops being stolen, you can make it an offence to keep certain types of data unencrypted. It's bit like a company car - cars will get stolen - can't punish people for that, but if you leave the keys in the ignition...
Where can I go to get thick so I can get into politics?
The British Empire neds me.
Ah here's a tricky one, do I put a Paris Hilton on here and show I know what's what or do I forget to and make myself look good?
I'll just check it with my honourable friend.
As they're saying there was no secret or top secret information, this presumably means there *was* confidential and restricted stuff. Quite why someone who sets government policy was walking around with confidential information in the plain on a laptop ... well, it needs more than "a tightening of policy", it's negligence which merits at least sackings, if not prison.
Still, it puts the inadequacies of the NHS spine in perspective.
[posted as AC coz my employers sell lots of laptops to government departments]
Downgrade to RESTRICTED but only as a comparative paper document - i.e. still RESTRICTED but in the wrong hands.
If you think that this is the worst HMG can do, start to panic now and pack your bags. There are plans afoot to 'ensure' information integrity across government that means that they will determine who / what can connect to their services. If your AV isn't up to date, you can't do your Tax return......no HW firewall, no access to YOUR medical records......etc
Will the last one to leave the country please turn off the lights (if we still have electricity at that point).
Paris because we all going to get it in the ass.
... citizens were not alarmed by the government's demands for biometric data, saying this was proved by the fact that “many people now have laptops activated by finger-scans.”
So its one rule for us, but another rule for them.
No change there, then.
How do we know it was actually stolen? Maybe she really left it on one of those Waterloo trains and is too embarassed to admit to that after last week's headlines.
This story gets better and better...
Aparently it wasn't her fault she lost some very sensative information, it was (now) the fault of a Civil Servant who sent her the information, by email!!!
Hazel Blears loses lap top ... impossible to believe she even knew how to switch it on, never mind access any data of any use/importance.
Because returning the bios to default isn’t something a 5 year old can do?
The reason that these people are making such awful fuckups is because they believe they are important.
From my experience, dealing with banks, institutions, local authorities and government bodies. The higher up the person is in the organisation, the more they resent having to do anything "manual".
1 Like learning how to use the features of their machine.
2 Following the same rules as the rank and file.
3 Being held accountable for their mistakes
Who the fukcing hell leaves their laptop at work if there is any data on it that is sensitive?
They wouldn’t leave their credit cards on the table when they went home because this would affect them personally.
The ONLY fix is to make the bastards serve jail time.
This isn’t a joke, they need to understand that they ARE accountable, and if you set yourself up above the normal plebeians, pass laws to controls those plebs and then blatantly let them down, then 20 years in Pentonville should sort them out.
You seem to have misread my rant about the 4 pillars of ignorance. My imagination runs riot when I try to think if the worst HMG can do; especially as they work to blur the crucial distinction between security and liberty.
I am not discounting possibilities that this 'theft' and the recent abandonment of paperwork are drip feed to sensitize the proles into believing that restrictions on our liberty are the only countermeasure in this Information Age. Back to the abandoned paperwork: marked TOP SECRET yet Mark Urban at the Beeb read them and said "not much to see here"
A) Mark Urban has been 'got at' & was told to say that - OR
B) Yet another aspect of procedural failing in HMG, 'everything in this department is TS'. Applying inappropriate markings is as bad as applying no markings.
I am an optimist & I will prefer B)
Meanwhile, back to work designing thin client security architectures for HMG that look after the data by design on the server no matter how good the user was in stupidity class (loving the Citrix over 3G idea)
there you go uk gov that should help you
I will wave the 6 figer consulting fee in this case
Those would be the finger scans that are about as effective against hackers or anyone with a screwdriver (or, apparenlty, a ballistics gel copy (or even photocopy) of your fingerprint lifted from, say, the keyboard of the laptop you've just nicked).
Fair enough it'd deter most of the less dedicated thiefs on a fingerprinted Flash drive but again anyone with an ounce of dedication could get at it. Especially on ones with "password protected", i.e. non-encrypted, contents- crack case, remove flash ICs, get pinout from teh internetz/manufacturer (or find it out yourself), stick in eeprom-reader-like device that sequentially accesses every bit of data on it and feeds it into an image on a host PC. Mount the nice image on your trusty Linux installation.
This is to do with the government, so I've got to ask "where's the IT angle". Useless buggers that they are.
Would the laptop itself be useful to a terrorist? They could use it to download bomb making instructions or even adapt it into a bomb.
will they please start issuing laptops to Civil Servants that are just thin clients with no useable hard drive to speak of. I worked in the civil service for a while doing tech support and time and time again people ignore the security policy or whatever reason stuff is meant to be kept on the servers, then work on a local copy for days and cry when their hard drive dies or they delete it and it's all gone and not safe on the server. Jeez.
But why does a cabinet minister need a laptop at her constituent office? Surely, a desktop would a) suffice, b) be less money out of the tax payers pocket, c) be a hell of a lot harder to steal.
But of course, managers always feel the need to have the fastest, brightests, shiniest, thinnest laptops on the market for some reason. Personal Insecurities, perhaps?
You'd have thought they'd have heard of Kensington locks by now, they're not that fecking far away from the place...
If bosses/cabinet muppets faced a very large fine and or jail time for loosing data especially data which has not been encrypted or password protected (And said password was not on a postit note attached to the CD/tape/laptop) you can sure as hell bet they would be a lot more careful about data security especially data with OUR details on it. Until management are held accountable for f*ck ups like this then we are all going to hear more stories about "data loss" every other week.
All the secret stuff is left on buses, taxis and trains. Without having to be broken into first.
I do like this government... They are really good at their job.
Mines the one with the wrap around arms that fasten at the back and accompanying pair of men with white jackets.
There is a difference between a finger scan on your laptop and one the government wants to have from you. Your laptop only checks against the record it holds for your print. If this was validated against a server holding finger scan codes then that's a bit different.
If the National ID becomes your Internet Login and your Carbon Credits and your Credit Card then we are in big trouble.
Allowing the theft may well have been accidental but someone took the decision to go public with this. To what purpose, safe return of the computer? The laptop may just have held correspondance but it could also have held 60,000 records of register of voters she is MP for. That could be some very tasty info.
Does anyone in government IT know how to work it? If they don't, a good old Server 2003 box running terminal services could be setup by an idiot in 5mins and maintained (and secured in a few more) :)
... they supply Hazel Blears with confidential information?
That's far more scary than terrorists having it!
These are the ones we're being told about.
How many more are there going missing etc
And that's without 'enemy' activity ....
All the people going on about TrueCrypt and thin clients are missing the point. There are well established rules for handling classified data. There are also approved hardware and software encryption products for handling the different levels of classification on computers.
The people who have lost this information are aware of the rules (and the law) and have chosen to breach them.
>> Set the BIOS password, set the BIOS password ...
The sarcasm is subtle with this one.
“the machine contained a combination of constituency and government information which should not have been held on it".
Government information, perhaps "Restricted", or higher.
Hello Official Secrets Act, breach here.
"Hello Official Secrets Act, breach here."
The OSA protects Officials, not Secrets.