back to article Home Office lost its workers' completed security vetting forms

The Home Office has admitted to The Register that among its data breach incidents last year was one in which security vetting documents disappeared from within secured government premises. Through the Freedom of Information Act, The Register has learned that the Home Office – responsible for the UK's domestic counter- …

  1. My-Handle

    I hate to say...

    I commented on an article a couple of days ago noting that the government clearly didn't have the capability and capacity to securely gather and analyse (in any meaningful or helpful manner) the mass-surveillance data that Ms May so badly wants. This looks like another good solid nail in the coffin on that subject.

    1. Doctor Syntax Silver badge

      Re: I hate to say...

      It certainly illustrates their lack of capability to handle stuff securely but another good solid nail in the coffin? I doubt it. They'll just carry on regardless.

  2. Tony S
    Flame

    Why am I not even in the least surprised?

    Yes; these are the people that want us to trust them over matters of security. On that basis, why am I not more upset? Anyone that deals with security should be howling for blood.

    Please assure me that there will be no-one from this incompetent bunch that gets anything in the Queens Birthday honours list for at least the next couple of years.

  3. frank ly

    re. January 2015

    "Dictaphone ... encrypted .... locked to remote access."

    They have some fancy dictaphones nowadays. (Am I behind the times?)

    "lost in the home of member of staff"

    The kids didn't need a Christmas present that year.

    1. Dan Wilkie

      Re: re. January 2015

      In fairness, the Dictaphones we had at the NHS were encrypted as well - it was a requirement from governance as it holds personal information. The storage is digital as well rather than tapes. It was a pain when they forgot their code before the information was uploaded as it was gone forever - the only way we could override the code resulted in a full multipass overwrite of the storage.

  4. This post has been deleted by its author

  5. Graham Marsden
    Facepalm

    But...

    ... no doubt "Lessons have been learned"...

    1. phuzz Silver badge
      Joke

      Re: But...

      Yes, next year they're going to make sure they release this info on a busy news day when it won't be noticed.

    2. Anonymous Coward
      Anonymous Coward

      Re: But...

      upvote for the sarcasm, genius!

    3. ecofeco Silver badge
      Trollface

      Re: But...

      No.

      Doubt lessons have been learned.

      (Punctuation is everything.)

  6. Martin hepworth

    OPM

    Just following the US OPM's lead then ;-)

    1. Robert Helpmann??
      Coat

      Re: OPM

      Yes, but the OPM has modernized to the point where all the theft was electronic and thus more efficient. Looks to me as though the Home Office still has some catching up to do.

      Mine is the one with the personal documents missing from its pocket.

  7. IT Hack

    Too Many Errors

    She needs to resign. Preferably forced to resign. To highlight how utterly odious the Home Sec actually is.

    1. Anonymous Coward
      Anonymous Coward

      Re: Too Many Errors

      To highlight how utterly odious the Home Sec actually is.

      Why particularly this one? Because politicians don't get out enough, whenever they arrive at the HO, they believe the rubbish they're inculcated with, about bazillions of bloodcurdling terror threats, and how the world will end unless they cave in to the spooks and the flatfeet. And as a result there's nothing to choose between them once they get their feet under the desk.

      I don't think May had a good reputation to start with, but remember Jack Straw? He had a very good reputation for a politician before he became home secretary (i'm no Labour supporter, please note), and then he kicked off RIPA, which was Snoopers Charter 1.0.

      1. IT Hack

        Re: Too Many Errors

        @ ledswinger

        Why this one? Coz she's the current Home Sec. If it had been under labour I'd be saying the same thing.

        There is something about the office of Home Sec that really brings to the fore the utter disdain the post holder has for the citizenry.

      2. Doctor Syntax Silver badge

        Re: Too Many Errors

        "Why particularly this one?"

        To encourage the others.

  8. AndrueC Silver badge
    Facepalm

    March 2015: Paper document misplaced within Heathrow Airport – circumstances of loss could not be recalled.

    Spent too long in the premier lounge perhaps?

  9. batfastad

    ICRs

    But we can keep your Internet Connection Records (whatever the fsck they are) super-safe and private... Truth!

    Or maybe we'll just flog 'em.

    1. Sir Runcible Spoon
      Joke

      Re: ICRs

      "Or maybe we'll just flog 'em."

      You have to catch them first. Oh, you meant the *documents*

  10. Anonymous Coward
    Anonymous Coward

    "Are you leaving your laptop bag in the car?"

    "Sure, but don't worry, it's the work laptop, not mine, and the car isn't mine either!"

    I worked with people like that.

  11. SVV

    stolen from car

    Seems to be the reason for the vast majority of these losses.

    How's this for an idea? Stop allowing civil servants to take work laptops and documents and usb sticks out of the office, let alone leaving them unattended in a car!

    When the mass data slurp becomes fully operational and all our info is available to all and sundry in all corners of government, how much more likely is it that gigabytes of private and sensitive information are likely to fall into the wrong hands due to this sort of casual disregard for common sense?

    Home office, change ypur policies now, you're supposed to be making us more secure, not less.

    1. Anonymous Coward
      Anonymous Coward

      Re: stolen from car

      What's the point of having a laptop if you can't take it with you?

      1. Anonymous Coward
        Anonymous Coward

        Re: stolen from car

        @What's the point of having a laptop if you can't take it with you?

        But that IS the point .. i.e. ALWAYS take it with YOU rather than leave it unattended.

        Personally I have a cable lock for the kit whilst is in the car and I am unable to take it with me but the hard drive is pulled and kept on my person at all times (advantage of Thinkpads).

        However, ideally you would not take any sensitive data outside of the secured data centre and the laptop is just a thin client using a VPN and two-factor / OTP authentication.

        What is extremely laughable is the number of times 'senior' peeps are photographed holding readable documents whilst walking to/from 10 Downing Street. Should be instant sacking regardless of the contents exposed just to focus minds.

        Am I paranoid, of course I am, I work in InfoSec 8-)

        1. Anonymous Coward
          Anonymous Coward

          Re: stolen from car

          Personally, I'd be using the "inadvertant photo-op" to spread misinformation. Some good laughs to be had there.

    2. John G Imrie
      Facepalm

      Re: stolen from car

      I'd be more worried about all the times cars belonging to Home Office staff where broken into and the laptop wasn't stolen.

      Just think what fun you could have.

    3. ecofeco Silver badge

      Re: stolen from car

      Back in the days when your dad rode dinosaurs, ANY information/documents that left the security agencies' buildings was instant prison time for the idiot who did so.

      I don't see a problem with that policy.

  12. Anonymous Coward
    Anonymous Coward

    As someone...

    ...who is cleared to high levels (hence the AC) this is personally worrying.

    It would be nice to have been informed that someone, somewhere may have put me and others into jeopardy.

    The fact that I probably know nothing that couldn't be found by looking on Google (or perhaps in a parked car) doesn't change the fact that stupidity like this puts us at enhanced risk.

    Bollocking bastards. Enjoy your fucking civil service pensions and perks.

    1. Someone Else Silver badge
      Coat

      Re: As someone...

      Never heard "bollock" used as a verb before.

      Hmmm...seems "bollocking" translates into "tea-bagging" in American street slang. Maybe there's something to that...

      1. TonyJ

        Re: As someone...

        "...Never heard "bollock" used as a verb before.

        Hmmm...seems "bollocking" translates into "tea-bagging" in American street slang. Maybe there's something to that..."

        Never heard the phrase along the lines of "I got a right old bollocking"? In this context it means "I was told off, big time".

  13. Anonymous Coward
    Anonymous Coward

    The civil service has a strict code of conduct & security where staff are tested ever year, specifically at these types of brainfart actions where anything less than 80% in this test is deemed a failure, pity they don't put what they learn into practise.

    Heads should roll on this blunder.

    1. Stratman

      Sadly, if any heads do roll they'll be of the deputy variety.

    2. Anonymous Coward
      Anonymous Coward

      The civil service has a strict code of conduct & security where staff are tested ever year, specifically at these types of brainfart actions where anything less than 80% in this test is deemed a failure, pity they don't put what they learn into practise.

      Heads should roll on this blunder.

      Where? No place in the civil service I've ever worked in the last decade has done this. And these include places requiring developed vetting.

    3. Doctor Syntax Silver badge

      "anything less than 80% in this test is deemed a failure"

      Yes but these were examples of the other 20%.

  14. Anonymous Coward
    Anonymous Coward

    I distinctly remember some of the security is via signs saying "do not enter unless you are allowed to" (paraphrased). No badge swipe entry or something sensible. Shambolic.

    1. Synonymous Howard

      That would be the typical ... AUTHORIZED PERSONS ONLY

      Oh, excuse me whilst I try to find my security badge and tailgate behind you .. I am authorized honest.

  15. Anonymous Coward
    Anonymous Coward

    At least a few

    of her majesty's government laptops have so many nested levels of encryption that they are almost unusable, shared services that are as likley to destroy active information than retain it, deploy circular credential renewal processes that dont play nicely at all if you dont happen to be in the right building.

    If a miscreant can get useful data off one, they are probably doing better than the lawful owner...

    Also, given the size and scale of the home office a few thefts are inevitable, especially as there are many constantly travelling to do their job.

    There is certainly room for improvement however, particularly on the typing of fax numbers and posting/handing documents to the right person or organisation. This is far more disappointing and is likely to be caused by insufficient, undertrained, temporary and 3rd party staff to meet arbirary cost cuts.

    1. Anonymous Coward
      Anonymous Coward

      Re: At least a few

      so you pull the HDD and do all your buggering about with clones.

  16. peterb

    Mis-faxed documents "returned by the private business"

    They do know the paper doesn't travel down the wire don't they??

    http://dilbert.com/strip/1994-09-25

    1. Doctor Syntax Silver badge

      Re: Mis-faxed documents "returned by the private business"

      It's more embarrassing for whoever sent them than if they'd just been quietly shredded. Not much but better than nothing.

  17. Mike Shepherd

    a member of staff "mis-keyed one digit in a fax number"

    Yes, in 2014, we still had (and have) no check digit in a telephone number.

    "the documents were returned by the private business"

    This mitigation is too comical to ridicule.

  18. -tim
    Facepalm

    Missing a few?

    How about "Copy machine returned to the leasing company with internal hard drive in place"? That would have happened a few times, if not by the department its self, the other departments that sent them the paperwork in the 1st place.

    They seem to have plenty of faith on the drive encryption. The best dictaphone encryption seems to be based on strong encryption based on what I'm suspecting are very weak passwords.

    It is becoming clear that one of the best places to plant a long term spy is in the group that vets the security for a country as it seems that long term employees seem to have excessive access to data. Perhaps far more than they should.

  19. Tempest
    WTF?

    A Cat has NINE Lives but Mad May ...

    of Hurst, Berkshire, has NINETYNINE!

    When will this odious woman, touted as post-Cameron material, be booted. She obviously can't be someone's love interest with a face like that, so what gives?

    1. Intractable Potsherd

      Re: A Cat has NINE Lives but Mad May ...

      "... so what gives?"

      The information she has on everyone through her minions in the security services, I suspect.

  20. ecofeco Silver badge

    Damn terra-ists!

    Oh wait. It seems they are their OWN worst enemy.

    Howe typical of all career bureaucrats. Fuck shit up, blame everyone else.

  21. s. pam Silver badge
    Facepalm

    No worries, we can trust them all!

    Ole Teflon will make lotsa noise in the press about what a hard job it is then nothing will change. Repeat cycle, spin, rinse, repeat cycle.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like