IT experts say MI6 drug information loss in Columbia highlights need for encryption policies

by Michael Smith (Veshengro)

Credant says MI6 drug information loss in Columbia highlights need for portable device encryption policies

The case of an MI6 agent - who apparently left an unencrypted USB stick containing several years worth of drug trafficking intelligence on an airport bus in Columbia - highlights the need to use encryption when dealing with sensitive information, says Credant Technologies, the military grade cryptography specialist.

"Newswire reports suggest that, in leaving her handbag containing the USB stick on a transit bus at Bogota airport, the agent has compromised the work of several of her fellow agents," said Michael Callahan, Credant's senior vice president.

"Reports also suggest that the loss of the USB stick has forced drug enforcement officials to relocate several of their agents and informants. If the data had been encrypted, however, this reaction would not have been necessary," he added.

According to Callahan, that the loss of a single USB stick should have compromised the activities of so many agents and their informants illustrates what a happen as a result of a single data loss incident.

It also, he explained, highlights what can happen when a single lapse in IT security policy occurs and the potential for the lapse to cause problems at multiple levels.

Callahan went on to say that Colombia may well be problematic when it comes to law enforcement, but implementing an effective IT security policy that requires data held on portable devices to be encrypted is far from being a high technology issue.

"This really comes down to common sense security. It's a great shame to see the UK Security Service embarrassed by a single data leak incident, but it is a security policy failure, nonetheless," he added.

For more on the Columbian USB stick loss fall-out:

For more on Credant Technologies:

I hate to ask this but are the British government and its agencies intending to get into the Guinness Book of Records as the most incompetent ones as far as data security is concerned.

The life of field agents is now being at risk and months if not years of hard and dangerous work because someone left an unencrypted USB stick with sensitive – extremely sensitive data – on an airport bus. How stupid can they actually get?

Proves yet again why intelligence officers are looking for intelligence, you sure know the joke; because they haven't got any. Same seems to apply for the entire government.

All it would have taken would have been a little AES 256 USB drive, the cheapest of which are now available in the form of the Crypto AES 256 bit from Integral or the Blockmaster Safestick. There simply is no need to have sensitive data unencrypted on a USB drive.

Another thing this reminds one of is the “for the lack of a nail a shoe was lost, etc.” and this sure as heck is just the way it would appear to run.

Businesses in the UK (and elsewhere) appear to be, in the main, better in safeguarding sensitive and extremely sensitive data than are the governments and their agencies.

This is criminal negligence in the extreme and it does not appear to get any better. The way it looks the British government and its agencies do not seem to learn from all those data breaches they incur. Breaches and losses that so easily could be prevented. All it is is a matter of cost, often only little cost. On top of this it is a matter of education but all of this seems to be sadly lacking in government circles, as does common sense.

© 2009