by Michel Smith
London, September 15, 2008: The Home Office has this evening announced that one of its police forces – believed to be the West Midlands Force – has lost a data memory stick with sensitive data.
While the Home Office refuses to comment as to the contents of the memory stick it is believe to contain sensitive information of anti-terrorist operations. When you thought it could not get an y worse, apparently it can. One of these days, as I said in the previous piece, the luck will run out and someone is going to use the data against this country and its people.
The more we hear of such losses the more a sense of deja vu overcomes me and the more I want to scream at this people to, at least, have hardware encrypted sticks on which to carry the data. It is NOT rocket science and they are easily available. I have reviewed a few of them by now.
Maybe someone should point the government agencies into the direction of this journal and the reviews done by yours truly. They might just get the idea, but then again, they still may not. I am beginning to lose confidence that this government can actually learn how to deal with sensitive data of any kind.
© M Smith (Veshengro), September 2008
<>
Yet another USB stick lost by British government agency
The umpteenth case of data loss – due to wild party?
by Michael Smith
How blasé can any government actually be as regards of sensitive data? It would appear that the British government is trying to provide an answer to that question for there is no other way, I am sure, to explain all this kind of careless sloppiness, which by now borders on the criminal negligent, in the handling and dealing with sensitive information and data.
Now, this time, the travel plans and destinations and other details of seventy soldiers of the 3rd Battalion the Yorkshire Regiment.
The data in question was stored on a USB-Stick and this little comrade is now, since the year 2004, the 120th stick that has been lost by the British government and it agents.
The lost stick was lost and found in the Nightclub “The Club” in Newquay, Cornwall. How it got there and how it was lost is till now unknown. Maybe it would be a good idea to actually ask which member of staff it was who had the grandiose idea to carry that stick with him or her with such sensitive data into a nightclub.
The loss of this stick and the unencrypted data on the stick could have been rather dangerous for the soldiers concerned, especially in light of the always mentioned danger from terrorists. In fact it is rather amazing that to this very day none of the lost data has, apparently, not fallen into the wrong hands and been misused. This despite the fact that in most instances none of the data has been encrypted in any way, shape or form.
To any terrorist the lost stick with the data of the soldiers would have been a goldmine and would have made them very happy indeed. On the UBS stick were contained the exact times of travel, the destinations and all routes and planned accommodation. Phew! Only good it did not get into the wrong hands and was found by an honest person. One day the luck will, however, run out, of that we can be sure.
The Ministry of Defence has only called this incident in its statement a “unhappy incident”. To call this attitude blasé probably is an understatement. How can any government and government agency have such attitude with such kind of sensitive data? This is especially difficult to understand as hardware encrypted USB sticks are no longer costing a fortune and regardless of cost, such data should, if stored on USB sticks, should, nay must, be put onto such sticks that are encrypted to the highest standard. Otherwise the day will come when the luck will finally run out and such data found will be used against this country and us, as the people of this country.
© M Smith (Veshengro), September 2008
<>
Another serious case of data loss in Britain
by Michael Smith (Veshengro)
Home Office loses USB memory stick with data of about 100,000 criminals
The continuing data security breaches and loss of data and laptops containing secret information must, by now, become an embarrassment to the British government, or so at least it should. It is rather time that heads rolled but, alas, that is hardly going to happen.
How, pray, does anyone put data such as that which has just been lost – due to the fact the USB memory stick has been lost – onto a small little USB memory stick unencrypted.
Apparently the private sector contractor working for the British Home Office – the the British Ministry of the Interior – took the data which was, so we are told, encrypted originally, decrypted it and then simply stuck it onto an unsecured memory stick. This is not just being stupid or incompetent, though both attributes certainly also apply, but this is criminal negligence.
As Keith Vaz, Labour MP and chairman of the home affairs select committee, said: “f you hand out memory sticks almost like confetti to companies and ask them to do research for you, then you have to be absolutely certain that the company concerned has put in practice procedures which will be just as robust as the procedures that I hope the government has followed.”
But it is not just private sector contractors to the government that have such a lackadaisical attitude to data security; the government's own departments are, normally, directly, the culprits.
If one does need and want to use portable devices, such as USB memory sticks, then they should at least be hardware encrypted – please note: I said hardware encrypted – and this with very strong credentials. There is no excuse not to use such devices. They are also no longer costing the earth and it certainly should not have anything to do with cost.
If the information can be believed that was given to me then the reason, for instance, that the data from the HMRC office that was sent by courier to London a while back now which was unencrypted on CDs and which were subsequently lost, then it was because the two departments do not have the same encryption program. While we were being told that a junior clerk had simply copied the data onto the disks and send them out, apparently, the reasons are different.
Already, the data should have been encrypted, period, when it was downloaded onto the CDs in that instance. Why is open data held in the first place on computers? The data that is held on the computers systems of whichever government department should already be encrypted and would, hence, when copied to CD or whatever, still be in code. But, apparently, this is not the case.
A spokeswoman for the Home Office said in a public statement that the reason as to why the data was in the hands of a private contractor and why it was downloaded onto a USB memory stick was that the outside company was to conduct a study as to how to provide an improved prosecution of offenders. Further information as to how it happened that this stick was lost, however, was not given.
It might be better if the British government began conducting a proper study as to how to avoid loss of data from government departments, for presently there seems to be a sieve here in operation and no safeguards in place whatsoever. This is not only scandalous; it is criminal.
Shadow Home Secretary Dominic Grieve said that there had been a "massive failure of duty" and I do not think that one can add any more to that. With the exception, perhaps, that it is time that the minister responsible for the Home Office tendered his or her resignation. I say here his or her as I cannot remember whether presently it is a man or a woman that is in charge there. People come and go there too often, in general, and that culture too, probably, has a lot to do with things going missing.
© M Smith (Veshengro), August 2008
<>
British Justice Ministry loses 45,000 sets of data
by Michael Smith (Veshengro)
If losing data would be an Olympic discipline Britain sure would be topping the league table for gold medals. Shame that this is not something to write home about really. But it nigh on has become a sports discipline of the authorities in Britain to lose sensitive data of its citizens. And then the people should trust them with the data for a national bio-metric ID card. Methinks not.
Once again has a department of the British government – in this case the Justice Ministry – lost sensitive data, thousands of them, without the faintest idea as to where those currently reside.
If ordinary businesses would treat data in such a lackadaisical manner they would find themselves prosecuted – and rightly so – by this very same government. When it itself, however, treats data, which is even more sensitive than “mere” credit card details, in such a manner nothing seems to be happening at all.
Slowly but surely the reliability of all government departments in the UK are being called in question seeing how one scandal chases the other and more often than not such a scandal has to do with the loss of sensitive data of the people.
The Justice Ministry has now become part of the long line of UK government departments that are incapable of securely store, retain and protect the sensitive data of the people of the British Isles which they have been entrusted with. Around 45,000 sets of data have been lost by the said ministry, and those include the date of birth, the national insurance number, the extracts from the criminal records, as well as, in many cases, also bank details. Wost of all in this is that 30,000 of those people thus affected have not even been informed by the authorities as to the fact that their details have been lost in such as way because the department reckoned that the loss of such data – despite the fact that it is, so we understand, unencrypted, as per usual with the British government – did not pose any risks for those whose details have been lost. Oh really? This government is getting more and more incompetent and it really expects people to trust it with information. They really do not live on this planet, I am sure.
This all points, yet again, to the apparent fact that the British authorities seem to have absolutely no interest in proper protection of the personal data of its citizens.
Not so long ago 1,000s of new blank passports – the kind with the chip – have been stolen and the people were told as well that there is no problem there and that those passports could never be used. Well, tell that the hackers that have managed to get into the chips and are thus able insert any data that they desire.
The British government, including its intelligence service and defence ministry, must be holding the world record in data loss, at least in the loss of unsecured data.
Apparently, with reference to the first – reported one – of these incidents when millions of sets of data of child benefit recipients went missing, the reason that those two CDs with all the data were not encrypted is because the two departments have different encryption programs and neither can read the other system. HELP!!!
Oh well, maybe one day we find all those sets of data again, somewhere. Let us then just hope that no one in the meantime makes use of the material on those disks and laptops for criminal or terrorist goals. I think praying might be in order here to which ever deity the reader may chose.
© M Smith (Veshengro), August 2008
<>
Seed Newsvine