September 16th, 2008

The Human Factor

Posted in Other Stuff by 200

You can spend millions on software security. You can design the most robust industrial grade anti-hacking systems. You can utilise the toughest encryption protocols available. None of this means a thing once you introduce the Mark 1 human numpty.

The police service is the latest in what is becoming a very long & never-ending list of holders of seceret information to lost it all.

West Midlands Police have lost a data stick reported to contain information of terror suspects’ vehicles & movements.

As far as I can recall, the loss of all this data, including 25 million child benefit claimants, personal details of NHS staff, prison officers, military applicants, convicted criminals, bank account details left in bin bags outside banks, etc etc etc, has never been down to a failure of a computer system or hacking attempt. All of it has been lost because some numpty mislaid it or used insecure methods of sending it somewhere.

Given that at some stage all the data ever recorded in the past or potentially recorded in the future wil be handled at some point by an actual person somewhere, can anyone have any confidence that the government or any other body can really keep it secure?

It’s no wonder more & more of us are against any further recording of our personal information.

You can leave a comment, or trackback from your own site. RSS 2.0

6 comments

  1. Todd says:

    I was particularly taken with the usual, vacuous comments trotted out by Len Jackson, IPCC Commissioner: “This is an extremely serious matter” (no sh*t, sherlock)
    “I will ensure that we carry out a timely and proportionate investigation” (is there any other kind?)
    ” It is important that we establish the facts in this case.. (again, no sh*t) …and identify any lessons to be learned in order to reduce the risk of such incidents occurring again.” (keep only your grocery list on a memory stick, and don’t allow f*kwits within 500 yards of them.
    I worked in IT Security in the RAF. The majority of people – and senior officers are the worst offenders – aren’t interested in playing by the rules. I know from experience that the unauthorised carriage and removal (and occasional loss), from a secure environment, of protectively marked magnetic and optical media is a ROUTINE occurrence.

    September 16th, 2008 at 23:27

  2. James says:

    Aside from the police, army, air force, navy, NHS, MI5, MI6, government etc losing data (and BT using Chinese company Huawei for lots of UK’s new data infrastructure), there’s also all our personal data out there being accessed by all and sundry.

    In this documentary:

    http://www.bbc.co.uk/iplayer/episode/b00ddwmf/

    They even get MP Michael Wills’s (Minister of State for the Ministry of Justice) identity and get credit cards and bank accounts, loans in his name + discover that Tesco’s keeps medical records on us, tracks our movements and who we associate with etc

    September 17th, 2008 at 02:00

  3. MidUlsterPeeler says:

    Blah blah, investigation, blah blah, lessons to be learned.

    If Government was serious about this issue, they’d have amended the Data Protection Act to make reckless data loss a criminal offence and then include some minimum sentencing which the judiciary could then ignore.

    It would appear that the only way to stop data being lost is to have computer systems engineered and configured to prevent data being transferred to removable media from secure domains.

    Staff in the main just can not be trusted.

    September 17th, 2008 at 15:06

  4. Gerry says:

    After the apparent loss of data by one of the Government departments they were not allowed to fax anything at all. Even now instructions mean one has to phone the receipient and get them to stand by the fax machine whilst data is transmitted. All post is sent by Special and one has to let the receipient know its coming and call them when its arrived. What a shower of sh*t we work for.

    September 17th, 2008 at 16:05

  5. Stan Still says:

    The WMP data stick is “reported” to have terror suspect details on it. This is not the same as it actually HAVING terror suspect details on it.

    WMP have refused to disclose what was on the stick. I have no idea what is on there either, but I’m prepared to bet my next below inflation pay rise that it had bugger all to do with terrorism and probably more to do with Balanced Scorecards, Pareto charts and Performance Indicators.

    As Gadget and Bloggs have recently written, these things are more dangerous in the wrong hands than any data about terrorists.

    September 17th, 2008 at 17:47

  6. 200 says:

    I’m sure I saw somewhere that it was reported to be a PC updating a mobile ANPR system in a car with details of intelligence reports on vehicles which certain departments don’t want stopped by PC Plod & was lost because he got a shout before returning the data stick to the office & lost it subsequently.

    Maybe I just dreamt that.

    September 17th, 2008 at 18:11

Leave a comment