Another Constable

I read with dismay that yet another laptop containing hundreds of thousands of people’s personal data has been stolen/lost. What baffles me, is that given the available complexity of encryption, biometric access, anti-intrusion protocols and so on, why the hell are millions of people’s personal and private data being carried around on a daily basis by what I can only describe as IT halfwits.

The information watchdog is to grill the Ministry of Defence over its data protection policies after it lost the personal details of 600,000 people. Defence Secretary Des Brown will also speak in the Commons next week about the latest loss of personal data, which went missing when a laptop was stolen. The data includes passport and National Insurance numbers and bank details. They relate to people who had expressed an interest in, or joined, the Royal Navy, Royal Marines and the RAF. Information Commissioner Richard Thomas said the MoD laptop incident was “a stark illustration of the potency of personal information in a database world”. “We will require satisfactory answers from the MoD about their data protection practices and a firm assurance that steps have been taken to improve these practices before deciding on the appropriate action to take,” he said.

At least my data at home is free from the scope of burglars. I have a couple of PC’s, no laptops though as I hate them! Firstly the PC cases are full towers (not something an average burglar would even attempt to steal, with weights bolted into them to make them difficult to move - which admittedly makes dusting the laminate floor a little more problematical. However, even the persistent burglar will steal nothing more than a base unit equipped with RAM, CPU and operating system. This is because Billy Burglar never bothers to take cables with him. He’ll unplug all the wires and run off with the “computer”. Well, the remainder of my data is stored remotely on a RAID array (simply put multiple hard disks with data spread across them such that it can easily be recovered in the event of a failure of one of the hard disks) in a completely different part of the building - somewhere no burglar would ever think of looking (and if if Billy did look, he would not know what he was looking at). So by unplugging all the wires and running off with the base unit, he’s nicking the bit I can easily replace, and not the accumulated data of 15 years.

But even laptops can be made more secure. Many now come with built in fingerprint readers, and it’s not hard to couple that with anti-intrusion software that will destroy the data upon failed entry attempts. Even the person who might dismantle the hardware and try to access the data on the hard drive directly outside of the biometrically protected laptop chassis can be thwarted by simply encrypting the entire hard drive’s contents at the outset. This is frankly “easy” to accomplish, though as it’s not the default position of the operating systems we employ, it’s not considered.

I know these sort of solutions are beyond the requirements (and frankly the comprehension) of many average home users, but for Government and Military institutions who are supposed to be protecting us from all sorts of National and International threats, is it too much to ask that our data is protected at the very least by some sort of simple encryption and password protection? Better still, how about some protocols that stop it being removed from secure buildings and secure networks in the first place?

This entry was posted on Saturday, January 19th, 2008 at 11:02 pm and is filed under Police Matters. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.