Once more unto the breach

BRITAIN’S top counter-terrorism officer, Assistant Commissioner Bob Quick, is merely the latest highestprofile, should-have-known-better public servant to board the blunder bus. He was brought down by photographs of sensitive documents he was carrying as he arrived at Downing Street for a meeting with the Prime Minister and Home Secretary. The easyto- read top sheet of the file, containing names of suspects, locations and officers involved in the operation, could have compromised a major counter-terrorism operation.

But the bigger picture is that he’s not alone in disregarding the common sense rules of secrecy.

It’s all too easy to blame modern technology, but officials appear to lose laptops at the drop of a hat. And in the most unlikely places – on trains (containing files with assessments of al Qaida’s vulnerabilities), in a pub car park (a memory stick holding passwords for a government computer system) and in McDonald’s.

A disc marked “HOME OFFICE CONFIDENTIAL”

was found hidden beneath the keyboard of a laptop bought on eBay. Another buyer on the online auction house found information on several million bank customers after paying £77 for a laptop.

It’s not only the British who are careless. A Dutch air force captain left a USB memory stick holding battle plans for troops in a rental car.

These data breaches involve laptops, computer and memory sticks, but it’s not technical, but human error that causes the losses. As we go once more unto the breach, let’s recall previous embarrassing, sometimes potentially dangerous, slip-ups that have made information public that was labelled confidential.

1. Straight in at number one is the Met’s Assistant Commissioner Bob Quick for flashing secret papers, codenamed Operation Pathway, outside Number Ten and being snapped by waiting photographers. The small print was all too clear to see – giving the game away about proposed terrorist raids on ten properties in North-West England. He should have known better because… 2. Back in May, last year, the same photographer took a picture of Housing Minister Caroline Flint walking along Downing Street, holding briefing papers which predicted a ten per cent fall in the housing market. In case anyone was in doubt what they were a sticker stating: “Papers for cabinet meeting 13 May 2008” was clearly visible. “I’ve told Downing Street before that the quality of lenses means that we can read ministerial papers,” photographer Steve Back is reported as saying.

3. A security breach at North-East child benefit offices led to CDs containing the records of 25 million people going missing, the biggest single loss of personal data in the world at the time. The inquiry put the loss down to wholesale failure and sloppy practices at HM Revenue and Customs (HMRC). Lest you think HMRC is an isolated case, a separate report into a stolen laptop, containing the details of 600,000 potential recruits, found similar problems within the Ministry of Defence (MoD). Last year, MoD gaffes led to the loss of nearly 200 gadgets, including 72 hard drives, 62 laptops, 59 memory sticks and four desktop computers.

4. You’d expect the National Nuclear Security Agency to be particularly careful.

But in 2007, an audit discovered 20 desktop computers were missing from the US government department responsible for safeguarding technical secrets about nuclear weapons. This was the 13th time in four years the agency had failed a PC inventory audit.

You hope they keep better track of nuclear weapons.

5. The BBC managed to breach House of Commons security with the aid of a sixyear- old girl and some hi-tech equipment. As part of an investigation into keeping the House safe, they left the youngster in an MP’s office for only 60 seconds. Her secret weapon was a hardware keylogger that was installed and ready to grab passwords and confidential documents within 20 seconds.

6. It’s all very well remembering your credit card pin number, but what’s the point when a hacker breaches the system of a major retailer. The world’s biggest theft of credit card data was at the US parent company of TK Maxx. By the time it was discovered, 45.7 million credit card details had been stolen.

7. The Security Industry Authority shot itself in the foot after it was revealed 1,350 illegal immigrants had slipped through vetting checks for sensitive security jobs. As a result, they were working in Whitehall departments and even guarding the Prime Minister.

8. Wanted murderers and rapists were left to roam the streets freely for a year after prosecutors lost a disc containing 4,000 DNA profiles. You lose some, you gain some – a hacker who breached a hotel’s online booking system found a database containing details of eight million customers.

9. Three laptops, containing the payroll and pension details of more than 15,000 Metropolitan Police officers – half the workforce – vanished from the offices of the outsourcing firm handling the payments.

10. Bringing up the rear is a whole ragbag of laptop losses. Thousands of learner drivers’ details were lost by a DVLA contractor and thousands of patients were affected by NHS trusts’ loss of data. Another laptop, with details of directors and employees of 122 failed companies, was stolen from an Insolvency Service office. Tory leadership candidate David Cameron had election plans and a laptop stolen from an aide’s car, but the thief ditched the case and contents.