Another British Data “Oops!”
Saturday, August 23rd, 2008 by Harry LewisPersonal data on all 84,000 prisoners serving time in England and Wales has gone missing. New York Times story here.
On a memory stick. A flash drive. A thumb drive. Those little things that you can put on a keychain to carry your documents when you don’t want to lug your computer.
The government is embarrassed, because this sort of thing has happened before in the U.K. We discuss at some length the case of some disks that went missing and still haven’t been accounted for, disks containing data on virtually every child in the country. That rocked Tony Blair’s government, and this breach may be rocking Gordon Brown’s.
The details are interesting. The government knows about encryption. When it engaged the services of a private consultant, it delivered the data to the consultant in encrypted form. The consultant apparently decrypted it to work on it, and put it on a flash drive.¬†Don’t know what happened next; maybe someone took the stick with him and it fell out of his pocket.
According to the New York Times, “officials said that appeared to be a breach of government rules.”
This reminds me of what General Turgidson tells the president in Dr. Strangelove. “That’s right, sir, you are the only person authorized to do so. And although I, uh, hate to judge before all the facts are in, it’s beginning to look like, uh, General Ripper exceeded his authority.”
This case (and the others listed in the NYT story) illustrates how hard it is to control bits when they are handed around. Strict protocols are especially hard to enforce across organizational boundaries.
November 3rd, 2008 at 12:39 pm
[…] bet these data breaches are no more common in the UK than in the US, but they certainly have had a bad run of them lately, and you can see why the MP is worried about the government’s […]