Jump to content
Manx Forums - A Discussion Board & Classifieds for the Isle of Man

Mod Lappy Lifted

Mission

By Mission
in International News

Recommended Posts

bluemonday Newbie

bluemonday

Posted
Posted
Written answers Wednesday, 22 June 2005

Lynne Featherstone (Hornsey & Wood Green, Liberal Democrat) |

 

To ask the Secretary of State for Defence how many laptop computers have been used by (a) Ministers, (b) special advisers and © officials in his Department in each year since 1995; how many have been (i) lost and (ii) stolen in that period; what the cost was of the use of laptops in that period; and if he will make a statement

 

Adam Ingram (Minister of State (Armed Forces), Ministry of Defence)

 

[...]

 

The approximate number currently in use (covering laptops purchased in the last four years and held by both MOD civilians and Service personnel) is estimated to be in the order of 46,000 at an overall cost of £69 million.

 

75 laptop computers belonging to the Ministry of Defence (including the armed forces) are recorded as having been lost and 590 as having been stolen since 1995.

The Ministry of Defence is alert to the vulnerabilities of laptops and security policy and procedures are continually being reviewed and revised to introduce measures to reduce the numbers of laptops stolen or lost, and to mitigate the impact when losses occur.

Link to comment
Share on other sites
Albert Tatlock Grand Master

Albert Tatlock

Posted
Posted

One of the major difficulties these days, and the nature of many IT contracts, is that a lot of work is subcontracted out and more and more people operate in the 'virtual world of work', from offices, home and customer sites - thus transporting Laptops in cars, through airports, or leaving them in relatively unsecured places such as their own homes etc. As more and more people do this, the probablity of actually losing a laptop, or having one stolen (look at the number of domestic burglaries), is getting higher all the time, not lower.

 

Most, if not all, of the laptops in use on major government contracts are encrypted, but to Joe Public, this doesn't mean much in a headline '600,000 names and details lost', or inspire confidence, especially when they take into account the regularly headlined achievements of hackers. IMO, the majority of stolen computers are currently opportunistically stolen for the value of the computer, not the data on it - so at present, realistically, there is a low probability that data lost will fall into the wrong 'organised' hands. However, as time goes on, as the news stories pervade about the potential value of such data, I can't see it being too long until various criminals wise up to this and start putting the word out that this data is more valuable than the computer itself - e.g. such a criminal communication chain is already present from thief/drug user to drug baron. In many ways the media are actually helping us forge a self-fulfilled prophecy of what could eventually happen with our data.

 

Encryption at a sufficient level of complexity is currently seen as the best option for storing data - not just files with passwords which are relatively easier to hack, nor unencrypted computers with seemingly difficult passwords (the disk from which can be taken out and scanned by a thief who knows what he is doing). However, I think encryption being the answer to all our problems is a bit of a red herring, as there are numerous ways of undermining it e.g. getting hold of decryption keys, keyloggers, trojans etc. etc.

 

IMO, the real answer to minimising data loss lies in reviewing the whole way that government and many organisations go about their everyday business in terms of access, security and accountability. Current methods of working serve to undermine multi-million pound security systems, by allowing people with security access to go through a multi-million pound security system and create a relatively unsecured and portable Excel copy of the very same data that system was designed to protect. A step in the right direction would be to force people to log on to dedicated secure office-based systems, carry out their work only on that dedicated system, and not be allowed to save data to their own PCs/Laptops i.e. operate using effectively dumb terminals from home/outside, all of which is entirely possible these days. I think such a review would also do a great deal to improve efficiency and productivity as much data seems to be duplicated as a habit these days. This really needs a back to basics approach: why do large amounts of personal data have to be transferred in the first place? Who owns and is responsible for the data? Who is the owner of copies of the data? How do we know when data has been accessed or copied? Just because we can do this with the data - should we, or do we really have to? How many people are already doing the same work with the data?

 

Another simple step would be to classify public information (and any copy of it) into 'unclassified', 'confidential', 'restricted' etc. (whether the data is encrypted or not), and insist on the same levels of protection as has been used by the military for many years. I think that there should be an offence introduced that if you leave a laptop or a PC containing such 'classified' information in a vehicle or an obviously unsecured place you will be held liable, with specified penalties in law.

 

All that said, there is no reason why you cannot take a laptop with you anywhere these days and never have to leave it in a car, and when it is at home take additional simple steps to hide it so a burglar is less likely to find it if it contains a raft of public information. All these lost and stolen laptops serve to prove just how many stupid or unfortunate people work for government and various organisations, and the need for a complete back to basics review. Poor access, security and accountability are but three of the reasons why I would refuse to hand over my biometric data to the government, because once I did and it was stolen or 'lost', I would never be able to change my fingerprints or my iris, though criminals in the not too distant future will be able to emulate them. Moreover, if they have admitted this number of data losses, I can't even begin to imagine the extent and number of losses some of their employees could be hiding.

Link to comment
Share on other sites
Cronky Newbie

Cronky

Posted
Posted
Poor access, security and accountability are but three of the reasons why I would refuse to hand over my biometric data to the government, because once I did and it was stolen or 'lost', I would never be able to change my fingerprints or my iris, though criminals in the not too distant future will be able to emulate them.

 

Are you, therefore, surrendering your passport when they start to take fingerprints of all ten digits at renewal?

Link to comment
Share on other sites
Albert Tatlock Grand Master

Albert Tatlock

Posted
Posted
Poor access, security and accountability are but three of the reasons why I would refuse to hand over my biometric data to the government, because once I did and it was stolen or 'lost', I would never be able to change my fingerprints or my iris, though criminals in the not too distant future will be able to emulate them.

Are you, therefore, surrendering your passport when they start to take fingerprints of all ten digits at renewal?

I live in the hope that it will not come to that and the ID card system idea will end up where it belongs - firmly in the bin.

Link to comment
Share on other sites
Cronky Newbie

Cronky

Posted
Posted
I live in the hope that it will not come to that and the ID card system idea will end up where it belongs - firmly in the bin.

 

My sentiments entirely. However, if you go to Annex 1 of the Identity and Passport Service

Strategic Action Plan and turn your head sideways you will note that it states that by the end of 2009:

 

'Enrolment of fingerprints for passports and ID cards begins'

 

Therefore you will have no choice but to give your fingerprints to the National Identity Register and possible further afield such as the EU and the USA. Your only hope here in the Isle of Man is to get an Irish passport which will not incorporate fingerprints.

 

Thought provoking isn't it? Certainly the United Kingdom is nothing like the free country my parents and grandparents fought to defend.

Link to comment
Share on other sites
Albert Tatlock Grand Master

Albert Tatlock

Posted
Posted
I live in the hope that it will not come to that and the ID card system idea will end up where it belongs - firmly in the bin.

My sentiments entirely. However, if you go to Annex 1 of the Identity and Passport Service

Strategic Action Plan and turn your head sideways

I tried that - all I saw was the back garden.

Link to comment
Share on other sites
Cronky Newbie

Cronky

Posted
Posted

Drollery apart, the point is that you will be faced with a 'choice'. Either place your fingerprints on a scanner and have them downloaded to the NIR or not get a new passport. If you don't believe me then check with the passport people here.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...