Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Security United Kingdom Your Rights Online

UK Intel Agency's Missing Laptops Might Contain Sensitive Data 51

superapecommando writes "GCHQ lost 35 laptops in one year, potentially containing highly sensitive data. The UK's electronic spy centre was today lambasted by MPs for having a 'cavalier' attitude to data security. The centre is responsible for tracking the electronic communications of terrorists. In a new report, the Commons Intelligence and Security Committee expressed concern that GCHQ appeared to be entirely unaware whether or not the computers, lost in 2008, contained top secret information on people posing an imminent security threat to the country."
This discussion has been archived. No new comments can be posted.

UK Intel Agency's Missing Laptops Might Contain Sensitive Data

Comments Filter:
  • 'lost laptop' translates as 'executive perk'.
  • I did not understood the relation between Intel and UK MP's until I thought the word may have been abbreviated.

  • I've always wondered whether these 'lost laptops' are simply the personal laptops of employees, that should never have been anywhere near anything to do with GCHQ, and GCHQ is just being overly cautious (does not know what, if any, data accidentally ended up on a personal laptop, so assume the worst). Or it could just be garden variety incompetence. Except for the unlikely event of an intelligence service disclosing far more information than would be prudent, there's little to tell either way.
  • What do they mean by lost? Is it lost like "Lost in space", "Just lost The Game" or "Sorry, I *lost* my homework"?
    • The world would be a much safer place if all these secret agencies *lost* their funding.
      • The world would be a much safer place if all these secret agencies *lost* their funding.

        Oh man, are you so dead. Dead, diced, buried in soft peat for 18 years and finally DNA tested to reveal that you were an Albanian illegal immigrant all along. Remember that family you used to have? Well don't worry about them, the remaining ones don't remember you.
        As they say in Texas "Dead man walking!"

    • by Xest ( 935314 )

      If it's anything like the rest of public sector from when I worked in it for a while some years ago, then "lost" means "I left my laptop perfectly visible in the back seat of my car which I left parked outside on the street overnight in a not exactly crime-free part of town".

      So if they want to find them, eBay, or the house with the dodgy people in down the street are probably the best places to look.

  • by maxwell demon ( 590494 ) on Saturday March 13, 2010 @07:30AM (#31463218) Journal

    Well, surely it has been appropriately encrypted with strong encryption and protected with a strong password. After all, those people are not completely incompetent, are they?

    • by fluch ( 126140 )

      After all, those people are not completely incompetent, are they?

      In the UK? You should reconsider your rhetorical question...

      • This would be the UK that led the development of modern computing with the work of Alan Turing, led the development of the use of computers in industrial and military environments (Bletchley Park) and which dramatically shortened the second world war. This would be the UK that invented public key cryptography before the NSA. This would be the UK which developed working, scalable MIMD parallel processing (transputer) in the early 90s. Then there was the matter of Boole, who did some minor mathematical work.

    • Well, surely it has been appropriately encrypted with strong encryption and protected with a strong password. After all, those people are not completely incompetent, are they?

      Considering who you are talking about.. the answer can be summed up as.. BWHAAAA!!!

    • by Fred_A ( 10934 )

      After all, those people are not completely incompetent, are they?

      <deep>I find your faith disturbing...</deep>

    • by Shimbo ( 100005 ) on Saturday March 13, 2010 @08:48AM (#31463560)

      Well, surely it has been appropriately encrypted with strong encryption and protected with a strong password. After all, those people are not completely incompetent, are they?

      Well, GCHQ workers *invented* public key encryption, so they are obviously not all completely incompetent. Big organisations lose laptops. It's more that they don't have the paperwork to prove nothing secret hit these machines. It's sloppy but hardly unexpected.

      • by johnw ( 3725 )

        Well, GCHQ workers *invented* public key encryption...

        And the story told by one of the inventors is that he made the crucial breakthrough whilst mulling the problem over in his head at home. So strict was the security in those days that he wasn't even allowed to write down his idea on a piece of paper outside the office, and he worried dreadfully that he might forget the details before he got back into the office and was able to record it.

        Clearly if they're now leaving laptops lying around, things aren't quite so strict.

  • This should not be a problem IF the hard drives are full disk encrypted. Now the "if" in the previous sentence is the crucial point...

    • Re: (Score:2, Insightful)

      by gmccloskey ( 111803 )

      All UK government devices storing information classified as RESTRICTED ( no US equivalent) must have two factor authentication, and full disk encryption using a FIPS140 certified product from a CESG-approved list. Anything carrying CONFIDENTIAL or SECRET has the same, plus additional techniques and handling protocols to ensure CIA (confidentiality, integrity, assurance). TOP SECRET isn't discussed in open forums.

      This is a non story if they are accidental losses. All organisations, including those within and

      • by Tim C ( 15259 )

        This is correct; I also have reason to have some understanding of correct handling and storage procedures for materials covered by the GPMS [cabinetoffice.gov.uk] and those laptops should be encrypted. If not then someone will be facing a shitstorm for it.

  • Where is Jack Bower when you need him?
    • Re: (Score:2, Funny)

      by Anonymous Coward

      He's probably being interrogated and tortured by Jack Bauer as to why the former is attempting to steal the latter's identity.

  • The centre is responsible for tracking the electronic communications of terrorists

    ...which is hardly feasible without having access to everyone's communications, since those deserving of surveillance don't tend to identify themselves by stating e.g. "This is a terrorist communication:" at the start of everything they say.

    GCHQ appeared to be entirely unaware whether or not the computers [...] contained [...] information on people posing an imminent security threat [...]

    Quite a few others should also/rather

    • The centre is responsible for tracking the electronic communications of terrorists

      ...which is hardly feasible without having access to everyone's communications

      Try "known or suspected terrorists" in the sentence in place of simply "terrorists" and all will be made right. Or as right as it gets.

      Quite a few others should also/rather want to know whether the computers contained information on people under an imminent security threat; information compiled by none less than the officials on a mission to protect them.

      Well, that's not their mission, but I guess it's not impossible. Usually if it does contain such information, it's on employees of the division in question, though not always.

  • They look downright responsible compared to the US Department of Homeland Security who supposedly lost over 1,000 laptops in a single year (2008).
  • Comment removed based on user account deletion
  • by rlp ( 11898 )

    Why didn't the UK mandate TrueCrypt (or equivalent) on laptops holding sensitive data?

    • They have - by mandating that appropriate controls are implemented, including full disk encryption. See http://www.cabinetoffice.gov.uk/spf/sp4_isa.aspx [cabinetoffice.gov.uk] - specifically requirement #40.

      Truecrypt is not a product tested and approved by http://www.cesg.gov.uk/ [cesg.gov.uk] so it can't be used for UK government business. If someone is willing to pony up the accreditation fees, and it passes, then it can be used.

      These new UK gov regulations are interesting - they make specific nominated individuals in every government organi

      • Re: (Score:3, Insightful)

        If it is anything like the rest of the present government policies, the actual requirement is to put a tick in a box labeled "Data is secure", and then apply a signature resembling "D. Duck" at the bottom of the paper, which is then filed along with 2,000,103 other pieces of identical paper with no way of tracing which piece applies to which equipment. My Guess is that Donald Duck had best be afraid ... very afraid. As should anybody in the UK who would prefer his personal data is not on sale at a market s
      • If someone is willing to pony up the accreditation fees

        ....twenty thousand quid. Not surprisingly, the list of CAPS-approved [cesg.gov.uk] products is quite short and the suppliers that *are* accredited are a) making a mint and b) not inclined to improve their clunky, difficult-to-administer products in any way since all UK Govt clients are locked in to using them anyway.

        • by rlp ( 11898 )

          Not surprisingly, the list of CAPS-approved products is quite short

          PGP Whole Disk Encryption is on the 'CAPS-approved' list.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...