Feeds

MoD coughs to laptop triple whammy

'We lost three unencrypted laptops, not one'

Maximizing your infrastructure through virtualization

Updated: Defence minister Des Browne has admitted that the Ministry of Defence (MoD) has lost not one, but three laptops containing unencrypted information since 2005.

Last week, it emerged that the MoD had lost a laptop containing the personal details of 600,000 people who had expressed an interest in joining the armed services.

The laptop was stolen from a junior Naval officer, who had left the machine in a car parked overnight in Edgbaston, Birmingham. West Midlands police are investigating the theft.

An internal MoD investigation has already uncovered the other two losses.

The latest government humiliation is particularly disturbing because of the obvious security risk. Browne said last night he was well aware of the potential danger, especially for forces serving in Northern Ireland.

The MoD will now write to 3,700 people whose bank details were on the laptop and to the 153,000 people who applied to join the Royal Navy, the Royal Marines, and the Royal Air Force. Their records contained much more information including passport details, National Insurance numbers, driving licence details, and doctors' addresses.

Information Commissioner Richard Thomas said: "The volume of information in this case is significant and I am concerned about the sensitivity of some of the information contained on the laptop and the fact it pertains to military personnel. But this is not just about security. We will need to know why so much information on so many people was held on a laptop and whether any of it had been retained for too long."

Des Browne also announced yet another independent review of MoD data practises to be headed up by Sir Edmund Burton.

Talking to Parliament yesterday, Browne said: "It is not clear to me why recruiting officers routinely carry with them information on such a large number of people or why the database retains this information at all."

Ministers were told of the theft on 11 January, but believed at the time that the data was encrypted. They were told it was not encrypted on 14 January, and later told the Information Commissioner and police. The Association for Payment Clearing Services was also informed.

By 18 January all other MoD laptops were recalled and secured.

The Royal Navy has completed its own internal investigation and is considering what action to take against the junior officer.

The data was not encrypted, in breach of MOD rules, and the failure of procedure and compliance was not found by the government-wide review of security policies we were promised after the loss of 25 million private records by Her Majesty's Revenue and Customs in October.

Des Browne told Parliament yesterday: "The level of encryption used by the Ministry of Defence on its computers is stronger than that used for commercial applications and our IT authorities judge that a significant amount of time, resources, and particular expertise would be needed to access the data in a readable format."

Which would be reassuring if the MoD had in fact encrypted the data.

We asked the MoD what this super, if under-used, form of encryption was. It's promised to get back to us if it can comment without giving away too much information.

The MoD sent us the following statement: "We will not go into detail about our security specifications. Whilst the encryption algorithms used within our approved products may be the same as those used by industry, the implementation of the encryption mechanism within these specific products has been assessed such that its strength is considered suitable for the protection of MoD data. We judge that generally speaking the strength of these mechanisms is higher than typically required for commercial use." ®

Top three mobile application threats

More from The Register

next story
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.