Feeds

MoD coughs to laptop triple whammy

'We lost three unencrypted laptops, not one'

The Power of One Infographic

Updated: Defence minister Des Browne has admitted that the Ministry of Defence (MoD) has lost not one, but three laptops containing unencrypted information since 2005.

Last week, it emerged that the MoD had lost a laptop containing the personal details of 600,000 people who had expressed an interest in joining the armed services.

The laptop was stolen from a junior Naval officer, who had left the machine in a car parked overnight in Edgbaston, Birmingham. West Midlands police are investigating the theft.

An internal MoD investigation has already uncovered the other two losses.

The latest government humiliation is particularly disturbing because of the obvious security risk. Browne said last night he was well aware of the potential danger, especially for forces serving in Northern Ireland.

The MoD will now write to 3,700 people whose bank details were on the laptop and to the 153,000 people who applied to join the Royal Navy, the Royal Marines, and the Royal Air Force. Their records contained much more information including passport details, National Insurance numbers, driving licence details, and doctors' addresses.

Information Commissioner Richard Thomas said: "The volume of information in this case is significant and I am concerned about the sensitivity of some of the information contained on the laptop and the fact it pertains to military personnel. But this is not just about security. We will need to know why so much information on so many people was held on a laptop and whether any of it had been retained for too long."

Des Browne also announced yet another independent review of MoD data practises to be headed up by Sir Edmund Burton.

Talking to Parliament yesterday, Browne said: "It is not clear to me why recruiting officers routinely carry with them information on such a large number of people or why the database retains this information at all."

Ministers were told of the theft on 11 January, but believed at the time that the data was encrypted. They were told it was not encrypted on 14 January, and later told the Information Commissioner and police. The Association for Payment Clearing Services was also informed.

By 18 January all other MoD laptops were recalled and secured.

The Royal Navy has completed its own internal investigation and is considering what action to take against the junior officer.

The data was not encrypted, in breach of MOD rules, and the failure of procedure and compliance was not found by the government-wide review of security policies we were promised after the loss of 25 million private records by Her Majesty's Revenue and Customs in October.

Des Browne told Parliament yesterday: "The level of encryption used by the Ministry of Defence on its computers is stronger than that used for commercial applications and our IT authorities judge that a significant amount of time, resources, and particular expertise would be needed to access the data in a readable format."

Which would be reassuring if the MoD had in fact encrypted the data.

We asked the MoD what this super, if under-used, form of encryption was. It's promised to get back to us if it can comment without giving away too much information.

The MoD sent us the following statement: "We will not go into detail about our security specifications. Whilst the encryption algorithms used within our approved products may be the same as those used by industry, the implementation of the encryption mechanism within these specific products has been assessed such that its strength is considered suitable for the protection of MoD data. We judge that generally speaking the strength of these mechanisms is higher than typically required for commercial use." ®

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.