DATA THEFT - AGAIN!
First it was customer details from a large high street bank. The loss occurred months ago but the bank only divulged the incident recently. Today the salary details of a half of the metropolitan police force are revealed as having gone walkabout. Now there is no reason to suspect that either of these thefts was intended to steal the data that have gone missing. Both of the "victim organisations" assure everyone who will listen that identity theft is not possible using these data. The bank goes further and guarantees that none of its customers will suffer financial loss as a consequence. But those reassurances are rather beside the point.
I am assuming that you spotted those irony marks around the phrase victim organisations in the preceding paragraph because they were no slip of the finger and they are there to indicate my disgust with the organisations involved. Their assurances do not wash for the simple reason that not in either case did they address fundamental questions that nobody seemed to be asking - and questions that need to be asked.
Both thefts were of laptop computers and laptop computers are notoriously, almost definitionally, portable. Much more portable than say a mainframe or a big server. Now every book I have ever read on data security, and every article that I have ever written on the subject, addresses physical access as the first line of defense in a secure environment. The less secure the physical location of the data the more secure the other protections should be. Laptops left in any IT organisation that I have ever worked for have been securely padlocked to desks for that very reason. Now given that the stolen laptops all had very sensitive data loaded onto them one has to ask why they were not physically secured. Neither of the thefts appear to have required forcible removal of locks or chains and perhaps if they had then the thieves might have walked off with something a little less obviously problematic.
As we have just explained if the computers themselves were not physically secured then it stands to reason that the data upon them should have been electronically more secure than the original datasets but before we get to that issue let us first ask what to me is the key question here: what was live data doing on those machines in the first place? And why so much of it? Back in 1985 when I was working for a very large insurance company if I had wanted access to even a single live customer data record I would have had to have had a very good reason and then to fill in a form in triplicate to be submitted to and cleared by our data protection officer. And this under the 1984 Data Protection Act (repealed by the Data Protection Act 1998). So how is it that some employee of the Nationwide has the live customer records of possibly 11 million customers downloaded onto a laptop and slung in the back of his car/sofa? Where in these cases is the Data Protection Registrar (or is it commissioner these days?) in all this data theft? Strangely quiet, if not entirely absent methinks.
Turning now to the question of electronic or non-physical security of sensitive data it may come as a surprise to some of you to realise that in this, the 21st, century the customer data in most financial computer systems or databases and probably most government databases too - this is your data we are talking about - is in clear form. And when I say that your personal and financial information is stored in clear form I mean it is not encrypted. If you can find it you can read it without any extra effort or processing - it is not encoded at all! And it should be! It should be encrypted where it is stored and it is not. It is not difficult technically. It is not unduly onerous in computing terms. But it is not done. If it were stored in encrypted form then it is most likely that whenever it were transmitted or transferred then it would be encrypted until needed.
Now you may be wondering what extra security could have been applied or should be applied when data leaves its home location (preferably a data vault) and is loaded out onto something as inherently insecure as a laptop. The answer is fragmentation. Only parts of any live record should be made available to any insecure device or location. Ideally, all sensitive data records should be both encrypted and fragmented in the data vault and access to them only granted through a specific application or system and only at secure locations. Customer data downloaded to insecure devices or locations should be both incomplete and encrypted. End of story. So why isn't it? And why does nobody ask why it isn't?
‽
"Methinks"?
ReplyDelete"A really pretentious and annoying way of saying "I think"....."suggestive of idiocy"
- urbandictionary.com
Do me a favour derek (with a lower case d) - if you are going to come in regularly and snipe - click on an ad now and then and generate me some revenue
ReplyDeleteInteresting to read the opinion of an IT professional regarding these issues, but even to geriatric Luddites like myself who discovered the joys of computers only 2 years ago the issues you raise seem obvious and absolutely elementary, yet surprisingly neither the organisations themselves nor the Data Protection Registrar appear to be concerned about them!
ReplyDeleteAnd to think that I encrypt securely my personal data on this simple little desktop system, even though I am the only person with access to it, and it is kept in my securely locked home.
Another tale you forgot to mention: recently someone stole all the personnel records of DHSS staff and used that information to claim benefits from the DHSS itself!
Yet our Illustrious Leader, Toney Baloney, advises us that the 'National ID Database' will be entirely secure, accurate, and hacker-proof! ROTFLMAO!
I'm tired of living in a country run by incompetent megalomaniacs, but I can't think of anywhere better!
BTW, the 20 volume OED 2nd Edition(which is just a tad more credible than urbandictionary.com) gives 'methinks' as 'now archaic, poetic and regional' which led me to believe that you were giving vent to your artistic sensibilites by using that word.
ReplyDeleteMind you, I'll bet the reason that 'derek'(sic - how's that for ignorance), knows the urbandictionary definition because he didn't know the meaning of the word and had to look it up. LOL!
Ah, but I can spell "Barry Bucknell"....
ReplyDeleteWhat else can you do, onanist?
ReplyDelete