Last weekend the Sunday Times reported the existence of a database containing details of up to 8m UK children, the content of which will be made available to the police, medical staff and social workers when appropriate.
‘[Data] would be provided only to those who needed to see it in line with data protection laws,’ said one local authority involved in the project.
Just two days later, the Times reports on a Royal Navy submariner who gathered secret material, including cryptographic software, to pass to a foreign government; presumably, the Royal Navy thought its data was secure.
Secure? Yes, but only if no-one has the key…
So there we have it: your data is safe with us – until someone disgruntled, nosy, good at cracking passwords, politically motivated, susceptible to cash inducement or a combination of the above, with access to a ‘secure’ system, decides otherwise.
After more than 30 years in and around IT, it seems clear: genuinely secure systems are few and far between; it’s not the IT infrastructure that’s the problem, it’s people.
We’re under pressure or lazy or brain dead, and the next thing you know is that a password gets passed to someone unauthorised (“It’s OK, I’ve known him for years“) or someone copies data to a flash drive to work on it at home.
Rule #1 of computer security is that anything secured one person can will be unsecured by another, given time and opportunity.
I can see into the future: a DVD of pupil data will be found on a rubbish dump or a laptop with half a million confidential records will be left on a train, and a government spokeswhatever will trot out the usual inanity that ‘lessons will be learned from this episode‘.
Of course they should be, but they never are; because the individuals in charge of these huge volumes of personal information – so tempting to the criminal, the nosy and the malicious – simply don’t seem to understand that, in the long term, no large data repository can remain totally secure.
It’s the people, stupid.
Update: In today’s Times: “A computer used by Paula Broadwell, whose affair with General David Petraeus led to his resignation as head of CIA, contained substantial confidential information, officials said last night“.
I rest my case.
If you found this entry interesting, a mention on Facebook or a tweet would be good! Thanks.
