Who Owns Your Information? (Volume III)

A laptop crammed with secret data was stolen from inside the United Kingdom’s Ministry of Defense (MoD) nerve center. Ordinarily that wouldn’t be a big deal since they finally learned and the data on this particular laptop was fully encrypted.

However, the USB device used to decrypt the highly sensitive data was stolen along with the laptop.

The loss was said to have occurred toward the end of November but news of the event did not leak out until late last week and was not con firmed until ear lier this week. A spokesman for the MoD said that “an investigation by MoD police is ongoing and it would be inappropri­ate to comment further.” Well, no kidding!

While at SanDisk, I proposed a system which would use GPS and access to wireless networks to determine where a device was, and if it was not where it was supposed to be, it would either lock up or erase itself. The system was never built, but I am guessing we would have had at least one customer.

What Did We Learn From This?

Just like you would normally keep the key or combination away from the lock which it opens, you should keep the electronic key away from the information which it is protecting. You also shouldn’t write your password on a sticky note and put it under your keyboard.

And as an aside, if you have guns at home, keep them and the ammunition locked up separately so the kids don’t try to play cops and robbers with a loaded weapon. The UK MoD just shot themselves in the foot and we don’t need any more of that.

In Other Exciting News

3D versions of Avatar have a complex Digital Rights Management (DRM) system which involves several certificates and server-delivered time-sensitive keys. Several theaters in Germany received these protected versions of Avatar for preview screenings. However, something went wrong with the DRM system and after trying for several hours to get the film decrypted so they could play it, at least one theater gave up and went 2D. Now why the heck would you DRM something that takes a few hundred thousand dollars of specialized equipment to show? I mean, it’s not like I can play it on my home theatre system even if I did steal it – and apparently the 2D version isn’t protected, which would play on my home system. I don’t even pretend to understand this reasoning and I guess that’s why I’m not in show business.

Ron LaPedis, MBCP, MBCI, CISSP-ISSAP, ISSMP
Founder and Principal
Seacliff Partners International, LLC

Get a Trackback link

Post a Comment