When a ministerial statement is made in the Commons, it is normally repeated in the Lords. We had the statement this afternoon on the security breach where a Cabinet Office official left highly sensitive security material on a train. The Government announced that there was to be a review of security.
It was clear from the statement that there is still too much reliance on the ‘good chaps’ principle. People sign a piece of paper saying they will behave. There is then a review of security when someone, either by inadvertance or design, breaks the rules. The rules were clearly inadequate to prevent the unauthorised removal of sensitive material from the Cabinet Office.
I intervened to ask a question. The point I made was that the security of the Cabinet Office appeared inferior to that of an average supermarket. If you walk out with something of value for which you have not paid (i.e. an unauthorised removal) you trigger an alarm. I could equally have made the point, and perhaps more aptly, in respect of a University library. It is possible to tag material so that it triggers an alarm if one tries to leave with it. Given the seriousness and the obvious problem, why not take action now rather than wait for a review? The minister said she did not wish to pre-judge the review, but what I had said would have been heard. I do hope so. It is rather worrying, to say the least, when an electric shaver has better security than a top secret document.
Splendidly put.
When this gvt attempts to portray their concern for our security they should look at their own record first, if only they could find where and when they last saw it…
I imagine this official has merely become to accustomed to handling state secrets, to the extent that they’re just so ordinary to them that all normal caution goes out the window – sadly inevitable, I imagine, when people are allowed to take paper copies of these things (presumably home?) with them.
I’d sympathise if it wasn’t entirely their own fault – I would not have wanted to be them, in the Cabinet Office, when someone told Gordon next door.
As for what Lord Norton says – yes, surely it would be a simple matter to attach RFID tags to these documents as a matter of course?
i love the idea of an alarm…
Indeed–it seems very obvious. Though one would expect electronic documents to be increasingly important, so maybe a cryptographic mechanism for securing these should be considered.
It would be interesting to know how electronic security is implemented in the Lords, if at all. Are emails encrypted? How about laptops?
I can imagine the fun which would ensue if a laptop was left on a train with nothing more than a Windows password to protect it.
There are a couple of problems with tagging these sensitive documents, such as by design it would be easily possible to ascertain if someone was carrying important documents and there target them for theft. This would be a hazard for both the document and the person working with it.
Also, as far as I know, there was what should have been an effective security policy in place; the document should have been locked in a briefcase at all times while in public. The official involved must have known that they were going against policy when they took the document out of the briefcase while on the train. If they hadn’t done that, they wouldn’t have been able to forgetfully leave it on the train.
Great idea for printed, physical documents but in today’s world there is an entire extra dimension to this that unfortunately supermarket style alarms wouldn’t be able to cope with: documents/information in digital form (e.g. emails, reports etc)
One has to wonder how many digital documents of a similar security level have been lost/misplaced that we haven’t got to hear about simply because you don’t find them on the train out of Waterloo!
Alex Meadows: I doubt if we have documents in the Lords that are subject to a ‘top secret’ classification! Alastair Mailer: the point of the alarm is to ensure that the documents are not removed from the building. The official in this case was not authorised to remove the particular documents. If they are removed with authorisation, then – as you mention – they have to be kept in a locked briefcase, so any tag attached to them would not be visible. Matt: You raise an issue that is also a matter of major concern: the loss of electronic data. My concern in this case is with material held in paper form. There have been cases where laptops with sensitive defence data have been stolen.
Lord Norton: the alarm is a good idea for physical documents.
I’ll apologise in advance, as am going to bring the conversation back to electronic documents, but if you ever need to look into electronic security, all the geeks I know use TrueCrypt (it’s Free/Libre software, am not trying to sell you something here).
It can hide data as well as encrypting it. Meaning even if a laptop were lost, the thieves would never even know the ‘ultra-secret plans for Lord Norton’s Secret Underground Base’ were on there. This has the added benefit of working around certain dodgy UK laws on encryption passwords. 🙂
Anyway, sorry for the long post, didn’t mean to waffle so much!