Information security and the telephoto lens: implications for cyber-security

A photographer’s zoom lens caused an embarrassing data leak, stemming from a photograph of an advisor carrying a sensitive document in plain view. Information security company commissum comments on the implications for national cyber-security.
Spread the Word
Listed Under

Information Security
National Security


Leith - Edinburgh - Scotland

Jan. 10, 2013 - PRLog -- On January 9th, the Daily Telegraph newspaper reported an exclusive story. The previous day, a photographer’s zoom lens caused a deeply embarrassing data leak from the UK Government, stemming from a photograph of a Government advisor carrying a politically sensitive document in plain view.  Information security company commissum comments on the implications for national UK cyber-security.

On January 8th, Patrick Rock (political advisor to the Prime Minister) was photographed in Downing Street carrying a sensitive document, which was not obscured in any way. The telephoto lens produced an image clear enough to disclose the content of one page, which discussed whether to release an annex to the Government’s Mid-Term Review. Unlike the latter, which was a positive survey of achievements, the annex includes information on pledges not yet delivered.  Hence releasing it would be politically damaging for the Government. However, even discounting the annex, the photo and news report are deeply embarrassing for the Government, as they reveal the political manoeuvring behind the scenes.

This is by no means the first time that sensitive information has been leaked from documents photographed in the hands of ministers and officials. In the past few years, the following similar incidents have occurred:

* May 2008:  Caroline Flint (Housing Minister) in Downing St:  Her briefing document on falling house prices revealed the sensitive comment “We can't tell how bad it will get”.

* April 2009:  Bob Quick (Assistant Commissioner, Metropolitan Police) in Downing St:  The UK’s most senior counter-terrorism officer was openly holding sensitive documents with details of an imminent operation to foil a bomb plot in the north of England. Their disclosure by means of a photograph led to a premature start to the operation, and later to Mr Quick’s resignation and the end of his career.

* August 2011:  Andrew Mitchell (International Development Secretary) in Downing St:  The low-level classified document in this case revealed (via a photograph) the Government’s concern that funding to Afghanistan must resume or the country could be destabilised, together with other statements of Government policy towards Afghanistan.

* August 2012:  Unnamed police officer outside Ecuadorian Embassy:  The officer was photographed holding a document stating that Julian Assange (founder of Wikileaks) should be arrested “under all circumstances”” if he should attempt to leave the embassy where he was sheltering.

Briony Williams, a security consultant at information security company commissum (see, comments:  “Several of these incidents had important implications, and in at least one case the information leak directly impacted a national security operation.  Yet it would appear that officials have still not learned the lessons of previous incidents.  This kind of low-tech ‘visual data security’ can have extremely serious consequences.”

The Defence Minister Andrew Murrison announced recently that the UK Government will spend £650 million on the National Cyber Security Programme over the next four years, while the UK Cyber Security Strategy, published in November 2011, announced several new initiatives.  Briony Williams of commissum comments again:  “It is ironic that, at a time when new programmes and an increased cyber-security budget are coming into play, it is elementary blunders such as this which are responsible for many of the most damaging data leaks in terms of political strategy.  The use of a briefcase or an opaque folder would be a zero-cost solution to this problem, and yet so often those in power appear fixated on the more glamorous high-tech cyber-defences.  It makes no difference how impregnable your firewall is, or how fiendishly complicated your data encryption, if at the same time a legitimate data user is openly displaying documents to photographers.”

One thing remains clear:  cyber-security technology may have evolved quickly to a high level, but securing the human may prove to be more difficult.
Email:*** Email Verified
Phone:+44 845 644 3217
Zip:EH6 6LB
Tags:Cybersecurity, Information Security, National Security, Politics
Industry:Security, Computers
Location:Leith - Edinburgh - Scotland
Account Phone Number Verified     Disclaimer     Report Abuse
commissum PRs
Trending News
Top Daily News
Top Weekly News

Like PRLog?
Click to Share