News By Tag
News By Location
Information security and the telephoto lens: implications for cyber-security
A photographer’s zoom lens caused an embarrassing data leak, stemming from a photograph of an advisor carrying a sensitive document in plain view. Information security company commissum comments on the implications for national cyber-security.
On January 8th, Patrick Rock (political advisor to the Prime Minister) was photographed in Downing Street carrying a sensitive document, which was not obscured in any way. The telephoto lens produced an image clear enough to disclose the content of one page, which discussed whether to release an annex to the Government’s Mid-Term Review. Unlike the latter, which was a positive survey of achievements, the annex includes information on pledges not yet delivered. Hence releasing it would be politically damaging for the Government. However, even discounting the annex, the photo and news report are deeply embarrassing for the Government, as they reveal the political manoeuvring behind the scenes.
This is by no means the first time that sensitive information has been leaked from documents photographed in the hands of ministers and officials. In the past few years, the following similar incidents have occurred:
* May 2008: Caroline Flint (Housing Minister) in Downing St: Her briefing document on falling house prices revealed the sensitive comment “We can't tell how bad it will get”.
* April 2009: Bob Quick (Assistant Commissioner, Metropolitan Police) in Downing St: The UK’s most senior counter-terrorism officer was openly holding sensitive documents with details of an imminent operation to foil a bomb plot in the north of England. Their disclosure by means of a photograph led to a premature start to the operation, and later to Mr Quick’s resignation and the end of his career.
* August 2011: Andrew Mitchell (International Development Secretary) in Downing St: The low-level classified document in this case revealed (via a photograph) the Government’s concern that funding to Afghanistan must resume or the country could be destabilised, together with other statements of Government policy towards Afghanistan.
* August 2012: Unnamed police officer outside Ecuadorian Embassy: The officer was photographed holding a document stating that Julian Assange (founder of Wikileaks) should be arrested “under all circumstances””
Briony Williams, a security consultant at information security company commissum (see http://www.commissum.com), comments: “Several of these incidents had important implications, and in at least one case the information leak directly impacted a national security operation. Yet it would appear that officials have still not learned the lessons of previous incidents. This kind of low-tech ‘visual data security’ can have extremely serious consequences.”
The Defence Minister Andrew Murrison announced recently that the UK Government will spend £650 million on the National Cyber Security Programme over the next four years, while the UK Cyber Security Strategy, published in November 2011, announced several new initiatives. Briony Williams of commissum comments again: “It is ironic that, at a time when new programmes and an increased cyber-security budget are coming into play, it is elementary blunders such as this which are responsible for many of the most damaging data leaks in terms of political strategy. The use of a briefcase or an opaque folder would be a zero-cost solution to this problem, and yet so often those in power appear fixated on the more glamorous high-tech cyber-defences. It makes no difference how impregnable your firewall is, or how fiendishly complicated your data encryption, if at the same time a legitimate data user is openly displaying documents to photographers.”
One thing remains clear: cyber-