British army officer leaves laptop at pub

[fourier jr]

LONDON, Feb. 12 (UPI) -- A British army officer left a laptop containing information on military exercises, weapons locations and private information at a pub, The Sun reported.

A Royal Engineers captain reportedly left his laptop under the booth at a London pub following a night of drinking. A patron gave the computer to The Sun, the newspaper said Tuesday.

The laptop contained private information of more than 200 soldiers and their families in addition to the military information, the report said.
etc etc

http://www.upi.com/NewsTrack/Top_News/2008/02/12/british_army_officer_leaves_laptop_at_pub/2351/

As a Canadian I can't really point & laugh. Back in the 1980s Canada's minister of defence took a big folder full of sensitive NATO documents with him to a strip club in Germany. (at least he resigned soon afterwards)

 

[mgb_phys]

The government just lost a couple of CD with the name,address and bank account details of 20million people on them! It put them in the post and they never arrived - that was standard operating procedure for tranferring data!

Last year it lost a laptop containing the name, bank details and passport info for 600,000 people who had applied to join the army.
http://www.theregister.co.uk/2008/01/22/mod_gives_away_data/

 

[CaptainQuasar]

That would seem to imply that the hard drive wasn't encrypted. I knew they'd scrapped plans to have a nuclear-powered navy but the British military must really be strapped for cash because that kind of technology is available http://www.truecrypt.org/".

⚛​

 

[Huckleberry]

Why would someone who knew that the laptop belonged to a military officer take that information to the press instead of returning it to the military? And why would an officer bring sensitive military information into a public bar? I don't trust my government completely either, but I don't understand intentionally sabotaging it for any particular reason. The courteous thing to do is to return property to the owner, regardless of what one thinks of them. Someone stole the laptop and the information on it and should be held accountable for it.

 

[CaptainQuasar]

Assuming that the laptop is eventually returned to the military and that the newspaper vouchsafed that it would be, was the laptop really stolen? Holding the government accountable for being delinquent in its duties like national security rates much higher for me than holding someone accountable for maybe stealing property. And if the laptop had gone directly back to the military I doubt anyone would have found out about the security slip-up. There is not any sort of civic duty to help the government cover up its messes and mistakes, in fact your civic duty is exactly the opposite, to make sure the government is held accountable.

One of the points made in Michael Moore's movie Sicko was “In America the people are afraid of the government, in France the government is afraid of the people.” A nationalist and bombastic sentiment to be sure by the Frenchman who said it but here in the U.S. we ought to be trying harder to make sure the government is afraid of us rather than the other way around.

⚛​

 

[NeoDevin]

And if the laptop had gone directly back to the military I doubt anyone would have found out about the security slip-up. There is not any sort of civic duty to help the government cover up its messes and mistakes, in fact your civic duty is exactly the opposite, to make sure the government is held accountable.

What you say is true to some extent, but I would say there is a difference between covering up the government's mistakes, and exposing potentially sensitive information to the media. To me, a more appropriate course would be to return the laptop to the rightful owner/government, but inform the media of what happened. I don't know the nature of the information on the laptop, so I can't say how serious it is that it got leaked.

 

[Moonbear]

Why would someone who knew that the laptop belonged to a military officer take that information to the press instead of returning it to the military? And why would an officer bring sensitive military information into a public bar? I don't trust my government completely either, but I don't understand intentionally sabotaging it for any particular reason. The courteous thing to do is to return property to the owner, regardless of what one thinks of them. Someone stole the laptop and the information on it and should be held accountable for it.

I was thinking this too. Who takes a found laptop straight to the media? Why not give it over to the pub owner to return when someone comes looking for it?

For that matter, how did the person who found it know it contained anything worth handing over to the press, and I agree, why was he carrying around the laptop like that to a pub anyway?

Something about this all sounds hinky. Was the officer disgruntled about something and set up the scenario to leak something to the press? Perhaps it was intentionally leaked for some reason only known to the military (faked plans to throw the press off the trail of their real plans)?

 

[mgb_phys]

The old cock-up vs conspiracy arguement.

The explanation for a lot of these problems is that since IT for government and military has been outsourced it is very difficult to use any of it since any request immediately turns into large consulatancy bills that need levels of approval - so there is an unoffical parallel IT system of Excel spreadsheets and Access databases being passed around people's laptops.
Ironically extra security requirements seems to have made this worse - if it now takes you 2 hours to get to read your email because you have to go to a special secure terminal and have it's use approved by 3 senior officers there is a strong incentive to just forward everything to your hotmail account.

Anyone who has worked in engineering spends most of their time trying to work around new processes put in place by management for either security or economy or accountablility - looks like the army is no different.

 

[CaptainQuasar]

What you say is true to some extent, but I would say there is a difference between covering up the government's mistakes, and exposing potentially sensitive information to the media. To me, a more appropriate course would be to return the laptop to the rightful owner/government, but inform the media of what happened. I don't know the nature of the information on the laptop, so I can't say how serious it is that it got leaked.

But if the laptop was simply returned outright and no one actually examined it, don't you think that the military would have simply said that it was his personal laptop and it didn't have any sensitive material on it, and that their security procedures are working flawlessly? If you're going to put so much trust in the government to be honest why not put the same trust in journalists?

Doesn't sensitive material usually fall into the hands of “the enemy” through government malfeasance, rather than journalistic malfeasance?

⚛​

 

[mgb_phys]

Doesn't sensitive material usually fall into the hands of “the enemy” through government malfeasance, rather than journalistic malfeasance?

Except the enemy are the journalists.
If the enemy find a secret they can't do anything with it unless there's a war.
If the press find out, your job is in danger the next morning!

 

[mheslep]

The most recently famous US case must be that of John O'Neil, the FBI counter terrorism specialist who raised many alarms about AQ prior to 9/11. O'neil lost his job w/ the FBI after leaving classified documents in a hotel. He subsequently became the WTC security chief and was killed in a tower collapse.

 

[Brisar]

Sh*t happens. What you going to do now? I think, they suppose to have all their info on the net

 

[Evo]

When I worked with a laptop that carried sensitive information, when I left work, I carried the laptop with me. If we decided to stop somewhere after work, we had two choices, lock the laptop in the car, or bring it in with you.

You'd think locking it in the car would be safe. No. On one occasion one of my co-workers had his laptop locked in the trunk. Thieves broke into the car and stole his laptop. We all then ran out to the parking lot to check on our cars and we then brought our laptops into the bar to keep them with us. Of course our laptops had all kinds of security that prevented the laptop from working, you'd have to enter a password, and then there was a separate "card" that would display a nine digit number every 60 seconds that was synched to only my laptop that had to be entered. Otherwise nothing would happen, you would never complete setup.

Anything can be hacked, but your normal thief would find the computer to be useless.

 

[f95toli]

Why would someone who knew that the laptop belonged to a military officer take that information to the press instead of returning it to the military?

I suspect the answer is at the end of the quote: "...The Sun reported".
I think we can safely assume that whoever brought the laptop to The Sun made some money.
The Sun is the worst kind of tabloid and they thrive on stories that makes the government (regardless of which party is in power) look incompetent.
I must admitt I also have some prejudice against people who read The Sun on a regular basis.

 

[CaptainQuasar]

Anything can be hacked, but your normal thief would find the computer to be useless.

Anything can be hacked, anything can be socially engineered, but using a hard drive encryption tool is waaaaay safer than just relying on your password or possession of a computer to physically protect really sensitive data. For exactly this lost laptop scenario. And as I noted above extremely high-quality hard drive encryption tools are available for http://www.truecrypt.org/", so there's no excuse.

Although if I was a bad guy I would suck all the existing data off of it, load it up with spying and infiltrating viruses, and then return it. I hope the military et cetera has decontamination procedures for when things like this happen.

Despicable though tabloids like the Sun are I think that in this case by serving their craven self-interest they're actually doing a public service. A military or government organization would normally have to pay top dollar (£?) for this kind of security http://en.wikipedia.org/wiki/Penetration_testing" . If their procedures and rules are tidied up at all because of this it has done good, whether it's because those procedures aren't in place or because the guy who the laptop belonged to didn't understand them.

⚛​

 

[mgb_phys]

And as I noted above extremely high-quality hard drive encryption tools are available for http://www.truecrypt.org/", so there's no excuse.

The problem is that truecrypt isn't the MOD standard so you aren't allowed to use it. The official standard of course won't be available on the laptop because they generally run about 10years behind current technology and the standard will have to include all sorts of stuff about TEMPEST sheidling and explosive self destruct so isn't practical - the result is no security at all.


The missing CD-ROMS was funnier. The dept had a security policy for encrypting data when sent between departments but the worker who sent the data wasn't allowed to know about it because the security policy was classified

 

[Evo]

Anything can be hacked, anything can be socially engineered, but using a hard drive encryption tool is waaaaay safer than just relying on your password or possession of a computer to physically protect really sensitive data. For exactly this lost laptop scenario.[/RIGHT]

Believe me whatever was possible to prevent access to information on the hard drive was on this laptop, the main issue was what my computer was capable of accessing that had to be disabled.

Having an additional password that changes every 60 seconds makes things a bit harder to get into.

 

[CaptainQuasar]

The missing CD-ROMS was funnier. The dept had a security policy for encrypting data when sent between departments but the worker who sent the data wasn't allowed to know about it because the security policy was classified

Ha.

⚛​

 

[mgb_phys]

Ha.

There isn't a lot of logic about security services.
At work we got a defence contract so there was a call for anyone who had security clearance.
But having a classified clearance is itself classified.
But you would only know that if you had classified clearance!

So you couldn't say yes and couldn't say no !

 

[CaptainQuasar]

The explanation for a lot of these problems is that since IT for government and military has been outsourced it is very difficult to use any of it since any request immediately turns into large consulatancy bills that need levels of approval - so there is an unoffical parallel IT system of Excel spreadsheets and Access databases being passed around people's laptops.

I can definitely confirm that. The same thing happens in many of my larger clients because the IT staff is siloed.

Anyone who has worked in engineering spends most of their time trying to work around new processes put in place by management for either security or economy or accountablility - looks like the army is no different.

I can say that I've had the pleasure of avoiding that because I've mostly worked at high-tech startups. But on the other hand I've also seen engineers at those sorts of companies do some incredibly shoddy engineering (often again under the frenzied lash of managers) that ends up getting shipped directly to the customer.

⚛​

 

[Moonbear]

Having an additional password that changes every 60 seconds makes things a bit harder to get into.

Unless you do like most people with those things and just drop the fob into the computer bag so all the thief needs to do is look through the pockets to find it. Human nature is the worst enemy of security, and the more complicated they make the security, the more people have to make it less secure so they don't forget how to get into the computer themselves.

 

[Evo]

Unless you do like most people with those things and just drop the fob into the computer bag so all the thief needs to do is look through the pockets to find it. Human nature is the worst enemy of security, and the more complicated they make the security, the more people have to make it less secure so they don't forget how to get into the computer themselves.

Even worse, the number that popped up on the display had to be used in conjuction with a "secret pin" number, which people wrote down and inserted into the carrying case for the secure access device.

 

[chemisttree]

There isn't a lot of logic about security services.
At work we got a defence contract so there was a call for anyone who had security clearance.
But having a classified clearance is itself classified.
But you would only know that if you had classified clearance!

So you couldn't say yes and couldn't say no !

Your company's security POC knows all who have the required clearance. It should be pretty straightforward from there. The security misstep occurred in the first place when a global announcement was made referring to the defence contract itself. The contract POC (company lawyer?) and the person who responded to the RFP should have known this and handled it completely differently...

 

[Huckleberry]

But if the laptop was simply returned outright and no one actually examined it, don't you think that the military would have simply said that it was his personal laptop and it didn't have any sensitive material on it, and that their security procedures are working flawlessly? If you're going to put so much trust in the government to be honest why not put the same trust in journalists?

Doesn't sensitive material usually fall into the hands of “the enemy” through government malfeasance, rather than journalistic malfeasance?

⚛​

Yup, if the laptop was returned to the military and someone asked them later what was on it they probably would have lied. It's not like they would just wipe the sweat from their brow and say "Dodged a bullet there, that was a close one." They will hold their own military investigation and hold this officer accountable for his negligence.

Civilian authorities have no jurisdiction in this matter. Going public with this information only lowers the credibility of the military, and potentially exposes sensitive information to people that are not authorized to view it. The only purpose I see in that is someone creating panic and doubt and placing the lives of people in danger for a few quid. I don't see how he was doing anyone a public service in this case. There is no cover-up being exposed. There is no military plot here. Most likely it is just that one person made a mistake. Any military investigation that takes place now will only be hampered by the publicity created by the nature of this incident.

I don't know if information is leaked to the enemy more often from media or military, but I certainly don't think that the media is a good place to entrust military information.

 

[CaptainQuasar]

Most likely it is just that one person made a mistake.

I disagree. This demonstrates that, as I theorized and mgb_phys confirmed, the MOD as an organization is using antiquated and inadequate security technology in combination with modern laptops and data and document applications. There's no reason at all to keep the consequences of that under wraps.

Maybe there are some cases where the military or government establishment can be trusted with this sort of information but the public cannot. But history shows it's fairly frequently the other way around and I think that's true in this case.

⚛​

 

[mgb_phys]

From recent stories on theregister

"WASHINGTON - Between three and four FBI laptop computers are lost or stolen each month on average and the agency is unable to say in many instances whether information on the machines is sensitive or classified, the Justice Department's inspector general said Monday."

"A PC containing the personal details of as many as 26.5m US veterans has been stolen from the home of a worker at the Department of Veterans Affairs (VA), sparking a major security alert."

"IRS: When inspectors looked into the matter, they found that 490 laptops had been reported stolen between January 2, 2003 and June 13, 2006. Unfortunately, because reporting procedures for stolen laptops were often not followed, there isn't a real way to know whether this number is accurate."

"Three laptops, containing the payroll and pension details of more than 15,000 Met Police officers, have been nicked from the offices of LogicaCMG"

"Ernst & Young has lost another laptop containing the social security numbers and other personal information of its clients' employees. This time, the incident puts thousands of IBM workers at risk."

Several of these companies + the UK govt. then claimed that since there was a passwd the data was secure and there was no need to report the theft! Not encrypted note, just a passwd (probably an MS office passwd on a spreadhseet!)

 

[Huckleberry]

The article states that the Ministry of Defense already has a policy of not allowing laptops with personal information on them to leave government buildings. The laptop was not secure. It contained information on about 200 soldiers, military exercises and weapons locations. The officer in question was, at the minimum, negligent of the existing regulations. I'm not sure there is a regulation that can be created that prevents individuals from making mistakes or being subversive, though perhaps you are right that the result of this will be an improvement in security for the MOD.

The results will not justify the negligence of the officer, the theft of the information or the espionage of the media. It seems that the Sun in particular cannot be trusted with military information. So now, rather than just strengthening security, which they would have done regardless of the media exposure, the military also has to treat any information on that laptop as compromised, and deal with it appropriately. Depending on the specific information, that could cost taxpayers millions.

People should already understand the consequences of poor military security. I guarantee that the military understands this more than anyone. I do not consider it my civic duty to take property that does not belong to me, whether it be physical or intellectual property. It is not my duty to spy on my government in the hopes of making a small profit at the expense of the safety of others. If nobody had viewed this information and the story were just about an officer that left a laptop in a pub then I would have no complaints(edit-about the media story). However, this isn't a story just about a laptop. It's about information, and that cannot be returned. They had no right to spy on the government without just cause. Finding a wallet in the street does not entitle one to the money inside it.

 

[Moonbear]

T Finding a wallet in the street does not entitle one to the money inside it.

Or, perhaps more appropriate to the scenario, if one finds a wallet, you can open to find identification to help return it to the correct owner, but once you've found that, it's not right to then hand the wallet to the media so they can scrutinize every scrap of paper in it and publish a story about whose phone numbers and photos the owner had in it.

For all we know, The Sun has made a copy of all that data and handed it off to a foreign government to know what the British Army is up to.

Why would people assume they would do nothing about it if it was discovered quietly? One could have called the military base to return it, and thereby ensured the error of the officer was known by superiors without compromising the security of the information. Those IN the military have far more to risk from confidential information being leaked than your average reader of The Sun. I have no doubt that they'd come down hard on him if it were discovered, even if it was kept out of the public spotlight.

 

[Huckleberry]

Or, perhaps more appropriate to the scenario, if one finds a wallet, you can open to find identification to help return it to the correct owner, but once you've found that, it's not right to then hand the wallet to the media so they can scrutinize every scrap of paper in it and publish a story about whose phone numbers and photos the owner had in it.

For all we know, The Sun has made a copy of all that data and handed it off to a foreign government to know what the British Army is up to.

Why would people assume they would do nothing about it if it was discovered quietly? One could have called the military base to return it, and thereby ensured the error of the officer was known by superiors without compromising the security of the information. Those IN the military have far more to risk from confidential information being leaked than your average reader of The Sun. I have no doubt that they'd come down hard on him if it were discovered, even if it was kept out of the public spotlight.

There is also the possibility that the person who sold the information to the Sun will also look for more profit by finding others that are interested in the specifics of the information that the Sun was so kind as to reveal the general nature of to the public. There may also be people who hope to subvert the MOD who will seek this information themselves. Now they know where to find it.

 

[Evo]

My question is, was the information on that laptop completely unprotected? Not even a simple password was required? I seriously doubt that was the case, which means that they hacked into the computer to get the information. Isn't hacking into a Military and/or Government computer considered a serious crime?

 

[Poop-Loops]

Breach of national security, I'd say.

 

[cristo]

It's a little suspicious how the Sun always manage to get their hands on these juicy items, and thus the juicy stories that go along with them. But then, it is a reliable newspaper, and we should listen to everything it says...

 

[CaptainQuasar]

It is not my duty to spy on my government in the hopes of making a small profit at the expense of the safety of others.

It is a civic duty for a citizen of a free nation to keep an eye on their government, whether or not the government wants anyone to keep an eye on it.

Certainly not for a profit, though. I'm not saying it's impossible that anything wrong was done here, I'm just saying that simply finding out whether or not there had been a substantial breach of security is not a wrong or unethical action.

My question is, was the information on that laptop completely unprotected? Not even a simple password was required? I seriously doubt that was the case, which means that they hacked into the computer to get the information. Isn't hacking into a Military and/or Government computer considered a serious crime?

If the files were not encrypted or otherwise specially protected all you would have to do is connect the laptop's hard drive to another computer to get at them. The passwords you would need to get into the laptop when it is turned on would not offer any protection.

⚛​

 

[mgb_phys]

The requirement not to remove laptops from buildings was a kneejerk reaction introduced at the end of January after a previous loss was announced.
The trouble is that there wasn't any thought - it was just an automatic ban.
"From now on, no laptops or drives containing personal data should be taken outside secured office premises."

Don't know this particular case but for example -
Say you need to discuss plans with a colleague in NATO/the Navy/etc - you can't take the data out of your building, to them they can't take it out off theirs to come to you. There is a standard for secure information transfer but they aren't compatible, aren't implemented yet or don't attach to this system.
So you need a work-around, but since any sensible solution is banned your only approach is to take the easiest option.

The argument for not reporting it is a bit weak - don't report any military screwups because it weakens defence. Then don't report police mistakes because it reduces public trust in the police and any mistakes will be handled by an internal inquiry.
Then what about hospitals, politicians etc...

 

[Evo]

If the files were not encrypted or otherwise specially protected all you would have to do is connect the laptop's hard drive to another computer to get at them. The passwords you would need to get into the laptop when it is turned on would not offer any protection

Then you have for all intents and purposes intentionally bypassed normal access and would be guilty of illegally accessing information.

 

[CaptainQuasar]

Then you have for all intents and purposes intentionally bypassed normal access and would be guilty of illegally accessing information.

Connecting a hard drive to a computer is not an abnormal way of accessing the information on it. If that qualifies as illegally accessing information then there are hundreds of thousands if not millions of people guilty of that crime.

That's like saying it should be illegal to look at photograph negatives with a magnifying glass and you should be required to take them to a photo lab and get prints.

I agree that doing something like this to an individual would be an invasion of privacy or worse. But equating this case to some form of espionage or hacking - assuming that the newspaper simply confirmed that there was a serious breach of security and didn't sell the information to a foreign government or something - is a stretch, in my opinion.

⚛​

 

[Moonbear]

Connecting a hard drive to a computer is not an abnormal way of accessing the information on it. If that qualifies as illegally accessing information then there are hundreds of thousands if not millions of people guilty of that crime.

When you don't have the permission of the owner to do it, and are doing it to bypass any password protection, of course it's illegal. You're stealing information. "Other people do it too" isn't an adequate justification to claim something isn't illegal.

 

[Evo]

Connecting a hard drive to a computer is not an abnormal way of accessing the information on it. If that qualifies as illegally accessing information then there are hundreds of thousands if not millions of people guilty of that crime.

If you do not have permission to do so, it is illegal.

Say that I left the door to my house unlocked and you go in and remove files. Is that legal? No, that's theft.

Let's make an apples to apples comparison. My door is locked, but you manage to jimmy the lock open and get in. Is that legal? No, that's breaking and entering on top of theft.

What they did is illegal and I hope that they are prosecuted. It would be ok to say that the officer left his laptop at the bar. To bypass any form of restriction and obtain information is illegal, no matter what method is used. Period.

 

[Moonbear]

It's a little suspicious how the Sun always manage to get their hands on these juicy items, and thus the juicy stories that go along with them. But then, it is a reliable newspaper, and we should listen to everything it says...

Excellent point. For all we know, The Sun has made up the whole story (or maybe just half of it...an officer left his laptop at the bar, but all it had was his porn collection on it and kept it in a password-protected folder he told his wife was stuff for work, something like that).

 

[CaptainQuasar]

If you do not have permission to do so, it is illegal.

So you're switching from saying it's hacking to simply saying it's illegal?

Like I said, this is quite possibly an illegal invasion of privacy against the individual. But I'm specifically saying that it's not hacking or espionage.

When you don't have the permission of the owner to do it, and are doing it to bypass any password protection, of course it's illegal. You're stealing information. "Other people do it too" isn't an adequate justification to claim something isn't illegal.

To bypass any form of restriction and obtain information is illegal, no matter what method is used. Period.

That's simply not true. The method used to obtain information is very significant legally. Wiretapping is illegal but a neighbor recording a phone conversation with a sensitive microphone is not. Anyone can be photographed or filmed unbeknownst to them, even while they're at home, even with an infrared camera or other special equipment that can see in the dark or through walls. And a charge of “breaking and entering” requires the “breaking” part, it's distinct from trespassing (in the US, I don't know about the UK).

Someone who just walked into your unlocked house, read something, and left might be guilty of trespassing, yes, but having obtained knowledge in that scenario is not a criminal act in and of itself. And this case doesn't involve the trespassing part, it essentially involves someone leaving their house on a table at a bar.

Again, I agree that this would be shadier if two private individuals were the parties involved. But this is a case of a citizen finding out something about what its government is doing. It's the equivalent of a journalist sneaking onto a military base and taking a photograph of the government doing something naughty. There are certainly some countries where a journalist could be executed or thrown into a prison in Siberia for doing that but the UK is not one of those countries.

Another thing: the government of the US or the UK would not have any hesitation about doing this to a private citizen who left their laptop on a table in a bar, if part of the government had some interest in that citizen, let me assure you.

⚛​

 

[Evo]

That's simply not true. The method used to obtain information is very significant legally.

ONLY if permission has been given.

I am under an ND with the Department of Homeland Security, and you would not believe what is not allowed.

 

[CaptainQuasar]

ONLY if permission has been given.

I am under an ND with the Department of Homeland Security, and you would not believe what is not allowed.

I wouldn't believe what is not allowed by your ND or the limits on what the DHS can do for surveillance? I would agree that the actions of the DHS or other law enforcement are restricted and legislated. But that's not the same thing as what's generally illegal, is it?

Since you've mentioned a connection to the DHS I'll put the question above to you: if the DHS had interest in someone and that person abandoned a piece of property like a laptop, is there anything that would prevent the DHS from examining that laptop to find out what information is on it? (Not just any laptop, remember - a piece of abandoned property.) Would the DHS be compelled to return the laptop to its owner? (I realize that depending on what you do you may not be able to answer those questions.)

⚛​

 

[Huckleberry]

It is a civic duty for a citizen of a free nation to keep an eye on their government, whether or not the government wants anyone to keep an eye on it.

Keeping an eye on the government is not the same as the government divulging all national security secrets to the media.

Certainly not for a profit, though. I'm not saying it's impossible that anything wrong was done here, I'm just saying that simply finding out whether or not there had been a substantial breach of security is not a wrong or unethical action.

This answer is simple. There was a substantial breach of security. The first one was when the officer left the building with information he wasn't supposed to. The second one was when the media gave themselves authority to retrieve that information.

The actions of the media in this case fit well with the definitions of hacking and espionage. Simply because the media was able to retrieve the information doesn't make it right or legal for them to do so.

The argument for not reporting it is a bit weak - don't report any military screwups because it weakens defence. Then don't report police mistakes because it reduces public trust in the police and any mistakes will be handled by an internal inquiry.
Then what about hospitals, politicians etc...

Reporting the screwup isn't the problem. Information where it doesn't belong is the problem. Seems MOD has shoddy security and is in desperate need of an upgrade.

 

[CaptainQuasar]

There was a substantial breach of security. The first one was when the officer left the building with information he wasn't supposed to. The second one was when the media gave themselves authority to retrieve that information.

But the military utilizing mickey mouse computer security doesn't make it to your list of breaches of security? I think your response to these things is just slightly disproportionate.

The media, and all citizens, do have the authority to investigate the government. Maintaining that right and duty is far more important than egg on the military's face or the sniveling snarky profiteering character of a tabloid.

The actions of the media in this case fit well with the definitions of hacking and espionage. Simply because the media was able to retrieve the information doesn't make it right or legal for them to do so.

Simply because the media demonstrated they could easily get hold of the sensitive, supposedly-secured information doesn't make it hacking or espionage.

⚛​

 

[mheslep]

ONLY if permission has been given.

I am under an ND with the Department of Homeland Security, and you would not believe what is not allowed.

Oh, go ahead give us a little hint.

 

[Huckleberry]

But the military utilizing mickey mouse computer security doesn't make it to your list of breaches of security? I think your response to these things is just slightly disproportionate.

I thought I was clear in stating that military security is important. I never denied that their protection was poor and in desperate need of improvement. I specifically stated that an officer leaving a government building with the laptop was a breach of security. So, obviously I am aware of that fact and it has 'made it to my list'.

The media, and all citizens, do have the authority to investigate the government. Maintaining that right and duty is far more important than egg on the military's face or the sniveling snarky profiteering character of a tabloid.

Is it more important than national security, or am I speaking disproportianately if I mention that as a concern?

Simply because the media demonstrated they could easily get hold of the sensitive, supposedly-secured information doesn't make it hacking or espionage.

⚛​

It is my belief that the Sun should be prosecuted according to the level of sensitivity of the information that it illegally obtained. The officer should be disciplined likewise. Also, the MOD is in serious need of improved security. The egos of these individuals and organizations are of the least importance. Of the most importance in this situation is the protection of national security, which the Sun willfully violated.

This was not an investigation. Investigations follow legal discourse. investigations require inquiry. Espionage requires spying, which seeks to obtain confidential information secretly. The Sun was practicing espionage and compromised national security. The Sun obtained this information secretly and illegally through the use of espionage.

Hacking is entering a computer system without the permissin of the owner to retrieve information or perform illegal activities. That is exactly what Sun did.

Does the UK not have any legal means of inquiry into the actions of the MOD? Do individual's moral imperitives excuse them from the consequences of their actions under the law? Do individuals have authority over the government, or do we give authority to the government to govern citizens? An organization cannot govern if it doesn't have authority over the governed. It is our civic duty to demand our rights as civilians, and as a society, instruct the government in how we wish to be governed. Then we must protect those rights vigilantly. We, hopefully, never have a legal right to perform illegal activities. Plus it's just plain wrong to steal. It doesn't make it any less than the definition of stealing if the theft is a dime or a dollar.

A quick dictionary search of the words espionage, spy, hack and govern seem to contradict all the points you have made. Hopefully the Sun is prepared to bear the responsibility for their illegal actions in their pursuit of journalism, but I doubt they were acting in a moral manner when they made their decision. I think you are right to say that their intent was 'egg on the face' and 'snivelly snarky profiteering'. Again, not the kind of organization I would choose to be responsible for national security.

 

[CaptainQuasar]

I never denied that their protection was poor and in desperate need of improvement. I specifically stated that an officer leaving a government building with the laptop was a breach of security.

My point is that the fact that the MOD is using drastically inadequate computer security, evidently as a policy, is a breach of security of much greater magnitude than the guy who walked off-base with a laptop or the Sun. The actions of the administrators who enacted or are maintaining that policy, and what would lead them to do so, are much more worthy of investigation. But compared to your enthusiasm for finding fault with the officer or the Sun you seem to be accepting this direct and obvious problem as understandable or forgivable. Or at least as something with diffuse responsibility that doesn't need to be as energetically pursued.

The media, and all citizens, do have the authority to investigate the government.

Is it more important than national security, or am I speaking disproportianately if I mention that as a concern?

Yes, it is more important. And yes, you are speaking disproportionately to propose that national security is more important than living in a free country. Particularly the low level of national security risk that is probably involved in this case depending on what was actually on the laptop.

The late Soviet Union and today's China have fabulous national security compared to most of the nations of the world. But try to investigate the government and you would get smashed flat, and quite possibly a large number of your family, friends, and relatives as well. You're proposing that this ought to be dealt with the way Vladimir Putin or Deng Xiao Ping would deal with it, by cracking down on the uppity journalists whether or not they've actually done anything to put national security in jeopardy.

Journalists literally die in places like that all the time for doing things like this. If I recall correctly more than a dozen journalists have died under mysterious circumstances since Vladimir Putin took office. The UK should go out of its way to make sure it is not one of those kind of places and should avoid even the edge of the slippery slope towards becoming that way.

Espionage requires spying, which seeks to obtain confidential information secretly.

They don't seem to be very good at this secrecy thing since they published a high-profile newspaper article about it.

The Sun was practicing espionage and compromised national security. The Sun obtained this information secretly and illegally through the use of espionage.

By the definition you're citing, opening up and reading a diary that someone left in a bar is an act of espionage.

The Sun didn't steal anything and they didn't infiltrate the government at all. If they sold the information or otherwise provided it to enemies of the state they ought to be prosecuted as treasonous bastards, yes. If all they did was confirm that sensitive supposedly-secure information is in fact easily accessible the sovereign security of the United Kingdom has not been put in jeopardy by their actions, in fact it will probably be made safer as a result, and they have committed no crime.

Theft and infiltration and members of the military or government disclosing information their obligations prevent them from disclosing is illegal. Private citizens simply knowing information is not, however, even if it's something that the government really, really doesn't want private citizens to know.

⚛​

 

[Huckleberry]

So you're switching from saying it's hacking to simply saying it's illegal?

Like I said, this is quite possibly an illegal invasion of privacy against the individual. But I'm specifically saying that it's not hacking or espionage.



That's simply not true. The method used to obtain information is very significant legally. Wiretapping is illegal but a neighbor recording a phone conversation with a sensitive microphone is not. Anyone can be photographed or filmed unbeknownst to them, even while they're at home, even with an infrared camera or other special equipment that can see in the dark or through walls. And a charge of “breaking and entering” requires the “breaking” part, it's distinct from trespassing (in the US, I don't know about the UK).

Someone who just walked into your unlocked house, read something, and left might be guilty of trespassing, yes, but having obtained knowledge in that scenario is not a criminal act in and of itself. And this case doesn't involve the trespassing part, it essentially involves someone leaving their house on a table at a bar.

Again, I agree that this would be shadier if two private individuals were the parties involved. But this is a case of a citizen finding out something about what its government is doing. It's the equivalent of a journalist sneaking onto a military base and taking a photograph of the government doing something naughty. There are certainly some countries where a journalist could be executed or thrown into a prison in Siberia for doing that but the UK is not one of those countries.

⚛​

This information is incorrect on every account.

 

[Evo]

The Sun didn't steal anything and they didn't infiltrate the government at all. If they sold the information or otherwise provided it to enemies of the state they ought to be prosecuted as treasonous bastards, yes. If all they did was confirm that sensitive supposedly-secure information is in fact easily accessible the sovereign security of the United Kingdom has not been put in jeopardy by their actions, in fact it will probably be made safer as a result, and they have committed no crime.

This is where you just aren't getting it. They illegally and knowingly hacked into a military computer. They then posted what kind of information was on the computer. There is no excuse for that.

Anyway, it's up to the military to decide what legal action they wish to take. This thread is just going in circles.