British army officer leaves laptop at pub

[Poop-Loops]

Breach of national security, I'd say.

 

[cristo]

It's a little suspicious how the Sun always manage to get their hands on these juicy items, and thus the juicy stories that go along with them. But then, it is a reliable newspaper, and we should listen to everything it says...

 

[CaptainQuasar]

It is not my duty to spy on my government in the hopes of making a small profit at the expense of the safety of others.

It is a civic duty for a citizen of a free nation to keep an eye on their government, whether or not the government wants anyone to keep an eye on it.

Certainly not for a profit, though. I'm not saying it's impossible that anything wrong was done here, I'm just saying that simply finding out whether or not there had been a substantial breach of security is not a wrong or unethical action.

My question is, was the information on that laptop completely unprotected? Not even a simple password was required? I seriously doubt that was the case, which means that they hacked into the computer to get the information. Isn't hacking into a Military and/or Government computer considered a serious crime?

If the files were not encrypted or otherwise specially protected all you would have to do is connect the laptop's hard drive to another computer to get at them. The passwords you would need to get into the laptop when it is turned on would not offer any protection.

⚛​

 

[mgb_phys]

The requirement not to remove laptops from buildings was a kneejerk reaction introduced at the end of January after a previous loss was announced.
The trouble is that there wasn't any thought - it was just an automatic ban.
"From now on, no laptops or drives containing personal data should be taken outside secured office premises."

Don't know this particular case but for example -
Say you need to discuss plans with a colleague in NATO/the Navy/etc - you can't take the data out of your building, to them they can't take it out off theirs to come to you. There is a standard for secure information transfer but they aren't compatible, aren't implemented yet or don't attach to this system.
So you need a work-around, but since any sensible solution is banned your only approach is to take the easiest option.

The argument for not reporting it is a bit weak - don't report any military screwups because it weakens defence. Then don't report police mistakes because it reduces public trust in the police and any mistakes will be handled by an internal inquiry.
Then what about hospitals, politicians etc...

 

[Evo]

If the files were not encrypted or otherwise specially protected all you would have to do is connect the laptop's hard drive to another computer to get at them. The passwords you would need to get into the laptop when it is turned on would not offer any protection

Then you have for all intents and purposes intentionally bypassed normal access and would be guilty of illegally accessing information.

 

[CaptainQuasar]

Then you have for all intents and purposes intentionally bypassed normal access and would be guilty of illegally accessing information.

Connecting a hard drive to a computer is not an abnormal way of accessing the information on it. If that qualifies as illegally accessing information then there are hundreds of thousands if not millions of people guilty of that crime.

That's like saying it should be illegal to look at photograph negatives with a magnifying glass and you should be required to take them to a photo lab and get prints.

I agree that doing something like this to an individual would be an invasion of privacy or worse. But equating this case to some form of espionage or hacking - assuming that the newspaper simply confirmed that there was a serious breach of security and didn't sell the information to a foreign government or something - is a stretch, in my opinion.

⚛​

 

[Moonbear]

Connecting a hard drive to a computer is not an abnormal way of accessing the information on it. If that qualifies as illegally accessing information then there are hundreds of thousands if not millions of people guilty of that crime.

When you don't have the permission of the owner to do it, and are doing it to bypass any password protection, of course it's illegal. You're stealing information. "Other people do it too" isn't an adequate justification to claim something isn't illegal.

 

[Evo]

Connecting a hard drive to a computer is not an abnormal way of accessing the information on it. If that qualifies as illegally accessing information then there are hundreds of thousands if not millions of people guilty of that crime.

If you do not have permission to do so, it is illegal.

Say that I left the door to my house unlocked and you go in and remove files. Is that legal? No, that's theft.

Let's make an apples to apples comparison. My door is locked, but you manage to jimmy the lock open and get in. Is that legal? No, that's breaking and entering on top of theft.

What they did is illegal and I hope that they are prosecuted. It would be ok to say that the officer left his laptop at the bar. To bypass any form of restriction and obtain information is illegal, no matter what method is used. Period.

 

[Moonbear]

It's a little suspicious how the Sun always manage to get their hands on these juicy items, and thus the juicy stories that go along with them. But then, it is a reliable newspaper, and we should listen to everything it says...

Excellent point. For all we know, The Sun has made up the whole story (or maybe just half of it...an officer left his laptop at the bar, but all it had was his porn collection on it and kept it in a password-protected folder he told his wife was stuff for work, something like that).

 

[CaptainQuasar]

If you do not have permission to do so, it is illegal.

So you're switching from saying it's hacking to simply saying it's illegal?

Like I said, this is quite possibly an illegal invasion of privacy against the individual. But I'm specifically saying that it's not hacking or espionage.

When you don't have the permission of the owner to do it, and are doing it to bypass any password protection, of course it's illegal. You're stealing information. "Other people do it too" isn't an adequate justification to claim something isn't illegal.

To bypass any form of restriction and obtain information is illegal, no matter what method is used. Period.

That's simply not true. The method used to obtain information is very significant legally. Wiretapping is illegal but a neighbor recording a phone conversation with a sensitive microphone is not. Anyone can be photographed or filmed unbeknownst to them, even while they're at home, even with an infrared camera or other special equipment that can see in the dark or through walls. And a charge of “breaking and entering” requires the “breaking” part, it's distinct from trespassing (in the US, I don't know about the UK).

Someone who just walked into your unlocked house, read something, and left might be guilty of trespassing, yes, but having obtained knowledge in that scenario is not a criminal act in and of itself. And this case doesn't involve the trespassing part, it essentially involves someone leaving their house on a table at a bar.

Again, I agree that this would be shadier if two private individuals were the parties involved. But this is a case of a citizen finding out something about what its government is doing. It's the equivalent of a journalist sneaking onto a military base and taking a photograph of the government doing something naughty. There are certainly some countries where a journalist could be executed or thrown into a prison in Siberia for doing that but the UK is not one of those countries.

Another thing: the government of the US or the UK would not have any hesitation about doing this to a private citizen who left their laptop on a table in a bar, if part of the government had some interest in that citizen, let me assure you.

⚛​

 

[Evo]

That's simply not true. The method used to obtain information is very significant legally.

ONLY if permission has been given.

I am under an ND with the Department of Homeland Security, and you would not believe what is not allowed.

 

[CaptainQuasar]

ONLY if permission has been given.

I am under an ND with the Department of Homeland Security, and you would not believe what is not allowed.

I wouldn't believe what is not allowed by your ND or the limits on what the DHS can do for surveillance? I would agree that the actions of the DHS or other law enforcement are restricted and legislated. But that's not the same thing as what's generally illegal, is it?

Since you've mentioned a connection to the DHS I'll put the question above to you: if the DHS had interest in someone and that person abandoned a piece of property like a laptop, is there anything that would prevent the DHS from examining that laptop to find out what information is on it? (Not just any laptop, remember - a piece of abandoned property.) Would the DHS be compelled to return the laptop to its owner? (I realize that depending on what you do you may not be able to answer those questions.)

⚛​

 

[Huckleberry]

It is a civic duty for a citizen of a free nation to keep an eye on their government, whether or not the government wants anyone to keep an eye on it.

Keeping an eye on the government is not the same as the government divulging all national security secrets to the media.

Certainly not for a profit, though. I'm not saying it's impossible that anything wrong was done here, I'm just saying that simply finding out whether or not there had been a substantial breach of security is not a wrong or unethical action.

This answer is simple. There was a substantial breach of security. The first one was when the officer left the building with information he wasn't supposed to. The second one was when the media gave themselves authority to retrieve that information.

The actions of the media in this case fit well with the definitions of hacking and espionage. Simply because the media was able to retrieve the information doesn't make it right or legal for them to do so.

The argument for not reporting it is a bit weak - don't report any military screwups because it weakens defence. Then don't report police mistakes because it reduces public trust in the police and any mistakes will be handled by an internal inquiry.
Then what about hospitals, politicians etc...

Reporting the screwup isn't the problem. Information where it doesn't belong is the problem. Seems MOD has shoddy security and is in desperate need of an upgrade.

 

[CaptainQuasar]

There was a substantial breach of security. The first one was when the officer left the building with information he wasn't supposed to. The second one was when the media gave themselves authority to retrieve that information.

But the military utilizing mickey mouse computer security doesn't make it to your list of breaches of security? I think your response to these things is just slightly disproportionate.

The media, and all citizens, do have the authority to investigate the government. Maintaining that right and duty is far more important than egg on the military's face or the sniveling snarky profiteering character of a tabloid.

The actions of the media in this case fit well with the definitions of hacking and espionage. Simply because the media was able to retrieve the information doesn't make it right or legal for them to do so.

Simply because the media demonstrated they could easily get hold of the sensitive, supposedly-secured information doesn't make it hacking or espionage.

⚛​

 

[mheslep]

ONLY if permission has been given.

I am under an ND with the Department of Homeland Security, and you would not believe what is not allowed.

Oh, go ahead give us a little hint.

 

[Huckleberry]

But the military utilizing mickey mouse computer security doesn't make it to your list of breaches of security? I think your response to these things is just slightly disproportionate.

I thought I was clear in stating that military security is important. I never denied that their protection was poor and in desperate need of improvement. I specifically stated that an officer leaving a government building with the laptop was a breach of security. So, obviously I am aware of that fact and it has 'made it to my list'.

The media, and all citizens, do have the authority to investigate the government. Maintaining that right and duty is far more important than egg on the military's face or the sniveling snarky profiteering character of a tabloid.

Is it more important than national security, or am I speaking disproportianately if I mention that as a concern?

Simply because the media demonstrated they could easily get hold of the sensitive, supposedly-secured information doesn't make it hacking or espionage.

⚛​

It is my belief that the Sun should be prosecuted according to the level of sensitivity of the information that it illegally obtained. The officer should be disciplined likewise. Also, the MOD is in serious need of improved security. The egos of these individuals and organizations are of the least importance. Of the most importance in this situation is the protection of national security, which the Sun willfully violated.

This was not an investigation. Investigations follow legal discourse. investigations require inquiry. Espionage requires spying, which seeks to obtain confidential information secretly. The Sun was practicing espionage and compromised national security. The Sun obtained this information secretly and illegally through the use of espionage.

Hacking is entering a computer system without the permissin of the owner to retrieve information or perform illegal activities. That is exactly what Sun did.

Does the UK not have any legal means of inquiry into the actions of the MOD? Do individual's moral imperitives excuse them from the consequences of their actions under the law? Do individuals have authority over the government, or do we give authority to the government to govern citizens? An organization cannot govern if it doesn't have authority over the governed. It is our civic duty to demand our rights as civilians, and as a society, instruct the government in how we wish to be governed. Then we must protect those rights vigilantly. We, hopefully, never have a legal right to perform illegal activities. Plus it's just plain wrong to steal. It doesn't make it any less than the definition of stealing if the theft is a dime or a dollar.

A quick dictionary search of the words espionage, spy, hack and govern seem to contradict all the points you have made. Hopefully the Sun is prepared to bear the responsibility for their illegal actions in their pursuit of journalism, but I doubt they were acting in a moral manner when they made their decision. I think you are right to say that their intent was 'egg on the face' and 'snivelly snarky profiteering'. Again, not the kind of organization I would choose to be responsible for national security.

 

[CaptainQuasar]

I never denied that their protection was poor and in desperate need of improvement. I specifically stated that an officer leaving a government building with the laptop was a breach of security.

My point is that the fact that the MOD is using drastically inadequate computer security, evidently as a policy, is a breach of security of much greater magnitude than the guy who walked off-base with a laptop or the Sun. The actions of the administrators who enacted or are maintaining that policy, and what would lead them to do so, are much more worthy of investigation. But compared to your enthusiasm for finding fault with the officer or the Sun you seem to be accepting this direct and obvious problem as understandable or forgivable. Or at least as something with diffuse responsibility that doesn't need to be as energetically pursued.

The media, and all citizens, do have the authority to investigate the government.

Is it more important than national security, or am I speaking disproportianately if I mention that as a concern?

Yes, it is more important. And yes, you are speaking disproportionately to propose that national security is more important than living in a free country. Particularly the low level of national security risk that is probably involved in this case depending on what was actually on the laptop.

The late Soviet Union and today's China have fabulous national security compared to most of the nations of the world. But try to investigate the government and you would get smashed flat, and quite possibly a large number of your family, friends, and relatives as well. You're proposing that this ought to be dealt with the way Vladimir Putin or Deng Xiao Ping would deal with it, by cracking down on the uppity journalists whether or not they've actually done anything to put national security in jeopardy.

Journalists literally die in places like that all the time for doing things like this. If I recall correctly more than a dozen journalists have died under mysterious circumstances since Vladimir Putin took office. The UK should go out of its way to make sure it is not one of those kind of places and should avoid even the edge of the slippery slope towards becoming that way.

Espionage requires spying, which seeks to obtain confidential information secretly.

They don't seem to be very good at this secrecy thing since they published a high-profile newspaper article about it.

The Sun was practicing espionage and compromised national security. The Sun obtained this information secretly and illegally through the use of espionage.

By the definition you're citing, opening up and reading a diary that someone left in a bar is an act of espionage.

The Sun didn't steal anything and they didn't infiltrate the government at all. If they sold the information or otherwise provided it to enemies of the state they ought to be prosecuted as treasonous bastards, yes. If all they did was confirm that sensitive supposedly-secure information is in fact easily accessible the sovereign security of the United Kingdom has not been put in jeopardy by their actions, in fact it will probably be made safer as a result, and they have committed no crime.

Theft and infiltration and members of the military or government disclosing information their obligations prevent them from disclosing is illegal. Private citizens simply knowing information is not, however, even if it's something that the government really, really doesn't want private citizens to know.

⚛​

 

[Huckleberry]

So you're switching from saying it's hacking to simply saying it's illegal?

Like I said, this is quite possibly an illegal invasion of privacy against the individual. But I'm specifically saying that it's not hacking or espionage.



That's simply not true. The method used to obtain information is very significant legally. Wiretapping is illegal but a neighbor recording a phone conversation with a sensitive microphone is not. Anyone can be photographed or filmed unbeknownst to them, even while they're at home, even with an infrared camera or other special equipment that can see in the dark or through walls. And a charge of “breaking and entering” requires the “breaking” part, it's distinct from trespassing (in the US, I don't know about the UK).

Someone who just walked into your unlocked house, read something, and left might be guilty of trespassing, yes, but having obtained knowledge in that scenario is not a criminal act in and of itself. And this case doesn't involve the trespassing part, it essentially involves someone leaving their house on a table at a bar.

Again, I agree that this would be shadier if two private individuals were the parties involved. But this is a case of a citizen finding out something about what its government is doing. It's the equivalent of a journalist sneaking onto a military base and taking a photograph of the government doing something naughty. There are certainly some countries where a journalist could be executed or thrown into a prison in Siberia for doing that but the UK is not one of those countries.

⚛​

This information is incorrect on every account.

 

[Evo]

The Sun didn't steal anything and they didn't infiltrate the government at all. If they sold the information or otherwise provided it to enemies of the state they ought to be prosecuted as treasonous bastards, yes. If all they did was confirm that sensitive supposedly-secure information is in fact easily accessible the sovereign security of the United Kingdom has not been put in jeopardy by their actions, in fact it will probably be made safer as a result, and they have committed no crime.

This is where you just aren't getting it. They illegally and knowingly hacked into a military computer. They then posted what kind of information was on the computer. There is no excuse for that.

Anyway, it's up to the military to decide what legal action they wish to take. This thread is just going in circles.