[funsec] Oops

[David Harley]

> OK, so some junior-ish clerks broke protocol and didn't use 
> receipt- required courier tracking (and maybe didn't use a 
> suitably secure courier service?),

It was suggested on a news programme that they actually popped it into
internal mail, so it's likely to be sitting somewhere at the bottom of a
postie's sack or a pile in a sorting office, if it isn't in a departmental
black hole.

> it seems 
> that at least the data is encrypted which means (if this bit 
> was done properly _AND_ the proper procedure was 
> well-designed) 

Too many ifs for comfort. :-/

> that there is actually no _data_ loss.  "Noise 
> loss" maybe, but no meaningful data loss.

You could say the same if the disks are simply "lost in the post." 

> The authorities though don't seem to be stressing this so 
> maybe the "password protection" bit of this is known to be 
> not very effective?

I'd guess that the "public face of government" doesn't know about the
quality of the encryption. There are applicable guidelines and standards
prescribed by central government, but they won't necessarily even be
accessible at junior (or even senior) level in a specific department. The UK
government (in the sense of the permanent establishment rather than the
prevailing party-in-power) has an entrenched culture of secrecy which often
works against it. Not an invitation to a political debate: just a personal
observation...

--
David Harley
AVIEN Interim Administrator: http://www.avien.org 
http://www.smallblue-greenworld.co.uk