By David Meyer
28 Feb 2008
The Home Office is investigating the apparent sale of one of its
laptops, along with an encrypted data disc, on eBay.
The laptop had been bought on the auction site then taken to an IT
company near Manchester for repairs. The technicians at the repair
centre, at Leapfrog Computers in Westhoughton, subsequently found an
encrypted Home Office disc underneath the keyboard.
Leapfrog sales manager Jonathan Parry told ZDNet.co.uk on Thursday that
the person who had bought the laptop had brought it into the shop on
Monday because "it wasn't working properly".
"Underneath the keyboard in the laptop was a CD labelled 'Home Office:
Private and Confidential'," Parry said. "We tested it and it was fully
encrypted, and so was the laptop. We contacted [the police] and they
seized the equipment."
Parry pointed out that, as optical disc drives are sealed units, "the
only way that disc can get there is by taking the laptop keyboard off
and putting the disc in there". He added that the presence of a CD
underneath the keyboard was probably linked to the laptop not working.
We understand that encrypted IT equipment has been handed to Greater
Manchester Police," a Home Office spokesperson said on Thursday. "Both
the laptop and the disc were encrypted, thus safeguarding any
information that might be stored on them. Investigations are now
underway. It would be inappropriate to comment further while they are
Security companies were quick to issue statements on the discovery. "The
good news with this latest data breach is that the data was encrypted,"
said Lumension Security vice president Alan Bentley on Thursday.
"However, encryption alone is not infallible computer hackers are
determined individuals with the potential to crack one layer of
security. We certainly shouldn't be relying on one line of protection
when it comes to our national security."
"With the statistics showing that nearly 500 government devices have
gone missing since 2001, it was only a matter of time before a
confidential disc inadvertently ended up on eBay," said Brian Spector,
the general manager for content protection at Workshare. "Luckily, the
public sector finally seems to be learning from repeated mistakes, as
the laptop and disc were encrypted. Unfortunately accidents like this
are not going to stop happening so we can only hope that other
government departments follow the Home Office's lead and adopt full disc
Governmental departments have suffered a spate of laptop thefts in
recent years, recently leading to a Whitehall-wide ban on the the
movement of unencrypted data.
Subscribe to InfoSec News