The Government's initial figures about the scale of the data security incompetence at the Ministry of Defence, following the theft of the MoD laptop computer with the personal details of over a million people (potential and actual military recruits and their families etc.) have been revised upwards, yet again, according to this Parliamentary Written Answer
17 July 2008 : Column 663W--continued
Departmental Computers
Mark Pritchard: To ask the Secretary of State for Defence pursuant to the statement of 21 January 2008, Official Report, column 1225, on MOD (data loss), how many of the 347 laptops stolen or lost from the Ministry of Defence since 2004 have been recovered. [182359]
Des Browne: As a result of the theft of the Royal Navy laptop, the Ministry of Defence has initiated an investigation into the details of all computers lost or stolen since 2003. This investigation is under way and I will write to the hon. Member when the information is available and arrange for a copy of my letter to be placed in the Library of the House.
Substantive answer from Des Browne to Mark Pritchard:
I undertook to write to you in answer to your Parliamentary Question on 29 January 2008, (Official Report, column 184W) about the number of laptops stolen or lost from the Ministry of Defence since 2004 that had subsequently been recovered.
The figure of 347 laptops that you quote can be derived from information provided in answer to the hon Member for Rayleigh (Mr Francois) on 19 January 2007, (Official Report, column 1363-4W) and the hon Member for South West Hertfordshire (Mr Gauke) on 10 December 2007, (Official Report, column 58W) and relates only to stolen laptops.
Revised figures have been taken from the data collated in the course of the investigation into details of computers and other electronic media lost/stolen since 2003 and provided to Sir Edmund Burton as part of his review. For all years they show an increase in the number of stolen laptops from the numbers previously reported is because the Burton Review investigation revealed anomalies in the reporting process. Instructions have been issued to remedy these shortcomings.
Revised figures as at today are set out below.
17 July 2008 : Column 664W
Previously reported stolen laptops Updated stolen laptops Updated lost laptops Updated total stolen and lost laptops Updated laptops recovered (stolen/lost) 2004
173
272
22
294
6
2005
40
130
18
148
11
2006
66
155
27
182
6
2007
68
101
22
(1)123
9
Total
347
658
89
747
32
(1) A corresponding figure of 230 was given in Burton Report (Summary, Paragraph 38c, Page 9.) Subsequent reclassification and clarification of incidents has reduced the figure to 123.
As pointed out by The Register,MoD: We lost 87 classified USB sticks since 2003 there have also been losses of unencrypted USB memory devices, Personal Digital Assistants etc. including at least 5 involving Secret classified data.
See Commons Hansard - July 2008 : Column 446W
Where are the military Courts Martial or criminal prosecutions under the Official Secrets Act 1989 section 8 Safeguarding of information for those individual officials responsible for such entirely avoidable losses of unencrypted classified data and documents ?
When will any Minister resign as a result of this ongoing scandal ? This is not an isolated incident, but is being repeated year after year.
How do you know there devices were unencrypted? none of the official statement says one way or the other.
@ Phil - if the data was known to have been strongly encrypted, why would the official statements not have trumpeted that fact, to allay worries about possible security breaches ?
We know from the Burton Review that the missing laptop with a million personal records of potential and actual military recruits and their families and sponsors, was not encrypted.,
See:
Burton review - stolen MoD recruitment laptops (plural) data security scandal
The figure of 600,000 has subsequently been revised to over a million.
These laptop computers should have had hard disk encryption software installed by EDS, but it did not work with the stupid and unnecessary design of the recruitment database application, which stores a full copy of a SQL database on each of the vulnerable
laptop computers, and synchronises it daily with the central database.
Incompetent MoD civil servants and EDS project management failed to resolve this problem for several years.
When you place minister’s in the position of running a massive department, when they have little or no experience, then little wonder that things go wrong. I cannot conceive of any business that would put someone with no experience in the top position and then allow them to learn on the job.
Chances are, our minister’s don't even know what a memory stick is, much less what encryption does. Studying economics does not make someone a good minister.
LePi7F