Beware lost hardware

When a mob attacked the British embassy in Iran late last year, embassy staff tried to destroy as much sensitive information as they could before they fled. But this was not enough to prevent concerns that official material could have fallen into hostile hands. The Foreign Office referred to the matter to the Information Commissioner’s Office, where, according to a spokesman, “We are aware of it and we are looking into it, but that is all we can say at the moment.”

Thanks to the persistent questioning of David Davis MP, several government departments have recently made statements about data protection. As a whole, they provide a snapshot of the way information is stored, protected and lost in a digital, globalised world.

The age of the shredder is over. Another respondent, the Ministry of Defence, referred to data stored on items including laptops, mobile phones, blackberries, hard drives, CDs, and USB memory sticks. Yet no matter how sophisticated the device, it can still disappear. Since 2010, the MoD has lost 945 items of IT equipment. Half of those for which a geographical distinction was provided were lost overseas. In 13 cases last year, the loss was deemed to result in a breach of confidentiality.

These may be small figures compared to the number of personnel the MoD commands. But a single digital device can hold staggering amounts of data. In another incident revealed by the Foreign Office, a USB stick stolen in Abu Dhabi in August 2011 contained information about approximately 320 embassy employees.

According to a junior MoD minister, Andrew Robathan, the MoD frequently monitors online marketplaces in an attempt to track sales of IT equipment stolen from the department. In his response to Mr Davis’s question, he commented: “New processes, instructions and technologies are continuously being developed.” For the time being, great national secrets can still be threatened by the tiny USB.