RAF blackmail? Maybe…
According to an article in the Guardian, (http://www.guardian.co.uk/uk/2009/may/24/raf-military-files-stolen- blackmail), three hard drives went missing from RAF Innsworth, Gloucestershire, last September. Originally this was thought of as a sort of “ho-hum” event, as it was believed that only the bank details and home addresses of 50,000 servicemen and women were on the computers.
However, it now turns out that the missing computer drives also contained information on 500 senior RAF staff, with access to Top Secret information, including details of criminal convictions, investigations, precise details of debt, medical conditions, drug abuse, use of prostitutes, and extra-marital affairs including the names of third parties. This has been the cause of some alarm, as these people might then be open to blackmail for secrets.
Security is always a balance of risk versus cost. In this case, let us assume that the RAF thought there was some risk attached to having this data on hand, and had to balance the risk of it being stolen and used against the cost of protecting it. Let’s say that they decided it was worth encrypting the data, and looked around for off-the-shelf software. How much would it have cost to protect the three hard drives?
We use Private Disk from RIT Labs (http://www.ritlabs.com/en/products/pd/), who make the e-mail programs we use (The Bat! and The Bat! Voyager). Assuming that the RAF bought three copies retail at $29 each (we paid $19 as users of The Bat!), it would have cost them $87, or £53.08. But I’m betting that even if it cost them five times (or fifty or one thousand times) that to secure the computers, they would have been wise to pay the price.
The real question, of course, is not whether the RAF – and every other government agency in the world – is silly not to encrypt their data. The real question is whether or not your data is encrypted. If your computer – such as your personal or your company issued laptop – disappeared would there be information on it that you would not want floating around? We believe the answer would be a resounding “Yes!” Are there any company desktop computers that have unencrypted data on their hard drives? We suspect there are.
You’ll find a wide variety of commercial encryption packages floating around. Using them is trivial, and generally only involves clicking on an icon and entering a pass-phrase. The cost is low, and the security is high.