The Manchester Evening News (MEN) reports that a computer disk with sensitive information on up to 50 court cases was stolen, along with a cellular phone and about $500 from a UK judge’s chambers. The portable disk was unprotected — neither a simple password or with data encryption software like AlertBoot was used. This is a classic case of mistaking physical security with data security.
Judge’s Chambers Secure
According to MEN, a convict — Paul Dawson, who was working with a trusted court subcontractor — sauntered into the chambers of Judge Andrew Gilbart QC (Queen’s Counsel) at Manchester Crown Court and took his personal mobile phone, cash, and what appears to be an external, portable disk that contained case files.
The latter was not protected in any way. Well, actually, that’s not true. Judges’ chambers — no matter where they are located in the world — generally tend to be extremely secure. In fact, it’s so secure that,
A security report into the theft says a member of staff tried to drop off paperwork in the judge’s chambers at 11.15am on March 10, but the door was locked from the inside.
Judge Gilbart returned the following morning and discovered the burglary. The report states: “It was highly unusual for the chambers door to be locked.”
It appears that the door was temporarily locked by Dawson as he rifled through the room.
The point, though, is that security is so tight that — despite all the sensitive data one would expect to find in a judge’s chambers, be it in electronic format or otherwise — the door was generally left unlocked even if no one was inside.
The only reason Dawson got in was because he was working for the subcontractor, and the latter hadn’t run a criminal record check.
Physical Security is not Data Security
No matter how secure a judge’s room might be, it’s not impregnable to intrusions. The above is just one such instance. Other ways might include:
Internal attacks: Members of staff — legitimate ones, including security — go “rogue”
Social engineering: A person who’s not supposed to be within the inner sanctum somehow finagles his way in
All-out-attack: For some reason, people decide to force their way in…and succeed
Crazy guests: People invited into the chambers suddenly go berserk.
All of these would be rare occurrences…but they happen. And, considering what kind of information is kept in a judge’s room, it’s a little psycho that doors are kept unlocked. With such behavior in place, the argument that encryption software should have been used will probably fall on deaf ears.
Which is a shame because when it comes to digital data, encryption will almost always provide better protection than physical security. Like I noted the other day, AES encryption takes billions of years to crack. Try finding a guard or door that can guarantee that kind of performance.