Public Perception of Security
So the US Consulate in Jerusalem sold a file cabinet full of secret documents. What I found interesting about the story is the perception of the finder:
Hundreds of files — with social security numbers, bank account numbers and other sensitive U.S. government information — were found in a filing cabinet purchased from the U.S. consulate in Jerusalem through a local auction.
“We couldn’t believe what we found,” said Paula, who purchased the cabinets and asked that her last name not be published. “We thought of calling the American consulate right away, and then we thought, you know they’ll just hide it and say, ‘Oh, we made a mistake.'” (“U.S. Consulate Mistakenly sells secret files in Jerusalem,” Fox News)
[link to http://www.foxnews.com/story/0,2933,483478,00.html no longer works]
Transparency is a powerful idea. There’s little risk in disclosing this incident, except to the career of the person who sold the cabinet. Security professionals on both side know that these things happen. If we talked about the incidents we could assess their frequency and see if there are cost effective ways to prevent these things. I expect that there are, but no one wants to add a layer of bureaucracy for a threat that they can’t really assess. There are too many threats and too many ways to address them.
This is not a threat. This is just stupidity. Who sells a file cabinet without emptying it first? And then denies they sold the cabinet in the first place?
File cabinet? Prove there ever *was* a file cabinet. I think this so-called file cabinet was planted by enemies of freedom, most likely in a vain effort to sap and impurify my precious bodily fluids. Unfortunately, telling you why that is so would reveal sources and methods, and violate executive privilege.
Ironically enough, I have been at a couple of privacy/data breach round-tables where someone has used precisely this kind of example to illustrate the way in which technology changes the context and the nature of the problem. They generally expressed it along these lines:
“The UK HMRC (Revenue and Customs dept) hit the headlines because a junior official ‘inadvertently’ lost 30 million records, simply by burning them to CD and ssticking them in the post. You try losing 30 million paper files…”
:^)