Being a UK resident, I don’t know whether to laugh or cry with shame. Owing to ongoing security problems, the UK Ministry of Defence decided to write a report that gives MoD, armed forces, and intelligence personnel advice about information security and data theft. Unfortunately, the full 2,400-page restricted document has itself been leaked on to Wikileaks, a website that specializes in publishing secretive information about governments and other organizations.
The document, Joint Services Protocol 440 (JSP 440), was first published in 2001. Although relatively old, it is still referenced when MoD personnel need to justify the monitoring of websites or other online systems. The report singles out investigative journalists being as much as a threat to national security as more typical sources:
The main threats of this type are posed by investigative journalists, pressure groups, investigation agencies, criminal elements, disaffected staff, dishonest staff and computer hackers.
Investigative journalists have exploited personal tax information; they also target commercial and financial information as do criminal elements seeking financial advantage.
The report continues:
Leaks usually take the form of reports in the public media which appear to involve the unauthorized disclosure of official information (whether protectively marked or not) that causes political harm or embarrassment to either the UK Government or the Department concerned.
The consequences of leaks of official information are considered serious when they undermine government policy or cause embarrassment to the government.
Obviously, this story will cause futher embarrassment for the UK Government and the MoD in particular. It also raises a few awkward questions:
- Does the MoD really need to tell its staff that information leaks are a risk to UK security?
- Did it really require 2,400 pages to explain what leaks are? The report must have cost a fortune.
- Could staff realistically be expected to digest and retain all that information?
I’m sure this won’t be the last security breach, but it’s certainly one of the most ridiculous.
Craig BucklerCraig is a freelance UK web consultant who built his first page for IE2.0 in 1995. Since that time he's been advocating standards, accessibility, and best-practice HTML5 techniques. He's created enterprise specifications, websites and online applications for companies and organisations including the UK Parliament, the European Parliament, the Department of Energy & Climate Change, Microsoft, and more. He's written more than 1,000 articles for SitePoint and you can find him @craigbuckler.
