29.04.2008, Alexander Make up / Bruchlinien.de - article as PDF
Following a request of the Bundestag representative Carl-Ludwig Thiele (1) (FDP) were The Federal Ministry of the Interior for the loss of numerous computers and disks from federal authorities announced. Not only the "most federal agencies" have been sensitive and secret data stolen, but also some foreign diplomats used. About the actual extent of data loss, the Interior Ministry made no specifications. The Federal Data Protection Commissioner Peter Schaar (2) requires Therefore, further information and an improved detection of such low-tech events.
Carl-Ludwig Thiele, Vice Chairman of the FDP parliamentary group, is concerned about data security in federal agencies. His concern is the trigger data leakage incomprehensible in Britain and a slump in the Berlin apartment of Federal Justice Minister Brigitte Zypries, were stolen at the end of January 2008, two laptops.
Massive data loss British authorities
UK authorities for months with a data loss faced unimaginable scale. Had begun the series of glitches in May 2007. (3) The Driver and Vehicle Licensing Agency is a disk with data of three million learner drivers were stolen. The theft occurred at US-based Pearson Driving Assessment, edited the data on behalf of the British regulatory agency and managed. While the Transport Secretary Ruth Kelly reported to the House report (4), they also announced the loss of 7,500 vehicle owner data, which were sent by post from Northern Ireland to Wales.
That the Mail to send personal data seems highly inappropriate, had to HM Revenue and Customs on 18 .. Learn October 2007 (5) On that day, got the tax authority for an impact 25 million records of British child benefit recipients (6) To check the data stored on two CD's information was on the express service provider TNT-powered internal mail to the National Audit sent office and - never reached its recipient.
The subsequent safety review of all authorities uncovered a new data leakage. (7) The nine administrative centers of the National Health System (NHS) were missing sudden patient data. Among others, the records of 160,000 children who had requested a hospital, lost in the supply channel. (8)
are set, the massive data loss British authorities continued in the new year (9). The Defence Minister Des Browne on 21 cleared January 2008, the Lower House about the theft of unencrypted data of 153,000 recruits and military service applicants and bank details of 3,700 persons. (10) Overnight, had robbed the unknown in a guarded military complex of the Royal Navy, a laptop are that a young officer was in the passenger seat of his locked car . Let Brown supplemented his report with the admission that the military had lost in 2005, two laptops in a similar manner, which were stored on the data of only 500 people.
The last became known data loss relates to the Home Office, which examines for information of the Guardian a low-tech event. (11) therefore had a computer shop received an order, one at eBay bought laptop back on the road. On 25 March saw a technician under the keyboard of the laptop with a CD marked "Home Office Confidential". were the words of a spokesman for the Ministry of Interior both laptop and CD have been encrypted.
Targeted slump Justice Minister Zypries
end of January broke unknown in the Steglitz apartment by Brigitte Zypries (SPD) a. The conditions were very favorable for this compromise: when the Federal Minister of Justice is away from home and not in the district was, could neither be guarding her apartment. Crime Scene Investigation, this practice seemed to have been known. With "surgical" precision, they could perpetrate their crimes, taking it only to the electronic Media the Minister had waived. The two missing laptop computers, which should have contained the material time, no sensitive data observed Zypries until days later. "A collapse in such an influential woman," one official explained to the Berliner Morgenpost, "will not commit on a whim. One can not exclude that it is a politically motivated crime is" (12).
low-tech threats
When it comes to data protection, many users tend to think about high-tech threats such as bots, Malware, Trojans, worms and others. But the theft of sensitive or classified information over the Internet, known as online identity theft is overrated. Far more common are low-tech threats. "Most personal data stolen in a very traditional way," said Ken Hunter (13), president of the Better Busines Bureau, has published with the U.S. market research firm Javelin Strategy & Research, a study on the subject. (14) When Offline Identity theft is about the theft of unattended or negligently transported notebooks, handheld organizers and smartphones, the disks sent to intercept unprotected Supply routes, the harvesting of carelessly discarded and not obliterated information from the household waste (Dumpster Diving); spying bona fide human (social hacking), or identity theft due to lost or stolen wallets.
data leaks in federal
"As it is with the security of data in Germany?" This question was the deputy leader of the FDP, Carl-Ludwig Thiele, and established on 6 March 2008 two questions to the federal government. (15) He wanted to Know if and how many computers are in federal agencies and have been lost in what authorities might happen this hardware losses. The answer came as a text message from the Federal Ministry of Interior. In the last three years about 500 laptops and computers "had been stolen, lost or untraceable" in the "most" federal authorities. Exact casualty figures to designate it, the request for short-term was not possible. The response has amazed Thiele yet "the number of PC's loss shows that in federal agencies deal with irresponsible media." (16) The undertaking by the federal interior ministry that the data on the missing disks "Protected absolutely sure" were, it sounds more like an obligatory appeasement formula. More information is called for urgently, "Thiele. To accelerate the discourse, he put on 28 March 2008, the Federal Government a small question with 28 questions before (17).
loss of secret government data
The two weeks later sent to the parliament secretariat response letter from the Federal Ministry of Interior (18) first informed about the number of employed in all German government computers. Accordingly, a total of 314 000 inpatient and 53 600 mobile computers in use. Since there is currently no central collection of computer and disk are lost, the information is based on the number of stolen or undetectable hardware to short-term research by the Federal Ministry of Interior. "Device and media losses [are] collected independently within the concerned authority or the affected division." Because of this collected information from the various authorities was as follows: "In the years 2005 - 2007 [are] in the German federal approximately 189 stationary personal computer, about 326 portable computers (notebooks), around 38 memory sticks, CDs... and DVDs and 271 mobile phones and Pocket PC word ("handheld organizer) stolen, lost or untraceable." On the information content of the lost lost data makes the Federal Ministry of Interior no details. The letter merely pointing out that "predominantly" open "data that is not sensitive or high conservation value were as eg presentations and statistics ", otherwise lost. One reason for complacency this alleged finding does not represent, because in the following sentences, the Interior Ministry some serious data breaches suggests.
Upon request, the Federal Ministry of Defence announced that there are currently five cases because of the loss of media information with the "Confidential and higher classification level" contained, to be determined. Personal data should be stored only on one of those allegedly missing disks.
expressed more concrete, the Federal Office for Civil Services for its own data breach. Accordingly, the Authority, a laptop is stolen, have found themselves on the encrypted address data from 1200 community service a service region.
Even the Federal Ministry of Justice and a laptop is stolen been. On this were "connection for dial-up data in the Local Area Network (LAN). According to the authority was a "dial-in to the LAN is no longer possible," as an immediate closing of the UMTS card is initiated.
Lossy missions
lost According to interior ministry abroad 46 notebooks. On the status of these devices (stand-by mode or power-off mode) at the time of her disappearance and on the stored on the hard disks data obtained from the paper any information. It is only explained, such as laptops be run with foreign travel. Since there is always the possibility of unobserved access attempts by third parties, internal operating procedures to carry laptops always write before as hand luggage. Whether encrypted disks can be taken abroad, is made dependent on the particular entry requirements. In cases in which risk the disclosure of passwords, a seizure and a copy of the disks by the customs authorities of the destination country (see entry procedures of the United States) (19), are business travelers, particularly military personnel, provided with diplomatic immunity.
No reason to panic
The main thrust of the paper in relation to data protection is interpreted, according to the Federal Ministry of Interior no reason to panic. Most stolen, lost or untraceable computer and storage media which contained not only for third parties uninteresting data, but also enabled hard disk encryption, which made the obtaining of information content impossible. The fact that such techniques are (see the research of the Center for Information Technology Policy at Princeton University) (20), that the keys to the ciphers can be spied out, is not addressed in the paper.
Thiele: "A tangible scandal
It is tangible scandal, criticized Thiele," if the government must not even for the security of their information can she wears with her boundless acquisitiveness data together "(21). The deputy chairman of the parliamentary party Die Linke, Vice President of the German Bundestag, Petra Pau, expressed concern about the data leak in federal and administrative capacity: "The material damage of 540,000 € is fatal, but manageable. . The resulting loss of data, however, is unpredictable and therefore irresponsible "(22) was irresponsible as the current handling of this issue," Thiele, and called for further clarification: "The 14 part very short and evasive answers to the 28 individual questions of the Little request suggest that the federal government had to inform yourself first about what happened and the extent of the losses to the request of the FDP parliamentary group did not in the picture was. "(23) The attitude of the federal government makes it clear that a central controller all the data breach was urgently required. The Commissioner Peter Schaar supported, according to his spokesman, Dietmar Müller, the claim of the FDP MPs: ". show the incidents as important, the reporting of any such loss is determined so that we can" (24)
Carl-Ludwig Thiele, Vice Chairman of the FDP parliamentary group, is concerned about data security in federal agencies. His concern is the trigger data leakage incomprehensible in Britain and a slump in the Berlin apartment of Federal Justice Minister Brigitte Zypries, were stolen at the end of January 2008, two laptops.
Massive data loss British authorities
UK authorities for months with a data loss faced unimaginable scale. Had begun the series of glitches in May 2007. (3) The Driver and Vehicle Licensing Agency is a disk with data of three million learner drivers were stolen. The theft occurred at US-based Pearson Driving Assessment, edited the data on behalf of the British regulatory agency and managed. While the Transport Secretary Ruth Kelly reported to the House report (4), they also announced the loss of 7,500 vehicle owner data, which were sent by post from Northern Ireland to Wales.
That the Mail to send personal data seems highly inappropriate, had to HM Revenue and Customs on 18 .. Learn October 2007 (5) On that day, got the tax authority for an impact 25 million records of British child benefit recipients (6) To check the data stored on two CD's information was on the express service provider TNT-powered internal mail to the National Audit sent office and - never reached its recipient.
The subsequent safety review of all authorities uncovered a new data leakage. (7) The nine administrative centers of the National Health System (NHS) were missing sudden patient data. Among others, the records of 160,000 children who had requested a hospital, lost in the supply channel. (8)
are set, the massive data loss British authorities continued in the new year (9). The Defence Minister Des Browne on 21 cleared January 2008, the Lower House about the theft of unencrypted data of 153,000 recruits and military service applicants and bank details of 3,700 persons. (10) Overnight, had robbed the unknown in a guarded military complex of the Royal Navy, a laptop are that a young officer was in the passenger seat of his locked car . Let Brown supplemented his report with the admission that the military had lost in 2005, two laptops in a similar manner, which were stored on the data of only 500 people.
The last became known data loss relates to the Home Office, which examines for information of the Guardian a low-tech event. (11) therefore had a computer shop received an order, one at eBay bought laptop back on the road. On 25 March saw a technician under the keyboard of the laptop with a CD marked "Home Office Confidential". were the words of a spokesman for the Ministry of Interior both laptop and CD have been encrypted.
Targeted slump Justice Minister Zypries
end of January broke unknown in the Steglitz apartment by Brigitte Zypries (SPD) a. The conditions were very favorable for this compromise: when the Federal Minister of Justice is away from home and not in the district was, could neither be guarding her apartment. Crime Scene Investigation, this practice seemed to have been known. With "surgical" precision, they could perpetrate their crimes, taking it only to the electronic Media the Minister had waived. The two missing laptop computers, which should have contained the material time, no sensitive data observed Zypries until days later. "A collapse in such an influential woman," one official explained to the Berliner Morgenpost, "will not commit on a whim. One can not exclude that it is a politically motivated crime is" (12).
low-tech threats
When it comes to data protection, many users tend to think about high-tech threats such as bots, Malware, Trojans, worms and others. But the theft of sensitive or classified information over the Internet, known as online identity theft is overrated. Far more common are low-tech threats. "Most personal data stolen in a very traditional way," said Ken Hunter (13), president of the Better Busines Bureau, has published with the U.S. market research firm Javelin Strategy & Research, a study on the subject. (14) When Offline Identity theft is about the theft of unattended or negligently transported notebooks, handheld organizers and smartphones, the disks sent to intercept unprotected Supply routes, the harvesting of carelessly discarded and not obliterated information from the household waste (Dumpster Diving); spying bona fide human (social hacking), or identity theft due to lost or stolen wallets.
data leaks in federal
"As it is with the security of data in Germany?" This question was the deputy leader of the FDP, Carl-Ludwig Thiele, and established on 6 March 2008 two questions to the federal government. (15) He wanted to Know if and how many computers are in federal agencies and have been lost in what authorities might happen this hardware losses. The answer came as a text message from the Federal Ministry of Interior. In the last three years about 500 laptops and computers "had been stolen, lost or untraceable" in the "most" federal authorities. Exact casualty figures to designate it, the request for short-term was not possible. The response has amazed Thiele yet "the number of PC's loss shows that in federal agencies deal with irresponsible media." (16) The undertaking by the federal interior ministry that the data on the missing disks "Protected absolutely sure" were, it sounds more like an obligatory appeasement formula. More information is called for urgently, "Thiele. To accelerate the discourse, he put on 28 March 2008, the Federal Government a small question with 28 questions before (17).
loss of secret government data
The two weeks later sent to the parliament secretariat response letter from the Federal Ministry of Interior (18) first informed about the number of employed in all German government computers. Accordingly, a total of 314 000 inpatient and 53 600 mobile computers in use. Since there is currently no central collection of computer and disk are lost, the information is based on the number of stolen or undetectable hardware to short-term research by the Federal Ministry of Interior. "Device and media losses [are] collected independently within the concerned authority or the affected division." Because of this collected information from the various authorities was as follows: "In the years 2005 - 2007 [are] in the German federal approximately 189 stationary personal computer, about 326 portable computers (notebooks), around 38 memory sticks, CDs... and DVDs and 271 mobile phones and Pocket PC word ("handheld organizer) stolen, lost or untraceable." On the information content of the lost lost data makes the Federal Ministry of Interior no details. The letter merely pointing out that "predominantly" open "data that is not sensitive or high conservation value were as eg presentations and statistics ", otherwise lost. One reason for complacency this alleged finding does not represent, because in the following sentences, the Interior Ministry some serious data breaches suggests.
Upon request, the Federal Ministry of Defence announced that there are currently five cases because of the loss of media information with the "Confidential and higher classification level" contained, to be determined. Personal data should be stored only on one of those allegedly missing disks.
expressed more concrete, the Federal Office for Civil Services for its own data breach. Accordingly, the Authority, a laptop is stolen, have found themselves on the encrypted address data from 1200 community service a service region.
Even the Federal Ministry of Justice and a laptop is stolen been. On this were "connection for dial-up data in the Local Area Network (LAN). According to the authority was a "dial-in to the LAN is no longer possible," as an immediate closing of the UMTS card is initiated.
Lossy missions
lost According to interior ministry abroad 46 notebooks. On the status of these devices (stand-by mode or power-off mode) at the time of her disappearance and on the stored on the hard disks data obtained from the paper any information. It is only explained, such as laptops be run with foreign travel. Since there is always the possibility of unobserved access attempts by third parties, internal operating procedures to carry laptops always write before as hand luggage. Whether encrypted disks can be taken abroad, is made dependent on the particular entry requirements. In cases in which risk the disclosure of passwords, a seizure and a copy of the disks by the customs authorities of the destination country (see entry procedures of the United States) (19), are business travelers, particularly military personnel, provided with diplomatic immunity.
No reason to panic
The main thrust of the paper in relation to data protection is interpreted, according to the Federal Ministry of Interior no reason to panic. Most stolen, lost or untraceable computer and storage media which contained not only for third parties uninteresting data, but also enabled hard disk encryption, which made the obtaining of information content impossible. The fact that such techniques are (see the research of the Center for Information Technology Policy at Princeton University) (20), that the keys to the ciphers can be spied out, is not addressed in the paper.
Thiele: "A tangible scandal
It is tangible scandal, criticized Thiele," if the government must not even for the security of their information can she wears with her boundless acquisitiveness data together "(21). The deputy chairman of the parliamentary party Die Linke, Vice President of the German Bundestag, Petra Pau, expressed concern about the data leak in federal and administrative capacity: "The material damage of 540,000 € is fatal, but manageable. . The resulting loss of data, however, is unpredictable and therefore irresponsible "(22) was irresponsible as the current handling of this issue," Thiele, and called for further clarification: "The 14 part very short and evasive answers to the 28 individual questions of the Little request suggest that the federal government had to inform yourself first about what happened and the extent of the losses to the request of the FDP parliamentary group did not in the picture was. "(23) The attitude of the federal government makes it clear that a central controller all the data breach was urgently required. The Commissioner Peter Schaar supported, according to his spokesman, Dietmar Müller, the claim of the FDP MPs: ". show the incidents as important, the reporting of any such loss is determined so that we can" (24)
----------------------------------------- -----------
(1) Website of the Vice-Chairman of the FDP parliamentary group, Carl-Ludwig Thiele . [Cited 28/04/2008]
(2) Website of the B undesbeauftragten for Data Protection and Freedom of Information , Peter Schaar . [Cited 28/04/2008]
-
(3) See Heise online , British authorities will once again millions of lost data, 18.12.2007. [Cited 28/04/2008]
(4) Statement by the Secretary of State for Transport on Data Security , 17.12.2007. [Cited 28/04/2008]
(5) See Heise online, millions of British data breach affects 21.11.2007. [Cited 28/04/2008]
(6) See BBC News, Q & A: Child benefit records lost, 22.11.2007. [Cited 28/04/2008]
(7) See Heise online, data from hundreds of thousands of patients have been lost in the UK, 23.12.2007. [Cited 28/04/2008]
(8) See Sunday Mirror, 9 trust without files, 23.12.2007. [Cited 28/04/2008]
(9) See Heise online, data breach at the British military and U.S. credit card companies, 19.01.2008. [Cited 28/04/2008]
(10) See statement by Des Browne, Defence Secretary, to House Of Commons, 21.01.2008. [Cited 28/04/2008]
(11) See The Guardian , laptop sold on eBay hid confidential Home Office disc, 28.02.2008. [Cited 28/04/2008]
(12) Berlin Morgenpost , burglary at Zypries, 02/02/2008. [Cited 28/04/2008]
(13) Stern.de , most data is stolen online, 02/05/2005. [Cited 28/04/2008]
(14) See Better Business Bureau , New Research Shows That Identity Theft Is More Prevalent Offline with Paper than Online, 26.01.2005. [Cited 28/04/2008]
(15) See Spiegel Online , about 500 computers disappeared, 20.03.2008. [Cited 28/04/2008]
(16) Ibid.
(17) German Bundestag, Small request , computer losses in federal, Printed Matter 16/8673, 28.03.2008. [Cited 28/04/2008]
(18) of the Federal Government response to the inquiry by members of the Carl-Ludwig Thiele and others and the FDP, BT Frucksache 16/8673, 14.04. 2008th [Cited 28/04/2008]
(19) See Spiegel Online, U.S. tax collectors browse laptops and cell phones, 07.02.2008. Online in Internet. [Cited 28/04/2008]; see Heise online , suspicion basic laptop, 08.04.2008. [Cited 28/04/2008]
(20) See J. Alex Halderman, Seth D. Schoen, Nadia Heninger Others Lest We Remember: Cold Boot Attacks on Encryption Keys , Princeton University 02.04.2008. [Cited 28/04/2008] See website of the Center for Information Technology Policy Princeton University . [Cited 28/04/2008]
(21) FDP parliamentary group , too secret Information from data theft affected authorities, 21.04.2008. [Cited 28/04/2008]
(22) Petra Pau , data loss is incalculable, Press Release, 20.04.2008. [Cited 28/04/2008]
(23) FDP parliamentary group, also secret information from the data theft affected authorities, 21.04.2008. [Cited 28/04/2008]
(24) Netzzeitung.de , secret government data is gone, 19.04.2008. [Cited 28/04/2008]
