BBC Online 24/3/2000: "MI5 laptop snatched"

[Stefek Zaba]

> 
> In my view the contents are not absolutely secure. If this computer was
> stolen by 'kids' it will almost certainly defeat them but if this was a
> targetted theft by a foreign power (possibly disguised) then I am much less
> certain that the contents will remain secure.  Computer security, as
> distinct from cryptographic algorithm security, is very, very hard to
> achieve.
> 
Amen to that. What's in the slack space on the drives - both the bytes in
clusters beyond the "logical" end-of-file, and in the currently free clusters?
What's in the swap space file? And that's just the stuff you can see with
regular, programmatic access. If we want to get physical... what's in the
bad blocks (now marked as bad, but still accessible from diagnostic commands)?
More physical still, what can we see when we start microstepping the read heads,
and then (dropping into the real analogue domain which our digital abstractions
depend on) statistically averaging out the first, second, third generation
signals?

Or to go to the other end of "exotic" - how carefully did our favourite
operative shut down the laptop - maybe it's only suspended? what appears
on the screen when you open the lid up again? Swinging back to Spy-vs-Spy
territory - will the small thermite charge within the machine melt it down
once a second failed attempt to enter an authenticating input and a physical
token is detected, or is there no such protection?

Operational and physical security is *hard*, and as others have remarked the
timing given the mention of GTAC last Wednesday was, at best, unfortunate. As
luck (?) would have it, there seem to be incidents of this type at innoportune
moments quite often: when the '97 escrow proposals were announced, I seem to
remember an unfortunate incident relating to access to the DVLC machines being
arranged for a few worn ten quid notes...

Stefek