Police control of classified information

[ukcrypto@chiark.greenend.org.uk]

Quoting Roland Perry <lists@internetpolicyagency.com>:

> In article  
> <20090411201824.11596ikfurcz7604@webmail01.purplecloud.com>,  
> signup@bealoid.co.uk writes
>>> While many people are understandably baying for blood, I can see  
>>> why people can become too comfortable with the idea of stepping  
>>> from an official car (no doubt reassuringly expensive) into an  
>>> official building, inside a highly protected cordon, but while  
>>> clutching something with protective marking.
>>
>> The fact it left his *room*, let alone the building, without being  
>> secured is the bad thing.  Sure, all staff in the building might be  
>> vetted, but that doesn't mean you want them being able to read  
>> SECRET documents.
>
> Do the famous ministerial red boxes ever contain material that's  
> SECRET? What would be a suitably secure way to carry SECRET papers  
> around inside an otherwise secure building like No10 - a genuine  
> question.

Privilege escalation attacks apply to real world physical security  
measures as well as software.  (there's some mildly interesting 'lock  
sport' reports about this.)

Inside a building I'm guessing you have document safes, locked office  
doors, areas restricted to some personnel, strict vetting, warnings  
about Official Secrets and disciplinary procedure for people who don't  
lock the cupboards.   It's amazing that there aren't more leaks of  
sensitive information.

Outside a building there's suddenly a much bigger risk to the  
document.  All kinds of stuff can happen that leaves the document  
outside the carrier's control.  Especially if the carrier is absent  
minded and leaves the document / laptop in a taxi, in a rental car, in  
plain view of press, etc.