The security‑breach whipping‑boy for the past 6 months has decided that it has had enough.  The UK government, more specifically the military, is installing encryption software on 20,000 laptops.  The military already had a program in progress where 300,000 users would be able to access information via their web-browsers.  Called the Defence Information Infrastructure (DII), it was designed for accessing all types of information, from “classified” to “top secret.”

Of course, there is always the risk of data being leaked; so, supposedly, the system was also designed so that information displayed on the web-browser won’t save locally, which is in some respects a better way of protecting data than using, for example, encryption.  However, I’m left wondering whether such a tactic will be enough.

What if the laptop gets stolen and some outsider is able to access the central database where the information resides?  After all, the laptop becomes the portal to this data nirvana.  For example, isn’t it possible for the owner of a laptop to save the access codes for getting into the DII on the laptop itself, as a text file? Sure, it would be stupid to do so, but not out of the ordinary.  I myself keep a spreadsheet of usernames and passwords, strictly for fake e‑mail accounts which are used when a particular news site requires registration to read articles (the e-mails I receive in those accounts are so insignificant—not in terms of volume, but content—that I can’t be bothered to remember the random passwords I create for them.  And no way I’m using the same or similar password I would use for legitimate e‑mail accounts.)

Plus, a web‑browser is used as the access point.  Last time I checked, a lot of web‑browsers allow passwords to be saved.  Where’s the guarantee that the enduser won’t do anything stupid like click on “yes” to the question “would you like the web‑browser to save your login information?”  Lose your laptop, and that’s not an information breach anymore (possibly) if you can’t save anything locally …but, the laptop could become the stepping‑stone towards one.

There are also other issues as well.  For example, there’s the print screen option built into every single computer.  While the DII may have been designed so that data displayed on the screen cannot be saved locally, is there something in place that prevents an enduser from taking screenshots and saving those?  Granted, at that point in the game, the enduser is looking to cause trouble, but it would be nice for administrators of the DII to ensure that data leaks can actually be prevented, not made slightly inconvenient.

The technology to prevent such things do exist.  For example, in AlertBoot, not only do you get a powerful hard drive encryption solution for enhancing laptop security, you also get the ability to control applications.  That is, you can actually prevent certain software applications from running, depending on who accesses the laptop.