NEWS
NEWS
NEWS
ICO Fines UK City Council £120,000 for Failed Crypto Use
The UK Information Commissioner’s Office has fined the Stoke-on-Trent City Council a whopping fine of £120,000 for failing use of proper cryptography in email communication.
This failure led to the leakage of details of a child-protection case, and being shared with wrong people. What happened exactly is that later last year, a solicitor involved in a child-protection case sent 11 e-mails relating to the case to the wrong email address. The person made a typographical mistake, and the messages intended for the council landed in the mailbox of a random member of the public.
This is a clear evidence that there was lack of encryption (despite that there are well-laid out guidelines for the use of cryptography), and as a result, the solicitor was in breach of those guidelines. This led to the £120,000 fine imposed by the Information Commissioner’s Office.
We all understand the importance of encryption, and this case presents an interesting example of how important encrypted e-mail is, even if there’s no deliberate attacker trying to intercept messages. While in this case the details went into hands of a normal person, you never know who’s on the other end, and to what extent the person that manipulate or exploit your information.
“Cryptography is not a panacea that fixes every problem,” says HackANGLE editor Kyt Dotson. “It’s use needs to come along with a culture of security and an understanding of how the lock and key functions to keep secrets safe. However, much like a hardhat is not the end-all of workplace safety–it is the beginning of protecting people from when other safety mechanisms fail. Encrypting documents and keeping decryption keys only on authorized machines means that even if the documents do accidentally leave the internal confines of an investigation, would-be spies still don’t have the secrets.”
A similar issue was also found in Google’s mailing system when mathematician Zachary Harris received an interesting e-mail from a Google headhunter inquiring if he was interested to work with the company, last year. Upon further inspection, Harris discovered that Google was using a weak cryptographic key which certifies recipients that it came from a legitimate Google corporate domain. By cracking the cryptographic key, anyone can impersonate an e-mail sender, even Google execs such as Sergey Brin and Larry Page. Just how bad that sounds (or good.)!
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
