The UK Information Commissioner’s Office has fined the Stoke-on-Trent City Council a whopping fine of £120,000 for failing use of proper cryptography in email communication.

This failure led to the leakage of details of a child-protection case, and being shared with wrong people. What happened exactly is that later last year, a solicitor involved in a child-protection case sent 11 e-mails relating to the case to the wrong email address. The person made a typographical mistake, and the messages intended for the council landed in the mailbox of a random member of the public.

This is a clear evidence that there was lack of encryption (despite that there are well-laid out guidelines for the use of cryptography), and as a result, the solicitor was in breach of those guidelines. This led to the £120,000 fine imposed by the Information Commissioner’s Office.

We all understand the importance of encryption, and this case presents an interesting example of how important encrypted e-mail is, even if there’s no deliberate attacker trying to intercept messages. While in this case the details went into hands of a normal person, you never know who’s on the other end, and to what extent the person that manipulate or exploit your information.

“Cryptography is not a panacea that fixes every problem,” says HackANGLE editor Kyt Dotson. “It’s use needs to come along with a culture of security and an understanding of how the lock and key functions to keep secrets safe. However, much like a hardhat is not the end-all of workplace safety–it is the beginning of protecting people from when other safety mechanisms fail. Encrypting documents and keeping decryption keys only on authorized machines means that even if the documents do accidentally leave the internal confines of an investigation, would-be spies still don’t have the secrets.”

A similar issue was also found in Google’s mailing system when mathematician Zachary Harris received an interesting e-mail from a Google headhunter inquiring if he was interested to work with the company, last year. Upon further inspection, Harris discovered that Google was using a weak cryptographic key which certifies recipients that it came from a legitimate Google corporate domain. By cracking the cryptographic key, anyone can impersonate an e-mail sender, even Google execs such as Sergey Brin and Larry Page. Just how bad that sounds (or good.)!