09 April 2009

Visual Security

The story of Bob Quick's exposure of secret anti-terrorist documents to photographers outside Number Ten, and his subsequent resignation, is of course highly amusing. It does also highlight some significant issues.

The changes that information technology make to privacy and secrecy are changes what can be done with information that was always available. Most obviously, information once captured can be stored, searched and shared. But also, what was a glimpse can now easily be turned into something that can be analysed at leisure. The implications are not immediately obvious.

In the current case, new technology doesn't really come into it. People have been taking pictures outside 10 Downing Street with good-quality cameras for a long time. Nonetheless, we now need to be aware that anything exposed to public view is potentially public property.

One example is the "Fake ATM" fraud, where criminals fit an extra magnetic strip reader onto an existing ATM, and also add a video camera to record the user entering their PIN. They then can clone the cards and use the PINs.

A possibility I've not heard of, but which occurred to me when I worked in a large shared office building, involves barcodes. The building issued temporary passes to guests which opened the security gates with a barcode. It should not be difficult to take a picture of somebody wearing such a badge, read the barcode from the image, and print a fake temporary pass with the same barcode which would then open the gate. I never got round to trying it, because I couldn't find free software for reading and printing the barcodes.

This is just the beginning. The ubiquitous security video cameras do not, these days, produce images of sufficient quality to resolve text, barcodes etc. (except of course in CSI and the like, where they can resolve even minute off-screen detail via incidental reflections). But they are getting better. The same goes for cameras in phones, and "toy" concealable cameras. But the high end today of both security video and cellphones are probably about at the level where exposed text can be captured, and it is a matter of only a few years before such image quality becomes the norm.

Confidential documents are often exposed by people reading them while in transit, on trains and planes as well as getting in and out of official cars. Bob Quick got caught out because he was in a place where it was natural for him to be photographed directly with proper cameras. But someone hanging around Canary Wharf underground with a T929 could quite likely grab a fair bit of confidential information surreptitiously.

So if your documents are worth shredding rather than dropping in the bin, they're worth keeping inside an opaque folder when in any public place.

Update: Via a commenter at Bruce Schneier's, this has happened before

No comments: