A TEEN who refused to give police officers an encryption password for his computer has been jailed for four months.
The case is believed to be the first of its kind in Lancashire.
Oliver Drage, 19, formerly of Naze Lane, Freckleton, was arrested in May 2009.
Drage’s computer was seized but officers could not access material stored on it as it was protected by a 50-character encryption password. Drage was then formerly requested to disclose the password, which he failed to do.
Appearing at Preston Crown Court, Drage pleaded not guilty to failing to disclose an encryption key – an offence covered by the Regulation of Investigatory Powers Act 2000. At his trial in September a jury took less than 15 minutes to find him guilty of the offence. Yesterday (Monday Oct 4), Drage was sentenced to 16 weeks in a Young Offenders Institution.
Detective Sergeant Neil Fowler, Blackpool Police, said: -Drage was previously of good character so the immediate custodial sentence handed down by the judge in this case shows just how seriously the courts take this kind of offence.
-Computer systems are constantly advancing and the legislation used here was specifically brought in to deal with those who are using the internet to commit crime. It sends a robust message out to those intent on trying to mask their on-line criminal activities that they will be taken before the courts with the ultimate sanction, as in this case, being a custodial sentence.
Radio Tactics Ltd, a leading global provider of mobile phone forensics equipment is proud to announce that police in Devon and Cornwall have successfully reduced crime rates by implementing Radio Tactics’ products. Since purchasing the Hermes and Apollo property registration and identification devices; the Devon and Cornwall force has reduced property burglary by 80% in Torbay, previously the region’s hotspot.
Hermes was designed and built by Radio Tactics as a portable solution for identifying barcodes and IMEI numbers and registering items such as bicycles, laptops and mobile phones onto the national Immobilise property database. With the assistance of PCSOs, Neighbourhood Officers and Crime Reduction Officers, Hermes was taken into schools and door-to-door in Devon and Cornwall’s burglary hotspot areas to register property.
In conjunction with Hermes, police officers in the region have been using Radio Tactics’ Apollo on a daily basis. This device scans items to ascertain whether they have ever been lost, blocked or stolen and also to find out their registered owner. Local businesses, newspapers and radio stations have assisted with publicising the scheme, deterring the criminal fraternity by making the capabilities of the new equipment well known.
DS Karl Rowland, of Devon and Cornwall police said:
-It is important when planning any course of action to reduce offences such as dwelling burglary to ensure that when implemented you balance both reduction and detection techniques, ensuring that any operation is an on-going success. Although Torbay does not have a high level of domestic burglaries, the occurrences were causing concern and were detrimental to the area’s figures. It was decided that any tactics used should be long lasting and not a ‘blip’.
-Hermes was used to register all property within certain areas, thus making the property worthless to criminals. Pro-actively, Apollo was used to target individuals on stop-checks, warrants and checks of all second hand outlets including car boot sales. Schools played a large part in the registration of family property to enhance the coverage. The recording of property and recovery and return of stolen items was well documented in the media.
-The overall success was measured by a near 80% reduction in offences of dwelling burglary in areas targeted which wasn’t displaced to a neighbouring area. This reduction is still continuing over eighteen months later.”
Andy Gill, CEO of Radio Tactics added:
-We are pleased to see our products producing such excellent results, making people feel safer and dramatically reducing crime levels. As we continue to roll out Apollo and Hermes in other forces throughout the UK we look forward to seeing this positive outcome around the country. This way we can reduce the levels of a prevalent type of crime nationally and lighten the heavy workload of police officers on the beat.”
Radio Tactics employs an experienced team of specialist innovators, offering high technology solutions for the acquisition and management of digital information technology. All Radio Tactics products can be fully customised to the specification of the client and comprehensive technical assistance and support is offered to every customer.
Defamation is an untrue attack on someone’s reputation.
You could be sued if you issued a press release, or a statement, that contained a defamatory statement.
If you publish it, you are responsible.
There’s no such thing as ‘accidental libel’.
Cases are very hard to win.
The test:
Do the words TEND TO (in other words, might they:
1. Cause someone to be shunned or avoided?
2. Expose them to ridicule, hatred or contempt?
3. Lower them in the eyes of right thinking people?
4. Disparage them in their office, trade or profession?
How do you tell?
A simple test is: How would YOU feel if someone published the statement about you?
Identification
Defamation can only happen if the person who has been defamed is IDENTIFIABLE.
But there is no safety in not naming someone. Leaving out a name is pointless if people can work out who the person is from other information.
It can also be more dangerous, since other people, with similar details, could be defamed if their friends etc thought you were referring to them.
And there is no safety in giving a few clues: eg ‘A certain optician in Upford High Street is not qualified to do his job.’
Publishing this would mean that every optician in Upford High Street could sue you.
It is also possible to libel a group of people, providing the group comprises fewer than 15 people and has an ‘identity’ – for instance: the directors of Brown & Son, or Uptown police CID.
These are some of the common libel dangers:
Danger 1: Motive
Never speculate on someone’s motive for doing something. A motive cannot be proved.
For example:
A spokesman said: ‘We have discussed the matter with the leader of Pembrokeshire County Council and he has accepted responsibility, presumably with one eye on the May elections.’
Or
‘A spokesman said: ‘We’ve met Mr Bowerman before. He’s only in it for the money.’
Danger 2: Denial
Never issue a denial that repeats the original defamation. This could trigger another libel action.
For example:
A spokesman said: ‘We deny issuing any statement alleging that Upford’s highways director is unfit for his post and should resign.’
Danger 3: Rumours
Never repeat a rumour. You could be asked to prove that it is true.
For example:
A spokeswoman said: ‘We have heard that a gang from Blakely’s were working on the site moments before the explosion.’
Danger 4: Disguised allegations
It’s easy to cloak defamatory statements in grand language.
For example:
A spokeswoman said: ‘If Councillor Evans wanted to resign before the end of his term of office, we regret that he used our reservoir project as an excuse.’
Here, the spokeswoman is implying Councillor Evans is a liar – and if he sues, she will have to prove it.
Or
For example:
A spokesman said: ‘We believe the MP was less than frank about the matter when he appeared before the Select Committee.’
Again, the spokesman is implying that the MP was dishonest.
Danger 5: Careless words
Words matter in libel law.
It is dangerous to state: ‘The factory is poisoning the atmosphere with its fumes.’
You may be able to prove the factory is polluting the atmosphere. But can you prove it is poisoning it – a much more serious allegation.
For example:
A spokesman said: ‘Mrs Jones has contacted us about her electricity bill. She has five children and is on benefits, yet her partner only pays her just £45 a week.’
Here, the words ‘yet’ and ‘just’ imply the partner is not paying as must as he should be. But if he is paying the amount determined by the court, then he can sue for the implication that he is underpaying.
Danger 6: Exaggerations
Again, back to words.
For example:
A spokesman said: ‘A local authority workman deliberately removed the manhole cover.’
Or
‘Western Gas engineers always make mistakes like this.
The words in italics would be difficult to prove.
Danger 7: Words with two meanings
Take care with words that can have different meanings – eg, gay.
For example:
A spokesman said: ‘We will be meeting Mr Coates, the borough engineer, and his partner, Mr. White, on Friday morning.’
Is Mr White his business partner – or something else? Clarity is important.
Danger 8: Improper conduct
Don’t make allegations you cannot prove.
For example:
A spokeswoman said: ‘Our investigations show that Thames & Co’s engineers did not secure the site valve.’
Or
For example:
A spokesman said: ‘Bastows’ electrical work in Salford fell short of industry standards.’
Danger 9: Arrests
Never name someone who has been arrested. Wait until they are charged, or released without charge.
Danger 10: Publishing online
Beware linking to a defamatory article on another site.
Protecting yourself
Your press statements and press releases are protected by qualified privilege, if you are:
1. A local authority.
2. A government department or quango.
3. Police press office.
This means you cannot be sued for anything defamatory that you release to the media or publish on your website.
A press conference convened by any PR / comms department is covered by qualified privilege, provided the conference is on a matter of genuine public interest. Press releases given out at the press conferences are also covered by qualified privilege.
This means that your spokespeople can make defamatory comments about other people without being sued. And the media can report them without being sued.
However, spokespeople should not make statements that they know are untrue. This could compromise privilege.
Cleland Thom
Director
CTJT
This extract is taken from the PR Media Law Guide, price £19.95. To order a copy, contact: cleland@ctjt.biz
Cleland Thom does media law training and consultancy to a number of corporation and public authorities, including GPSJ, United Utilities, World Trade Group, Herts County Council, London Borough of Brent and Three Rivers District Council.
The ZeuS malware is coming of age and the infections are going to get a lot worse says Trusteer, the secure browsing services specialist. ZeuS malware has already been pushed extensively to users of Web 2.0 and/or social networking sites plus services such as Facebook, Twitter and, most recently, to users of the business social networking site, LinkedIn. Malware is also being modified by cybercriminals using coding toolkits to attack smartphone users. Recent postings by our IT security colleagues at S21sec about ZeuS targeting smartphone users are just the tip of the iceberg when considering the potential of these attacks.
ZeuS Mitmo.
-The spread of Zeus into mobile platforms marks the beginning of a new era of malware mobility,” said Mickey Boodaei, Trusteer’s CEO. -What’s dangerous in this approach is that the same malware controls two communication channels – the PC and the mobile device and as a result can launch extremely effective attacks against banks and organizations that rely on these two channels for authentication and transactions.”
-Many enterprises rely on two-factor authentication to protect against unauthorized remote access to their networks and sensitive corporate applications. Malware such as Zeus which can reside both on the PC and the mobile device can easily bypass these protections. For online banking the potential of the attack extends way behind authentication. Criminals can also control incoming voice calls and re-direct them to the attackers. So when the bank detects a suspicious transaction and calls the customer for confirmation, the criminals can pick up the phone on the other side and do that on behalf of the customer.
By controlling both the phone and the PC criminals achieve devastating power. Frankly, I’m amazed that it took them so much time to do this,” continued Boodaei.
LinkedIn
-Social networks are easy targets for malware. As a Linked In user I’ve received a few email alerts where I didn’t really know if they’re genuine or not. The first thing you want to do when you get a Linked In invite from someone you’re not sure you know is to click the View Profile link embedded into the email. These emails also include links to accept and reject invitations,” said Boodaei.
Linked In are not alone here and many of the social networks send emails with links and even experienced users may be fooled into clicking one of these really well crafted emails. Once the criminals gain control of a social network account they have access to the victim’s list of friends and they can send out more targeted messages to these friends, and raise the risk of getting infected even higher.
-Targeting social network users for distributing financial malware is a smart move for the criminals. These attacks are much more likely to succeed than phishing attacks on banks. Once Zeus installed on the user’s computer then the criminals get access not only to login information but also to real-time transactions and other sensitive information on the victim’s computer, said Boodaei.”
To defend against attacks web 2.0 attacks like this enterprises and users need to use secure browsing services in addition to gateway level firewalls ,antivirus amd anti spam defences. Trusteer works directly with leading banks around the world to identify targeted online banking attacks such as Zeus, block them, and remove them from your computer.
A simple mistake caused by the recipient auto-complete function within an email client resulted in Gwent Police committing what has been referred to as the first major UK data security breach since the new regulations introduced by the Information Commissioner’s Office came into force in April this year. What is of particular interest about this case is that a breach of this scale (10,000 records) and gravity (the data leaked involved personal and sensitive information) occurred within a police environment which allegedly had strict policies and procedures. If that is the case, how were the policies circumvented so that the officer was able to commit this breach, and are security incidents caused by human error ultimately unavoidable?
The elephant in the room is that personal and sensitive data such as criminal records should not have been placed in an excel spreadsheet if strict processes were indeed implemented, not even for internal use. In fact, it is important that organisations dealing with personal, sensitive and confidential data have well-defined information asset classification and media handling procedures. Through the identification and labelling of confidential and sensitive data, all information would be classified based on its value and risk to the organisation in terms of Confidentiality, Integrity or Availability. Criminal records, for instance, would be labelled as private, restricted or confidential depending on the classification marking scheme and would be automatically restricted to only personnel who are authorised to access this information. If a similar scheme had been in place at Gwent Police and the information clearly labelled and controlled, then the breach would have been almost certainly avoided because the data included in the email would not have been accessible by non-authorised personnel.
It is possible, though, that Gwent Police actually had all the tools necessary to protect the data, but lacked the general awareness and training extended to all personnel. Certainly it wouldn’t be the only organisation affected by this issue. Recent data collected by PricewaterhouseCoopers, illustrates that despite spending more than ever on information security, only half of companies surveyed provide staff with any form of security training, and only one in five large organisations believe their security policies are very well understood by their employees. The results of the latest Information Security Breaches Survey highlight the need for better education in order to reduce risks, as a striking 92 per cent of firms with over 250 employees and 83 per cent of smaller firms (up to 25 members of staff) admit to have recorded a security incident in the past year.
Lack of awareness, little understanding of the implications and perhaps forgetfulness or stress are the most likely causes of human error, which can result in staff ignoring security measures, such as sending confidential data to their private email address, losing an unencrypted USB device or accidentally sending information to the wrong recipient. It is important to note that in these cases, if the data was correctly labelled and encrypted there wouldn’t be a breach of the Data Protection Act. In most cases, the ICO serves an enforcement notice if there is a failure to comply with the Act and the failure has caused or is likely to cause damage or distress to anyone. The potential repercussions could include the public disclosure of the facts by the ICO, internal disciplinary actions within the organisation or a fine which, under the new regulations, can amount to £500,000.
Comparison with data collected by PwC in 2008 shows that the cost of cybercrime to the business has doubled to more than £10bn in just two years. The average cost of a breach in a large organisation is now between £280,000 and £690,000 (it was £90,000 – £170,000 two years ago) and due to the increased use of cloud computing, risks are rising rather than diminishing. Although the number of organisations with a formal Information Security policy and sufficient IT security tools has improved, the measures seem to be unable to resolve the greatest threat, the human factor: 46 per cent of large organisations have declared that staff have lost or leaked confidential data, which in 45 per cent of cases resulted in a -very or -extremely serious breach of information security.
As this data suggests, even with the most advanced technology in place it is not possible to eradicate risk altogether; however, it is possible to mitigate the damage and prevent mistakes like the one the Gwent police officer made by adopting encryption technology and policies that are emitted from the top and are backed up by disciplinary procedures- but it is extremely important that these are accompanied by extensive training and awareness sessions across the organisation. By educating all members of staff, including trusted partners and 3rd party suppliers, it will help reduce, although not eliminate completely, risks to a level that is acceptable for the organisation, which in the case of large organisations which deal with sensitive information, such as the Police or other public sector organisations, needs to be as low as possible.
The Author
David Cowan is Head of Infrastructure and Security at Plan-Net, and a respected IT professional with over 11 years experience in the industry. A hands-on project manager, Cowan has worked with some of Plan-Net’s biggest clients to deliver technically complex projects and manage change in major businesses and public sector organisations.
Possessing excellent all round technical knowledge and a lateral, common sense approach to providing IT solutions, David works across all aspects of the IT spectrum with a detailed understanding of ITIL, ISO/IEC 20000, ISO27001 and PRINCE2.
About Plan-Net
A specialist in transforming IT operations into high-performance, cost-efficient platforms for business success, Plan-Net works with clients of all sizes and needs to help them maintain high levels of service while still meeting demands for a reduction in IT spending.
Celebrating its twentieth anniversary in January 2010, Plan-Net has helped to enhance performance, flexibility, security, cost-efficiency and, ultimately, user productivity at clients large and small for the two prosperous decades of its existence.
A consortium, led by the BRE1 Centre for Innovative Construction Materials based at the University, has constructed a small building on the Claverton campus out of hemp-lime to test its properties as a building material.
Called the -HemPod, this one-storey building has highly insulating walls made from the chopped woody core, or shiv, of the industrial hemp plant mixed with a specially developed lime-based binder.
The hemp shiv traps air in the walls, and the hemp itself is porous, making the walls incredibly well insulated. The lime-based binder sticks together and protects the hemp and makes the building material highly fire resistant.
The industrial hemp plant takes in carbon dioxide as it grows, and the lime render absorbs even more of the climate change gas, effectively giving the building an extremely low carbon footprint.
Dr Mike Lawrence, Research Officer from the University’s Department of Architecture & Civil Engineering, explained: -Whilst there are already some houses in the UK built using hemp and lime, the HemPod will be the first hemp-lime building to be constructed purely for scientific testing.
-We will be closely monitoring the house for 18 months using temperature and humidity sensors buried in the walls, measuring how quickly heat and water vapour travels through them.
-The walls are breathable and act as a sort of passive air-conditioning system, meaning that the internal humidity is kept constant and the quality of the air within the house is very good. The walls also have a ‘virtual thermal mass’ because of the remarkable pore structure of hemp shiv combined with the properties of the lime binder, which means the building is much more thermally efficient and the temperature inside the house stays fairly constant.
Professor Pete Walker, Director of the BRE Centre for Innovative Construction Materials, added: -The aim of the project is to provide some robust data to persuade the mainstream building industry to use this building material more widely.
-Hemp grows really quickly; it only takes the area the size of a rugby pitch to grow enough hemp in three months to build a typical three-bedroom house.
-Using renewable crops to build houses can also provide economic benefits to rural areas by opening up new agricultural markets. Farmers can grow hemp during the summer as a break crop between their main food crops, it doesn’t need much water and can be grown organically.
-Every part of the plant can be used, so there’s no waste, the shiv is used for building, the fibres can make car panels, clothing or paper, and the seeds can be used for food or oil. So it’s a very efficient, renewable material.
-Lime has been used in construction for millennia, and combining it with industrial hemp is a significant development in the effort to make construction more sustainable.
Environmentally-friendly building materials are often more expensive than traditional materials, but the Renewable House project2 funded by the Department of Energy and Climate Change (DECC) and the National Non-Food Crops Centre (NNFCC) demonstrated a cost of around £75,000 (excluding foundations) to build a three-bedroom Code 4 house3 from hemp-lime making it competitive with conventional bricks and mortar.
The project is sponsored by the Department for Environment, Food & Rural Affairs (Defra) under the Renewable Materials LINK Programme, and brings together a team of nine partners comprising: University of Bath, BRE Ltd, Feilden Clegg Bradley Studios, Hanson UK, Hemp Technology, Lhoist Group, Lime Technology, the NNFCC and Wates Living Space.
Commenting on an attack by the TaxPayers Alliance on Police Community Support Officers, based on North Wales police unsolved crime figures, UNISON National Officer for Police Staff, Ben Priestley, said:
-The TaxPayers Alliance has missed the point completely – PCSOs help prevent crime, but solving crime is mainly the job of police officers and other police staff.
-The TPA simply uses flawed calculations to attack their latest target – hard-working PCSOs, who play a vital role in building a rapport between communities and the police service.
-PCSOs help prevent anti-social behaviour, build up solid local knowledge and provide a visible police presence, which makes them popular among residents, businesses and schools.
-Reassurance is more important than meaningless statistics and we should be protecting the excellent efforts PCSOs have made in preventing crime.
The following statement is issued in the name of Assistant Chief Constable Patrick GEENTY;
-Following an incident that occurred within the custody suite at Melksham Police Station in Wiltshire 2 years ago a 57year old woman prisoner sustained an injury to her face. The court was told at an earlier hearing that on 4th July 2008 the woman had been taken to the Police Station after being arrested for failure to provide a breath test.
We are extremely concerned when anyone is injured whilst in our custody and the court has decided that this injury was as a result of a criminal assault by Sergeant Mark ANDREWS a member of Wiltshire Police who was performing duty as a Custody Sergeant at the time. Wiltshire Police has formally apologised to the injured lady for the assault she suffered whilst in our care.
We respect the decision of the court today in sentencing Sergeant ANDREWS to 6 months imprisonment and we will carefully consider the comments of the trial judge so as to determine any further action that is necessary.
The incident was reported by another Police Officer within the custody centre who was concerned at what had taken place. The Officer found herself in a very difficult situation created by her own supervisor but performed her duty in accordance with the highest standards expected of a Police Officer in bringing this unacceptable incident to the attention of another supervisor. She has certainly been thanked and praised for her actions but media comments about various awards are pure speculation at this time.
Immediately the other supervisor was made aware of the incident an investigation was commenced and, the Sergeant concerned was subsequently removed from public facing duties. Wiltshire Police voluntarily referred the matter to the Independent Police Complaints Commission who decided that they were satisfied that a local investigation should be conducted by Wiltshire Police. This investigation resulted in a file being sent to the Crown Prosecution Service which led to the trial of Sergeant Andrews.
People have a right to expect that the police will always act by placing the safety and welfare of the public as their first priority. This is particularly so when in police custody when irrespective of the reason for their detention, people should feel and be safe.
There is no greater responsibility on the police than the care of people in our custody and considerable effort and great importance is placed on ensuring that our processes, systems, training and behaviours are directed towards facing up to that responsibility at all times.
Some 16,000 people are dealt with annually within police custody centres in Wiltshire and the public will understand that this environment can be very difficult with hostility, conflict and violence towards staff often occurring – although these conditions can never excuse or condone any form of unacceptable or unlawful behaviour by Police Officers or Police Staff. However, it is important to put this difficult job performed on behalf of the public into context. Since this incident occurring two years ago, in excess of 30,000 people have been dealt with in custody centres in Wiltshire. During that time there have been no other serious assaults of this nature and although there have been a total of 13 complaints of assault; none have been substantiated following investigation.
Despite the rigour and effectiveness of our systems and training, it will never be possible to provide a 100% assurance that our guidelines, on occasions, will not be broken. Whilst that is unpalatable, the reality is that policing is complex and difficult and again we repeat, there can never be any excuse for excessive behaviour by police officers or police staff. We are determined to learn any lessons that emerge from this case and we will not shirk from our responsibility to continue to reduce the chance of any recurrence of such incidents.
This incident occurred over two years ago. Since then Wiltshire Police, as part of a wider national inspection programme, have undergone four independent inspections, two by the National Police Improvement Agency, one in respect of mentally disordered offenders and one by Her Majesty’s Inspector of Constabulary and the Prisons Inspectorate. The latter inspection involved a total of 13 Inspectors arriving unannounced and spending four days with Wiltshire Police. They carried out a thorough inspection in respect of ‘Dignity and Respect’ and produced a favourable report highlighting national best practice and concluding that interaction with detainees was ‘Respectful’.
Independent visitors are able to enter any part of any custody centre unannounced. They regularly do so and have unrestricted access. No issues have been raised concerning the treatment of detained people. Wiltshire Police has CCTV throughout its custody centres and this is being upgraded now to comply with new national standards.
.
The unlawful use of excessive force by any member of Wiltshire Police will not be tolerated and immediately following the guilty finding of the court on 13th July 2010, Sergeant ANDREWS was suspended from duty with immediate effect. In compliance with Police Conduct Regulations, an internal ‘Conduct Hearing’ will now take place in October 2010.
This incident should not have happened and I am very sorry that we let this lady down. Although she had been lawfully arrested, she was not charged with any offence.
I hope that she is able to accept that Wiltshire Police puts safety and respect at the top of its priorities and I also want to reassure the general public that this case shows that the police will always take positive action against any of its own members who act outside of the law.”
A 22-year-old man has admitted throwing the single punch that led to an Oldham man’s death.
Louis Patrick Veitch, (born 28/1/88), of Caunce Street, Blackpool, pleaded guilty at Manchester Crown Court Crown Square to the manslaughter of 25-year-old Andrew Molloy.
Today, Tuesday 7 September 2010, he was given an extended sentence of six and a half years in prison followed by three years on licence.
Andrew was felled with a single punch and died after his head hit the floor. The whole incident was captured on CCTV.
In the early hours of Monday 15 March 2010, Veitch was in the Mess House pub on Yorkshire Street, Oldham, when there was a disturbance inside and another man was ejected.
Veitch went outside onto the pavement where he spoke to a number of other people, including Andrew Molloy, none of which had been involved in the previous disturbance.
During the conversation with Andrew, Veitch suddenly moved to one side, touched him on the shoulder as if to line up a punch, and threw a single punch to the face.
The blow was so strong it knocked Andrew, who had his hands in his pockets, off his feet and he fell backwards, his head hitting the floor.
Andrew suffered a fatal head injury as he hit the floor. He was taken to Hope Hospital, where he died six hours later.
Senior Investigating Officer Andrew Tattersall said: “This was a sudden attack on an innocent, defenceless man who had his hands in his pockets at the time. He didn’t even have time to protect himself.
“We’ll never know why Veitch decided to pick on Andrew.
“We do know that Andrew’s needless and untimely death has left his family devastated.
“This case demonstrates the terrible consequences of just one punch or push.”
So many donations and goodwill letters have been flooding in to the owners of a goat that was brutally tortured by sadists last week that Royal Mail have asked them to fit a bigger letter box.
Debbie Bailey and John Starkey who run the Tennyson Lane Road Farm Horse and Pony Shelter at Middleton, Greater Manchester, say they have been overwhelmed at the kindness shown to them since the sadistic torture of ‘Sidney’ the goat.
Goodwill letters, cheques and cash donations have been arriving daily and today they have had to fit a letter box outside the shelter at the request of the Royal Mail.
Last week thugs broke into the sanctuary and ripped out ‘Sidney’s’ horns.
The goat, twenty, was left bleeding profusely and with two large caverns in his skull where his horns had been. He also had two legs broken and one dislocated in the barbaric attack.
Although he survived the attack he was sadly put to sleep later as the vets agreed nothing could be done to save him. The RSPCA described it as the worst attack they had seen and appealed for help in catching the monsters responsible.
Debbie told GPSJ today, “We have never had any donations and now we have had two cheques for five hundred pounds each and others for smaller amounts.
“People have been donating stables and some have come down to help build fencing, we were both in tears this morning when we opened the post.
“The donations have come from all over the country we are astounded and very grateful for this.”
Stuart Littleford interviews: Debbie Bailey & John Starkey the owners of a tortured goat.
GPSJ Cameraman: Paul Bridgeman (freelance4media.co.uk)
Police and RSPCA officials are not giving up hope of catching those responsible and although no one has put name forward they are hopeful the culprits will be brought to justice soon.
John said, “People have been phoning us leaving anonymous tip off’s about who has done this.
“We know there are lynch mobs in the local pubs and the things they say they are going to do to these people if they catch them are really frightening. Some of the things that have been suggested they will do if they catch them are quite horrific.
“Certain people in the community have stated that when they find out which families are responsible they will be evicted from their properties.
“People are saying they have dragged the name of the town down and there is real anger around here and a genuine willingness to catch those responsible.
“There is a chap in the Highlands in Scotland who wants to design and pay for a free website for us and a lady in Burnley and her husband who have given us a full flat pack stable that we have now erected.”
The RSPCA have been back to the sanctuary again today making a video and to see what help can be given and local people have been lending their support. There is real shock in the area but also a sense that some good can come out of this appalling incident.
Anyone wanting to donate help of any type can contact GPSJ who will pass their details onto the sanctuary.
David Miliband has told GPSJ that he ‘feels sick’ about what the government has done to the ‘Building for Schools’ program and said he feels it is ‘absolute vandalism’ in an interview with editor Stuart Littleford.
Speaking at a party meeting in Manchester Mr Milliband also said that ‘New Labour’ wasn’t new any more and labour politics needed re-inventing and what mattered was the substance.
A pet goat has had its horns ripped from its head and left in agony with broken and dislocated legs in what is being described as a barbaric and sickening attack.
The goat known as ‘Sid’ was attacked late on Thursday night and found in his field early on Friday morning in agony.
The attack happened at the Tennyson Lane Horse and Pony sanctuary in Middleton , Near Manchester.
Owners of the sanctuary Debbie Bailey and John Starkey said they are both in shock and can’t understand why anyone could do such a thing to a defenceless animal.
Talking to GPSJ today, Debbie said, ” We found Sid early on Friday morning covered in blood with both his horns ripped out and his back leg broken and bent backwards and his other leg pulled out of the socket, he was in agony.
The only thing we could do was to have him put down, no amount of money could have saved him.
Stuart Littleford Interviews the owners below:
The girl from the RSPCA was in tears and said she had never seen anything like this and today she said she had lost sleep over what she had seen.
We have had him for over ten years and he is really friendly all the local children love to come and see the ponies and animals here, we get no funding, we are not a charity we do this all by ourselves for the animals.”
“Police spent hours at the scene and have taken DNA samples, they have been really good and are determined along with the RSPCA to catch the person who has done this, if they can do this to a poor defenceless animal what could they do to a child or anyone else,” said John.
The owners have said that they will try and make the site more secure but they have no funding to do this at the moment anyone who can help with fencing or supplies can contact GPSJ.
GPSJ understand’s that police are following up some positive lines of enquiry and anyone with information should contact Greater Manchester Police.
Anyone with information can call the RSPCA in confidence on 0300 1234 999 and leave a message for Ms Hall.
Making the Public Sector energy efficient has never been more important.
It’s not just the eye-wateringly large £3.8bn annual gas and electricity bill in a time of austerity, the start of the CRC Energy Efficiency Scheme and the fact the new Prime Minister wants this to be the ‘Greenest Government ever’.
Jobs are being lost that could be saved, one local authority employee said. -We’ve had energy efficiency proposals sat on our desk for two and a half years. If we’d actioned them, we could have kept the key staff members we’re about to loose.
Considering all of this this, it is surprising how few energy efficiency measures have actually been deployed. So what barriers are making it hard for the public sector to act?
Simple - said another senior council officer. -Two main things: firstly, lack of in-house technical knowledge – what should we buy? Secondly, many public bodies are cautious about the idea of investing in energy efficiency. Whose budget does it come from? Even if an energy efficiency investment decision is profitable, concepts like ‘we are not a borrowing council’ will stop efforts to reduce energy use in their tracks. We need to get past the idea that energy saving is expensive and not worthwhile in its own right.
Below is an overview of voltage optimisation, one of the simplest and most cost-effective ways to reduce electricity use and cut carbon emissions.
There is also a brief description of the new ‘Pay as You Save’ finance scheme designed to help public sector organisations finance energy efficiency and renewable energy measures when Salix or similar funds are not available.
Voltage optimisation:
1. A simple and cost effective way to reduce electricity use
Voltage optimisation is one of the simplest and most cost-effective ways to reduce electricity use and cut carbon emissions. Voltage optimisation – or more properly, voltage stabilisation (also known as voltage control, voltage regulation and a host of other names) works by reducing the incoming voltage to your facility from its UK average of 242 volts (V) down to 220V, the optimum voltage for electrical equipment.
2. Save between 9 and 14% of your electricity bill
Reducing your incoming voltage enables loads (electrical equipment) to use less electricity, typically delivering between 9% and 14% cost and carbon savings. Higher savings of 20% or more are possible but rare.
3. Additional benefits: reduced maintenance, longer equipment life
Stabilising the voltage creates a benign operating environment for electrical equipment. In a stable electrical environment, machines operate at their design voltages and temperatures. Machines that run cooler suffer less wear and tear, extending their operating life, increasing motor efficiency and reducing maintenance requirements.
4. Simple to install
Installation has minimal operational impact.
5. Financial benefits
As an investment, voltage stabilisation typically pays for itself in 1-5 years, delivers Internal Rates of Return of between 20 and 100% and has a strong positive Net Present Value. In addition, there are fewer demands on equipment budgets as extending equipment life reduces the frequency with which equipment needs to be repaired or replaced. Maintenance budgets are also reduced.
‘Pay as You Save’ – a new source of finance for energy efficiency projects
‘Pay as you Save’ www.streamline-power.com/pay_as_you_save.html has been created by public sector finance specialists to help public sector bodies fund energy efficiency measures. ‘Pay as you Save’ Co-founder Ian Micklewright said -If funds are unavailable from Salix or in house, for whatever reason, we have developed bespoke asset finance to help install energy efficiency measures at no upfront cost, ensuring repayments that are always less than the electricity savings.
This leaves you cash positive at all times, allowing repayments under a lease scheme to be assigned to revenue budgets rather than capital budgets.
Past confusion about voltage optimisation
One reason why voltage optimisation may not be as widespread as I think it should is that there seems to be considerable confusion about the technology as its reputation has suffered due to exaggerated claims.
-Always check what it is you are actually buying, says Patrick Carroll, a consultant in this field. -Many voltage optimisation units are actually step-down transformers, with some of the newer models being automated step-down transformers with secondary functions added to allow claims to be made regarding aspects of performance or uniqueness. There are cases where organisations have had to install step-up transformers to counteract the effects of these earlier models.
-Remember, the goal is the creation of stable electrical conditions inside your facility. To that end, the optimum solution will regulate the voltage entering the site and hold it tightly within a one-volt tolerance of the desired voltage to protect equipment. Not only that, but it should ideally control each phase voltage individually, allowing the facility to make maximum cost and carbon savings.
-The current versions of this technology such as the Power Saver are able to meet these specifications. With the prize a 10% reduction in the amount of electricity the government uses, the time is right to roll out voltage optimisation across the whole public sector estate.
About the author
Dennis Garrison is a Director at Streamline Power, an energy efficiency firm that specialises in helping organisations reduce energy use through improving power quality. For more information on voltage optimisation in the public sector, contact Dennis Garrison on 02381 230230 or visit
You’re out in the street and someone takes your photo without asking. What can you do? And do you have any control over what they do with that image?
The broad guidelines that apply to the media are:
1. SAFE: Politely taking photos of adults in the street (or any PUBLIC place) without their consent.
2. SAFE: Politely taking photos of under-16s involved in activities like sports day at school (see note below).
3. SAFE: Publishing politely-taken photos of adults in the street (or any PUBLIC place) without their consent.
4. UNSAFE: Politely taking photos of under-16s in the street (or any PUBLIC place) without the consent of parents / guardians. There should be overriding public interest.
5. UNSAFE: Publishing politely-taken photos of under-16s in the street (or any PUBLIC place) without the consent of parents / guardians. There should be overriding public interest.
6. UNSAFE: Taking, or publishing, photos of adults in the street without consent, when harassment, pushing, shoving etc are involved. Publication should be in the public interest, as defined by the PCC Code.
7. UNSAFE: Taking, or publishing, photos of under-16s in the street (or any PUBLIC place) without the consent of parents / guardians, when harassment, pushing, shoving etc are involved. There should be overriding public interest as defined by the PCC Code.
Setting the rules
1. Check photographers’ ID. They should carry a press card showing who they work for. If they are freelances, establish who has commissioned them.
2. Make sure your employees know that reporters and photographers cannot:
Take photographs on your property without consent.
Approach under-16s for interviews or photos without consent of their guardian (this could be a teacher if they are at school).
Take photos of people in their homes, gardens etc from the street – unless there is a ‘public interest’ issue.
Cannot take ‘clandestine’ photos – unless there is a ‘public interest’ issue.
Conceal that they are a press photographer or reporter – unless there is a ‘public interest’ issue.
3. There are laws to prevent:
Camping outside people’s homes.
Door-stepping.
Harassing / pursuing people.
Entering private property without consent.
Taking shots on your property without consent.
Copying a photo while you’re out of the room.
You should take legal advice before using legal redress. It is quicker and cheaper to use the Codes of Practice if there is a problem.
Cleland Thom
Director
CTJT
This extract is taken from the PR Media Law Guide, price £19.95. To order a copy, contact contact: cleland@ctjt.biz
Cleland Thom does media law training and consultancy to a number of corporation and public authorities, including GPSJ, United Utilities, World Trade Group, Herts County Council, London Borough of Brent and Three Rivers District Council.
What do you get when the worlds leading analysis and data software provider merges with a leading open source intelligence research institute?
Hopefully an even more successful business providing data faster and more accurately to its service users.
At least that is the outcome i2 CEO Robert Griffin is hoping for as he heralded the group’s newly formed partnership with risk intelligence specialists World Check at its Brussels client conference in June.
In his address to the conference delegates that included representatives from the worlds enforcement and security agencies Chapman promised: -There are exciting times ahead with new product lines in the next 12 months to help you do what you do best.
Between them the two groups will hope to synergise their respective expertise in the field of data mining and intelligence analysis tools.
Improving and expanding research capabilities and intelligence provision between them for their users.
This will further enhance the provision of critical information to agencies confronting illegal activities of terrorists and criminals.
The two groups also provide services to commercial users to protect them from fraud and from entering into business with the wrong sort of partner.
Individuals or organisations that have proven or suspected links with anything from money laundering to corrupt practices.
In a world that is becoming increasingly globalised in terms of transnational jurisdiction it is essential that business organisations seeking partners abroad do their due diligence.
Preliminary and precautionary checks avoid the risk of prosecution, sanctions or damage to their reputations.
I2 has some devilishly clever software systems such as the Analyst’s Notebook and COP-Link that give agency operatives of 2,500 organisations real time access to data bases in over 149 countries access to both open source data and in certain cases secure data banks from across the world.
These organisational users typically include police, frontier control, and customs, military and commercial bodies.
Despite the avowed declaration that the intention of the colossal data mining activity is a force for good, one cannot help being a little unnerved by the power and scope of non governmental organisations to access, monitor and display such extensive amounts of data.
Julian Midwinter i2’s Vice President of Sales reassures us saying: – Unless we are asked to host the data we just provide the systems for the data to sit in.
The organisation then accesses it and uses the data as they want.
We do not have ownership of the data except in a few circumstances. The data banks are mostly the responsibility of the organisations holding them and their decision to share information with other organisations is theirs we just provide the systems to enable that process.
The systems will inevitably trawl through masses of chaff about harmless law abiding citizens before identifying the wheat of intelligence and usable information about the bad guys.
Anybody who still subscribes meaning to the word liberal in the term Liberal Democracy is bound to be unnerved to know that the increasingly ubiquitous social networking sites such as Face book are an area of extensive research to organisations like i2.
Social networking analysis is a vast area of expansion for Open Source Intelligence and the endless trivia that we commit to such sites provide a rich seam of information to Snoopers both benign and malign.
The dilemma of balancing the need to provide extensive information including personal details of relationships, financial and phone records is not lost on i2’s mangers and executives however.
The awareness of i2 executives to their responsibilities and their declared adherence to the rights and privacy protection afforded to citizens by the jurisdiction of their respective individual states goes someway to allaying ones fears.
Julian Midwinter added: -There are strict rules about data retention and we have to adhere to the legal requirements within the end users jurisdiction.
Compliance with various states laws and policies regarding criminal history and intelligence data remains a challenge.
We ensure that all our clients’ sign up to detailed and succinct management agreements that comply with the legal requirements of that state.
There are also auditing systems in place on both sides to ensure against any misuse of data.
However Intelligence technology can be flawed and when it goes wrong it does so badly.
In extremis note the countless wedding parties blown to smithereens in Afghanistan by drone launched missiles after being wrongly identified as Al Queada or Taleban fighters.
In Yemen recently a pro government anti Al Queada tribal leader Jabir Ali al-Shabwani, was mistaken for the Al Queada in the Arabian Peninsulas (AQAP)
The political setback from such a blunder may yet prove decisive in the fight to deny AQAP the use of Yemen as safe haven.
Notwithstanding the limitations and over reliance of technology based intelligence application i2 provide powerful tools in the fight against terror, crime and corruption though we must never lose sight of the fact that such tools are only as good as the human resources operating them.
It is imperative that the data inputted has credible integrity and above all is correct and furthermore that data is utilized intelligently and with prejudice to its context.
Terrorists can and will at some time try to duck under the technological radar replacing their incontinent babble on mobile phones, jihadist websites with individuals bearing personal messages to co conspirators.
Cash couriers will transport cash instead of using Western Union money transfers to purchase weapons and provide logistical support.
Therefore our reliance on such technology platforms must never be total and it is not of itself infallible to the exclusion of human instinct.
Encouragingly this is also not lost on i2 who retain and rely on ongoing links with academic research institutions and expert individuals like John Hopkins University Fellow Dr Kathleen Kiernan.
They work in close consultation with experts such as Dr Kiernan (formerly a security director of the ATF) who are at the cutting edge of applying their knowledge and ongoing research into evolving terrorist trends and tactics.
Input from such sources helps i2 to craft their information and intelligence tools meet the demands of the field agents and analysts.
More prosaically software programmes and analysis tools provided by i2 Group also play a huge role in the billions of day to day checks on passport verification, suspect identification and elimination as well contributing to the investigation of terror and criminal networks and their activities.
The holistic approach practised by i2 combining Human Intelligence with technology means that on the whole most citizens will be glad that we have it in our arsenal than not.
As Dr Kiernan speaking to the conference describes the evolving threat from radicalised individuals from a range of backgrounds embarking on terrorist operations.
She emphasised the need to recruit analysts who were capable of thinking inside and outside the box to defeat them saying: We also need to recruit the services of the hacker, the cracker, even the criminal to stay ahead of the terrorists and the cartels.
At John Hopkins we have an intelligence Masters and we strive to recruit the best and the brightest but it’s a limited commodity so you will have agencies fighting over who is the best.
She praised i2 products application of Human Intelligence to Technological Data Analysis saying: They have the ability to streamline their intelligence to the street analysts needs.
Police in Leigh are investigating after two flagpoles were stolen from the cenotaph in Leigh, Greater Manchester. Between midnight on Friday 6 August 2010 and 6.30am on Tuesday 10 August 2010, the flagpoles were stolen from the war memorial on Church Street.
Officers in Leigh have carried out inquiries and are now appealing to anyone who may be able to help to come forward.
Police Constable Barry Willans said: “It is hard to understand exactly why someone would want to steal these flagpoles, but the offenders need to understand that their actions have caused a tremendous amount of distress.
“We have been in regular contact with the British Legion who are understandably keen for justice to be carried out.
“We are appealing to anyone who was in Leigh on this particular weekend who may have seen anything that may assist this investigation to call us.”
Anyone with any information is asked to call police on 0161 872 5050 or call the independent charity Crimestoppers anonymously on 0800 555 111.
With October’s Spending Review announcement set to reveal the scale of the requirement for a radical re-evaluation of the Government’s role in providing public services; a two-day conference and exhibition in Birmingham on October 20th – 21st will provide the best opportunity this year to learn how digital technologies offer a proven route to delivering better public services for less.
Delegates attending Beyond 2010, organised by Birmingham City Council, itself one of the pioneering local authorities in business transformation, will hear from thought leaders including former No. 10 advisor and author Charles Leadbeater, about why effective implementation of digital technologies will help meet this dual challenge across central government, local authorities, health services, the third sector and private business.
Service transformation and new technology-led approaches to service design and delivery are already achieving better outcomes for less, with digital and mobile technologies creating new public service delivery channels which are increasing citizen engagement and more self service opportunities. Birmingham City Council has developed Beyond 2010 so public service providers across the UK and internationally can share the benefits it is already experiencing as an early adopter of digital technology-led services.
-There is no escaping the fact that public service providers will have to make efficiencies. At the same time they will need to minimise the impact on the services our citizens receive, said Glyn Evans, Corporate Director of Business Change at Birmingham City Council, who is chairing the ‘SMART Efficiencies’ seminar at Beyond 2010.
-We passionately believe that digital technology is key to achieving these objectives across so many applications: from healthcare to transport, waste management to customer service. The scale of the challenge may be immense but the good news is that part of the solution is with us here and now in the form of the innovative digital technologies that are readily available, thanks, in part, to new collaborative ways of working with the private and third sectors.
Beyond 2010’s comprehensive conference and workshop programme will demonstrate where service efficiencies can be made and the benefits they can realise. Amongst the keynote speakers will be senior civil servants Graham Walker, Director of Policy at the Cabinet Office and HM Government Chief Information Officer (CIO) and Senior Information Risk Owner (SIRO) John Suffolk. There will be a broad range of seminars providing the tools and solutions to deliver technology-led services now and in the future.
Delegates will also hear from HCL AXON’s Robert MacDougall, Global Head of Benefits Realisation, who is also speaking at the ‘SMART Efficiencies’ seminar at Beyond 2010, he said: -The tough economic reality of the next few years means that we need to further leverage the investments made in technology and take a benefits-led approach to deliver and demonstrate the savings achieved from efficiency and reform projects.
Organised by Birmingham City Council as part of its city-wide Digital Birmingham initiative, Beyond 2010 takes place at Birmingham’s International Convention Centre as part of Hello Digital Week, which runs from 18 – 22 October and comprises a number of events celebrating the city’s and the region’s technological achievements against the best in the world.
Dr. Maria Eugenia Cabrejos, laboratory manager of AquaInnova, a Chilean company based in Puerto Montt, recently spent three days in the Veterinary Sciences Division of the Agri-Food and Biosciences Institute (AFBI) training in a range of diagnostic techniques for fish diseases.
The visit arose from an invited presentation by AFBI’s Dr. David Graham at a fish health conference in 2008 held in Puerto Montt, which is home to a large aquaculture industry. Since then, AFBI has been involved with a number of laboratories in Chile and with Sernepesca, the Chilean Fish Health Authority, in monitoring and improving the quality of aspects of their laboratory testing.
Dr Cabrejos’s visit also provided an opportunity to discuss areas of mutual scientific interest which, it is hoped will lead to further collaborative work between AFBI and Aqualnnova.
Overtis , vendor of VigilancePro, user activity management software, has announced a new Protective Marking feature to identify files that hold confidential information. The new feature has been developed in response to requests from UK police forces, to help them to comply with Management of Police Information Guidance published by the National Policing Improvement Agency (NPIA) on behalf of the Association of Chief Police Officers (ACPO).
Several instances of deliberate or accidental loss of protectively marked police files have been reported to the Information Commissioner in the past twelve months:
In June 2010, a senior police officer was convicted of accessing databases at Greater Manchester Police and the Police National Computer and passing confidential details to two businessmen.
In April 2010 an employee of Gwent Police accidentally emailed an unencrypted document to a journalist after the auto-complete feature included him among the recipients. The spreadsheet contained confidential records on 10,000 people who had undergone a Criminal Records Bureau check, revealing the names and dates of birth of 863 people who had been in trouble with the police.
In September 2009, a Metropolitan Police officer admitted accessing the Police National Computer to obtain information on his former girlfriend’s new partner.
In August 2009 a civilian employee of Essex Police admitted that he sold mobile phone records after accessing police intelligence databases 800 times.
Protective Marking is the UK system of classifying documents according to the Government Protective Marking Scheme (GPMS) identifying the level of harm or impact that would be caused if they were disclosed to other states or external parties. The system is used throughout central and local government and the Critical National Infrastructure, to ensure that sensitive information is safely handled, stored and transmitted.
Overtis VigilancePro allows Police Officers and Staff to classify files, including documents and spreadsheets, as well as emails, according to the GPMS five levels, which are -Protect, Restricted, Confidential, Secret and Top Secret. Documents that contain information in the public domain are labelled -Not Protectively Marked.
VigilancePro can also be customised easily to include any Force specific descriptors. Additionally, the software allows whitelists to be created for different email classification levels, ensuring that emails marked as -Confidential- cannot be sent outside of the pnn.police.uk domain, for example.
Overtis VigilancePro writes the appropriate classification into the metadata of the file. This can then be picked up by other security systems, such as email gateways, to enforce encryption of attachments, in line with policy.
VigilancePro provides a full audit trail of classification events, with reporting that can underpin the processes for Review, Retention and Disposal of Police Information under MoPI guidelines.
Commenting on the inclusion of protective marking within VigilancePro, Ed Macnair, CEO of Overtis said, -Police forces have to collect a lot of information on citizens as part of their normal enquiries. This data must be safely handled to protect the privacy of individuals. Protective marking within VigilancePro helps to ensure good data governance throughout the force, while still allowing officers to access and share information, to enable them to carry out their duties.
The Royal Marsden is a National Health Service (NHS) Foundation Trust in England that specialises in cancer. Situated primarily over two main sites, one in Chelsea and one in Sutton, it also has a number of satellite locations, an area of the business that is being developed. Today, it has a staff of approximately 2,500 all of whom, in one form or another, are responsible for protecting the data they access.
The Royal Marsden is committed to promoting excellence in cancer research, treatment and education. Alongside its academic partner, the Institute of Cancer Research, it is considered one of the leaders, and at the forefront of many major cancer breakthroughs.
The NHS Trust is involved in tackling and taking data breaches very seriously. At the helm is Jon Reed, IT Director for The Royal Marsden, who is responsible for its entire IT infrastructure and the development of all in house clinical applications.
The Story So Far…
According to Reed, -The Trust takes the handling of information very seriously, which is what you would expect of an organisation of our standing, and my defence strategy to protect data in transit began many years ago, back in 2006, long before publicised breaches by public bodies.
Following the high-profile cases, a central policy was introduced by, David Nicholson CBE, NHS Chief Executive stating that every organisation within the NHS must fully implement the policy that all removable data must be encrypted, and also follow the recommendations of the report of the Cabinet Office Data Handling Review, which contains mandatory security standards for the public sector. As The Royal Marsden had already begun researching various solutions it was ahead of the game.
The Royal Marsden encourages its staff to not carry data unless it is absolutely necessary. It recognises that on occasion, patient identifiable records, staff information and commercially sensitive information such as research projects and data, amongst other documents, will be transported and shared and this must be done in a secure manner.
And the Solution of Choice Is…
The Royal Marsden quickly honed in on about six offerings, and it looked to see what other NHS Trusts were doing. One of The Royal Marsden’s key concerns had been that organisations would lock down their infrastructure and would only allow certain models of USB devices to be used. This Jon’s thinking, too – the Trust didn’t want to run into a compatibility problems. Jon made a decision ahead of the game, and chose the IronKey as the best solution for The Royal Marsden which would not cause a problem amongst other trusts accepting it.
Jon clarifies his reasoning, -We chose the IronKey solution as it is AES standard hardware encryption which can’t be circumvented, which then puts the onus on the user to make the decision. The central policy management combined with the managed service was another key criteria, so we don’t have to worry about deploying server infrastructure on our network and applications to manage the devices. The fact that we could disable a device if missing in action, and that it would self destruct following a set number of failed login attempts was another strong selling point. IronKey’s onboard digital certification for RSA to consolidate encrypted mobile storage – and strong two-factor authentication in a single device – fitted with what we wanted to do around making it easier to connect to our infrastructure securely from remote locations. Finally, the aesthetics of the device played a part, as it looks credible and from an infection control point of view, it is a waterproof device with a rubberised cap so it can be disinfected – essential for a healthcare institution that prides itself on the standards it sets across the NHS.
Once the decision had been made and the devices purchased, The Royal Marsden had a two-fold challenge: getting staff to think differently about security and getting staff to remember to use the devices.
Jon explains, -Planning is important with the implementation of any system. Don’t think of IronKey as a straight replacement to your existing insecure USB devices that you buy off the shelf like blank CDs. It’s a key part of your security infrastructure and so you need to think of it as part of your security strategy, and plan how you’re going to deploy it.
We Told Everyone…
The Royal Marsden thinks as a whole about information security and has a structured communications campaign to ensure information security across the organisation.
It introduced a policy that specifically covered the transfer of any data to a USB device. To avoid any ambiguity, it decided to not make a distinction between sensitive and indifferent data – it classes all data equally (when being transferred from the Trust’s PCs) – taking the dilemma away from its staff. The Trust’s policy states it must be on an IronKey.
It ran a number of specific communication campaigns to encourage awareness of new policies, and the introduction of IronKeys, which included: top down management briefings; it sent out leaflets with payslips; and targeted emails for key individuals.
We Led from the Front…
The next approach employed by The Royal Marsden to reduce potential negativity was the tactical deployment of a few initial devices to selected key users. This secured general acceptance within the organisation, prior to critical mass roll out, which it believes has removed resistance to the devices. As knowledge of the security programme and policy on the use of USB devices filtered through the organisation it has found that users proactively request devices, driving their demand and adoption.
The Royal Marsden found the deployment to be quite straight forward with only a few minor difficulties – as it familiarised itself with the technology – which were from an operational standpoint rather than the end users experience. Jon explains, -There have been no real problems with the product itself. The technology has been made quite simple to use, but having a strong password protection on USB devices was alien to our users – which they initially struggled with – and which have been down to our zero tolerance policy rather than caused by IronKey.
Prior to IronKeys deployment, The Royal Marsden had another solution for remote access and has found the integration seamless, creating a more flexible easy to use solution for its staff. As the RSA token facilitates secure access to the infrastructure, users have just one device – which is also their security device – making it easier for them to think and remember to use it.
When asked for any other advice Jon could offer, he said, -Tackle any areas of weakness on a risk priority basis. You need to think of your whole infrastructure and the way that users handle information right through from careless conversations in the canteen that might be overheard through to moving personal information around on USB devices to confidential faxes being left lying around.
So introducing technology to combat a problem is just one part of a programme on information security.
The Future with IronKey …
Since introducing IronKey some devices have gone missing in action but The Royal Marsden has simply disabled them centrally. Tongue in cheek, Jon says -It doesn’t quite self destruct but very close to it! You have the peace of mind that if one should end up in the wrong hands after a few attempts at access it will be permanently inaccessible, which is a strong feature. In terms of what central policy requires us to do – it has certainly met that, and I would go as far to say that it’s better than what some others are using.
Going forward The Royal Marsden is quite excited by the opportunities IronKey offers in terms of taking remote access a step further. It has a vision of giving employees a virtual machine that’s run from their IronKey. This will enable staff to work from anywhere securely, thereby controlling how the Trust’s infrastructure is accessed and where data is stored – either the network or an IronKey – with obvious saving implications. It has just started to examine this, and has taken some soundings from its key users, with the possibility of rolling it out early in the New Year, if everything goes to plan.
Jon sums it up when he concludes, -If the unthinkable happened, and our data was breached, personally I would be devastated, by both the reputational damage and the shattered trust of the individuals involved. As I have got the responsibility of sourcing and purchasing a solution, I’m not going to settle – to meet the bare minimum to meet Government standards, I’m going to invest in the strongest solution that I possibly can.
Recent Comments