Military intelligence?

Whenever you connect to Facebook there are many things you might expect to learn: that one of your hundreds of “friends” has just had a bath; that the user interface has been redesigned by a five-year-old, again; perhaps even that some boneheaded application (and its boneheaded user) calculates that your monetary worth is less than another of his pretend friends. However, what you probably wouldn’t expect is to confront an advertising and recruitment campaign on behalf of the Secret Intelligence Service…

Yes, it seems that MI6 is looking to recruit new spies and has opted to look on Facebook for a change, rather than hanging around Oxford or Cambridge pubs. Our lazy spymasters have launched three adverts that promise graduates of all ages long-term careers in collecting and analysing global intelligence.

Forgive me for not being a little more patriotic, but even were I younger, fitter and more reckless I wouldn’t be applying, not least because I’ve seen how government mishandles secret stuff. I ought to have some faith in the ability of the great and the good to handle confidential data confidentially, with some small degree of technical understanding and common sense, but nowadays whenever I hear the words “Military Intelligence” I wait to hear about something stupid that’s happened (again).

So it was when I learned that a former MI6 agent had sold a digital camera on Ebay, for £17, which still contained images of terrorist suspects, rocket launchers and various missiles in its built-in memory. Have these people never heard of secure data disposal? Given the business MI6 is supposed to be in, even the full 35-pass Guttmann method of data erasure isn’t enough: for the few quid it costs, just toss the bloody camera in a furnace. Things become even stickier when the armed forces (whom you might also believe are used to handling sensitive information) “misplace” a bunch of hard drives containing Royal Air Force personnel data. Not just some personnel, but all current and former RAF members. The Ministry of Defence quickly pointed out that there’s no evidence this data has been “exploited maliciously”, nor that the theft was “motivated by a desire to obtain the data”. Just as well, considering it was unencrypted!

Encryption matters

An easy-to-remember mantra for data protection best practice is simply this – encrypt, encrypt, encrypt. Go back as far as you like in history and you’ll find codes and ciphers being used – like the Spartan Stick in 5BC, which involved wrapping a parchment strip around a stick then writing a message on it, which would only make sense if wrapped around another stick of the exact same diameter.

You have to wait until 1467 for the next big leap forward in cryptography, with the invention of the polyalphabetic cipher disk. An Italian chap called Leon Battista Alberti placed separate alphabets on concentric rings, creating ciphers according to which letters were lined up. It was remarkably sophisticated, even evading letter frequency analysis. Since “e” is the most common letter in English, if a coded message contains a lot of numeral “8”, chances are that it represents “e”, but Alberti’s disk made this less obvious: “e” only substituted for “8” when in an even position, but for “9” when in an odd position, for example.

The US Navy used a variant of the cipher wheel during World War II, of a type invented in the 18th century by Thomas Jefferson, which had multiple alphabet wheels spinning on a central rod, but the German Enigma machine ruled the roost where brilliant polyalphabetic ciphers are concerned, until the equally brilliant Alan Turing cracked it.