But think of the children
A member of the public was reportedly "shocked" to discover that the webform used by the Child Exploitation and Online Protection Centre (CEOP) which allowed members of the public to report suspected cases of child abuse did not consistently use a secure https connection.
What did this "shocking" oversight mean? It meant that when someone submitted a report after following a link from Google or Facebook, the transmission was not immediately encrypted and an eavesdropper with the right equipment who was tapping into that transmission at the exact time the message was sent could conceivably have read the details in the report. Intercepting messages like this requires technical expertise. It certainly isn't trivial, or cheap, and is of course illegal too.
CEOP's chief exec, Peter Davies, quite reasonably said: "The risk was a hypothetical one and there is no evidence to suggest anyone's details have been jeopardised. We thank the member of the public who brought this issue to our attention and have rectified the problem, so people can continue to report any concerns they have to us, with the reassurance that their report will remain secure."
So we are talking about a minor glitch, but if you read reports in the press you might well think it was a major security failure. For instance, the BBC reported this with the soundbite "Security experts have described the breach of data as a serious error which could have put children at risk" and went on to say "The unencrypted pages meant personal details entered on the site could have been visible to anyone with a sinister motive" which rather makes it sound that any Tom, Dick or Harry could browse the Child Database at will.
As if this wasn't already enough of a mountain crafted from a molehill, the Information Commissioner's Office confirmed that its is looking into the incident. The ICO statement said "We are making enquiries into the circumstances of this alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken."
28th April 2011
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content.