I truly believe that someone paid for information to be stolen.
He must be wrong. Why would criminals steal the CDs (which someone might eventually notice were missing) rather than steal the data? Frank is confusing the Hollywood MacGuffin-led version of data theft — in which the master criminal / CIA / international terrorist gang chases the hero around the world to destroy a disk containing top secret evidence of a conspiracy, apparently unware that you can e-mail the data from one place to another rather than transporting it as atoms (as were Her Majesty’s Revenue and Customs, it seems) — with real-world risk analysis. In Frank’s film version, the plot might be that the criminals disguised themselves as couriers, bluffed their way past the front desk, took the packages, found the one with the CDs in, stole it, changed clothes to pretend to be HMRC clerks and then gave the rest of the packages to the real courier. In my film version, some wally has put the package in the wrong bin and it’s gone into landfill. But just suppose…
Imagine that you are a pervert with access to the Children’s Index, an animal rights terrorist with access to the DVLA database or the man with the missing CDs. How can you exploit your new resource without giving the game away? It’s harder than you think: you contact a vulnerable teenage girl pretending to be a social worker but there’s a spelling mistake in her middle name and the police notice that the same spelling mistake appears in the Index. Maybe you send a letter bomb to a researcher trying to find a cure for breast cancer, but it’s the same wrong address as the DVLA have (but no-one else has). Just having the data isn’t, by itself, the end of the story.
Suppose that you had pulled off the identity heist of the century at the HMRC this week? What would you do with the data? Before you send out your first million letters pretending to be from the Child Benefit Agency, it might be timely to remember the story of the Zimmerman telegram, a story delivered as mother’s milk to all budding cryptographers.
You may recall that in 1917, Britain and Germany were at war. Britain wanted the U.S. to join the effort against the Axis of Edwardian Evil. The Kaiser’s ministers came up with a dastardly plan: to persuade Mexico to enter the war on their side, thus dividing the potential U.S. war effort and eventually conquering it. Anyway, the German Foreign Secretary, Arthur Zimmermann, sent a telegram to the German ambassador in Mexico, Heinrich von Eckardt. The telegram instructed the ambassador to approach the Mexican government with a proposal to form a military alliance against the United States. It promised Mexico the land acquired and paid for by the United States after the U.S.-Mexican War if they were to help Germany win the war. The German ambassador relayed the message but the Mexican president declined the offer.
Naturally, so sensitive a topic demanded an encrypted epistle and it was duly dispatched encoded using the German 0075 code.
The Germans were unaware that the British had cracked this code. The telegram was intercepted and decrypted enough to get the gist of it by the British Naval Intelligence unit, Room 40. In next to no time, the decrypted dynamite was on the desk of the Foreign Secretary Arthur Balfour, the teutonic perfidy laid bare.
At this point I thoroughly recommend Barbara Tuchman’s account of the affair, “The Zimmermann Telegram”.
Now the British were faced with the same dilemma that faces Frank’s hypothetical identity thief. How can you use intercepted information without revealing that you have it? If the British had complained to the Germans, then the Germans would know that the British had the key to their code and they would switch to another code that the British might not be able to break for months, missing much vital military intelligence along the way. What’s more, the Americans would know that the British were tapping diplomatic traffic into the U.S. If they did not reveal the contents, they might miss a the chance to bring the U.S. into the war. Their clever solution was to leak the information in such a way as to make it look as if the leak had come from the Mexican telegraph company: since the German relay from Washington to Mexico used a different code, that the Americans already knew to be broken, this was entirely plausible.
Despite strong anti-German (and anti-Mexican) feelings in the U.S., the telegram was believed to be a British forgery designed to bring America into the war, a theory bolstered by German and Mexican diplomats as well as the Hearst press empire. However, on March 29, Zimmermann gave a speech confirming the text of the telegram. On April 2nd, President Wilson asked Congress to declare war on Germany, and on April 6th they complied.
This brings us to a much better story for the movie version. Clever identity thieves have gained access to the Child Benefit Agency database and are using its contents to perpetrate identity theft on a massive scale (let’s set aside how, for a moment). But how to conceal their devilish plan? Easy. Arrange for CDs with the database contents in them to get lost! Now, they can snaffle identities at will (let’s set aside how, for the moment), safe in the knowledge that the rozzers are running around the Royal Mail rather than hunting down the unprincipled perps. Brilliant.
My last word on the topic, for the time being, is to make a prediction: an absolutely safe bet. Any time over the next decade that anyone suffers any kind of identity-related theft of any kind, it will be blamed on the Child Benefit Agency and the “victim” will demand compensation not just from the tax man, but from the tax payer. The biggest losers will undoubtedly be us.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]