According to http://www.dn.se/nyheter/sverige/hemliga-polisdokument-saljs-i-den-undre-varlden-1.923949 (sorry, it’s in Swedish), secret documents from the Swedish police and our “federal” police have leaked into the hands of criminals. The documents are now being sold to criminals by criminals. They contain names and addresses to criminals in different gangs, their families and known affiliates to them. Some of the addresses are to people in rivalizing gangs also which could make for some interesting reading if you’re the other part.
The question to be asked here is that with so much technology available for encryption and auditing, how come it wasn’t encrypted? How come someone can bring the information out of the house? How come they don’t know who brought it out?
We could start off with Truecrypt, which would let you encrypt the information and you’d need a password to open it. Not that very enterprise friendly, but on a need to know basis it’d probably work.
If we instead took the route of “stuff that costs money” we could encrypt it with EFS, which would require a Windows-based file server and a PKI infrastructure in place. One could assume that they have smart cards for entrance through doors and login to their computers, so everything is there assuming that they also have a Windows based file server.
Then we could always add Rights Management Server (RMS). This would allow us to specify who can print, email, read and copy the information. Complete this circle with NTFS auditing and we’d know who last accessed (or try to access) the information also.
In a greater perspective it’s kind of scary that THIS list, which deals with “heavy criminals” can leak. Considering that all our emails and phonecalls are supposed to be monitored later (or at least who calls who and who emailed who) I’d be happy to know that what I do or who I speak to doesn’t leak. Not that it’s a secret, but the personal integrity would be nice to have intact.