“This tape will self-destruct in five seconds.” In the 1960s, while the mission may have been impossible, information protection was very possible. Burned, swallowed or – until a bunch of bored students were looking for something to do at the US Embassy in Teheran – shredded, there was no difficulty eradicating the evidence from the face of the earth.
How times have changed. I stayed late in the office last night to complete a compulsory on-line course on “Information Protection Fundamentals” concerning the myriad risks to information confidentiality. Once upon a time you could buzz through the fifty-odd slides (would I do such a thing?) and home in quickly on the test at the end. No more. Now you have to listen to a computer-generated Australian woman reading the entire caboodle at the speed of someone who really wants to inflict mental anguish. And just in case you were thinking of letting the lady talk away while you carry on with seriously chargeable time – should you forget to remind her regularly of your existence, she will self-delete and send you back to “Go”.
The presentation included a loveable rogue showing how easy it is to steal information. Although I am sure I must have missed something, it appeared to me that the deliverable was that you need to take the entire contents of your office with you (including the wastepaper basket) when you go out to lunch. Passwords must never be written down but should be so complex that they are impossible to remember in order that, in the event of the employee being waterboarded by representatives of a foreign government, his lips would remain sealed (however much he might like to spill the beans).
But what caught my eye was the bit about keeping the door open for strangers.
I was brought up to always check behind me as I went through a door and, if anyone was there, hold it open until the follower was able to take my place. Back in the 1960s they called this politeness. Not any more. Before letting anyone follow you without slamming the door in his face, you are supposed to, albeit politely, make sure the visitor has a valid office pass. If not, you are instructed to escort him to the security officer who will then wrestle him to the ground and tie his arms behind his back before discovering he is the CEO of the firm’s biggest client.
No sooner had I completed the test with the unbelievable score of 90 (please don’t wake the neiighbours with your standing ovation) than I heard somebody trying to force the door of my floor. I ignored this at first on the grounds that this is what you expect to happen in an accounting office at 9.30 at night, but eventually decided to go and investigate. As I approached, I saw a rather unsavoury type a few years younger than me (not your run-of-the-mill Big 4 client) rattle the handle one last time before passing an employee tag over the electronic sensor, thus gaining entrance.
Armed with my fresh doctorate in Information Protection Fundamentals, I politely asked him if I could help him. He looked at me nonplussed.
“Are you an employee of the firm?” I ventured firmly but respectfully (knowing full well that, even the most Generation Y member of staff would have learnt on his first day how to use an electronic tag).
“Could you tell me who is hosting you this evening?”
“I am with somebody out there.” At least it spoke.
I continued my friendly interrogation: “Can I see the name on your electronic tag please, or, I am afraid, you will have to leave the building?”
“I want to p***, you retard”. He stared me down in absolute fury. “I am going to p*** and you can call the police if you want.”
Why is it that courses, online or otherwise, as well as Hollywood movies are always theoretical? The undesirable either comes quietly, runs off, or shoots the inquisitor in the head. The inquisitor is never left with the moral dilemma of whether to let the suspect relieve himself. Not having much choice in the matter, I watched him thunder off in the direction of the bathroom and decided to await his return (the risk that he would make off with the faucets under his shirt did not reach the level of ‘more likely than not’). On his way back, he did his best to break another door before remembering what the electronic tag was meant for, and proceeded along the corridor towards me screaming insults directed at myself and my late mother. I genuinely believe he was about to hit me when a Y Generation employee – and owner of the tag – turned up and grabbed his arm. It turned out, thankfully, that he was not a client (I remember an unkempt jeans-clad bloke once wandering into my office by mistake, and my treatment of him with mild but friendly sarcasm, assuming he was a workman who had lost his bearings. It turned out he was my next meeting – an extremely wealthy player in the local market. Fortunately, he took it well). This creep was involved in some project or other that we were checking – and I was relieved (sorry) to learn that there were no plans for him to darken our portals again.
Although Information Protection in our technological world is absolutely crucial, I do wonder whether the practice can ever match up to the theory. This has been particularly on my mind since the OECD reached a long-expected decision on May 6 that there is to be automatic exchange of information between members. Financial Institutions will be required to provide the tax authorities with information on foreign investors which will then be automatically transferred to their counterparts in countries of residence. Although miscreants may think they can take comfort in the authorities’ inability to deal with mounds of information, with the rate of progress of Data Analytics – sorting the wheat from the chaff – they are probably gravely miscalculating. As for the world’s tax authorities, although there will be conditions of confidentiality, the wide circulation of such information is bound to lead to horrible leaks on the principle that “three people can keep a secret as long as two of them are dead”.