UK crime agency forgot encryption for child abuse tips

A child protection department under the UKrsquo;s peak serious crime fighting agency forgot to encrypt submissions made through its website.

The failure to encrypt complaints lodged over the Child Exploitation and Online Protection Centrersquo;s website meant that sensitive details could have been exposed during transmission, according to the UKrsquo;s Information Commissionrsquo;s Office (ICO).

The site had been insecure for several months, according to the ICO#39;s review.

A person submitting a tip to the CEOP noticed the online form used by the department did not encrypt the information in transit and subsequently filed a complaint with the ICO in April.

The heads of CEOP and the agency it sits under, the UKrsquo;s Serious Organised Crime Agency (SOCA), have both signed undertakings to ensure the website was tested for security weaknesses.

ldquo;Organisations must make sure that any personal data transmitted electronically is adequately protected. While there is no evidence to suggest that attempts have been made to access any of the information, it is highly likely that it would have been sensitive in nature and should not have been compromised by insufficient IT security measures,rdquo; said the ICOrsquo;s acting head of enforcement, Sally Anne Poole.

Copyright © 2011 IDG Communications, Inc.

What is security's role in digital transformation?