I graduated from a red brick university in the mid eighties, clutching to my manly chest a degree in computer science. Using this (the degree, not the chest) I managed to blag my first ‘real’ job at a research institute in the South East of England – one founded by a certain radiotelegraphy enthusiast of Italian origin. By the time I joined the institute the nature of their research had expanded somewhat, and included various projects of a “hush hush” nature. As such, security on the site was taken reasonably seriously.
Not that the stuff I was involved with, which centred around the application of AI to software engineering, had any particular security connotations. Unless having Peter “spycatcher” wright’s old desk counts [ref 1] (Pam, the elderly divisional secretary assured me that this was the case, having worked with him at some point).
However, some of my colleagues did undertake classified research, and other divisions on site seemed to be entirely manned by ‘Q’ clones and shifty looking types with more than the whiff of the spook about them. In fact you could generally spot divisions, or even just projects, that were working on sensitive material as their filing cabinet were marked with a vertical red tape down their length and the drawers secured by a padlocked bar. Quite handy if you were the henchman of a foreign power or an organisation bent on world domination as you knew where to look for the good stuff.
All employees and contractors had to attend a security induction within the first few days of starting, where you were briefed on various anti-spook topics such as how to not become prey to blackmailers and to be careful when conversing in public. The latter point was reinforced a few weeks later when a few of us were lunching at The “Cricketers Arms” pub (on Fridays the tradition was to have a long, often liquid, lunch, then spend the rest of the afternoon playing “nethack”[ref 2]). At the table next to us a few guys from one of the “spooky” divisions were chatting about their work, in a fairly general way, when a Sean Connery lookalike (ask your granny) sitting at another adjacent table approached them, flashed them some sort of ID, and led a couple of them outside. They all returned a few minutes later, with our colleagues exhibiting a mixture of embarrassment and shock. I found out later that the Connery clone had introduced himself as “Naval Intelligence” [ref 3] and after getting their details from them had torn them a couple of new ones for discussing their work in public.
One time that I did come across something classified was by accident – or rather incompetence (someone else’s rather than mine -which is noteworthy in its own right). On this occasion I took delivery of a fairly powerful computer that had been shipped to us from another site belonging to our group of companies. After unpacking it I gave it the once over, checking that the hardware was as per the expected spec. CPU and memory were OK, but the hard disk was (surprisingly) still formatted, and the size of the hard disk seemed to be around half the expected capacity. I ran some diagnostic utilities on it and found an unmounted hidden partition (a part of the filesystem not directly visible). I mounted the partition to get the full capacity of storage, and took a look to see what was on the disk, expecting it to be empty (all transferred hardware should, obviously, always be wiped of data – especially given the company’s line of work). Surprisingly it wasn’t – I figured that because the partition was unmounted that it’d been overlooked. Curious, I had a bit of a look around the data left on the disk. Apart from standard system files, it mostly seemed to be a bunch of LaTex documents – a typesetting format popular at the time. I opened a few of the files and was startled to find them all marked in large red lettering “Top Secret” – the government’s highest security classification. Whoops! Couldn’t help but ignore the dire warnings not to view further, on pain of hang drawing and quartering, and have a quick dig around to see what sort of stuff the documents contained. Architecture documents for a certain military system that was undergoing upgrade at the time. Double whoopsie. Pushing aside the thought of how much the Soviets might be prepared to pay for such material, I grabbed my divisional manager and showed him my discoveries. His mind was suitably boggled, and we wondered what the best course of action was. The by-the-book approach would have been to get the senior security officer for the site involved, which would have meant heads rolling at the other site, the breach becoming public, censorship of the company as a whole, and a general PITA for everyone concerned. We decided it would be best if our divisional head had an informal ‘word’ with his counterpart at the other site (whom he knew well), for me to wipe and reformat the disk, and for us all to forget the incident. Obviously, if challenged, I’ll deny any of this actually happened 😉
Some months later we had a similar incident that was quite funny, this time originating inside the department. Most of the staff were working on the research, design, and prototyping of some sort of advanced whizz bang software. All except myself and a colleague, let’s call her Sheena, who were working on a collaborative research project, funded by the European commission. The team of around 12 working on the whizz bang stuff tended to generate lots of paper as their designs went through various iterations. The project that Sheena and I were working on also generated lots of documentation. Our project included remote collaboration with half a dozen or so research establishments scattered around Europe. It being pre-internet days, a lot of information was exchanged between partners via fax. Which meant whenever one party wanted to send out a document, it had to be faxed to every other organisation in the project. Sheena, having a strong eco-conscience, found the generation of so much paper a bit distressing. To try and address this, she tended to reuse paper by printing new documents destined for the fax machine on the blank side of existing old paper that would have otherwise been binned (pre-recycling days too). One day when she needed to fax out a project report to all of our partners, she printed it out on the back of draft design documents from the whizz bang project mentioned earlier, which had been intended for the shredder. This wouldn’t usually be a problem, but on this occasion our secretary, who would normally do the actual actual faxing, was away. So Sheena faxed it out herself. Unfortunately, not being used to using the fax machine, she put the master document upside down in the machine’s hopper, and accidentally faxed the side containing the sensitive design documents to our partners. No one realised anything was wrong until I started getting calls from colleagues in Italy, Germany and Sweden asking why we had sent them this odd fax marked “confidential” . The first call was from someone I’d worked with quite a bit over the course of the project, and I assumed that this was his idea of a joke. I responded with “What’s up Giovanni, bored? Well I’m too busy to mess around, sod off!” – which was true ( it was Friday afternoon, so busy deep inside ‘nethack’ session). By the time I’d fielded the third call, I realised something was properly up. A quick consultation with Sheena and we realised what had happened. After a bit of a panic, and a touch of sweary recriminations by me, we decided to ring up everyone and explain and try to sweet talk them into destroying the faxes, and pretend they hadn’t seen them. I must admit, they were all very nice about it and complied, except for Giovanni who hung on to his copy and for several months after would take it out and brandish it around whenever we had a technical disagreement in an attempt to get his way.
As they say, beware Italians bearing confidential design documents.