In May 2006, while we were celebrating a friends’s 50th birthday party in the Chech Republic, when we got an anxious late night call from our teenage daughter who was ‘house sitting’. An opportunist intruder had entered the alleyway leading to our back yard, had seen my laptop on my home/office desk, found the backdoor unlocked and sneaked in.
With the thief’s hands on my laptop our dog Sam the Lurcher sniffed him out and raced like Scooby Doo through the corridor while barking furiously. In a panic the intruder ripped out the power lead and modem cable and ran back into the night with the laptop under his arms. This was no ordinary laptop, but rather a £3000 top of the range IBM Thinkpad with enough memory to run a smal data centre on VMWARE and with virtual images of MaXware’s Identity Center solution.
As you can imagine I was seriously put out, but let’s fast forward by two months…. I get a strange eMail from our CEO in Trondheim, Norway. “Had I died my hair? left my wife and set up home with a with a voluptuous Brazilian beauty?” “Come again?”, I said perplexed: “What makes you say that?”
Well… it turns out that the fence who bought the expensive laptop from the drug addict (for a fraction of its worth) wasn’t opposed to making cheap Skype calls either. But rather than creating his own user profile, he thought he would save a few key strokes and mouse click’s to change my display name to ‘Perry Davies’; upload a new profile picture of him and his missus; and kindly provide the world wide web with his mobile phone number and BT landline number.
The resulting image my skype contacts (including my CEO) got to see when they thought I was back ‘on-line’ can be seen below:
There are a few morals to this story. The obvious one is to use pre-boot authentication and full hard disk encryption in future, but let’s not go there!
The second moral is that Perry Davies seems to be a good candidate for ‘gene pool removal’. Not so clever to broadcast to the world wide web, that you are using a stolen laptop and a stolen identity to boot.
The third and final one is a dig at Suffolk Constabulary. After I had pulled myself back on my chair still laughing, the first thing I did of course was email the image above to Investigating officer PC Plod at Ipswich Police station. “Can you go and collect my stolen laptop please? Here is the fence’s photograph, D.O.B. and two working phone numbers to make an appointment! He is expecting your call!”
Remember this was August. After numerous frustrated phone calls to Ipswich Police during September, I was explained that data protection laws prevented them from obtaining the address corresponding to the phone number entered by Mr Davies. Maybe they had to first ask a justice of the peace for permission to intrude into the known fence’s privacy. I was told they had to send in a written request to BT to check their database of ex-directory numbers. This supposedly has a 6 week SLA turn-around time?
Finally middle of October, five month after the laptop theft and nearly three months after the identity theft, two detectives knocked on my door and handed me back my stolen laptop, complete with a brand new power supply. When asked for the reason of the delay in recovering my property they looked sheepishly: “That’s what Mr. Perry asked us. He told us he had been expecting us having previously spoken to you ( and given me a false address); he had the laptop in his hands when we knocked on his door!
I tried not to explode in anger. For this we have RIPA? Maybe I should have said the laptop contained plans for a bomb? Would that have spurred them into earlier action?
Data Protection Act? Remember this is the same police that continues to this date storing the DNA profiles from more than a million innocent UK citizens on a crime data base, even though the ECHR convicted them over this breach of privacy in December 2008. You have to laugh, otherwise you would just have to cry and cry……..