Pages

4 November 2022

Hacking. Ministers’ devices, vague rules, bad tech, Britain’s enemies – and echoes of the expenses scandal

Paul Goodman

The Mail on Sunday reported yesterday that Liz Truss’s personal phone was hacked when she was Foreign Secretary. The story provokes Kremlinology – by which I don’t simply mean speculation about the Russian Government, which may have been the ultimate beneficiary of the hack.

For the tale came to light at the same time as the running controversy about Suella Braverman’s use of her own personal e-mail. This was no coincidence. Who gave the Truss story to the Mail? Why? Was it an attempt to take the spotlight off the Home Secretary? Cui bono?

It’s tempting to wander into these processy wilderness of mirrors, in true SW1 style, rather than stand back and ponder the issues that arise. They flow from a fact: namely that, in the words of one source, “everybody does it”. The only difference between Truss and Braverman and their present and erstwhile colleagues is that the former have been exposed.

That Ministers transact Government business on their private devices, thus exposing themselves to Putin or Beijing or criminal gangs or lone wolves, may appal you. But there are solid reasons why it happens. Let me set out the main three, after making a point in passing.

Which is that the official guidance to departments on the use of private e-mail doesn’t bar Ministers and SpAds from using government systems for “political activity” and “personal purposes”. But the guidance is vague, doubtless deliberately so. And it would scarcely be surprising were Ministers to feel that taxpayers shouldn’t fund party or private communications.

If the guidance doesn’t bar Ministers from using government systems for political activity, nor does it ban them from using private systems for government business. “No single factor will determine whether information amounts to government information as opposed to for example personal or political information,” the guidance declares.

Why such opacity? Partly for the first of three three reasons I want to cite – namely, speed. “I was on a train with an important message to send and the department’s systems weren’t working,” a Minister told me. “But the business was urgent. So faced with a choice of two evils I sent it from my private phone instead, as the rules allow me to do”.

This leads to a second point. “Bluntly, Government systems are s**t,” my source told me. Horror stories abound. There is the department that was on one system and the department that was on another, with neither being able to communciate properly with each other. So they held a Zoom meeting that could quite easily have been hackled (and possibly was).

Third, there is Freedom of Information. Ministers want to be able to make plans and discuss business confidentially. FOI makes that harder. So some tend to try to work round it. There will doubtless be further attempts to bring private communications and systems within the scope of the act – as there were successfully during the Michael Gove “Mrs Blurt” controversy.

But Ministers must be able to operate with some degree of confidentiality if government is to work at all. If that isn’t possible, they may as well abandon all attempts to do so, make everything they do public…and spare Putin the expense of having to pay the hackers.

The security services are reportedly now warning Ministers not to transact Government business on private devices. They may want to ensure that the guidance is updated. And to ensure that the whole system is properly policed. At present, the department responsible is the Cabinet Office. This tells you at once that it won’t be.

“Have a look at what makes it up,” I reported of the Cabinet Office in 2020. “Government property, the digital service, Veterans’ affairs, the GeoSpatial Commission: all of these pile up higgledy-piggledy in a department “supported by 22 agencies and public bodies”. This lumbering mastadon is in no position to give Government security the sustained attention it needs.

The whole caboodle ought be brought clearly within the responsibilities of one department and one Minister. “It’s simply a reality that all phones – including government ones – are easily hacked,” a Minister told me. “The difference with government phones is that they’re regularly tracked so we know about it sooner when it’s obvious – which it usually isn’t.”

The expenses scandal is at first glance distant from the phone revelations in nature as well as time. “Expenses” was cross-party; “phones” is Ministerial. Expenses was parliamentary; phones is governmental. Expenses seemed close to voters, since it was about money (theirs); phones is more distant, since it’s about security (theirs too, but in a far more distant way).

Furthermore, information about expenses was publicly available. Indeed, the making of it so was part of the story. Information about the hacking of Ministers’ devices leaks out – literally. There is no inevitability of rolling publication. Nonetheless, there is a potential parallel. Namely that, as with expenses, “everybody does it”. And so there is potential for the revelations to roll on.

No comments:

Post a Comment