Why ministers do not adhere to safety rules

Why ministers do not adhere to safety rules

Cinversation is the lifeblood of politics. Modern communication technology makes it easy to have several conversations. But convenience comes at the cost of cyber security, as two recent episodes from the top of the UK government show.

The first involves Liz Truss. On 30 October Mail on Sunday reported that Truss’s personal phone had been hacked during her tenure as Foreign Secretary; it said unknown attackers got away with up to a year’s worth of messages, including discussions about arms to Ukraine and gossip about Boris Johnson. The government has neither confirmed nor denied the claims.

A similar attack on a government-issued phone would be more difficult. But those phones are cumbersome to use. They come with long passwords that must be entered each time they are retrieved; you can’t install apps you need to use without permission from IT department; their chat apps tend to be configured with boring two-factor authentication. And, importantly, the daily chat with political colleagues is not on that phone. Having two devices is a pain.

The second incident involves Suella Braverman. She resigned as home secretary in Truss’s short-lived government on October 19, after it emerged she had used her personal email address to handle draft documents on immigration policy. Official guidelines discourage the use of personal IT for government business where it is not reasonable to do so. (Ms Braverman is now back in the same job, reappointed by Rishi Sunak, and no less controversial.)

Again, convenience explains a lot. According to Braverman’s own account, published on October 31, she was in a car without her work phone, so she used her personal email address to forward the documents. On other occasions, she forwarded official documents to her personal device so she could refer to them while having video calls on her official phone.

See also  Choosing Polygon over Ethereum to build efficient dApps

There are serious ways to reduce the security risk. The Americans coined the term “SCIF“ (sensitive rooms with information facilities) for rooms designed to be impervious to electronic snooping. The room where the British Cabinet meets is a SCIF; ministers could even have SCIFis in their homes, if there is room for it.

The real problem is behavior, as all in one IT the team can confirm. Security protocols are boring. Powerful people tend to believe that their time outweighs the risks nerds worry about. They are wrong. Using their work phones at work is both the least and the most important thing civil servants can do.

For more expert analysis of the biggest stories in Britain, sign up to Blighty, our weekly newsletter for subscribers.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *