Boris Johnson and ministers breached security guidance over private messages 'on an industrial scale'

clock • 3 min read
Boris Johnson and ministers allegedly breached security guidance over private messages for 'unclear' reasons
Image:

Boris Johnson and ministers allegedly breached security guidance over private messages for 'unclear' reasons

The breaches are said to be 'on an industrial scale'

Prime Minister Boris Johnson and three ministers have been accused of repeatedly breaching their own national security guidance over use of private emails accounts and mobile phones for government business.

In a blog post, campaign group Good Law Project (GLP) said that in 2019, the ministers were issued with a 'Security of Government Business policy', which explicitly banned the use of private emails and personal communication devices by ministers for official businesses.

The advisory warned that ministers' personal mobile and emails were vulnerable to attacks from threat actors, so they should not be used.

Despite that policy, Boris Johnson and three of his ministers - Matt Hancock, Lord Bethell and Greg Hands - continued to use their private messaging accounts and communication devices for 'reasons which remain unclear'.

'We do not understand what good reason there can be for breaching this policy with the additional jeopardy to government and national security… although we can think of a number of bad ones,' GLP said.

It noted the breaches of the security advisory are 'on an industrial scale'.

Last week, government's lawyers confirmed to the campaign group that searches of the (now ex-) Health Minister Lord Bethell's private emails using keywords relating to Covid-19 contracts turned up hits of between 18,000 and 36,000 separate documents.

The precise number of emails could not be ascertained as the government refused to conduct detailed searches or examine the emails' contents, saying the effort would not be justified.

Earlier in July, the government lawyers told GLP that some of Lord Bethell's communications had been conducted via WhatsApp and text messages held only on his private mobile.

When GLP lawyers demanded that those messages should be retrieved, they were told that the Bethell's phone had been broken, making the records inaccessible. Later, GLP received a letter from the government lawyers stating that the health minister's private mobile was handed over to a family member after the minister upgraded to a new one.

Lord Bethell lost his position in last week's cabinet reshuffle.

In its judicial review, the GLP challenged multiple government contracts worth £87.5 million to plan, produce and supply home tests for Covid antibodies.

The deals were signed in April 2020 between the Department of Health and Social Care a consortium led by Abingdon Health.

The latest accusations against ministers come after The Times reported last month that Boris Johnson 'likely' discussed a deal to sell the Newcastle United football club in his private messages to Crown Prince Mohammed bin Salman of Saudi Arabia.

British billionaire Sir James Dyson is also said to have sent Johnson text messages about tax benefits for his staff coming to Britain to supply ventilators, in the middle of the Covid-19 pandemic.

The details were revealed as part of a separate legal proceeding filed against the government by non-profit organisation The Citizens and campaign group Foxglove.

The campaigners are concerned that ministers could use messaging apps like WhatsApp and Signal for official communication, and later delete those messages.

They argue that the use of self-deleting messages lacks transparency and poses an 'urgent threat to democratic accountability and to the future of the public record'.

In June, the Department for Culture, Media and Sport told campaigners that ministers are allowed to use instant messaging (through Google Workspace) in preference to email 'for routine communications where there is no need to retain a record of the communication'.

In March, it emerged that the secret information belonging to the Ministry of Defence (MoD) was exposed in multiple breaches in 2020, after employees transferred files from secure networks to personal email accounts.

You may also like
NHS England halts £300m digital framework after legal claim

Health

Necessary approvals process and contract award have been postponed

clock 15 February 2024 • 2 min read
WhatsApp to support cross-platform messaging

Social Networking

Impending EU regulations are driving WhatsApp towards interoperability

clock 09 February 2024 • 2 min read
HPE says Russian state actor breached email systems

Hacking

Midnight Blizzard suspected as the attackers

clock 26 January 2024 • 2 min read
Most read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Epic Games hacker isn't a hacker, at all

Epic Games hacker isn't a hacker, at all

Describe themselves as 'criminal geniuses'

Tom Allen
clock 05 March 2024 • 2 min read
IT Essentials: LockBit and load

IT Essentials: LockBit and load

They fought the law, and the law won - for now

Tom Allen
clock 26 February 2024 • 2 min read
Law enforcement takes down LockBit - updated

Law enforcement takes down LockBit - updated

NCA among the groups under 'Operation Cronos'

Tom Allen
clock 20 February 2024 • 2 min read