Boris Johnson and ministers breached security guidance over private messages 'on an industrial scale'

clock • 3 min read
Boris Johnson and ministers allegedly breached security guidance over private messages for 'unclear' reasons

Boris Johnson and ministers allegedly breached security guidance over private messages for 'unclear' reasons

The breaches are said to be 'on an industrial scale'

Prime Minister Boris Johnson and three ministers have been accused of repeatedly breaching their own national security guidance over use of private emails accounts and mobile phones for government business.

In a blog post, campaign group Good Law Project (GLP) said that in 2019, the ministers were issued with a 'Security of Government Business policy', which explicitly banned the use of private emails and personal communication devices by ministers for official businesses.

The advisory warned that ministers' personal mobile and emails were vulnerable to attacks from threat actors, so they should not be used.

Despite that policy, Boris Johnson and three of his ministers - Matt Hancock, Lord Bethell and Greg Hands - continued to use their private messaging accounts and communication devices for 'reasons which remain unclear'.

'We do not understand what good reason there can be for breaching this policy with the additional jeopardy to government and national security… although we can think of a number of bad ones,' GLP said.

It noted the breaches of the security advisory are 'on an industrial scale'.

Last week, government's lawyers confirmed to the campaign group that searches of the (now ex-) Health Minister Lord Bethell's private emails using keywords relating to Covid-19 contracts turned up hits of between 18,000 and 36,000 separate documents.

The precise number of emails could not be ascertained as the government refused to conduct detailed searches or examine the emails' contents, saying the effort would not be justified.

Earlier in July, the government lawyers told GLP that some of Lord Bethell's communications had been conducted via WhatsApp and text messages held only on his private mobile.

When GLP lawyers demanded that those messages should be retrieved, they were told that the Bethell's phone had been broken, making the records inaccessible. Later, GLP received a letter from the government lawyers stating that the health minister's private mobile was handed over to a family member after the minister upgraded to a new one.

Lord Bethell lost his position in last week's cabinet reshuffle.

In its judicial review, the GLP challenged multiple government contracts worth £87.5 million to plan, produce and supply home tests for Covid antibodies.

The deals were signed in April 2020 between the Department of Health and Social Care a consortium led by Abingdon Health.

The latest accusations against ministers come after The Times reported last month that Boris Johnson 'likely' discussed a deal to sell the Newcastle United football club in his private messages to Crown Prince Mohammed bin Salman of Saudi Arabia.

British billionaire Sir James Dyson is also said to have sent Johnson text messages about tax benefits for his staff coming to Britain to supply ventilators, in the middle of the Covid-19 pandemic.

The details were revealed as part of a separate legal proceeding filed against the government by non-profit organisation The Citizens and campaign group Foxglove.

The campaigners are concerned that ministers could use messaging apps like WhatsApp and Signal for official communication, and later delete those messages.

They argue that the use of self-deleting messages lacks transparency and poses an 'urgent threat to democratic accountability and to the future of the public record'.

In June, the Department for Culture, Media and Sport told campaigners that ministers are allowed to use instant messaging (through Google Workspace) in preference to email 'for routine communications where there is no need to retain a record of the communication'.

In March, it emerged that the secret information belonging to the Ministry of Defence (MoD) was exposed in multiple breaches in 2020, after employees transferred files from secure networks to personal email accounts.

You may also like
Tories self-refer to ICO over data breach


Revealed hundreds of personal email addresses by forgetting to BCC

clock 15 May 2024 • 2 min read
CISA issues emergency order on Microsoft breach by Russian hackers

Threats and Risks

Affected bodies must take immediate action, agency says

clock 12 April 2024 • 2 min read
NHS England halts £300m digital framework after legal claim


Necessary approvals process and contract award have been postponed

clock 15 February 2024 • 2 min read

More on Security

'Gay furry hackers' breach conservative US think tank behind Project 2025

'Gay furry hackers' breach conservative US think tank behind Project 2025

Heritage Foundation calls group "degenerate perverts"

Tom Allen
clock 11 July 2024 • 2 min read
Why 'change' for the UK must include cybersecurity

Why 'change' for the UK must include cybersecurity

Labour needs to to get ahead and demonstrate a commitment to security from the outset

Rick Jones
clock 11 July 2024 • 4 min read
Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs

Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs

142 holes plugged this month

John Leonard
clock 10 July 2024 • 3 min read