Ministers’ disappearing messages – Part 2

Scottish Covid inquiry finds that Nicola Sturgeon appears to have deleted ALL her WhatsApp messages.

Hot on the heels of the revelation that WhatsApp messages between the then UK prime minister Boris Johnson, and Paymaster General and leader of the Commons Penny Mordaunt, had mysteriously disappeared, we now hear that ex-Scottish First Minster Nicola Sturgeon seems to have suffered a similar fate.

The BBC has reported that Jamie Dawson KC, counsel for the inquiry, stated that the former first minister appeared to “have retained no messages whatsoever”.  The inquiry was also told that her deputy John Swinney had his WhatsApp messages set to auto-delete.  In addition, the inquiry heard how no corporate or central record was made or retained either.  All of this despite some of their discussions being ‘FOI [Freedom Of Information] discoverable’, such that there was a requirement to keep a copy for future reference.

NCSC approved alternative to consumer apps

As we have stated many times before, there is really no excuse for the use of consumer apps by those in public office when there is an NCSC approved alternative that is every bit as engaging and easy to use.  Not only do consumer apps, such as WhatsApp and many others, lack enterprise-grade security features, such as identity-based authentication (which tackles the issues of impersonation-based attacks/spoofs, etc.), but as this case demonstrates yet again, such apps lack any central management of messages and conversations.

Plausible deniability should not be a goal!

The inquiry further heard that a civil servant, while reminding ministers of the FOI requirements, also made the remark: “plausible deniability is my middle name”.

Had ministers been using an approved secure communications platform, such as Armour Mobile, there would be no question about what happened to messages: they would all be archived and available for review by suitably approved and authenticated auditors. It would have been much easier and faster for the inquiry to discover exactly what went on, saving time and public money.

Furthermore, licences for the secure comms platform can be given to trusted colleagues in third party organisations. This would enable ministers and civil servants to communicate with whoever they need to, with the data remaining in the control and ownership of the government.

NCSC’s Secure Communications Principles

The NCSC has published principles dealing with secure communications which are:

• Protect data in transit
• Protect network nodes with access to sensitive data
• Protect against unauthorised user access to the service
• Provision for secure audit of the service
• Allow administrators to securely manage users and systems
• Use metadata only for its necessary purpose
• Assess supply chain for trust and resilience

In an election year, if politicians and civil servants want to take a step towards repairing their somewhat tarnished reputations, following their own government’s guidelines about what constitutes secure communications, would be a good place to start.

For more information about what to look for read our Secure Communications Buyer’s Guide to discover the 10 questions you should be asking: https://armourcomms-25743375.hubspotpagebuilder.eu/buyers-guide-landing-page-2