Monday, April 18, 2011

Secrets put on internet in Whitehall blunders

Secrets put on internet in Whitehall blunders

Secret information from at least three separate government departments is available on the internet because of incompetent handling of sensitive material by Whitehall officials, The Daily Telegraph can disclose.

By David Millward and Thomas Harding 10:00PM BST 17 Apr 2011


Britain's Royal Navy nuclear-powered submarine HMS Astute Photo: REUTERS

The Ministry of Defence, the Department of Health and the Department for Communities and Local Government have published sensitive documents online, but then failed to properly "redact" classified information.

As a result, information that is supposed to be hidden from public view can be read by anyone with access to a computer.

The Daily Telegraph discovered the security breaches yesterday after the Ministry of Defence admitted that secrets about Britain's nuclear submarines were obtainable from a government report online.

A technical error meant blackedout parts of the report could be read by "copying and pasting" its contents into another document.

Details included expert opinion on how well the fleet could cope with a catastrophic accident. It was replaced with a secure version of the document yesterday, but a review of other documents on government websites uncovered four similar examples across three separate Whitehall departments.

The material relates to Whitehall documents published under the Freedom of Information Act. Such papers are supposed to be examined and "redacted" to ensure that sensitive information is removed.

After examining a small sample of the thousands of documents published under FOI laws yesterday, this newspaper was able to uncover information that should remain confidential under the law. Many of the security breaches have arisen from the way some documents are redacted in electronic form.

Some officials use a software programme such as Photoshop to paste a black patch over secret text, obscuring it but not removing it. When documents are edited in this way, normal home or office software can disclose the obscured text. Among the lapses this newspaper discovered were:

* An email to the Department for Trade and Investment (now the Department for Business, Innovation and Skills) in which a business leader detailed "concerns" about a government–sponsored agency appointed to identify gaps in the skills market. Officials blacked out a passage in which the author questioned whether Semta, a skills council which allocates £65million a year in training grants, could turn its "aspiration to practical delivery/ results on the ground where we believe the jury is still out".

* Another MoD document relating to a military submarine project, where lax IT security allowed the names of officials handling sensitive documents to be revealed.

*A Department of Health document detailing a private meeting to discuss contaminated blood. The names of officials and outside experts involved had simply been blacked out with a marker pen, and could be read by printing the document and holding the paper up to the light.

* A Department of Communities and Local Government document detailing commercial negotiations with a contractor which was saved in a non–secure format, meaning redactions could be reversed using normal software.

Last night, the MoD started a review of dozens of documents amid concerns over the accidental disclosure of military secrets. Defence insiders fear the blunders could have been replicated across a series of other MoD papers.

The disclosure is likely to reignite the debate about the Government's handling of confidential information, which has come in for criticism since the loss of 25 million child benefit records and a series of other data protection lapses.

Patrick Mercer, Tory MP for Newark and a former Army officer, said he would raise the issue of data security in Parliament. "Clearly there are issues which are sensitive and should be concealed," he said. "If they are supposed to be concealed then for God's sake conceal them."

The initial MoD error exposed technical information about the Royal Navy's ageing nuclear submarines. Following a request under FOI laws, the department published a paper that warned that Britain's submarine–based reactors were not as safe as they could be.

Information that was supposed to be redacted from the document included details of what could cause a "catastrophic" meltdown in the reactors. Secret details of how US Navy submarine reactors were maintained should also have been removed.

Under standard Cabinet Office guidelines, documents earmarked for publication are examined by policy experts, who decide if anything should be redacted. The task of editing is handed to a junior official but the final document must be signed off by a senior official.

The MoD was last night examining other documents handled by the same junior official responsible for redacting the nuclear report. There will also be a more general review of the department's procedures for publication.

Last night a Department of Communities and Local Government spokesman: said: "There are robust procedures in place to protect personal details in FOI answers. Any replies that do not conform will be investigated."

"Clearly there are issues which are sensitive . If they are supposed to be concealed then for God's sake conceal them."

No comments:

Post a Comment