Unauthorised messaging apps create leakage risk in government

By January 9, 2019Uncategorized
Government Messaging Apps

Private messaging apps add to the problems of already leaky government communications

With Brexit looming 2018 exposed a lot about the ways in which UK government operates. One of them is just how leaky a government consultation process is. Stories about pharmacists (or even ministers) being able to overrule doctors’ prescriptions if medications run short in the event of a no-deal Brexit were widely reported after a consultation document was leaked to The Times – just the latest example in a string of leaks.

Leaks are seen as business as usual when you’re in government. Why are they so easy? An article in The Conversation in November highlighted the increasing use of unauthorised messaging apps (such as WhatsApp) by government ministers. They make leaks simple.

Messaging apps have all sorts of security implications, of course. But they also mean that when a Freedom of Information (FOI) request is made to government, it might not be possible to grant it. How can government trace where information ends up, if it’s being passed from personal mobile phone to personal mobile phone? And where is it ultimately stored – on servers in the US? If a document is easy to leak with no trace, just think how easy it is for that document to get into the wrong hands.

The Conversation argues that WhatsApp messages should be subject to the same FOI rules as any other documents. If they are not, they offer a way around rules of accountability and an easy way to move documents ‘unofficially’. But how do you track them?

We’ve talked before on this blog about how simply banning the use of messaging apps isn’t a viable option. They’re convenient, and part of our everyday lives. They’re more immediate than email, many offer encryption, and you can track when someone has read a message. And we’ve seen in the US how private devices are used – whether deliberately or by mistake – to send communications that should be only sent through official channels.

But as these messaging apps stand now, they’ll increase the likelihood of leaks, and decrease accountability. They make it almost impossible to keep an audit trail, and simple for individuals to deny responsibility for what happens to a document once it’s left their control. They may offer a level of security in terms of encryption. But they offer no way of retaining control of where data or information ends up.

The only way to address this is to introduce messaging systems that do not allow data to leave the originating location, that are trackable, and that do not let anyone download, forward or even screenshot data that should remain firmly in government control, and with clear accountability to the public.