Mobiles are inherently insecure, which might be a surprise to British politicians
It is no longer news to point out that a mobile phone, if hacked, can be the ultimate tool for surveillance. But the question is whether it is a surprise to British politicians – and whether they are using their devices sensibly or carelessly.
We will almost certainly never know precisely what happened to Liz Truss’s phone. The then foreign secretary had to abruptly drop her main number and take up a new, government-issued handset in the summer, just as it emerged she was likely to be the next prime minister after Boris Johnson.
Political insiders say the fear was that Russian actors had hacked into the politician’s phone, though the security community is said to be less certain what happened even now, three months later. What is agreed is that Truss had to change her main number rapidly in the summer, such was the anxiety in Whitehall.
But it comes after a string of similar worries about ministerial mobile phone security, not least that Boris Johnson’s phone number was freely available online for 15 years – and that the UAE was accused by forensic experts of trying to hack into phones at Downing Street and the Foreign Office, a claim that Abu Dhabi denies.
The reality is that a mobile phone is inherently insecure, but, like anybody else, a politician will want and indeed need to use one. So the question is: what information is being shared via a politician’s mobile and how sensitive is it?
Ministers are given a security briefing on entering office, and told they can be prosecuted under the Official Secrets Act if they pass highly classified information via a mobile device, or indeed through any other means.
But they are not forced to dispense with their personal phones: a moresecure, government-issue one can be provided, though with some ministers, including Johnson, it can take a while before their old phone is prised from them.
On the other hand, it is unlikely that Truss will have been incautious enough to share secret or top secret paperwork via her phone. A former Whitehall insider said it would require her
to “perform wildly complicated document transfers” or tell someone else to do them for her in breach of the rules.
But other ministers have done foolish things. A personal email account belonging to Liam Fox, the former trade minister, was repeatedly hacked into by Russians in 2019, who then stole classified documents relating to US-UK trade talks – a reminder of how incautious Suella Braverman’s more recent use of a personal email account could be.
At the time of the security alarm surrounding Truss’s phone, the concern was that her WhatsApp messages – possibly dating back months – had been compromised. Some of this will probably be cabinet gossip, backchat with colleagues and allies, or other insider material touching on the business of government.
Much may not be fundamental to the confidential business of state. But Peter Ricketts, a former national security adviser, describes it as material in “a problem area” in that while it is “not strictly classified, it could be quite sensitive”.
A row at the heart of government could be of interest to spying eyes, particularly if it touched on foreign or defence policy, as might communications with foreign leaders.
The reality, Ricketts argues, is that ministers have to use their mobile phones and their personal emails judiciously – and that they are not short of official advice on how to do that. What is less certain is whether ministers will pay attention.