No 10 Downing street emails and the Loans or Cash for Honours investigation
The Sunday Telegraph has a misleading headline:
Honours probe police hacked No10 computersBy Andrew Alderson, Chief Reporter and Patrick Hennessy, Political Editor, Sunday Telegraph
Last Updated: 12:04am GMT 21/01/2007Detectives in the cash-for-honours inquiry were forced to "hack" into Downing Street computers in the search for evidence, The Sunday Telegraph has discovered.
Police used computer experts to obtain confidential material, and are also believed to have approached Number 10's internet suppliers to gain access to government email records.
Scotland Yard became suspicious that potentially vital information was being withheld after it twice asked Downing Street for all emails, letters and other material relating to the system of awarding peerages. Concerns grew among officers that there had been a cover-up.They were deeply frustrated by the "very slim" file of documents that was handed over — and decided to obtain further evidence by their own devices, senior sources close to the inquiry have revealed.
It is understood that John Yates, the Metropolitan Police assistant commissioner leading the investigation, authorised officers to use all lawful and legitimate means to discover whether information was being withheld.
In other words, once the Police investigation had moved on from looking at possible, relatively minor, criminal offences under the Political Parties, Elections and Referendums Act 2000 Schedule 20, or the Honours (Prevention of Abuses) Act 1925 to the much more serious Common Law offence of Perverting the Course of Justice, then the usual Police powers under the Regulation of Investigatory Powers Act and the Data Protection Act for investigating a serious crime could be invoked, just as we outlined in a previous blog article -
"loans for peerages" scandal, non-publication of RIPA Commissioners' Annual Reports and the "Wilson Doctrine"
[...]Legal experts say that high-level authorisation — similar to the granting of a search warrant — is needed for remote accessing of computers. Neither Scotland Yard nor the Home Office would confirm that such permission had been given in the cash-for-honours case, but there is no suggestion that any officer acted illegally or improperly.
[...]
So why the sensational front page headline implying exactly the opposite ?
Have the Police recovered the "deleted" emails from the Microsoft Exchange email servers and backup storage ? (see the evidence to the Hutton Inquiry)
Will any of these emails be preserved for future historians, like the President Reagan / Oliver North / John Poindexter emails recovered during the investigations into the the Iran / Contra affair ?
Comments
I think it more likely that they may have recovered previously deleted emails or files from WORKSTATIONS using e-forensic tools, especially if the local copies and/or the backups had been doctored.
Posted by: IanP | January 21, 2007 9:27 AM
To clarify my point above.
If incriminating emails are created and then sent, a copy of the email will be present on the workstation and the Exchange Server, as well as a log, and will be kept on the exchange server and hence the backup (probably every 24 hours).
If however, immediately after sending the user drags and drops the email into a folder in ‘personal documents’, then the email itself will disappear from the Workstation email client and Exchange Server, but the log of the transaction will not.
If ‘Yates of the Yard’ subsequently obtained the logs, by matching the logs with the emails available, found emails to be missing, he could assume that they would be in folders stored locally on the workstation.
If anyone tried to cover their tracks and deleted the said folder on the workstation, then although the folder will disappear from view, the folder and the files within it will not actually be deleted, only their entry in the index is removed, making them non-viewable.
But even by using simple forensic tools, these files are still recoverable, and very readable.
Posted by: IanP | January 21, 2007 10:10 AM
Before I pulled out the 'e-forensic tools', I'd just check the 'Recycle Bin'.
Posted by: Rik Hemsley | January 21, 2007 10:13 AM
If they are doing, as would be expected of any provider, GFS backups then it should be easy to recover the bacups from the servers whether they are exchange servers or use a standard mail server application.
I would hardly describe this as hacking, in fact it is just basic network administration that any backup operator / network administrator could carry out.
Posted by: Jake Long | January 21, 2007 4:14 PM
But "hacking" is so much more exciting a word than "forensics", no?
Posted by: ukliberty | January 21, 2007 4:42 PM
Various mainstream media websites are now quoting the News of the World:
No link on the NOTW website to this yet.
Posted by: wtwu | January 21, 2007 5:57 PM