The Government have robust systems in place to protect against cyber threats and we are vigilant in ensuring that these are up to date and meet the challenges of the modern world. Just yesterday, the Security Minister announced that he was establishing a new task force from across departments, the security and intelligence agencies, the private sector and civil society to meet these big challenges. All new Ministers receive a general security briefing in their first weeks in government. The National Cyber Security Centre and government security officials then regularly provide Ministers with specific advice on protecting personal data and managing online profiles, as well as on best-practice guidance.
But the system is not robust, as the Minister claims. The previous Prime Minister had her phone hacked. The Home Secretary leaked classified information and, during the early days of Covid, Johnson, the Prime Minister, used a phone that then was lost with all messages unobtainable. At this rate, we are going to have to ask the Russian secret services for all the details about where and when ministerial decisions were made. [Laughter.]
Good. The Government take matters of security very seriously. Of course, I am not going to comment on individual cases—that would not be appropriate—but I draw attention to the fact that the Home Secretary has provided a very detailed account, step by step, in a very full letter to the Home Affairs Select Committee and, of course, she apologised for her error and resigned. The Prime Minister has now appointed her to do a very important job.
My Lords, the noble Baroness will be aware that the former Prime Minister, Boris Johnson, and his entire Cabinet at that time, many of whom are now back in the Cabinet, were warned in 2019 not to use their personal phones for business but it appears that some continued to do so. Can the Minister confirm what guidance was given to Cabinet Ministers at that time? Is it still being given to Cabinet Ministers? How is that guidance being enforced and is not obeying those rules a breach of the Ministerial Code?
I will not, of course, comment on the particular; however, it is the case that government systems should be used, as far as practicable, for government business. The guidance issued and kept under review does not rule out the use of different forms of electronic communications in some circumstances. There has to be a place for a variety of digital channels. Ministers have informal conversations from time to time and they have to use a variety of digital communications for personal, political and parliamentary matters.
My Lords, Ministers have said that they are conducting government business on Signal, a messaging app that deletes messages after five seconds and can block screen grabs. How is this compatible with official rules on the use of private devices for such business, particularly when having to send copies of messages to civil servants?
As I said, government systems should be used as far as practicable. In some cases it is not possible to do that, and in some cases it is not appropriate—for example, changing the time of a meeting can be done perfectly well in this digital world. Having said that, the Cabinet Office has previously published guidance on how information is held; it is always being looked at and updated to reflect modern forms of working and technology—and, of course, the changing threat. Cyber and technology are changing all the time, which is why this work is so important and why I mentioned the task force set up under Minister Tugendhat.
My Lords, I sympathise over the complexity of this matter, particularly given the technological developments, but there is the question of principle, which does not particularly relate to the recent cases cited. Several decades ago, when I was at GCHQ, the slightest security misdemeanour meant that you lost your job. Does that principle—that making a serious security error has consequences and a simple apology will not do—still apply? I cannot think of another circumstance in which an apology would have sufficed.
I am glad that we have the advice of somebody who used to work at GCHQ; it shows the breadth of this House and what we are able to do on security. I have explained that the Home Secretary apologised and that she resigned. We have discussed before that she has come back—you can have redemption in this life. You need to have respect for security and make sure that you are ahead of the game but, occasionally, you also need to be able to say, “I did the wrong thing”, and you need to be forgiven.
Tweeting has a place in modern news communication. The point that we all need to understand—and I assure noble Lords that, as a new Minister, I have taken the briefing that I have had very seriously—is about when you can use social media and non-government communications and when you need to be very careful. Of course, in some cases you cannot even use official digital communication for secret stuff; it has to be looked at in a particular location and on paper.
I agree. Since I came to the Dispatch Box—I am sorry that I have lost my voice—I have been trying to move the debate forward. That is why I was emphasising the role of the UK on cybersecurity, which is an impressive one. I know, because I had to attend three days of a cybersecurity conference in Singapore while Secretaries of State were busy on other matters. I found that the UK’s work was highly respected and took a great deal of comfort from that. It is very important that we invest in the future and support the task force that has been set up and is going to draw on expertise from across the House.
My Lords, it is good to know that the Minister has had training on security but yesterday’s i suggested that some of the UK’s closest allies are so concerned about the Government’s use of repeated use of personal devices for government business that they are beginning to consider what security briefings they should make available to the United Kingdom. Is that not a reason why her colleagues in government should think again about using personal devices for government business?
I am always careful to question individual reports, but I repeat that we take a leading role on the global stage in countering state threats, and we will continue to work closely on this with like-minded allies and partners to defend UK interests, and the international rules-based system, from hostile activity.
My Lords, the Minister has told us that she is unwilling to talk about case histories and so on, although she has given us a pretty fulsome step-by-step report on the Home Secretary’s resignation and reappointment. In view of the fact that she began by telling us from the Dispatch Box today that this is not a laughing matter—that it is very serious—and the sober words from the right reverend Prelate about his experience of GCHQ and the seriousness of these lapses, can she confirm from the Dispatch Box that to describe what we are going through as a witch hunt is inappropriate?
I note what the noble Lord says, but I must say that I have some sympathy with my noble friend Lord Forsyth: we really need to move forward. I went into detail on the Home Secretary only because she wrote a letter in great detail, which I think is of interest to people who take an interest in these matters. We need to move forward and to support those in the security services and others trying to defend national security and, even more importantly, anticipate the new threats coming at us all the time. The digital world is changing, as I know from my recent trip, and we have to work to strengthen defences, but in a reasonable, sensible way.