news Malcolm Turnbull has advised the public not to assume that Government email services are more secure than private systems, in the wake of news that the new Prime Minister will continue to use non-Government email and instant messaging platforms for communication.
Last week, The Australian newspaper revealed that Turnbull and his wife, Lucy Turnbull, operated a private email server, which has been used for purposes including conducting government business. The server has been used during Turnbull’s time as Communications Minister and in his new role as Prime Minister.
In a press conference last week, Turnbull said the public “shouldn’t assume that Government email services are more secure than private ones.”
The Prime Minister defended his use of a private email server — which has been reported to be provided by hosting company Netregistry — through stating that it was not possible for classification information to be exchanged, other than through Government platforms.
Classified information can only be exchanged through government systems and obviously all members and senators and ministers use non-government forms of communication, most notably SMS, which I might say is probably the least secure of all forms of electronic communication for matters that are not classified, that are routine, non-sensitive, however you want to describe it.
“Classified information cannot be transmitted to, or transmitted from, anything other than a government system that is certified as appropriate for it,” the Prime Minister said. In terms of transmitting this information through private means, Turnbull added: “The answer is I can’t do it and I wouldn’t do it and I protect classified information very, very carefully.”
Critics of Turnbull’s approach have raised the issue that emails and messages sent through private systems may not be accessible through Freedom of Information legislation.
“If you have an FOI application that relates to a Minister’s text messages that’s not on a Government system … those text messages, subject to all sorts of exemptions and rules and so forth, can be accessed,” Turnbull said.
The Prime Minister acknowledged, however, that Wickr — which he described as “a very secure over the top application” — would not necessarily leave a message that could be captured under FOI — as messages sent through Wickr tend to self-destruct after they have been read.
In general, Turnbull said, he used a “variety of forms of messaging” — as, he pointed out, many members of the public dic.
“I am very careful about security. I use my private non-Government email is obviously one that I’ve had for many years and many people can reach me that way. But obviously any material that is classified or sensitive remains within the Government system,” he said.
“I am not — I don’t claim to be an expert in this area, but it is not an unknown area to me. I’m pretty familiar with the different forms of data security and the challenges. I stay very closely in touch with our experts such as the Australian Signals Directorate. I take care about this and I look forward to improving levels of Government security where ever we can. So I can assure you, security of telecommunications, security of Government data is a very high priority for me, as it is for all of our Ministers and Assistant Ministers.”
Is Turnbull right? Are Government email platforms not necessarily more secure than private email servers?
On a formal level, one would suspect that the Australian Signals Directorate — which is responsible for oversight of IT security within the Federal Government — would strongly disagree with Turnbull’s statement. This agency would, I suspect, strongly hold the view that Government email platforms are more secure than those provided by the private sector.
However, the evidence is that Turnbull is correct.
The Parliament’s email system, after all, has been very publicly hacked before — during the Gillard Prime Ministership. In addition, the Department of Parliamentary Services, which administers the email platform for Members of Parliament, is not known for being well-funded when it comes to IT services. In fact, the situation is precisely the opposite — reports about the Department’s IT services have found many problems.
Of course, when you examine the specifics of the situation, one would suspect that if Turnbull was serious about the security of his email, he could possibly pick a better option than Netregistry. Nothing against the company — but it is usually seen as a provider for consumers and small businesses, rather than one suitable for hosting really sensitive information. You would typically more look at a Government-certified body such as Macquarie Telecom for that kind of service.
Turnbull’s use of Netregistry as an email hosting platform — if indeed the reports are correct and it is Netregistry which is involved — will paint a red target on the platform. I am sure there are many nasty people out there who would like to break into Turnbull’s personal email. I suspect the Prime Minister should review his IT security arrangements as quickly as possible.
Image credit: Office of Malcolm Turnbull