This isn’t a political blog and anyway there’s been plenty of comment about the invented-smears emails, their origin and their target.
But just one IT point keeps being ignored and it appears to have been perpetuated from the very top in Gordon Brown’s letter. It is the assertion that these emails were somehow “private”. Brown’s letter, as reproduced in full by the BBC, says
“I am assured that no minister and no political adviser other than the person involved had any knowledge of or involvement in these private emails.”
Hang on. We’re also told that they were sent “from an official account”. So absolutely no way are they private. Gordon Brown, his staff, and the media are confusing “private” with “confidential”.
If they were private, they should have been sent from a private email account. Sure, if they’d been sent from dmcbride@googlemail there would still have been a fuss if they’d been uncovered; but it would have been much less of an embarrassment for McBride’s employers.
If they were sent from an official email address, that’s the equivalent of being on 10 Downing Street headed notepaper. If they were confidential, but official, they could have been encrypted. Confidential messages have been being sent in code since writing was invented.
This is an object lesson about information risk and information security. Sending personal (= “private”) messages from your business email is very poor practice and highly unprofessional. Not making it clear to your employees that personal mail should be sent personally is equally poor practice and puts both the employee and the employer in jeopardy. And not encrypting information which is truly highly sensitive and business confidential is, quite separately, stupid – although all of us, I suspect, neglect this one most of the time.
As any decent risk management practitioner will tell you!