The former head of GCHQ has called for an end to the government handling crises over WhatsApp, saying the platform might suit gossip and informal exchanges but is inappropriate for important decision-making.

Sir David Omand, who ran the UK intelligence service before becoming the permanent secretary of the Home Office and the Cabinet Office, criticised the way government was conducted in the pandemic and said future crises should be handled with “proper process”.

  • Digestive_Biscuit@feddit.uk
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    Not disagreeing, they shouldn’t use WhatsApp at all, but email is way less secure. Emails are easier to “hack” and if I remember right they were stored on her personal server so she personally keeps the data, a bit like how Trump was found with government documents in his personal belongings. WhatsApp is encrypted end to end and presumably (I hope) are used on gov work phones.

    For me it’s more about the lack of controls on accessing and retaining data used in WhatsApp. It’s not stored on a central government system.

    I don’t know if the gov have an official messaging app. But hearing all this in the news really sounds like people in gov are intentionally using WhatsApp as a means to keep conversations secret. Like everything else with this government, it stinks.

    • jabjoe@feddit.uk
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      Email security is purely on how it’s done. If you want it end to end and encrypted at rest, there is the PGP email standard.

      Government via WhatsApp is not acceptable. It’s a closed source app from a foreign for profit data-mining company. It should be a no brainer that it’s not acceptable.

      • Digestive_Biscuit@feddit.uk
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        Yeah totally agree. WhatsApp shouldn’t be used by government.

        Email can be secure both sides, one side or neither. You can’t rely on it being secure.

        • jabjoe@feddit.uk
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          If it’s PGP email, it’s as secure as the keys. If the keys can’t be kept secure, no system can be kept secure. You email whose public key you have and it requires their private key to read.

          • Digestive_Biscuit@feddit.uk
            link
            fedilink
            English
            arrow-up
            1
            ·
            11 months ago

            Were talking about somebody using their own personal email for work purposes. There’s absolutely no assurances on encryption their using. It’s a bigger risk than WhatsApp, although I again should say I agree WhatsApp shouldn’t be used either. Both options aren’t good but for slightly different reasons, in my opinion anyway.

            • jabjoe@feddit.uk
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              11 months ago

              Oh I’m not arguing it’s ok to use personal email for government business. I’m saying email can be secured.

        • jabjoe@feddit.uk
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          Even if she was, it is a legitimate problem using non-gov email for gov business. Though the crazy thing is those calling to “lock her up” support politicians doing far worse.