Should Jack Straw use Hotmail for gov business?

News
25 Feb, 2009

Security firm criticises the Justice Secretary for using a Hotmail email account to talk to his constituents and government contacts.

UK Justice Secretary Jack Straw has been criticised by a security vendor for using a Hotmail account for government business - an account that was subsequently hacked by Nigerian scammers.

Reports said that the fraudsters sent out hundreds of emails carrying the heading ‘The Right Hon Jack Straw MP’ to constituents, government chiefs and council bosses among others.

Mr Straw's adviser could not be reached for comment at the time of publication, but according to the Telegraph, Mr Straw said there were no security issues as the email address of his Blackburn constituency, rather than his ministerial account, was targeted.

However, Rik Ferguson, solutions architect at Trend Micro, said that he found it shocking that Mr Straw was using a Hotmail account to conduct government business.

He said: “If you go to the Jack Straw website, you’ll see that is what’s listed as his contact email address.

Ferguson outlined why he thought using Hotmail would be a problem: “Number one is that it is out of the control of any of the government IT systems.

“Any of the data within that Hotmail account is not backed up or controlled. And it won’t be accessible via the Freedom of Information Act I would imagine, because it’s not part of government systems.”

Ferguson also said that if Mr Straw was using it for constituency or possible parliamentary business, especially for someone responsible for setting up the hi-tech crime unit, he should have taken the responsibility in using encrypted email.

He said that encrypted mail technology was now available from more than one vendor, but that its full potential wasn't being realised.

Ferguson mentioned laws in the US that prevented politicians from using non-sanctioned email systems to carry out official business. A Federal investigation took place during the US elections when Sarah Palin’s Yahoo account was hacked.

He said: “The law says that if the data isn’t backed up then it can’t be made available by request, then you shouldn’t be using it for government business.”

Microsoft did not reply directly to IT PRO's request for comment on the issue of Hotmail use, but did state that it does not recommend sharing personal account information with third-party websites and that customers who choose to share their account information risk putting their private information into the wrong hands.

Microsoft went on to recommend that, for their own safety and security, users keep their account passwords secret and change them regularly.