back to article Downing Street secretly deletes emails to avoid exposure to FOIeurs

Email records on computers in Downing Street are subject to automatic deletion within three months through a system which makes it almost impossible for the public to view them under the Freedom of Information Act, former staff have disclosed to the Financial Times. Reporters at the salmon-pink broadsheet discovered that this …

  1. Vimes

    Playing devil's advocate...

    http://www.foiman.com/archives/1584

    1. Afernie

      I get that it's potentially good information security policy to delete data you know you won't need again, preventing it falling into the hands of attackers, something Sony Pictures probably should have considered. But that's when we're talking business and the data is not required for audit/SOX/other legal purposes. This however, is a government, and this is a blatant policy of evasion, obstruction, and scorched earth in the face of the FOIA.

      Meanwhile, they're storing every bit of our correspondence without our consent, and not with a 90 day retention policy. So outrage all round? Absolutely.

      1. Vimes

        Show me the part of FoIA that tells the government how long they need to keep emails (or any file for that matter).

        I don't agree with it personally (I think they should be in a position to keep things longer than that, at least where it doesn't involve PII) but there is nevertheless a world of difference between 'should keep it' and 'have to keep it', and as somebody who has no experience dealing with this it would be wrong for me to at least not consider the possibility that there might be some reasons for this as badly thought through as they may be (for one thing filtering out personal information would be in itself a large task given the volume of email)

        1. Afernie

          "Show me the part of FoIA that tells the government how long they need to keep emails (or any file for that matter)."

          Fair comment, but does it matter? They've bent the spirit of the law regarding data collection and privacy so far you can join the ends together. When you promise to free information by law under FoIA, then deliberately delete the information so you don't have to comply, is that any different? Obeying the law via a technicality and breaking it in practice is the modus operandi of modern government, and that needs to change.

          "for one thing filtering out personal information would be in itself a large task given the volume of email"

          Filtering out personal information? If you mean personal communications on government systems, it seems unlikely to be permissible to conduct personal business with a government/civil service mailbox, any more than it would be with a company.

  2. Dan 55 Silver badge
    Trollface

    "It makes it easier if the nonsense emails aren't there"

    Maybe the software's working to spec and they're refusing to believe what the computer's telling them, it's all nonsense all the time.

    1. Vimes

      Re: "It makes it easier if the nonsense emails aren't there"

      "It makes it easier if the nonsense emails aren't there

      It's true though if 'easier' means 'less incriminating evidence we then have to release' and 'nonsense' means 'anything that goes against what we want you to believe'.

  3. Hollerith 1

    Banks and other financial organisations do this all the time. The official idea is that you clear off huge backloads of email traffic to de-clutter, with the understanding that everyone will say to some drive or another the business-critical stuff they need to refer to; the in-box is not your storage bin. The unofficial goal is to have a 'sorry gov, it's not on purpose, we just don't keep stuff' reply for when the Regulators want to see email trails.

    1. Sykobee

      Of course Exchange provides an archive repository feature, and it's not like archival storage is expensive these days.

      I.e., there is absolutely no reason to delete emails, as a copy of each one is stored in the archive even before it gets to the user.

  4. I Am Spartacus

    One rule for the rich.....

    A company I know has to keep ALL email, regardless of whether it is relevant, useful, incriminating or porn. This is done so that they can go in to court and say, truthfully, that all legal discovery is complete and comprehensive. This is a requirement for their business. It takes a lot of work (compliance, legal, operations, IT) to actually get an email deleted (like the one where bonus numbers were stored in a public store not a private one) and the culprit WILL get a disciplinary for needing this.

    Yes, it would be a lot of data, but storage is cheap.

    Nice to know the government that enforced this lives by the same rules.

    Anonymous, because whilst I don;t work for the company, I don;t want my contact there fired.

    1. james 68

      Re: One rule for the rich.....

      I used to work for a government sponsored "Back to Work" program and we were legally required to store ALL correspondence (plus a copy at a separate location in case of fire or whatever) for a minimum of 10 years, be it physical or electronic. Had to hire off-site storage units to deal with all the physical stuff.

      Another case of the governments "Do as I say not as I do" attitude. We could have faced serious legal issues and maybe even criminal charges if we did not follow those rules to the letter but somehow it's okay for the government to just destroy that stuff? It just makes me suspicious of what exactly they're trying to hide.

      1. Christoph Silver badge

        Re: One rule for the rich.....

        And they are about to put in their new snoopers charter, which will mean that our ISPs will have to keep all our emails for at least 10 years, just in case some bored copper wants to troll through them looking for 'evidence' (and any juicy bits, intimate messages from young girls, etc.).

      2. Andy A

        Re: One rule for the rich.....

        The IT services company I used to work for had a 3-month deletion routine too. Wonder if it was the same one?

        In contrast, the place I work now has to keep all sorts of stuff for long periods to satisfy The Regulator. We have hundreds of tapes holding god-knows-what, and we can't find out because the systems which created them went to landfill MANY years ago.

    2. Vimes

      Re: One rule for the rich..... @I Am Spartacus

      This is done so that they can go in to court and say, truthfully, that all legal discovery is complete and comprehensive.

      Again, playing devil's advocate for a moment: I strongly suspect that the number of court cases involving them is easily dwarfed by the number of FoI requests for any single government department that you'd care to name.

      That 'legal discovery' costs time and money neither of which the cash strapped departments have much of. Now imagine having to go through all that every time somebody asks for something.

      1. Ken Moorhouse Silver badge

        FOI Request: How many emails have come in over the past 12 months?

        Email storage systems that are compliant with the necessary retention requirements do have a Search facility.

        How do they manage to index Hansard? That's been propping up bookshelves for over 200 years now.

        1. Vimes

          Re: FOI Request: How many emails have come in over the past 12 months?

          @Ken Moorhouse

          Except that Hansard probably doesn't potentially contain private information that legally can't be stored longer than necessary (and 'in case we need it later' probably wouldn't count since if I recall correctly it has to be for the reasons it was originally collected & used in the first place). The same can't be said of emails, which can contain all sorts of private information not normally part of any government record like Hansard.

          Which one is more important? The DPA or FoIA? Letting them think that storing anything remotely private just because it might be useful later on is a very bad idea IMO.

      2. Vimes

        Re: One rule for the rich..... @I Am Spartacus

        Not sure what's with the downvotes, but consider this:

        - Anything remotely private or otherwise considered outside the scope for publication has to be redacted from anything released to the public (probably not the case with other legal requirements mentioned elsewhere in this thread since presumably the information is being provided to the government rather than the general public)

        - Such redaction probably has to be done by hand, since it's difficult to believe that automated systems could be trusted to do the job with sufficient accuracy.

        - More emails to trawl through means more work. This is unavoidable and the cost of the storage will not change that.

        Storing emails for longer means that it will actually be easier to hide information, not more difficult, since it will make it far easier for government departments to use s.12 of the act (excessive cost) to deny access. That greater ease in denying access IMO strongly suggests that avoiding the impact of FoIA is not the aim here.

        If it was then they would have an interest in keeping things as long as is humanly possible to make any trawl of the information too expensive.

  5. StephenTompsett

    Email isn't (shouldn't be) a filing system...

    Important documents should be kept in a version controlled respostory.

    1. Kubla Cant Silver badge

      Email isn't (shouldn't be) a filing system...

      Why? Most email clients go out of their way to provide filing-system-like features such as hierarchical folders.

      Important documents should be kept in a version controlled respostory.

      Maybe, but emails, however important, are intrinsically different from version-controlled documents. It's rare for an email to be modified, as opposed to being copied into another email.

      1. james 68

        It's true - in that a live email server shouldn't be used as a filing system, however archived copies kept on a separate server (multiple copies on multiple servers at separate locations to be pedantic, with no outside facing network connections) very much should be kept as such and is indeed legally required.in many cases as is version control, as otherwise the archived mail can be changed willy nilly to remove incriminating or exculpatory material.

        All that is apparently only for the plebs it seems, as the government can just say sod it and delete anything they don't like the idea of anyone ever reading.

    2. Jonathan Richards 1
      Stop

      The way it used to be

      >Important documents should be kept in a version controlled repos[i]tory

      +1

      When I joined the Civil Service, shortly after God got out of short trousers, the relevant bit of the relevant Manual (definitely capital M - Manual) said something very close to "The state of public business shall be ascertainable at any point in time by reference to the Registered File".

      Certainly we used to send memoranda and notes that didn't make it into the registered files, but anything that supported a decision made by the Service in the administration of public business had to be filed.

      Soon thereafter, colleagues started to use email on the internal network, and we made an explicit decision to print and file anything that seemed to be a record: it helped that our business was scientific and technical record-keeping, so awareness wasn't really a problem.

      When I left the service, there was a huge and ongoing effort to identify and retain electronic records, the paper variety having all but disappeared - remember when we thought The Paperless Office would be such a good thing?

      I suggest that the story is about politicians trying to avoid leaving a trail, and I expect that their civil servants don't like and don't want a blanket deletion policy.

  6. John Brown (no body) Silver badge
    Thumb Up

    Sorry Mr Taxman...

    ...I don't keep "nonsense" beyond three months as per the example set by the Prime Ministers Office. Honestly, my tax return is correct because I say so and you can't prove otherwise.

  7. SImon Hobson Silver badge

    Actually it is more than just "a feeling of wrongdoing" ...

    If you study much of the verbal diarrhoea that come out of the cabinet (especially during the Tony B Liar years, and especially from certain Home Office ministers) then the rule is that they clearly would only have done this if they had something to hide. It was a common theme that no-one has any reason to worry about privacy unless they had something to hide.

    So it's clear, by their own logic, the only conclusion we can draw is that they did have things to hide. And what's more, we've found out since then that there were indeed "goings on" ...

    EDIT: And aren't there any government rules on retention of official documents ? Surely those responsible for instructing for this to happen should be charged for breaking those rules ?

    1. P. Lee Silver badge

      Nothing to hide, nothing to fear

      'Cos we deleted it all.

    2. nijam Silver badge

      > And aren't there any government rules on retention of official documents ? Surely those responsible for instructing for this to happen should be charged for breaking those rules ?

      Yes, but as an earlier commentard observed, email is not an appropriate medium for official (or any other important) documents, for one thing it's almost devoid of security. If the documents are official they should be elsewhere, not in email archives.

      1. SImon Hobson Silver badge

        As you say, it's not necessarily the best medium for a lot of things.

        BUT it is used for a lot of things, and what is said in emails can often be very important - hence why there are some very good (and expensive) systems whose sole purpose is to maintain all emails in a retrievable form. They are also admissible as evidence, and are an acceptable form of contract, and in law are considered a letter for things like the information required by the Companies Act to be shown on business letters.

        Even without the comments that it made work very hard, I absolutely do not believe for one second that important stuff wasn't dealt with by email, and that important decisions weren't arrived at via email exchanges. As such, for an organisation like No 10 there is little (if any) valid argument for not having an "archive by default and delete only what's justifiably not important" policy.

  8. Anonymous Coward
    Anonymous Coward

    Fucking disgraceful

    A pox on all their houses.

    On the upside, the NSA will have copies of everything, so we should be able to get them back....

    1. Anonymous Coward
      Anonymous Coward

      Re: Fucking disgraceful

      Yeah, it is. We already gave them to GCHQ. Go look there.

    2. Anonymous Coward
      Anonymous Coward

      Re: Fucking disgraceful

      yeah, "we" should get the copies back from NSA, via the usual channels (FOI requests, Chinese hacking, etc.)

  9. Anonymous Coward
    Holmes

    Ah!

    Marvelous setup to help politicians in their favorite excus..., sorry, argument: can't remember!

  10. scrubber

    And in America...

    You can be jailed for 20 years for clearing your internet browsing history:

    https://www.techdirt.com/articles/20150606/16191831259/according-to-government-clearing-your-browser-history-is-felony.shtml

    1. Mark 85 Silver badge

      Re: And in America...

      I guess I'll just go turn myself into the cops. I regularly clean out my email and browsing history along with old files on my home PC. Will the time be in one of the country-club prisons or something akin to Shawshank?

  11. James 51 Silver badge

    To cover up their mistakes they implement a system that generates more mistakes. At least they're automatically covered up now.

  12. nsld

    I wonder

    As the government runs its own network does it not come under its own DRIP legislation on retention as it is effectively an ISP?

    I would like to see Treasonous May explain that one!

    1. Graham Marsden
      Devil

      Re: I wonder

      Oh don't worry, if it finds out it has done something illegal, it will just retro-actively change the law to make it legal...!

  13. Dan Paul

    Why Not?

    We have the ridiculous email deletion example from Hilarity Clinton and the State Department and Lois Lerner and the Infernal Revenue Service.

    Both deleted emails or destroyed data with impunity to avoid further investigation and prosecution and have never been brought up on charges for the crime of "Obstruction of Justice".

    Therefore a legal precedent has been set that no one in the US can be accused of Obstruction for deleting critical evidence and the excuse "the internet ate my homework" is now fully valid.

    If it was okay for those two, it is okay for me and everyone else.

  14. Mage Silver badge
    Devil

    Abrogating Democracy!

    Since a term of Government is 5 years maybe that should be a minimum.

    But actually they should NEVER be deleted.

    There must be ability FOR EVER to have audit trails.

  15. Levente Szileszky

    Wait, you don't have a preservation act to go in-hand with FOI...?

    What...?

    1. FrankAlphaXII Silver badge

      Re: Wait, you don't have a preservation act to go in-hand with FOI...?

      I'm amazed to see that myself. They probably torch records they want torched left and right. It must be great if you're up to something fucked up.

      I dunno about the Federal government's requirements, but the parts I've worked around or in seem to save everything even if its really pointless (at least the Army saves [in triplicate, mind you] damned near everything, especially if it relates to money. Yet keep in mind that they say DoD, which the Army is part of, can't be audited as its too big so draw your own conclusions there) but I do know for a fact that my state has a really strict law about that, we call it Government in the Sunshine, and everyone from the State level down is subject to it, even some services that aren't "government" technically but use public funds are responsible for storing their data for auditing.

      I suspect your State or equivalent government or maybe even your central government does as well judging by your reaction.

      It is strange to see a government have something like FOIA, but at the same time be able to burn its archives so FOIA doesn't really matter. And what gets me is that no civil liberties lawyers existed that were able to see through that arrangement. The UK needs something like the ACLU to keep these people a little more honest because it's really outrageous that they can basically burn or shred what pleases them.

  16. Anonymous Coward
    Anonymous Coward

    My town is said to do this too.

    Documents older than a small number of years old get trashed, what is not preserved by individuals (e.g., members of committees or community groups) goes down the Memory Hole. I had the sad experience of having to leave piles of documents (related to long-past projects in and proposals for our downtown) in a "to be recycled" pile at the former home of an acquaintance when he got evicted on almost no notice, and I suspect some of the only history of these projects is now gone. Granted, this is minor stuff -- governments won't topple, nor will communities cleave in civil unrest, if anyone saw these papers and passed them 'round -- but it's still a sorry symptom of the "if it's old, it goes" mindset that too often comes back to bite us in the nethers. As has been pointed out by more than one esteemed commentard above, storage is dirt cheap these days so there really is no reason for the scorched earth storage policy.

  17. Destroy All Monsters Silver badge
    Pint

    Now the Final Solution can be applied.

    "[This system] means that people don’t remember things"

    A bad case that can only be solved by a forced visit to the Fletcher Memorial Home. It's sad, but a government can't be run with these levels of Alzheimer. It's all for the best, really.

  18. FrankAlphaXII Silver badge

    Over on the other side of the Pond...

    At least in Florida, we have this law called the Government in the Sunshine Law. It basically says no matter who you are, if you're paid by the Government, you have to retain your email archives as they are a public record and anyone deleting them is breaking the law and they actually do prosecute people over it.

    It was one of many charges that my former county commissioner got charged with when they brought her to book over corruption. Its funny, since she's been convicted we've had growth, re-zoning, improvements and new construction every quarter. Before it was all going to District 4, small wonder why.

  19. Medixstiff

    My favourite little chat.

    Was with a young technician in the last place I worked.

    He was going on and on about PST's and how M$ says they don't support them and people should use online archives.

    He didn't seem to understand my point that why would a small business spend the extra for M$ Office Professional and then a enterprise license when PST's work perfectly fine for 99% of customers and can be easily split up however you want, such as yearly or 6 monthly blocks or whatever floats your boat. I still see PST's supported in Exchange 2010 on the latest Outlook versions and I see that PST's are the file type Outlook for normal home ISP emails uses.

    As others have pointed out, storage is pretty cheap these days so there's no excuse for archiving these off to any number of solutions including PST's. I mean when a staff member leaves, do they just delete their mailbox because in three months they won't be here, so why bother saving anything?

  20. Tom 7 Silver badge

    Mr Cameron

    As you have not objected to the plans I set out in my e-mail of today-3months I will expect you to vacate the office immediately.

  21. Thesheep

    The other extreme...

    is probably the scanned aluminum foil (sp) in this US FoI request. And also just wtf is Texas up to?

    http://gawker.com/i-do-not-trust-barak-obama-the-paranoid-emails-of-ja-1711669400

    1. John Brown (no body) Silver badge

      Re: The other extreme...

      Oh my! That made for some very scary reading!

  22. Halfmad

    "because it meant that colleagues had different recollections of what had been agreed at meetings"

    - Erm hold on, why not just minute the meetings then? Problem solved.. oh wait those can be requested under FOI..

  23. Mad Mike

    Against the law

    Companies and other organisations are legally required to keep everything (correspondence, emails, contracts etc.etc.) for as long as they could be used in a court case. If they fail to provide the information (documents, whatever) on demand, the judge or jury is allowed to take whatever view of their failure they wish to. So, if the judge/jury decides it is deliberate evasion, they are allowed to assume the document would be prejudicial to the failing parties case and find accordingly. So, if they do delete something, they need to have a very plausible and good case for having done so. Simply saying 'not enough space' or 'too hard' is not good enough.

    This is what often causes the 7 year retention issue, although court cases can be brought beyond 7 years under some circumstances.

  24. iranu

    Tony Blair

    "I think I'm a pretty straight sort of guy."

    This looks to me like it has the finger prints of Alistair Campbell all over it too.

  25. IHateWearingATie

    Er, old news?

    This kind of thing has been standard across central government since FoI became law 10 years ago. You have to choose to save off the important stuff (and there are archive systems to do this) and then everything else is cleared after a specified period of time - No10 have 3 months but I think the rest of Gov have between 6 and 12 months as the limit. Remember,this stuff has been in place since 2005 - storage was really very expensive back then and Gov IT budgets are limited (remember they are funded by taking money away from you as taxes).

    The FoI Act specifcially did not include a clause to stop people deleting stuff before a request has been received to allow removing anything unimportant / incriminating (delete as appropriate :) )

    Of course, deleting stuff after receiving a request will get you in a load of trouble.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019