The Matt Hancock CCTV footage leak – why it’s right for the ICO to investigate

The Matt Hancock CCTV footage leak – why it’s right for the ICO to investigate

The Matt Hancock CCTV footage leak - why it's right for the ICO to investigate

At the end of last month, The Sun newspaper had quite the scoop. Pictures (and – later released – video footage) of UK Health Secretary snogging Gina Coladangelo, a non-executive director in Hancock’s government department.

Both Hancock and Coladangelo are married to other people, and they were quite clearly not following COVID-19 social distancing guidelines that Hancock had insisted the public should follow.

Clearly a juicy story for a British tabloid owned by Rupert Mudoch to get its teeth into, and The Sun breathlessly detailed how Hancock and Coladangelo had been “caught on camera in a steamy clinch.”

Camera? Yes. The images appeared to have been captured by a ceiling-mounted CCTV device in Hancock’s office.

A few days later, amid the furore, Hancock resigned.

But it felt to me like there were still important questions to be answered about how CCTV images from inside the UK government fell into the hands of the Murdoch press, even if the Prime Minister’s office wanted to move on

Imagine you run a newspaper, and you don’t want politicians to push you around. It may be to your paper’s advantage if politicians believe you might have access to security CCTV footage from inside the government.

Snapshots of indiscretions or embarrassing meetings can be kept for months or years by a paper, waiting for the right time to release them to cause maximum damage to a politician or their party.

It doesn’t have to be the footage itself, it might just be a smartphone photo of a CCTV monitor. It’s the kind of thing you can imagine an opportunistic worker who handles CCTV footage capturing, either to share with their friends for a laugh, to expose hypocrisy, or to make a quick buck.

An embarrassing photo could be enough to make headlines, and subvert what normally might have been the day’s news agenda.

Clearly, in this case, the photos could be very awkward for the people involved, and upsetting to their partners and children. Which means that even if not published in the newspapers, the potential for blackmail exists.

If newspapers can get hold of such images, why couldn’t others? If enough money was offered, it’s imaginable CCTV footage could reach a foreign power, keen to collect kompromat in order to exert influence.

EmailSign up to our newsletter
Security news, advice, and tips.

CCTV is covered by the Data Protection Act in the UK, which means that proper care should be taken to inform individuals that they are being recorded in the workplace and that tight controls are in place as to who can see any recordings.

Clearly there has been a failure in security when it comes to protecting the UK government’s CCTV footage, if it ended up in the laps of reporters at The Sun.

Whether that can be justified as “whistleblowing” in this particular case or not is up for greater legal minds to decide than mine, but at the very least I think a breach needs to be investigated – rather than swept under the carpet.

And it seems I was right last month to suggest that the Information Commissioner’s Office (ICO) should investigate what was (regardless of your political persuasion) undoubtedly a data breach.

Yesterday, ICO teams raided two residential properties in the south of England, seizing Personal computer equipment and electronic devices as part of an official investigation.

I’m sure I’ll get some folks saying that it’s a good thing that Hancock’s hypocrisy should be called out, especially if COVID-19 guidelines were breached. And I agree, it’s a good thing that Hancock and Coladangelo are no longer employed by the Department of Health.

I’m just not comfortable with the idea that journalists managed to gain access to CCTV footage quite so easily. If it was that easy, it could happen again and again. And maybe next time a breach could have more serious consequences.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *