Most departments wipe devices after failed password attempts

Written by Jim Dunton on 7 January 2022 in News

FOI responses find that two thirds of government entities reset phones – a practice firmly discouraged by MPs

Credit: Dunk/CC BY 2.0 and Sittikan Raingkun  - image has been remixed

Most central government departments wipe officials’ mobile phones if the wrong password is entered too many times, according to responses to Freedom of Information Act research.

Answers given to the Press Association suggested that at least 14 out of 21 departments routinely delete phone records from devices when enough failed attempts to provide a password are racked up.

The practice came under the spotlight during parliamentary probes into the Greensill scandal last year, when it emerged that HM Treasury did not have complete records of permanent secretary Sir Tom Scholar’s phone and text communications with former prime minister David Cameron.

Cameron subsequently provided the department with data from his own records because the details had been wiped from Scholar’s phone after failed password attempts for the device.

Related content

According to the PA research, reported by the Independent among other media outlets, four departments do not have a policy of clearing records from phones when the incorrect password is entered too many times. A fifth – unnamed – department said it did not hold information to answer the FOI request, while the Ministry of Defence and the Northern Ireland Office did not reveal their policies.

Campaigning lawyer Jo Maugham, founder of the Good Law Project, said the FOI investigation showed departments’ security arrangements made it too easy for phone records to be purposefully destroyed.

“It’s entirely wrong for ministers and special advisers to be given de facto the option of deleting, when convenient, all records held on their phones,” he said. “Departments have been told this is wrong by the Treasury Select Committee – and you do have to wonder why so many persist.”

Last month the Department for Digital, Culture, Media and Sport revealed that 57 of its mobile phones and more than 260 of its laptops had been lost or stolen since 2018.

In a written answer to parliament, minister of state Julia Lopez said that any mobile device reported as lost was “immediately and remotely deactivated and the contents deleted”. 

She did not detail the department’s policy on wrongly entered passwords.


Share this page




Please login to post a comment or register for a free account.

Related Articles

New PM will need to act fast to get a handle on risk-management, report finds
28 July 2022

Think tank cites growing cyberthreats and a lack of incentives for policymakers to develop technical skills

MoD appoints £2m cyber specialist to test Army IT vulnerabilities
23 September 2022

Firm will be asked to assess existing and new tech platforms 

Government reveals ambition to drastically reduce cybercrime
21 September 2022

Consultation launched on how to ‘reduce the security burden on citizens’

Half of three departments’ key risks concern technology
5 September 2022

Annual reports of HM Revenue and Customs, Home Office and DWP discuss risks from cyber security, data protection and specific projects

Related Sponsored Articles

Keeping tabs on work-issued mobile activity with Antenna
7 September 2022

How can public sector organisations keep track of calls, texts and instant messages in the world of ultra-flexi, hybrid working? Stuart Williams, CTO at FourNet, and Andrew Bale, EVP at Tango...