Freedom of Information Act 2000 (FOIA) Decision notice

Similar documents
Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Environmental Information Regulations 2004 (EIR) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act Decision notice

How we deal with complaints

Freedom of Information Act 2000 (FOIA) Decision notice. The British Broadcasting Corporation ( the BBC )

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

PROCESS FOR RESPONDING TO PREVENT / EXTREMISM Freedom of Information Act REQUESTS

Freedom of Information Act 2000 (FOIA) Environmental Information Regulations 2004 (EIR) Decision notice

Decision 036/2013 Mr George Matthews and Borders NHS Board. Comparative costs of hearing aids. Reference No: Decision Date: 6 March 2013

Freedom of Information Act 2000 (FOIA) Decision notice. East of England Ambulance Service NHS Trust

FREEDOM OF INFORMATION POLICY. Date Agreed Body Review Date

Decision 063/2009 Mr David Rule and Historic Scotland. Flags flown over Edinburgh Castle. Reference No: Decision Date: 29 May 2009

Freedom of Information: internal review

Freedom of Information Act 2000 (Section 50) Decision Notice

Freedom of Information Act 2000 (FOIA) Decision notice

Applicant: Mr James C Hunter Authority: Glasgow City Council Case No: Decision Date: 18 December 2006

ICO lo. The economy (section 29) Freedom of Information Act. Contents

CDC Group 26 May 2011 CDC POLICY IN RELATION TO FREEDOM OF INFORMATION ACT 2000

Information on the Copenhagen Climate Change Summit and relations between Scotland and the United Kingdom and China

Decision 133/2010 Mr Chris Millar and Transport Initiatives Edinburgh Ltd

I am writing to confirm that Ofcom has now completed its search of relevant documents falling within your request.

Freedom of Information Act 2000 (Section 50) Decision Notice

Decision 111/2012 Catherine Stihler MEP and the Scottish Ministers

Decision 063/2011 Mr Paul Giusti and North Lanarkshire Council. Contact details for landlords on the register of private landlords

Decision Notice. Decision 234/2014 Shetland Line (1984) Ltd and Transport Scotland

Correspondence with Commission on Delivery of Rural Education

1. All details Ofcom have of complaints reported through the BBC, linked with PLT interference.

Policy on Freedom of Information

Decision 118/2010 Mr Peter Cherbi and the Scottish Ministers

Re: (b) The amounts given to each partner, as well as a description of the activities undertaken with the funding.

Decision 216/2010 Mr Peter Cherbi and the University of Glasgow

Applicant: Mr Edward Milne Authorities: The Crown Office and Procurator Fiscal Service Case No: Decision Date: 5 January 2006

Applicant: Mr George Gebbie Authority: Scottish Legal Aid Board Case No: and Decision Date: 18 February 2008

Aldridge Education. Freedom of Information Policy and Procedure

Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018

Decision 012/2009 Mr John Young and North Lanarkshire Council

3. Any correspondence between Ofcom and Al Jazeera or any of its channels (including Al Jazeera Arabic) since 5th June 2017; and

1. How many claims have been brought against the BBC for unfair dismissal since 2004?

Thank you for your request for information about Iran International, Volant Media and Global Media Circulating Limited.

First-tier Tribunal (General Regulatory Chamber) Information Rights Appeal Reference: EA/2016/0243. Before DAVID FARRER Q.C. Judge. and HENRY FITZHUGH

Decision 126/2007 Mr Rob Edwards of the Sunday Herald and the Scottish Executive

Decision 066/2009 Thomas Crooks and the Board of Management of Stevenson College Edinburgh

James McLaughlin 4 March 2011

Data held by BASC clubs and syndicates - a brief guide

Decision 001/2014 Ross Gilligan and the Scottish Ministers. Information contained in correspondence

Power of Attorney Application to Appoint an Attorney to Operate an Account(s)

Decision Notice. Decision 243/2014: Mr Paul Quigley and the Assessor for Glasgow City Council

Decision 025/2005 Mr Kelly and South Ayrshire Council

Freedom of Information Act 2000 (FOIA) & Environmental Information Regulations 2004 (EIR) Public Interest Test FOI_1204

ORDER PO Appeal PA Peterborough Regional Health Centre. June 30, 2016

Freedom of Information, data protection and papers of a previous administration

GUILDFORD DIRECT LIMITED PUBLICATION SCHEME PART ONE

JUDGMENT. Cotter (Respondent) v Commissioners for Her Majesty's Revenue & Customs (Appellant)

First-tier Tribunal (General Regulatory Chamber) Information Rights Appeal Reference: EA/2017/0194. Before Judge. David Farrer Q.C.

Woodfield School Freedom of Information Policy

Mobius Life Limited Data Privacy Notice

Office of the Information and Privacy Commissioner Province of British Columbia Order No October 3, 1994

1. Please disclose the number of successful claims relating to Jimmy Savile made in the last 10 years.

Customer Privacy Notice Edition

Ombudsman s Determination

Order F17-08 MINISTRY OF PUBLIC SAFETY AND SOLICITOR GENERAL. Celia Francis Adjudicator. February 21, 2017

ON APPEAL FROM A DECISION OF THE INFORMATION COMMISSIONER COUNCIL OF THE BOROUGH AND COUNTY OF THE TOWN OF POOLE. -and- THE INFORMATION COMMISSIONER

Before: SIR TERENCE ETHERTON, MR LADY JUSTICE BLACK and LORD JUSTICE DAVIS Between:

DIOCESAN EDUCATION SERVICE MODEL PUBLIC INTEREST DISCLOSURE (WHISTLEBLOWING) POLICY FOR VOLUNTARY AIDED CATHOLIC SCHOOLS

Freedom of Information Act 2000 (FOIA) Decision notice

Andrew Bartlett QC (Judge) Gareth Jones Steve Shaw

Mobility allowance and the law

Request under the Freedom of Information Act 2000 (FOIA)

Decision Notice. Decision 014/2019: Mr D and NHS Greater Glasgow and Clyde. Postcodes of patients

Transcription:

Freedom of Information Act 2000 (FOIA) Decision notice Date: 8 November 2016 Public Authority: Address: Cabinet Office 70 Whitehall London SW1A 2AS Decision (including any steps ordered) 1. The complainant submitted a request to the public authority for the make and model of portable electronic devices such as laptops, tablets mobile phones used by very senior officials including then Prime Minister David Cameron. 2. The Commissioner s decision is that the public authority was entitled to withhold the information requested on the basis of the exemption at section 24(1) FOIA (national security). 3. No steps are required. Request and response 4. The complainant submitted a request for information to the public authority on 14 August 2015 in the following terms: I would like to request the following information. The make and model of any portable device laptop, tablet, phone or other similar device used by the following individuals to connect to government systems or networks. In addition, confirmation of whether the device is government issue, or whether the individual is using their own device to connect to the network. 1

I believe that this information must be held centrally, as otherwise the Cabinet Office would not be operating a coherent information security policy, or bring your own device policy. If it cannot confirm the nature and status of the devices these individuals are using, and whether they are government issue or held personally, it would be almost impossible for the Cabinet Office to operate effective network security. The individuals are as follows David Cameron Oliver Letwin Matthew Hancock Chris Grayling Rob Wilson John Penrose Lord Bridges of Headley Robert Halfon Richard Heaton Sir Jeremy Heywood John Manzoni Philip Rycroft Simon Case Oliver Robbins Antonia Romeo Sue Gray Sir Kim Darroch Jon Day Chris Martin Julian Miller 2

Bill Crothers Guy Lester Crystal Akass Ruth Bailey Mark Sweeney Alex Aiken Ian Davis Sir Ian Cheshire Amy Stirling Matt James Please be aware that all of these individuals are named on the Cabinet Office website. 5. The public authority issued its response to the request on 9 October 2015. It confirmed that it held the information requested. It however explained that it considered the information held exempt from disclosure on the basis of the exemptions at sections 24(1), 31(1)(a) and 38(1)(a) and (b) FOIA. The public authority also provided the following explanation by way of clarification: Please note that all IT equipment in use by Ministers or Cabinet Office staff is issued by the Cabinet Office IT team in line with strict controls governing the allocation and use of information technology equipment. The Cabinet Office does not allow personal equipment to be connected to official systems and such equipment is not able to be connected to Cabinet Office IT Networks. 6. The complainant requested an internal review on 16 October 2015 in which he disputed that the public authority was entitled to rely on the exemptions cited. 7. The public authority wrote back to the complainant on 11 May 2016 with details of the outcome of the internal review. The review upheld the original decision. The Commissioner has commented on the delay in issuing the internal review further below in the Other Matters section. 3

Scope of the case 8. The complainant contacted the Commissioner on 1 April 2016 1 in order to complain about the public authority s decision to rely on the exemptions at sections 24(1), 31(1)(a) and 38(1)(a) and (b) to withhold the information held within the scope of his request. He explained that he had chased the public authority for a decision in respect of his internal review request and had not received a response. He therefore asked the Commissioner to proceed to an investigation on the application of the exemptions. He provided the Commissioner with a copy of the submissions he originally sent to the public authority to support his view that the withheld information was not exempt from disclosure under FOIA. The Commissioner has referred to some of these submissions at the relevant parts of her analysis below. Reasons for decision Section 24(1) Is the exemption engaged? 9. Section 24(1) states: Information which does not fall within section 23(1) 2 is exempt information if exemption from section 1(1)(b) 3 is required for the purpose of safeguarding national security. Public authority s submissions 10. The public authority considers that disclosure of the make and model of the devices used within the authority by senior individuals in sensitive roles significantly increases the ability of hackers to hack IT systems. It argued that if its IT system was compromised as a result of the 1 This was prior to receiving the outcome of the internal review. 2 The exemption contained at section 23(1) FOIA which applies to information supplied by, or relating to, bodies dealing with security matters. 3 The general right of applicants to have information requested from a public authority disclosed to them. 4

disclosure this could pose a national security risk. Disclosure, it argued, would make the job of any person with such criminal intent significantly easier, allowing them to target devices of interest more quickly and tailor/rehearse approaches accordingly. Complainant s submissions 11. The complainant pointed out that many of the individuals, particularly David Cameron and Oliver Letwin have been photographed using their mobiles and routinely use them in public. Therefore, he did not consider that the exemptions cited could possibly be maintained in light of the fact that the devices in question are routinely used in public places by individuals who are likely to be photographed. He argued that if awareness of which mobile phone the individuals used would jeopardise national security, none of the individuals would be able to use their mobile phone in a public place. 12. He has also submitted that the public authority did not put forward any evidence to support the assertion that disclosure would significantly increase the likelihood of hacking or theft. Commissioner s findings as to whether the exemption is engaged 13. In broad terms section 24(1) allows a public authority not to disclose information if it considers releasing the information would make the UK or its citizens more vulnerable to a national security threat. There is no definition of national security. However, the Commissioner is guided by the Information Tribunal s 4 interpretation of the House of Lords observations in relation to the meaning of national security in Secretary of State for the Home Department v Rehman [2001] UKHL 47. The Tribunal summarised the Lords observations as follows: National security means the security of the UK and its people. The interests of national security are not limited to actions by an individual which are targeted at the UK, its system of government or its people. The protection of democracy and the legal and constitutional systems of the state are part of national security as well as military defence. 4 In Norman Baker v the Information Commissioner and the Cabinet Office EA/2006/0045 5

Action against a foreign state may be capable indirectly of affecting the security of the UK. Reciprocal cooperation between the UK and other States in combating international terrorism is capable of promoting the UK s national security. 14. The exemption applies where withholding the information requested is required for the purposes of safeguarding national security. The Commissioner considers this to mean that the exemption can be applied where it is reasonably necessary to in order to safeguard national security. However, it is not sufficient for the information sought simply to relate to national security. In the Commissioner s view, there must be a clear basis for arguing that disclosure would have an adverse effect on national security. 15. This however does not mean that it is necessary to demonstrate that disclosing the requested information would lead to a direct or immediate threat to the UK. Support for this approach is taken from the Rehman case especially from the following observation by Lord Lynn: To require the matters in question to be capable of resulting directly in a threat to national security limits too tightly the discretion of the executive in deciding how the interests of the state, including not merely military defence but democracy, the legal and constitutional systems of the state need to be protected. I accept that there must be a real possibility of an adverse effect on the United Kingdom for what is done by the individual under inquiry but I do not accept that it has to be direct or immediate. 16. The Commissioner also recognises that those with criminal intent (including terrorists) against the UK and its people can be highly motivated and may go to great lengths to gather intelligence. This means there may be grounds for withholding seemingly harmless information on the basis that it could be useful when pieced together with other information. 17. It is self-evident that disclosing the make and model of the portable devices requested would increase their chances of being hacked. The fact that the devices in question are those specifically used by very senior officials including the then Prime Minister no doubt makes them a target for those that would like to access sensitive official information including information relating to the security of the UK s institutions and its people. 6

18. The fact that some of the individuals may have been photographed in public using their mobile phones does not significantly diminish the chances of their devices being hacked should the public authority disclose the information requested. Clearly, officials at such a very senior level recognise that they could be photographed using a mobile phone in public and there will therefore no doubt be measures in place to ensure that the IT system of the public authority is not compromised as a result. This may include using a different phone or other means of communication when required. However, even a mobile phone that has been used in public by these very senior officials in sensitive roles will be a target for hackers simply by virtue of the profile of the individuals to whom they belong. The fact that they may have been photographed using a mobile phone in public does not make the withheld information less useful to a potential hacker. It is important to note also that the request was for the make and model of a range of portable devices including mobile phones. Revealing the exact make and model of these devices would make the job of a potential hacker easier and increase the chances of compromising national security. 19. As mentioned, the public authority is not required to show that disclosing the withheld information would lead to a direct or immediate threat to the UK. It is sufficient that there is a real possibility disclosure would have an adverse effect on the security of the UK and its people. Given the well documented activities of hackers, there is no doubt in the Commissioner s mind that there is a real possibility that disclosing the withheld information would have an adverse effect on national security. The exemption is therefore reasonably necessary in the circumstances to safeguard national security. Public interest test 20. The exemption is however subject to the public interest test set out in section 2(2)(b) FOIA. The Commissioner has therefore also considered whether in all the circumstances of this case, the public interest in maintaining the exemption outweighs the public interest in disclosing the withheld information. 21. The public authority acknowledged that there is a general public interest in openness in government, and recognised that this would increase trust in and engagement with the government. It however submitted that there is a very strong public interest in safeguarding national security which can only be overridden in exceptional circumstances. It concluded that there were no exceptional circumstances which necessitate the disclosure of the withheld information in the public interest. 7

Balance of the public interest arguments 22. The Commissioner considers that disclosure of official information will generally always enhance the public interest in transparency and accountability. There will however always be a significant public interest in safeguarding national security. Disclosing the withheld information which would aid those intent on causing harm to the UK, its people and interests is not in the public interest. Moreover, there is a significant public interest in not placing such information in the public domain, and very little public interest in doing so. 23. She has therefore concluded that on balance, in all the circumstances of the case, the public interest in maintaining the exemption outweighs the public interest in disclosing the withheld information. 24. The Commissioner has not considered the application of the remaining exemptions in light of her decision above. Procedural matters 25. By virtue of section 10(1) FOIA, a public authority is required to respond to an applicant s request for information within 20 working days. 26. The Commissioner therefore finds the public authority in breach of this provision for failing to issue its response to the complainant within 20 working days. Other Matters 27. Although there is no statutory time limit for a public authority to complete its internal review, as a matter of good practice, the Commissioner expects internal reviews to take no longer than 20 working days and 40 working days in exceptional circumstances. 28. The Commissioner is concerned at the extremely lengthy delay by the public authority in issuing an internal review in this case. Although the Commissioner cannot conceive of any justification for such a lengthy delay, she notes that the public authority has not even sought to provide one and that is also extremely concerning. 8

Right of appeal 29. Either party has the right to appeal against this decision notice to the First-tier Tribunal (Information Rights). Information about the appeals process may be obtained from: First-tier Tribunal (Information Rights) GRC & GRP Tribunals, PO Box 9300, LEICESTER, LE1 8DJ Tel: 0300 1234504 Fax: 0870 739 5836 Email: GRC@hmcts.gsi.gov.uk Website: www.justice.gov.uk/tribunals/general-regulatorychamber 30. If you wish to appeal against a decision notice, you can obtain information on how to appeal along with the relevant forms from the Information Tribunal website. 31. Any Notice of Appeal should be served on the Tribunal within 28 (calendar) days of the date on which this decision notice is sent. Signed Gerrard Tracey Principal Advisor Information Commissioner s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF 9

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback