The Matt Hancock CCTV footage leak – why it’s right for the ICO to investigate

Graham Cluley
@gcluley

The Matt Hancock CCTV footage leak - why it's right for the ICO to investigate

At the end of last month, The Sun newspaper had quite the scoop. Pictures (and – later released – video footage) of UK Health Secretary snogging Gina Coladangelo, a non-executive director in Hancock’s government department.

Both Hancock and Coladangelo are married to other people, and they were quite clearly not following COVID-19 social distancing guidelines that Hancock had insisted the public should follow.

Clearly a juicy story for a British tabloid owned by Rupert Mudoch to get its teeth into, and The Sun breathlessly detailed how Hancock and Coladangelo had been “caught on camera in a steamy clinch.”

Camera? Yes. The images appeared to have been captured by a ceiling-mounted CCTV device in Hancock’s office.

A few days later, amid the furore, Hancock resigned.

But it felt to me like there were still important questions to be answered about how CCTV images from inside the UK government fell into the hands of the Murdoch press, even if the Prime Minister’s office wanted to move on

Imagine you run a newspaper, and you don’t want politicians to push you around. It may be to your paper’s advantage if politicians believe you might have access to security CCTV footage from inside the government.

Snapshots of indiscretions or embarrassing meetings can be kept for months or years by a paper, waiting for the right time to release them to cause maximum damage to a politician or their party.

It doesn’t have to be the footage itself, it might just be a smartphone photo of a CCTV monitor. It’s the kind of thing you can imagine an opportunistic worker who handles CCTV footage capturing, either to share with their friends for a laugh, to expose hypocrisy, or to make a quick buck.

An embarrassing photo could be enough to make headlines, and subvert what normally might have been the day’s news agenda.

Clearly, in this case, the photos could be very awkward for the people involved, and upsetting to their partners and children. Which means that even if not published in the newspapers, the potential for blackmail exists.

If newspapers can get hold of such images, why couldn’t others? If enough money was offered, it’s imaginable CCTV footage could reach a foreign power, keen to collect kompromat in order to exert influence.

Sign up to our newsletter
Security news, advice, and tips.

CCTV is covered by the Data Protection Act in the UK, which means that proper care should be taken to inform individuals that they are being recorded in the workplace and that tight controls are in place as to who can see any recordings.

Clearly there has been a failure in security when it comes to protecting the UK government’s CCTV footage, if it ended up in the laps of reporters at The Sun.

Whether that can be justified as “whistleblowing” in this particular case or not is up for greater legal minds to decide than mine, but at the very least I think a breach needs to be investigated – rather than swept under the carpet.

And it seems I was right last month to suggest that the Information Commissioner’s Office (ICO) should investigate what was (regardless of your political persuasion) undoubtedly a data breach.

Yesterday, ICO teams raided two residential properties in the south of England, seizing Personal computer equipment and electronic devices as part of an official investigation.

I’m sure I’ll get some folks saying that it’s a good thing that Hancock’s hypocrisy should be called out, especially if COVID-19 guidelines were breached. And I agree, it’s a good thing that Hancock and Coladangelo are no longer employed by the Department of Health.

I’m just not comfortable with the idea that journalists managed to gain access to CCTV footage quite so easily. If it was that easy, it could happen again and again. And maybe next time a breach could have more serious consequences.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 comments on “The Matt Hancock CCTV footage leak – why it’s right for the ICO to investigate”

  1. I have to disagree Graham. This is not about 'political persuasion', it's about a whistleblower providing evidence of wrongdoing at the heart of government. Moreover, the Health Secretary who makes the rules blatantly breaking the rules. This story is patently in the public interest, and in my view is therefore a misuse of the Information Commissioner's office. I just hope there's a crowd-funding exercise to which I will happily contribute to defend this whistleblower and defend the pubic interest principle.

    1. I agree that Hancock's hypocrisy should be called out, and I'm glad he's gone.

      But I think that's a separate issue from the data breach. If it's possible for someone to leak confidential CCTV footage to the press, and therefore (presumably) leak it to anybody else then that should be investigated and measures should be put in place to make it less likely that such data breaches occcur again in future. As I describe in the article above, just imagine if blackmail-worthy material were able to fall into the hands of an enemy government, or a media organisation that has an interest in applying pressure on a particular politician.

      But Downing Street wasn't interested in investigating. If I recall correctly, Boris Johnson even considered the matter closed and didn't kick Hancock out – until he realised the media and public opinion toook a much dimmer view of what had occurred. I'll leave it to readers to decide why on earth Johnson may not want to set a precedent for senior politicians to be rebuked for hypocrisy and breaching guidelines…

      In the absence of the Tory party seeming to care about how CCTV footage could possibly leak out, I think it's a good thing that at least the ICO is looking into it. Just as most of us would want it to do if any other organisation had appeared to have been less than secure with its CCTV. My hope is that the ICO will be able to advise on how security could be improved in future, and that's surely a good thing for everyone.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.