‘Most government departments wipe phones after multiple password attempts’

The practice was brought to light amid the Greensill Capital scandal. Credit: PA

Most government departments will wipe all texts and other data from mobile phones if users enter the wrong password too many times, new research shows.

The policy was criticised by MPs investigating the Greensill lobbying scandal last year.

A series of Freedom of Information requests show that at least 14 out of 21 central government departments and authorities delete phone content after too many password attempts.

Four departments do not have that policy, one said it does not hold the information, the Ministry of Defence refused to reveal its policy, and the Northern Ireland Office could neither confirm nor deny its policy.

Critics of the policy say it could give unscrupulous public servants a way to wipe their phones and delete potential evidence of how government decisions were taken.

Jo Maugham QC, founder of the Good Law Project, said: “It’s entirely wrong for ministers and special advisers to be given de facto the option of deleting, when convenient, all records held on their phones.

“Departments have been told this is wrong by the Treasury Select Committee – and you do have to wonder why so many persist.”

The practice was highlighted last year when Treasury permanent secretary Tom Scholar was unable to share with MPs texts between himself and former prime minister David Cameron.

Mr Cameron had bombarded officials and ministers with texts and calls early in the pandemic in a bid to convince them to allow Greensill Capital to take part in government-backed emergency lending schemes.

But when Greensill collapsed, the former prime minister’s lobbying efforts were the subject of an investigation by the Treasury Select Committee.

But when MPs asked to see copies of Mr Scholar’s text messages, they were told that his phone had been wiped.

He said: “At the beginning of June last year, (the phone) had to be reset because, under government security as applies to mobile phones, if the password is incorrectly entered more than a few times, the phone is locked, and the only way to unlock it is to reset it.

“Resetting it means that the data on it is lost. I knew that when it happened last June, and I am certainly not the only person to whom that has happened.”

In its official report, the Treasury Select Committee said: “We are concerned that it appears that government records, held on the phone of the Treasury’s permanent secretary, are subject to deletion based on lapses of his memory.

“We recommend that the government reviews its policies and use of information technology to prevent the complete deletion of government records by the misremembering of a password to a phone, given that this may be a wider problem.

“Though we have absolutely no reason to believe it in this case, the wiping of information under these kind of circumstances could have the unfortunate consequence of leading some to the suspect it to be deliberate.”

In response to a Freedom of Information request, the Treasury revealed that it had wiped 117 phones for this reason in 2020, and the Cabinet Office said it had wiped 153 phones.

The Department for Work and Pensions said that, while the same policy applies to its phones, none were wiped last year or in 2019 because their users sought help from their IT department before the phone locked permanently.

All other departments with the policy did not record how many phones have been wiped.