Monday, 16 January 2012

Computer Hacking at The Times?

Tucked away in the written evidence of News International's Interim Legal Director Simon Toms to the Leveson Inquiry was this fascinating revelation, which seems not to have been picked up by any of the mainstream media other than the Press Gazette:

Question Explain whether you, or The Times, The Sunday Times, The Sun or The News of the World (to the best of your knowledge) ever used or commissioned anyone who used ’computer hacking’ in order to source stories, or for any reason.

Answer I am not aware that any NI title has ever used or commissioned anyone who used "computer hacking" in order to source stories. I have been made aware of one instance on The Times in 2009 which I understand may have involved a journalist attempting to access information in this way. However, I also understand that this was an act of the journalist and was not authorised by TNL. As such, I understand it resulted in the journalist concerned being disciplined.

How very interesting.

[17.1.12 This has now been followed up by Paul Waugh at Politics Home and Fleet Street Blues.]

17 January 2012 - further witness evidence from Leveson

First witness statement of Thomas Mockridge, CEO of News International:

20. Have you, or The Times, The Sunday Times, The Sun or The News of the World (to the best of your knowledge)ever used or commissioned anyone who used "computer hacking" in order to source stories, or for any other reason?

20.1 As with my answer to question 12 above, I shall restrict my response to this question to my knowledge of The Times, The Sunday Times and The Sun.

20.2 Neither I nor, to the best of my knowledge, The Sunday Times or The Sun has ever used or commissioned anyone who used "computer hacking" in order to source stories or for any other reason. In relation to The Times, I am aware of an incident in 2009 where there was a suspicion that a reporter on The Times might have gained unauthorised access to a computer, although the reporter in question denied it. I understand that that person was given a formal written warning as a result and that they were subsequently dismissed following an unrelated incident.

Corrected to an extent by his second witness statement:

At paragraph 20.2 of my first witness statement of referred to a reporter at The Times who might have gained unauthorised access to a computer in 2009. At the date of my first witness statement, it was my understanding that the reporter in question had denied gaining such access. Following further enquiries, I now understand that the reporter in fact admitted the conduct during disciplinary proceedings, although he claimed that he was acting in the public interest. The journalist was disciplined as result, he was later dismissed from the business for an unrelated matter.

From witness statement of James Harding, Editor of The Times:

19. The Times has never used or commissioned anyone who used computer hacking to source stories. There was an incident where the newsroom was concerned that a reporter had gained unauthorised access to an email account. When it was brought to my attention, the joumalist faced disciplinary action. The reporter believed he was seeking to gain information in the public interest but we took the view he had fallen short of what was expected of a Times journalist. He was issued with a formal written warning for professional misconduct.

So, we now know that:

- the incident was in 2009;
- the reporter was male ("he");
- the computer hacking was in the form of unauthorised access to an email account;
- a disciplinary process was commenced after concerns from the newsroom;
- the reporter admitted the unauthorised access during the disciplinary process;
- the incident was held to be "professional misconduct" and the reporter was disciplined;
- the reporter is no longer with the business having been dismissed on an unrelated matter.


No purely anonymous comments will be published; always use a name for ease of reference by other commenters.


Carl Upshur said...

Out of interest, if the journalist/lawyers told the High Court he had been able to find the information by a process of deduction and detective work, mainly using information available on the Internet, but had hacked it instead, would there be any legal ramifications now?

rjh01 said...

I should hope that computer hacking should be very rare. If it does happen then they should deny it. Otherwise people might take sensible precautions against being hacked, thus stopping the hacking taking place.

jan frank said...

Well, I think some learned friend might like to explain exactly what is meant by the vague term "computer hacking".

Do they mean intercepting and reading a person's e-mails without their consent? Do they mean copying files from their hard disk without their consent? Or perhaps copying a list of contacts from their e-mail program. There are all sorts of possibilities, and I think that a bit of probing by someone who knows a lot about "computer hacking" might have elicited a less vague denial.

Phil Alexander said...

I'd like to reiterate what Jan Frank has said - the term "computer hacking" is terminally vague (pun intended), and could cover a range of activities from the fairly innocent to the really rather nasty.

There is also the matter of intent: some things that are termed "hacking" by the non-techie press are nothing of the kind - e.g. opportunistic reading of emails when a user has naively omitted to log out. However, it's getting far easier for the non-technical to deploy their own spyware, and this sort of technique employed by an unscrupulous journalist would be far more worrying.

Andy J said...

I suggest a good starting point for those interested in what constitutes 'computing hacking' would be the Computer Misuse Act 1990. The term isn't used in the Act but the proscribed activities are.

Matthew said...

Firstly to Phil Alexander, I can't really imagine anything that would be called computer hacking also being able to be called "fairly innocent".

Secondly, if taken a face value, this case is almost an exemplar of proper procedure. A journalist did something they believed was in the public interest, others had concerns and the systems in place resulted in formal discipline.

The only concern, then, is if this is another "one rogue reporter" situation, however there are some significant differences to that, most notably that it doesn't appear to have required any external pressure for this disciplinary action to come about. They do appear to be self-regulating on this occasion.

Unknown said...

You would of course, from previous News International group excuses suspect that there was a "One rogue reporter" move occurring.

It could be argued that their acting ahead of time suggests innocence, but judging from what was happening in other parts of the group at the same time, It may be that having seen how the initial strategy of denial failed so badly in the NOTW, then it needed altering or fine tuning when evidence of another part of the organisation had somewhat similar problems.

We could do with more details as to what and how was the email hacked there are basically four ways that this can be done. firstly it can be removed directly from the persons desktop, secondly it could be removed from the individual ISP or employers mail server,Thirdly it can be grabbed from employer or ISPs junkmail filters, and finally it can be grabbed in passing from network infrastructure. each of these approaches would require a different level of technical skill, or a different person to be slipped money to.

Anonymous said...

Odd isn't it. The Guardian have now published it suggesting it was Nightjack (surprise surprise ;-)

Either Foster was able to deduce the identity of the "mystery blogger" entirely independently - in which case the hacking was simply a criminal act - or he required the hacking in order to deduce the identity of the "mystery blogger" - in which case the basis of a libel case where the the Times were able to convince Nighjack's legal team that the "mystery blogger" was unmasked by deduction alone - would be a lie to some extent or another.

Or have I misunderstood something?


Anonymous said...

Over on Inspector Gadget it's understood that the victim was 'Nightjack', who blogged about police work, and who suffered from the consequences.

The editor may have disciplined the journo, but the story ran anyway.


Phil Alexander said...

>Firstly to Phil Alexander, I can't really imagine anything that would
> be called computer hacking also being able to be called "fairly innocent".
Really? I've seen two activities described as "hacking" in articles that I'd consider "fairly innocent": one turned out to be sitting at a PC already logged in (without the user's knowledge); the other was reading another user's files on a shared network drive.
Neither of these would fit my personal definition of "hacking", one didn't even contravene the Computer Misuse Act, yet both were described as hacking by journalists. Which is kind of my point: press reports of "hacking" can be pretty much anything.