Wednesday, 3 February 2010

Security company axed after leak of MPs’ expenses files

By Jason Lewis

John Wick

Key Man: Former SAS officer John Wick, who sold MPs' expenses files

A security firm responsible for guarding some of Britain’s most sensitive Government documents, including the two Iraq War dossiers, has been axed following the damaging leak of the MPs’ expenses files.

The move comes after a long-running internal investigation into who released the damaging material which led to Ministerial resignations and a police fraud inquiry.

Security company SLS Limited – which employs Royal Marines on leave from the Navy who have Ministry of Defence security clearance to carry out guard duties – oversaw the MPs’ expenses project.

But it was told its contract was not being renewed shortly after John Wick, the former SAS officer, sold the MPs’ expenses files to the Press.

It is understood the firm is considering legal action over the move and sources close to the investigation say they have been used as ‘a scapegoat’.

But the affair raises major concerns about the handing of sensitive material by Parliament and The Stationery Office (TSO) – the privatised firm employed to print all Government material.

It is understood that SLS Limited warned TSO bosses that the MPs’ expenses documents were not being sufficiently protected months before they were leaked.

Its advice for Whitehall to classify the material as ‘secret’, ‘restricted’ or even ‘confidential’ was ignored.

Following the decision, The Mail on Sunday has discovered there were a string of security blunders at the TSO. They include:

  • CCTV cameras monitoring comings and goings in the secure room where the expenses data was handled were wiped every 28 days.
  • Claims the ‘back-up’ portable hard drive containing all the MPs’ scanned expenses records was left out on a desk for a number of days after the operation had been closed down for the Christmas break.
  • A TSO manager mistakenly took home overnight the keys to the security cabinet where the back-up hard drive, back-up tapes and passwords were kept – breaking security rules.
  • TSO managers ordered staff to work over weekends even though there was no security team on duty to prevent the MPs’ records being copied.

In June 2008 – at the start of the project – SLS warned the TSO the decision not to classify the MPs’ expenses paperwork as secret or confidential left it open to a theft, especially as it was to be scanned in and stored electronically.

Documents obtained by The Mail on Sunday show SLS boss Terence Steans wrote to the Government printer’s head of security, warning: ‘Protectively marking this information seems like common sense...as it is clearly very sensitive (and) contains personal data of individuals within the Government and every member of the House.’

He added: ‘Who can say just what the impact of a leak would be...’

But TSO officials and Parliament ignored the warning and only used specialist security when staff were working with the material.

It is understood the expenses paperwork was regarded as ‘personal information’ and could not be given a Government security caveat.

The TSO paid for security when staff were scanning the MPs’ receipts into the system and making redactions ordered by Parliament to remove sensitive financial information from the records they intended to publish.

Outside office hours the material was overseen by two security guards on contract to the TSO. The guards kept the keys to the two locked cabinets used to store the material.

MPs' expenses scandal

How the Mail on Sunday reported the expenses scandal

SLS had recommended that the expenses data should be protected using the Cabinet Office standard for all classified documents and that there should have been round-the-clock security.

The rules would also have allowed the TSO and Parliament to call in MI5 to investigate if a leak occurred.

But implementing the procedures would have been very expensive.

When the project began a team of Royal Marine commandos from SLS controlled all access to the two secure rooms being used to scan and edit the MPs’ expenses files.

All staff entering and leaving were logged in and out and body searched. But outside office hours there was no specialist security in place.

The biggest alleged security breach came in November 2008 when the office was locked up for Christmas.

A senior official who had been on sick leave returned to work. During a check of the secure rooms he discovered the back-up hard drive – which contained a complete record of all the MPs’ expenses in an unredacted form – left unguarded on a desk.

It would have been a simple task to connect the hard drive – which had no encryption or passwords – to a laptop computer and copy all the data.

Sources close to the TSO denied it was responsible for leaking the material and said an internal investigation had found no evidence of wrong-doing.

They confirmed CCTV footage monitoring the secure rooms where the work was carried out was wiped after 28 days but that all footage recorded immediately before the material was leaked was ‘secure’.

The source denied that work was done on the the MPs’ material when no security was in place but confirmed that on ‘one occasion a trusted senior manager’ had been allowed to work alone to meet a deadline.

The source said: ‘There has been a full examination of the system and the TSO is confident the breach that led to the leak of the MPs’ data did not occur while it was in the possession of the TSO.’

SLS Limited refused to discuss the affair and its axeing. It said: ‘We cannot discuss this matter due to client confidentiality.’

The House of Commons confirmed its own investigation was continuing.

The TSO said: ‘We do not comment on security matters.’