MPs shown 'email evidence' of wider NotW snooping

'One bad apple' defence wormed into


A committee of MPs was presented evidence on Tuesday that several News of the World journalists were involved in illegal mobile phone hacks, piling further pressure on News International which maintains that only one rogue reporter was involved.

Appearing before the Commons committee on culture, media and sport, Guardian reporter Nick Davies produced copies of email correspondence that implicated two senior journalists and a junior reporter in commissioning hacks on the voicemail inboxes of celebrities, politicians and UK sportspeople.

News International insists that only its former royal editor, Clive Goodman, had used hacking and other criminal tactics to hunt for dirt on celebrities. Goodman was jailed for four months in January 2007 over hacking into the voicemail of royal aides. His private investigator accomplice, Glenn Mulcaire, was jailed for six months.

Last week it emerged that Gordon Taylor, chief executive of the Professional Footballers Association, received £700k when he sued for breach of privacy after it emerged during the original trial that Goodman and Mulcaire had hacked into his mobile phone. Details of the settlement were kept secret until a Guardian exclusive reignited the whole controversy.

The police declined to re-open the case after deciding that The Guardian had uncovered no fresh evidence, while News International waited until Friday to issue a statement saying the Guardian's investigation was wrong on a number of points; in particular that as many as 3,000 mobile phones had been hacked, and its assertion that many News of the World reporters engaged in commissioning hacking and other illegal practices.

The Guardian was therefore under pressure to defend its reporting of the story before MPs on Tuesday. The Guardian's Nick Davies responded to this pressure by giving MPs what he said are copies of an email between a junior reporter and Mulcaire, the PI turned convicted hacker, from June 2005. The email contained a transcript of 35 voicemail messages from the mobile phone of Taylor and Jo Armstrong, a lawyer at the footballers' union, who (it emerged on Tuesday) also received a payout from the NotW.

The email described the message as a transcript of voicemail messages for the benefit of Neville Thurlbeck, the NotW's chief reporter at the time.

MPS were also presented with copies of what was said to be a February 2005 contract between the NotW and Mulcaire (using an alias), promising a £7,000 bonus if the PI helps deliver a planned story about Taylor. The contract was signed by NotW assistant editor Greg Miskiw and Mulcaire.

Redacted copies of the documents, and phone messages, can be found here.

Davies said he had the names of 27 NotW journalists and four from the Sun who used a private investigator. Some of this might be to do legitimate work or legal searches of the electoral register, for example, but the implication was that quite a bit of it wasn't.

Davies accused the NotW of covering up the extent to which illegal practices were illegal at the paper. "It is hard to resist the conclusion that [News International] have consistently admitted only what has been dragged into the public domain and is indisputable," he said.

Alan Rusbridger, editor of The Guardian, also testified before MPs, alleging that the NotW has known of the involvement of senior journalists in the scandal for at least a year but failed to inform either the Press Complaints Commission or MPs. The Taylor case undermines the NotW's "rotten apple defence", he added.

Rusbridger said the paper wasn't trying to start a campaign or obtain the resignation of anyone implicated in the scandal.

The testimony of Guardian journalists landed a few punches, and posed a few awkward questions about supervision and the role of senior editors for the NotW without delivering a killer knockout.

News of the World editor Colin Myler and an in-house lawyer are due to testify before MPs next Tuesday. A combative performance is likely.

Tuesday's hearing also featured testimony from Press Complaints Commission boss, Tim Toulmin, who defended its handling of the case, and of self-regulation. During a defensive performance, Toulmin was pressed to investigate a Private Eye story alleging Mulcaire was paid £200,000 by the NotW after his conviction in order to buy his silence.

Toulmin was also asked about whether the number of journalists said to have commissioned private eyes to hack into phones or snoop on confidential records was new, a question he referred to the Information Commissioner. He confirmed that he'd not been told about the Taylor settlement.

Meanwhile, the Home Office has reportedly questioned Scotland Yard's decision not to reopen the investigation, following allegations that 27 other News International reporters had commissioned private investigators to carry out tasks, some of which might have been illegal. Scotland Yard's assistant commissioner John Yates replied that he had only looked into the facts of the original inquiry in Goodman, an answer that the Guardian suggests may not satisfy the Home Office. ®

Similar topics


Other stories you might like

  • India extends deadline for compliance with infosec logging rules by 90 days
    Helpfully announced extension on deadline day

    Updated India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday.

    The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations.

    The Directions were roundly criticized by tech lobby groups that pointed out requirements such as compelling clouds to store logs of customers' activities was futile, since clouds don't log what goes on inside resources rented by their customers. VPN providers quit India and moved their servers offshore, citing the impossibility of storing user logs when their entire business model rests on not logging user activities. VPN operators going offshore means India's government is therefore less able to influence such outfits.

    Continue reading
  • America edges closer to a federal data privacy law, not that anyone can agree on it
    What do we want? Safeguards on information! How do we want it? Er, someone help!

    American lawmakers held a hearing on Tuesday to discuss a proposed federal information privacy bill that many want yet few believe will be approved in its current form.

    The hearing, dubbed "Protecting America's Consumers: Bipartisan Legislation to Strengthen Data Privacy and Security," was overseen by the House Subcommittee on Consumer Protection and Commerce of the Committee on Energy and Commerce.

    Therein, legislators and various concerned parties opined on the American Data Privacy and Protection Act (ADPPA) [PDF], proposed by Senator Roger Wicker (R-MS) and Representatives Frank Pallone (D-NJ) and Cathy McMorris Rodgers (R-WA).

    Continue reading
  • Another VPN quits India, as government proposes social media censorship powers
    New Delhi now fighting criticism of eroding free speech and privacy with two proposed regulations

    India's tech-related policies continue to create controversy, with fresh objections raised to a pair of proposed regulation packages.

    One of those regulations is the infosec reporting and logging requirements introduced by India's Computer Emergency Response Team (CERT-In) in late April. That package requires VPN, cloud, and numerous other IT services providers to collect customers' personal information and log their activity, then surrender that info to Indian authorities on demand. One VPN provider, ExpressVPN, last week quit India on grounds that its local servers are designed not to record any logs so compliance would be impossible. ExpressVPN will soon route customers' traffic outside India.

    On Tuesday, another VPN – Surfshark – announced it would do likewise.

    Continue reading

Biting the hand that feeds IT © 1998–2022