Government denies withholding encrypted e-mails – but messages still not released
The Government has denied it withheld encrypted e-mails from the public about a taxpayer-funded payout of almost a quarter of a million dollars to protesters who shut down Parliament.
But it did not release the messages yesterday nor did it give any indication that it planned to do so.
A spokeswoman did not answer questions about whether the e-mails from a former high-ranking civil servant at the Ministry of National Security would be decrypted and considered for potential release under public access to information legislation, after an internal review found they should have been.
The spokeswoman insisted encrypted e-mails from permanent secretaries to Cabinet ministers served “as a secure, protective measure” when sensitive information was involved.
The e-mails were identified by the national security ministry’s Pati officer after The Royal Gazette submitted a Pati request for all communications concerning payouts from the public purse made to 28 protesters who were pepper-sprayed by police during the December 2, 2016 demonstration outside Parliament.
Twenty three of the protesters later sued the Police Complaints Authority for damages and the matter was settled with a $225,000 payout in February 2019 after David Burt, the Premier, told two Cabinet ministers he wanted a "definitive resolution“ to the civil lawsuit.
Mr Burt, when Opposition leader, was one of the organisers of the protest which saw the House of Assembly blockaded and MPs unable to debate new airport legislation.
The national security ministry released hundreds of pages of records to the Gazette in February but an internal review of its response to the Pati request found that not all the records were properly processed.
Chris Farrow, who is now permanent secretary at the ministry and conducted the review, told the Gazette: “There were 5,129 encrypted e-mails of a former permanent secretary that the [ministry’s Pati] officer could not open and access as neither she nor the Department of Information and Digital Technologies have an encryption key that would allow the records to be opened,” he wrote.
“As such, the officer could not determine if they were relevant records that could be released in whole or part or were exempt records.”
Mr Farrow said: “The only way to access these records would be for one of the two parties to the e-mail, opening and printing off each record.
“The [ministry’s Pati] officer did not make inquiries in this regards to the parties and I find she should have done so.”
The revelation prompted Opposition leader Cole Simons to question why the e-mails were encrypted and to call for “clearly defined regulations or protocols with regards to the use of encrypted information to ensure that if it is used regularly, it doesn’t compromise transparency”.
The government spokeswoman said: “While encrypted e-mails are not exempt under the Pati Act, it should be noted that this particular Pati request has already resulted in a significant number of documents already being shared with the requester – several hundred pages of documents in fact.
“This resulted in considerable time being spent by public officers to research these records.”
She said: “As it relates to e-mail encryption, modern best practice in large organisations dictates that where sensitive information is handled, the use of encryption is a required security feature. This is the case with the Government of Bermuda.
“As principal and senior policy advisers, encrypted e-mails from permanent secretaries to ministers serve as a secure, protective measure.”
The spokeswoman said encryption was a security feature which was "critically important“ in the ”current climate of cyberattacks“.
She added: “ … given the real and escalating threat of cyberattacks globally on information systems, the Department of Information and Digital Technology facilitates an encryption capability on key e-mail accounts that, if compromised, could pose a significant risk to the Government, particularly with national security and financial entities.”
The spokeswoman claimed the Gazette’s story on Wednesday about the encrypted e-mails was “regrettably at complete variance with the facts”, insisting that no e-mails or other documents were withheld due to encryption.
But she did not respond when asked if the e-mails would now be decrypted, reviewed and, where appropriate, released or what the expected time frame was for that process.
She also did not share the Government’s policy on encryption for civil servants and ministers, as requested.