The Mail on Sunday has published a misleading article about the data protection scandal of the MI5 email subscription list for Terror Alert Status changes and MI5 website news updates, launched with so much hype on Tuesday, and which Spy Blog was embarrassed to discover was so unnecessarily insecure.
See: "MI5 e-mail alert sign up shambles - all email subscription web forms sent to the USA, without encryption"
N.B.. There have been lots of media and blog stories claiming that the system sends out "terror alerts", implying specific terrorist threat warnings, but that is simply not the case.
MI5 terror alert blunder sends private data to US mailshot firm
By JASON LEWIS - Last updated at 21:02pm on 13th January 2007
The Mail on Sunday article did not bother to try to contact Spy Blog for any comments, instead preferring to use the phrase "The Mail on Sunday can reveal..."
However, in their interview with David Geller, the president of the US firm WhatCounts Inc, which they also publish photos of David Geller and his wife, and they make a point about saying that she is Iranian, mention their young child and their home town and style of house where they live !
They also imply that his company has links with the CIA, simply because it does work for the Voice of America radio station. The same could be said of any company which does business with the BBC World Service.
The claim that Mrs. Geller (who is specifically named by the Mail on Sunday)
a public relations executive, describes her interests as Iran, travel and cooking and gives her home town as Tehran.
obviously comes from web surfing her online digital photography albums on the Flickr website.
There is no suggestion that the Gellers have any links to the Iranian regime which has been named as part of the axis of evil by President Bush for its sponsorship of international terrorism.
There simply was no such suggestion until the Mail on Sunday just made it !
In what way are those personal family details at all relevant to a story, in which WhatCounts.com is no longer really involved, since, as of Friday evening, the MI5 system has been changed, as we reported, in our previous blog article "MI5 e-mail list subscriptions now more secure than at launch"
This would have been obvious from any Google search engine or other online news aggregator check, before the Mail on Sunday went to press on Saturday.
David Geller did not know that his systems were being used for the MI5 e-mail subscriptions by one of his UK customer's MailTrack Ltd, until Thursday afternoon our time (Seattle is GMT +8 hours).
MailTrack Ltd has denied having a contract with MI5 and did not design the e-mail subscription forms or scripts.
Whitehall sources said the MI5 system had been set up by an unnamed firm which was responsible for running its website. That firm had hired London-based Mailtrack, another direct marketing firm, to run the system. Mailtrack outsourced the work to Whatcounts.
Why is the Mail on Sunday not tracking down photos of the wife of the British bureaucrat or Special Political Advisor or Spin Ddoctor or Politician, who sanctioned the rushed job to announce the launch of this MI5 e-mail subscription service.
Why exactly did it need to hyped up on Monday and launched on Tuesday ? Was it to help "bury" other news ?
Will the Information Commissioner look into this Data Protection scandal ?
Will the Intelligence and Security Committee, who were the ones pressing for the establishment of such a Terror Threat Level system, investigate this affair ?
Will the Opposition parties press the Home Secretary John Reid for a statement ?
Nobody from the UK Government appears to have contacted David Geller about what to do with the email subscription data and various logfiles, which WhatCounts.com holds on its servers from, whoever signed up between Tuesday and Friday.
It is too easy to blame a low level technician or sub-contractor for an error, which is indicative of a lack of managerial knowledge and control. by senior people.
What proof is there that the existing Information Assurance systems which are in place, are being used properly, and are not being circumvented for political and media spin purposes, to ensure that this sort of error does not happen again ?
This is important for the current scheme which is in limbo, awaiting manual approval of email subscriptions, or a whole new system to be deployed.
Until the UK Government can re-establish their loss of credibility and trust in regard to this relatively simple system, and it is seen to be working properly and securely, there should be no more talk of extending the idea to mobile phone text messages, or to more targeted actual tactical terrorist alert messages.