Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More
Top Scoops

Book Reviews | Gordon Campbell | Scoop News | Wellington Scoop | Community Scoop | Search

 

Text: Henry Report into Leak of Kitteridge GCSB Report

Text: Henry Report into Leak of Kitteridge GCSB Report

The following is an automated scan to text of David Henry's report into the Kitteridge report into the GCSB's legal compliance (PDF).

It contains multiple character errors and lacks the formatting of the released document. Please refer to the original PDF.

******

Inquiry into the unauthorised release of information relating to the GCSB compliance review report

The leak of the Kitteridge report

David Henry, 5 June 2013


lan Fletcher

Director, Government Communications Security Bureau

Wellington


Andrew Kibblewhite

Chief Executive, Department ofthe Prime Minister and Cabinet

Wellington


5 June 2013


Gentlemen


Inquiry into the leak of the Kitteridge report


Overview

Publication

On 9 April 2013 the Dominion Post newspaper published an article headed: “Secret report unveils extensive illegal spying”.

The article contained details from a report prepared by Rebecca Kitteridge (the “Kitteridge report”)_ The report reviewed the compliance systems and processes of the Government Communications and Security Bureau (the “GCSB").

At that time the Kitteridge report had not been released to the public.

Security

The report was classified as “sensitive". Prior to 9 April the production, dissemination and security of the report was tightly controlled within government.

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

Thirty-five hard copies of the final report were produced and disseminated prior to 9 April. Highly classified appendices were handled on an even more restricted basis.

Version leaked

The Dominion Post newspaper reporter who wrote the article of 9 April (‘the reporter’) was given access to the final version of the report dated 22 March 2013. lt is highly unlikely that the reporter was given access to earlier drafts of the report or to the classified appendices to the report.

Time of leak

6 The reporter gained access to the Kltteridge report sometime between 22 March and 8 April 2013 (inclusive), most likely on Monday 8 April.

This inquiry

7. This inquiry had no powers to compel people to provide information. Extensive information was provided voluntarily. Had compulsion been necessary to obtain further information in relation to public servants I would have asked for an appropriate delegation from the State Services Commissioner under the State Sector Act 1988. I did not find it necessary to do so.

8. Ministers are not public servants but with the support of the Prime Minister any information I required relating to cabinet ministers was provided to me. In the context of this inquiry that related to eleven cabinet ministers. The information I obtained from their ministerial offices and from communication records meant that it was unnecessary to interview those ministers.

Persons established as having access and contact with the reporter

9. I identified three people who had access to the Kitteridge report prior to 9 April and who had contact with the reporter. Two were public sen/ants and one was the leader of a political party suppoiting the National-led government.

10. In relation to the two public S9I'\/BUYS I have obtained all the information I required, including the content of emails exchanged with the reporter over the period 22 March to 9 April (inclusive). I have established those contacts were entirely commensurate with their official duties.

11.The third person identified was the leader of the United Future political party- the Hon Peter Dune MP. Mr Dunne had a copy of the Kitteridge report from 27 March 2013 onwards. He is a minister outside cabinet.

12.l have not obtained all the information I required from Mr Dunne. I advised him that I considered it necessary for the purpose of this inquiry to have access to the full text of 86 email exchanges between him and the reporter during the period 27 March to 9 April. Mr Dunne has declined to allow me to read those emails.

13.However, Mr Dunne has shown me an edited text of most ofthe 44 emails that he sent to the reporter during the period. That text shows that GCSB issues, including the Kitteridge report, were prominent in the email exchanges. Mr Dunne was to meet the reporter on the morning of Monday 8 April but states that he did not do so. I remain of the view that I need to have full access to all 86 emails. In the absence of permission I cannot take this matter any further.

Lessons for the future- some issues to consider

14.There are no significant lessons directly connected to this leak but there are some aspects of security mentioned in the report for you to consider, including the need for regular reinforcement of the rules on handling classified documents and, importantly, the reasons for those rules.

Introduction

15.0n the morning of Tuesday 9 April 2013 the Dominion Post newspaper published details of a review of compliance systems and processes at the GCSB. The review had been conducted by Rebecca Kitteridge, the Secretary of the Cabinet, and was summarised in a report prepared by her (the “Kitteridge report”).

16.The Kitteridge report was completed on Friday 22 March 2013 and was classified as “sensitive”. (The government’s classification system is described in Appendix 1.)

17.The report had not been publicly released at 9 April but preparations were being made to release it, together with the government’s response, in the week commencing 15 April.

18.You asked me to inquire into the unauthorised release (“the leak”) of the Kitteridge report and my inquiry was publicly announced on Monday 15 April. l was required to report by 31 May 2013.

The terms of reference

19.The terms of reference are at Appendix 2. In essence they required me to answer three questions What are the relevant facts concerning the leak?

How was the information leaked and by whom?

Are there any lessons for the future?

Preliminary evaluation

Introductory comment

20. ln order to leak the Kitteridge report the leaker must, obviously, have had access to the report. Access could have been authorized or illicit. The leaker must also have had a motive for so acting but l have not spent much time trying to identify it. The literature suggests motivation may be a complex matter.

21. I understand that in many leaks the leaker and the journalist know each other’s identity and the leaked material passes directly between them.

Which version of the report was leaked?

22.l am confident that it was the final version of 22 March 2013. Last minute changes made by Ms Kitteridge on that day are effectively reflected in the newspaper article.

23.The news article quoted extensively from the Kitteridge report. Detailed analysis shows that the reporter had access to the final version, rather than to parts of it or to earlier versions. This follows from

a. the extent to which the text is followed, and

b. a comparison of the article with both the final version and with the earlier versions of the report.

Were the cIassified appendices leaked?

24. I think not. Some of the appendices were classified as ‘secret’ and were handled separately on a very restricted basis. Had the reporter accessed them I would have expected to see the information reflected in some way in the article. There is no such reflection.

Timing of the leak

25.The news article was printed early on Tuesday 9 April and occupied the front page. Writing the article, and preparing the accompanying graphics, would have taken some hours and would have had to have been completed by the evening of 8 April. As a major scoop I think that both the writing and publication would have been given priority. On that basis I think that the reporter gained access to the report on Sunday 7 April or Monday 8 April, with the Monday being the most likely.

How it was leaked

26. It is not possible to be definitive but it is likely that the report was provided directly to the reporter by the leaker. The report could have been copied by the leaker and the copy provided to the reporter, or it could have been ‘lent’ to the reporter and returned later.

Information on the governments response

27. In addition to information culled from the Kitteridge report the newspaper article of 9 April stated: “lt is understood new legislation will be introduced to Parliament soon after the report’s release." (Emphasis added). This information was not publicly available.

Limiting the scope of the Inquiry

28. Once I had concluded that the reporter had accessed the final version of the Kitteridge report I was able to narrow my inquiries, in the main, to those people who had access to the final version of the Kitteridge report. I therefore excluded those I could establish had had access only to earlier drafts, unless there were special reasons otherwise.

29. Further references to the Kitteridge report are to the final version of 22 March 2013 (excluding the highly classified appendices).

Production and distribution of the Kitteridge report

Completion of the report

30.The Kitteridge report was completed and signed by Ms Kitteridge on Friday 22 March 2013. lt was classified as “sensitive” and held in a highly restricted electronic system at GCSB. Electronic copies were not distributed.

Friday 22 March: Initial delivery- 6 copies

31.Six hard copies were delivered by hand to the Director of the GCSB (one copy), the Chief Executive of the Department of the Prime Minister and Cabinet (DPMC, one copy), and the Prime Ministers Office (PMO, three copies, including one for the Prime Minister). Ms Kitteridge retained one copy.

Monday 25 March.' Delivery to the Cabinet Ofrice- 12 copies. Distribution to ministerial offices

32. On the morning of 25 March, twelve copies were delivered by Ms Kitteridge to the Cabinet Office so that they could be included in the papers for the next day’s meeting of the Ad Hoc Cabinet Committee on Domestic and External Security Coordination (“DES”).

33.ln the afternoon, the Cabinet Office distributed the DES papers to ministerial offices in sealed double envelopes addressed to ten minsters who were members of DES and to one other minister who had been consulted on the DES papers.

34.The envelopes were marked ‘secret’. A DES package was also delivered by mistake to a senior official in DPMC, who immediately returned it to the Cabinet Office.

Monday 25 March: Delivery to the Ofiicials Advisory Group-5 copies

35. ln the afternoon of 25 March five copies of the Kitteridge report were distributed by hand to five senior officials. Those officials were members of an ad hoc advisory group which Ms Kitteridge had convened to provide her with quality assurance as the report was drafted.

Monday 25 March: Limited distribution to officials-9 copies

36.Nine copies of the Kitteridge report were provided to nine officials in the GCSB, the Security Intelligence Sen/ice (SIS) and the PMO, the majority being provided by 27 March. Those officials were working on the government’s proposed response to the report, including preparations for the public release of the report by the Prime Minister.

37.The release was expected to take place during the week commencing 15 April, following the Prime Minister’s return from China and following a briefing of the parliamentary Intelligence and Security Committee.

Tuesday 26 March: The DES meeting

38.The meeting of DES ministers was held at noon on 26 March and was chaired by the Prime Minister. Eight ministers, including the Prime Minister, were present.

Also present were officials from GCSB, SIS, DPMC, PMO, and the Cabinet Office. Appendices to the Kitteridge report, classified as ‘secret’, were distributed at the meeting but were returned to the Cabinet Office officials at the end of the meeting.

Wednesday 27 March: Briefing of support parties - 2 copies

39.Two copies were produced, without the highly classified appendices. Separate meetings were held by officials from PMO and DPMC with the leaders of two parties supporting the National-led government: the Hon John Banks MP and the Hon Peter Dunne MP. The leaders were also ministers outside cabinet. They were briefed on the Kitteridge report and on the content and timing of the government’s proposed legislative response. Mr Banks’ copy was returned to the officials at the meeting. Mr Dunne retained his copy.

Total number of hard copies – 35

40.Therefore, prior to 9 April, thirty-four hard copies of the report had been produced and distributed to officials and ministers. In addition one hard copy - used as the master copy for photocopying - was held at GCSB, making thirty-five in total.

41.l requested the return of all copies. All but two have been recovered. I was advised that the two missing copies had been shredded: One copy had been returned to the Cabinet Office by a DPMC officer and shredded. The other had been held by a cabinet minister whose staff tell me had not accessed the report prior to the leak.

Numbering of copies

42.A system for numbering copies was used at GCSB but was incomplete and somewhat confusing. Not all copies were numbered and the number series included numbers allocated to earlier drafts. Copies distributed on 22 March 2013 were not included in the number series and nor were the copies provided to the Cabinet Office on 25 March 2013.

Maintaining security of the report

43.There is of course no perfect system which could guarantee security of the Kitteridge report. But, despite the numbering issue identified, I was struck by the care with which security of the report was maintained before 9 April.

44.There was no electronic distribution of the Kitteridge report before then. The electronic version was held in a secure restricted database within GCSB. It is highly unlikely that anyone could access that data base and print an unauthorised copy.

45. It is possible that one of the hard copies or the master copy was illicitly copied or scanned. Records from government photocopy machines were extensively examined. All systems record details of scanned documents. Some systems record the identity of the person making photocopies together with statistical information on the document, but not its title or contents. Others do not record the identity of the user.

46. My review was necessarily limited to the use of government facilities, such as photocopy machines, so copying done elsewhere cannot be reviewed. In that context there are rarely any inward and outward bag checks done which might deter someone from improperly removing a document from the relevant government facilities.

Security procedures in offices

47. A review of the security procedures adopted by the offices through which the report passed shows the following.

G CSB and SIS

48.High standards were maintained, including rigorous physical security, enforced clear desk policies, and widespread use of safes to store classified documents, although safes are sometimes shared between officials. Records were available of printing, copying and scanning activities including identifying who had undeitaken them. Photocopy machines could only be accessed by the use of personal swipe cards.

49.Checks of the records available disclosed no unexplained activities.

Cabinet Office

50.High standards are maintained similar to those described above, except for the lack of identification of those who have copied documents.

51.Checks of the records available disclosed no unexplained activities.

DPMC

52.Reasonable standards were maintained including good physical security and some use of safes and locked cabinets. Clean desk policies were not universally applied. Photocopy machines could only be accessed through the use of swipe cards. The system identifies a person scanning but not the identity of a person copying.

53.Checks ofthe records available disclosed no unexplained activities.

Ministerial offices

54.Reasonable standards were maintained. There was some variance between offices, reflecting both the nature of the portfolios administered and arrangements between ministers and their senior private secretaries.

55.Physical security was generally good, especially in controlling access to the offices. Safes were used more extensively in some offices than others, again in part because of the nature ofthe portfolios. There was sometimes undue reliance on the use of locked cabinets when the location of the keys was known or could be ascertained. A clear desk policy was not universally adopted. Access to photocopy machines was not controlled by swipe cards and the identity of those copying cannot be determined.

56. Checks of the records available disclosed no unexplained activities.

Government e-mail logs and telephone bills

Records obtained

57.Logs of emails on government systems were obtained. The logs were for the crucial period 22 March to 9 April 2013, being the period between the finalisation of the Kitteridge report and the publication of the leak. They included email logs of eleven cabinet ministers and their staff, and two support ministers and their staff. The logs showed the sender and recipient, date, time, and subject title (if any).

58.0f'ficial telephone billing records (land lines and mobiles) relating to the same people were also obtained for the crucial period although inevitably some calls outside that exact period appeared in those billing records. The telephone bills identified the call made, the number called and the duration. Calls made between parliamentary complex extensions are not logged. Building access records were also examined where necessary.

59.For completeness I record that I had no access, nor did I seek any access, to private email providers or private telephones.

Analysis

6O.The records obtained were then analysed and contacts of interest identified for further analysis. After extensive checks the only contacts that required further explanation were those with the reporter.

Contacts with the Dominion Post reporter

61 .The analysis identified three people who:

a. had access to the final version ofthe Kitteridge report, and

b. had a copy of the report in their possession, and

c. had been in contact with the reporter through official telephone or email systems during the period 22 March to 9 April.

62.These people were:

a. An officer in GCSB.

b. An officer in the PMO.

c. A leader of a support party.

An officer in GCSB

63.The officer had a numbered copy of the report from 25 March onwards. The report was kept in a safe at GCSB when not being used.

64.The officer reported to the director of the GCSB and was heavily involved in preparation for the official release of the report planned for the week commencing 15 April, including the preparation of a communications plan normal to such events.

65. The contacts between the officer and the reporter were examined, including the content of emails. There were six emails between them prior to publication of the leak.

66. The contacts were found to be entirely commensurate with the officer’s official duties.

An officer in the PMO

67.The officer had a numbered copy of the report from 27 March onwards. The officer was heavily involved in preparation for the official release of the report.

68.As part of that preparation the officer had the report at home over the weekend of 6 and 7 April. The report was not kept in a safe or locked cabinet at the home but the officer states that it remained in the officer’s possession at all times.

69.The officer’s contacts with the reporter were examined, including the content of emails. There was only one email prior to publication ofthe leak.

70.The contacts were found to be entirely commensurate with the officer’s official duties.

The leader of a support party

Background

71.The Hon Peter Dunne MP heads a political party that has a confidence and supply agreement with the National-led government. He is a minister outside cabinet.

72.0n the afternoon of 27 March Mr Dunne was given a numbered copy of the Kitteridge report (but not the classified appendices) as part of a briefing on the content and timing of the government’s proposed legislative response. The briefing was carried out by the Chief Executive of the DPMC and the Deputy Chief of Staff of the PMO.

Sequence of events

73. Mr Dunne advised me that, after receiving the report at the briefing on the afternoon of 27 March, the sequence of events was as follows:

a. On the evening of 27 March he had taken the report home in his briefcase, which is secured by a combination lock.

b. On 28 March he had brought the report back to his office and given it to his chief of staff to read. It was returned to him by the chief of staff after several hours.

c. Mr Dunne states that he then kept the report in his locked briefcase. He went on holiday overseas on Easter Saturday, 30 March, and returned on Sunday, 7 April. During his absence overseas the report was in his locked briefcase at his residence. The residence has a monitored alarm system.

He is confident that the briefcase and report were not accessed whilst he was away.

d. Mr Dunne states that the report remained at his residence in his locked briefcase until he brought it back to his Bowen House office on Wednesday 10 April.

Security

74.The report was never kept in the safe in the ministerial office. The senior private secretary saw the report for the first time on or after 22 April, when she picked up the report from Mr Dunne’s out tray, and returned it to the Cabinet Office as had been requested by this inquiry.

Email exchanges

75.There were eighty-six email exchanges between Mr Dunne and the Dominion Post reporter in the period 27 March to 9 April. Of that total forty-four were sent by him and forty-two were received by him. Details are:

[see original PDF for chart ]

76. Mr Dunne has advised me that he has frequent contact with the reporter including communications by telephone, text, email and in person. That contact has continued during the period 27 March to 9 April.

77.l have advised Mr Dunne that I consider it necessary for the purpose of this inquiry to have access to the full text of the eighty-six email exchanges between him and the reporter during the period 27 March to 9 April. Because he was not a public servant l would need his permission to examine the content. I advised him that the Prime Minister had requested cabinet ministers to cooperate by providing me with any information I required including access to the content of emails. Mr Dunne is a minister outside cabinet, 78. Mr Dunne has declined to allow me to read those eighty-six emails.

79.Mr Dunne has shown me an edited text prepared by him relating to forty-one of the forty-four emails that he sent to the reporter during the period. Of those emails fourteen have been partly deleted and four have been completely deleted.

I see from the edited text that the subjects covered fall into two main areas (1) making arrangements to meet and (2) issues connected to GCSB, including the appointment controversy and the proposed official release of the Kitteridge report. He had advised the reporter by email on 27 March that he was going to be briefed on the Kitteridge report.

80. Mr Dunne’s edited text does not include any of the forty-two emails received from the reporter. I have advised Mr Dunne that he is entitled to give me full access to those emails.

81.According to the email log the subject line of one of the emails from the reporter shows that at 11.38 am on Monday 8 April the reporter was waiting to meet Mr Dunne for coffee. lVlr Dunne left Bowen House at approximately 11.35am and returned at approximateIy12.27pm_ He advises me that he did not in fact meet the reporter that day. He has also advised me that he did not give the reporter access to the Kitteridge report.

82.l remain of the view that I need to have full access to all eighty-six emails.

Without lVlr Dunne’s permission I cannot take the matter any further.

Conclusions

83. Extensive checks across the relevant government agencies and ministerial offices, including emails sent and received by public sen/ants and ministers, have identified three people who had access and possession of the report prior to the leak and contacts with the reporter.

84.Two of those three people were public servants I am satisfied that their contacts were entirely commensurate with their official duties.

85.The third person is the leader of a political party supporting the National-led government - the Hon Peter Dunne I\/IP. He had access to the report prior to 9 April and had frequent contact with the reporter on GCSB - related issues, including the Kitteridge report. I am unable to obtain all the information I require from him and cannot take the matter any further. IVlr Dunne has advised me that he did not provide the reporter with access to the Kitteridge report.

Natural justice

86. Mr Dunne has been provided with relevant extracts from drafts of this report and his comments have been taken into account.

Lessons for the future

87. In the course of the inquiry I noted some instances where security procedures for managing the report could be improved but these were minor enough to be irrelevant to the leaking of the report and I have passed them on directly to the officers concerned.

88. On the other hand there are some issues for you to consider.

a. There is the need to regularly reinforce good security practices with everyone involved in handling government information, from ministers downwards. This is not just something to be done at induction. Good practice cannot eliminate leaking but can make it more difficult.

b. It is essential that there are adequate secure storage facilities so that clear desk policies can be followed. This is especially important in today’s open plan offices. If it is necessary to take sensitive documents home for work purposes there should be appropriate approved secure storage at the home.

c. A person making photocopies should be identifiable by the information system and the activity should be recorded.

d. Nluch of the information at cabinet and cabinet committee level is distributed and handled in hard copy. The current project to handle such information electronically should significantly improve security because it is very difficult to provide access to unauthorised people without leaving an electronic trace, I understand that once the current project is implemented it would be possible, with minor changes, to include documents such as the Kitteridge report.

e. Finally, New Zealanders are generally a trusting people. During the course of the inquiry it was clear that people, quite rightly, had a high degree of trust in their colleagues. What needs to be understood though is that good security procedures do not just protect information. They also protect people from suspicion if a breach occurs.

Acknowledgements

89.l thank the many people who helped by agreeing to be interviewed, often at short notice, or by providing information in a timely fashion. l wish to particularly thank Isaac Holliss of the DPMC who was seconded for 6 weeks to help me.

David Henry


Appendix One: Classification system for documents

What is the classification system?

1. Documents are given a classification in order to limit access to that information and to specify how that information must be handled and protected.

2. There are two categories of classifications:

a. National security c/assizications, where compromise would damage the security, defence or international relations of New Zealand and/or friendly governments; and

b. Policy and pnvacy classifications, where compromise would damage government functions or cause loss (of privacy, safety, or commercial) to a person.

3. Within the two categories of classifications, there are varying levels:

National security: Policy and privacy:

Top Secret

Secret

Conndential

Restricted Sensitive

In-Conndence

4. The rules surrounding documents become increasingly stringent the higher the classification. Endorsements can also be added to policy and privacy classifications, for instance "budget", or “staff’. The rules relating to the handling of “sensitive” and “restricted” documents are essentially the same.

The classification of the Kitteridge report

5. The final version of the Kitteridge report before it was publicly released was classified as “Sensitive", without endorsements.

6. Storage. Documents classed as “Sensitive” must be stored in a lockable cabinet, or a storage area protected by controlled access. These documents should not be taken home and stored, unless the person has been authorised to do so and uses approved storage.

7. Access. Because it was classified as “Sensitive", the final version of the Kitteridge report was accessible only by staff that are cleared by their respective departments to view such information. Knowingly passing such a document on to someone who does not hold that clearance would violate security practice. It would also, in many cases, violate a government agency’s code of conduct in relation to its employees.


Appendix Two: Terms of Reference: Inquiry into the unauthorised release of information relating to the GCSB compliance review report:

Background

In October last year Andrew Kibblewhite, Chief Executive of the Department of the Prime Minister and Cabinet and lan Fletcher, Director of the Government Communications Security Bureau, commissioned Cabinet Secretary Rebecca Kitteridge to undertake a compliance review of the GCSB.

Ms Kitteridge delivered her report to the Director GCSB on 22 March 2013. It was marked (on all pages) “Sensitive"_ The Prime Minister’s Office intended to release it in the week beginning 15 April. However, there was an unauthorised disclosure of the Review to the media which was reported on 9 April.

As the commissioners of the report, Andrew Kibblewhite and lan Fletcher have appointed David Henry to conduct an inquiry on their behalf.

Objectives

The objectives of this inquiry are to:

» Investigate and report the relevant facts concerning the unauthorised disclosure of information;

» Report any appropriate findings on how this information was released and by whom;

- Make recommendations (if applicable) on improving the internal information management process, based on any lessons to be drawn from the lnquirer‘s investigations.

Methodology

It is envisaged that the inquiry will be conducted in two stages:

» Stage 1 will include reviewing communications and copying equipment and records, log books and any other material considered relevant of the persons (and/or their offices) who had or were likely to have had access to the compliance review report, and then;

~ Stage 2 will include the conduct of formal inten/iews if the Inquirer believes these are warranted by the facts and would assist him in meeting the objectives of the inquiry.

DPMC and GCSB will each make available a senior official to support David Henry in carrying out this inquiry, All relevant rules of natural justice will be observed in terms of any persons identified in the conduct of this inquiry.

Timeframe

lt is anticipated that David Henry will present his findings andlor recommendations to Andrew Kibblewhite and lan Fletcher by the end of May 2013, for their consideration and response.


Appendix Three: Processes used in the Inquiry

Overview

1 The lnquiry was conducted in three phases:

a. Preliminary interviews and the collection of basic records.

b. Analysis and elimination.

c. Follow-up interviews and the collection of more detailed records.

The Inquiry was led by David Henry. Isaac Holliss, from DPMC, was seconded for six weeks to assist him. Substantial assistance, particularly in the gathering of records, was also provided by staff at G-CSB, the Parliamentary Service, Ministerial Services, and DPMC.

Phase one: Preliminary interviews and the collection of basic records

Throughout, the Inquiry comprised two complementary tracks: interviews, and technical records analysis. The interviews, of 55 people, helped to inform which records were collected. The records then highlighted questions which needed addressing through interviews. All interviews were conducted informally - that is, without statutory power to compel witnesses to attend - and were not “on oath".

This enabled rapid progress to be made. Notes of interviews were prepared in all cases.

What records were requested?

For every person of interest to the lnquiry, the records requested consisted of logs showing print, photocopy, scan activity, and logs showing emails sent and received from their work email addresses, outgoing mobile calls from work mobile phones, and landline calls to specific numbers of interest.

The inquiry requested all those who received a hard copy of the report to return them.

Technical records for 74 people were collected and analysed during the course of the Inquiry. Those 74 comprised:

a. DES Ministers and Ministers’ senior staff: their chief of staff, senior private secretary, and press secretaries.

b. Two support party ministers, who were given copies of the Kitteridge report, as well as their senior staff.

c. Public servants who were recipients of the final version of the Kitteridge report, or who may have had access to a hard copy of the report.

What records were received?

7 The Inquiry received nearly every record it requested. There were some exceptions. Logs showing photocopying activity are not captured by DPMC or Ministerial Services; DPl\/IC staff must ‘swipe’ to use a photocopying machine, but photocopying activity is not logged. Ministers’ offices do not ‘swipe‘ to use printing devices, and so no attributable record is made when a document is photocopied.

8. The Inquiry was also unable - for technical reasons - to retrieve landline call logs made between parliamentary complex extensions. We were able to identify calls made from the parliamentary complex to external landlines and mobiles.

Phase two: Analysis and elimination

9. The Inquiry used the records, along with the information gained from interviews, to narrow the list of individuals that we intended to look at in more detail. We identified those individuals who:

a. Had access to the final version of the report.

b. Had possession of a hard copy ofthe report at the time of the leak.

c. Had been in contact with the reporter through official telephone or email systems during the period 22 ll/larch to 9 April.

1O.The records were also analysed for other potentially irregular contact which might reveal avenues for further questioning. As part of this process the Inquiry examined records for any sign of discussion related to the Kitteridge report leak, and contact with past employees of the GCSB.

11.This process of elimination allowed the investigation to focus on three individuals.

Phase three: Follow-up interviews and the collection of more detailed records

12. Subsequent to the analysis and elimination, the Inquiry focussed on three individuals of interest. Additional records were requested in order to build a better picture of individuals’ contacts with the reporter. These records included the content of specific emails, and in some cases building access records. These access records show a person’s entry and exit into the Parliamentary complex, including Bowen House.

13. For two of the three individuals, we were granted access to view the content of the emails. The other individual, a support party leader, declined to provide the Inquiry with full access to the content of the emails between them and the reporter.

14. Where necessary, additional interviews were conducted.

Natural justice

15.The Inquiry applied the principles of natural justice throughout. Where necessary, relevant extracts from the draft report were provided to individuals and their comments were invited. These comments were considered and taken into account.

********

© Scoop Media

 
 
 
Top Scoops Headlines

 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.