Home Office Email Security & Classifications Policies

Ryan Jarvis made this Freedom of Information request to Home Office Automatic anti-spam measures are in place for this older request. Please let us know if a further response is expected or if you are having trouble responding.

The request was refused by Home Office.

Dear Home Office,

I am writing to respectfully make a formal request in accordance with the Freedom of Information Act 2000.

The privacy of emails sent via the @homeoffice.gov.uk domain is at risk. This domain does not appear to have MTA-STS configured. This means that email privacy (using TLS) is vulnerable to downgrade, allowing an attacker to read the contents of emails.

My request is as follows:-

1. Please can the department confirm why it has opted not to use MTA-STS as a potential CySec safeguard when communicating via email on the @homeoffice.gov.uk domain name?

2. Please can the department provide disclosure of its email security classifications policy.

3. Please can the department provide disclosure of the number of security incident reports made internally and/or externally which relate to concerns surrounding email security.

If I am able to provide any further information in support of this request, please do not hesitate to contact me.

Yours faithfully,

Ryan Jarvis

FOI Requests, Home Office

Thank you for contacting the Home Office  Freedom of Information Requests
Mailbox.

This is to acknowledge  receipt of your email.

show quoted sections

FOI Requests, Home Office

Dear Ryan Jarvis,

Thank you for contacting the Home Office with your request.

This has been assigned to a caseworker (case ref 73275). We will aim to send you a full response by 06/01/2023 which is twenty working days from the date we received your request.

Kind Regards,

M Ennis
Home Office

show quoted sections

Dear Home Office,

Thank you for your response dated the 5th December 2022.

I wish to clarify point 3 of my request which should have read:-

3. Please can the department provide disclosure of the number of security incident reports made internally and/or externally which relate to concerns surrounding email security between the period May 2018 - May 2022.

I hope this is of some assistance when considering my request.

Yours faithfully,

Ryan Jarvis

FOI Requests, Home Office

Thank you for contacting the Home Office  Freedom of Information Requests
Mailbox.

This is to acknowledge  receipt of your email.

show quoted sections

FOI Responses, Home Office

1 Attachment

Dear Ryan Jarvis

 

Please find attached response to your Freedom of Information request dated
05 December 2022 (our reference 73275).

 

Please note we are sending this to you by email only.

 

 

Information Rights Team

Home Office

Third Floor, Peel Building

2 Marsham Street

London SW1P 4DF

e-mail: [1][email address]

 

show quoted sections

References

Visible links
1. mailto:[email address]

Dear Home Office,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to formally request an internal review of the Home Office's handling of my Freedom of Information Act 2000 request, reference 73275, dated 05 December 2022.

In the response dated 28 December 2022, the Home Office neither confirmed nor denied holding information for Question 1 of my request, citing Sections 24 (National Security) and 31 (Law Enforcement) of the FOI Act. For Questions 2 and 3, the Home Office confirmed holding the information but decided that it is exempt from disclosure under sections 24 (National Security) and section 31 (Law Enforcement).

While I understand the importance of national security and law enforcement, I believe that the public interest in understanding the security measures and policies in place for email communications, especially given the potential vulnerabilities, is significant. The response did not sufficiently address the balance of public interest in this matter.

Specifically, I would like the internal review to consider:

The application of Sections 24 and 31 of the FOI Act to my request, ensuring that these exemptions have been applied correctly and consistently.

The public interest test applied to my request, ensuring that all relevant factors have been considered and that the balance of public interest has been appropriately weighed.

I appreciate the Home Office's commitment to transparency and accountability, and I hope that this internal review will provide a more detailed and considered response to my original request.

If you require any further information or clarification regarding this request for an internal review, please do not hesitate to contact me.

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.whatdotheyknow.com/request/h...

Yours faithfully,

Ryan Jarvis

FOI Requests, Home Office

Thank you for contacting the Home Office  Freedom of Information Requests
Mailbox.

This is to acknowledge  receipt of your email.

show quoted sections

FOI Responses, Home Office

1 Attachment

Dear Mr Jarvis

 

Please find attached our letter in response to your request for an
internal review of FOI request 73275.

 

Kind regards

 

Information Rights Team

Knowledge and Information Management Unit

Securities, Estates & Information Directorate

Home Office | 2 Marsham Street | London SW1P 4DF

 

 

show quoted sections