Feeds

Climategate ruling: FOIA requests cover backup servers too

'We didn't delete the emails, but we don't have them'

  • alert
  • submit to reddit

Top three mobile application threats

Data seekers win a victory

Last June, Keiler won a FOIA victory by obliging CRU to disclose the data set Jones had sent to Georgia Tech to anyone who asked for it. But CRU still refused to disclosed some information - specifically, any instructions accompanying the release of data to Georgia Tech. The University of East Anglia argued that the emails were probably not 'held', and so could not be disclosed.

Keiller appealed, and the University enlisted an expensive battalion of lawyers to defend the case. Keiller's account (with Andrew Montford) of the Tribunal can be found here.

In summary, Judge Hamilton presiding over the Tribunal comprehensively rejected CRU's defence, and ordered the University to provide a copy or mirror of the backup server, and an independent contractor to examine it.

The University had delegated the job of finding the missing email to the man who had deleted it - Professor Jones. He also agreed it was inconsistent of UEA to argue that it did not believe the missing email contained any instructions or stipulations. Jones had made the claim that these instructions were only imparted verbally.

Nor was the Judge impressed by UEA's technical defence:

The Tribunal were rather disconcerted by the evidence adduced by the UEA on this issue. Jonathan Colam-French had almost no knowledge of the CRU’s back-up system and was simply unable to answer several pertinent questions.

There was one noticeable absentee from the Tribunal: Professor Jones himself. Keiller and Montford note he has never made a statement under oath.

It should be noted that public bodies can still refuse to disclose information - under Section 12 of the 2000 Freedom of Information Act - if the cost of compliance exceeds "the appropriate limit".

A cynic may expect the cost of performing backup server searches to rocket, overnight.

What do you think? ®

Bootnote

After the first batch of Climategate emails surfaced, they contained what the Information Commissioner's office described as evidence a breach of the Act. MPs demanded an enquiry, which was held in March 2010. At this enquiry, Lord Acton, The University of East Anglia's Vice Chancellor, testified that no emails had been deleted. How could he do this?

We now know this was a semantic deception. The Palutikof email describes staff moving all their emails to memory sticks. As David Holland summarises:

"How else could Acton tell Commons Select Committee that they didn't delete anything, that we [UEA] have all the emails and they can be read. What Russell and Acton didn't tell MPs or the Information Commissioner, is that they were on memory sticks and backups."

Useful and interesting links

The Tribunal Ruling PDF
Keiller's account of the Tribunal
McIntyre reconstructs the excuses: here and here

3 Big data security analytics techniques

More from The Register

next story
KILLER SPONGES menacing California coastline
Surfers are safe, crustaceans less so
Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
Power levels up 70 per cent as the rover keeps on truckin'
Liftoff! SpaceX Falcon 9 lifts Dragon on third resupply mission to ISS
SpaceX snaps smartly into one-second launch window
KILLER ROBOTS, DNA TAMPERING and PEEPING CYBORGS: the future looks bright!
Americans optimistic about technology despite being afraid of EVERYTHING
Discovery time for 200m WONDER MATERIALS shaved from 4 MILLENNIA... to 4 years
Alloy, Alloy: Boffins in speed-classification breakthrough
R.I.P. LADEE: Probe smashes into lunar surface at 3,600mph
Swan dive signs off successful science mission
Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
Helium seeps from Falcon 9 first stage, delays new legs for NASA robonaut
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.