The Times and NightJack: an anatomy of a failure
The story of how, in a string of managerial and legal lapses, the Times hacked NightJack and effectively misled the High Court
17 to 27 May 2009 – the hacking of an email account
Unfortunately, this happy situation would last for only a month. A staff journalist at the Times called Patrick Foster had become interested in NightJack. Foster covered the media rather than crime, but he was intrigued by this anonymous police blog that had won the Orwell Prize.
As Foster later said:
In the first instance, this was down to the natural journalistic instinct of trying to unmask someone who tries to keep their identity secret.
But Foster was not to use conventional journalistic methods to unmask the blogger. On or about Sunday 17 May 2009, Foster decided to hack into the NightJack author’s Hotmail account. He did this, it would seem, by “forgetting” the password and guessing the answer to the subsequent security question. The Times did not sanction or commission the hack.
From the details available in the email account, Foster was apparently able to identify the author of the blog, as well as obtain the blogger’s private mobile phone number and see correspondence between the blogger and a literary agent.
This hacking exercise was undertaken on Foster’s own initiative and was similar to an exercise he had undertaken as a student journalist at Oxford. (The police originally treated this earlier hack as a potential breach of the Computer Misuse Act 1990 and referred it to the university authorities.)
Thus, Foster was not a stranger to email hacking or to the applicable legislation, which does not have any public-interest defence.
On Tuesday 19 May 2009, Foster contacted his line manager, Martin Barrow, the Times’s home news editor, about his discovery. First, Foster emailed Barrow:
“Martin, sorry to bother you. Do you have five minutes to have a quick chat about a story -- away from the desk, down here in the glass box, perhaps?”
It appears Barrow then immediately referred Foster to Alastair Brett, the long-serving Times legal manager.
20 May 2009 – Foster and Brett have a meeting
Foster emailed Brett the next day:
“Hi Alastair, sorry to bother you. Do you have five minutes today? I need to run something past you.”
They then had what proved to be a significant meeting. Two years later, Brett recalled the meeting for the Leveson Inquiry:
I remember Patrick Foster coming to see me on or about 20 May 2009 about a story he was working on. He came into my office with Martin Barrow, the home news editor, who was his immediate line manager. Mr Barrow indicated that Mr Foster had a problem about a story he was working on. From my best recollection, Mr Barrow left shortly after that and Mr Foster and I were left alone. Mr Foster then asked if we could talk “off the record”, ie, confidentially, as he wanted to pick my brains on something and needed legal advice. I agreed.
He then told me that he had found out that the award-winning police blogger, known as NightJack, was in fact Richard Horton, a detective constable in the Lancashire Police, and that he had been using confidential police information on his biog. As his activities were prima facie a breach of police regulations, Mr Foster felt there was a strong public interest in exposing the police officer and publishing his identity.
When I asked how he had identified DC Horton, Mr Foster told me that he had managed to gain access to NighJack’s email account and as a result, he had learnt that the account was registered to an officer in the Lancashire Police, a DC Richard Horton. This immediately raised serious alarm bells with me and I told him that what he had done was totally unacceptable.
At that first meeting, Mr Foster wanted to know if he had broken the law and if there was a public -interest defence on which he could rely.
I had already done some work with Antony White, QC on the discrepancies between Section 32 and Section 55 of the Data Protection Act 1998 (DPA) and the government’s intention of bringing in prison sentences for breaches of S55 of the DPA. I knew there was a public-interest defence under Section 55 of the DPA. I told Mr Foster that he might have a public-interest defence under the section but I was unsure what other statutory provisions he might have breached by accessing someone’s computer as I did not think it was a Ripa (Regulation of Investigatory Powers Act) situation.
I said I would have to ring counsel to check there was a public-interest defence and what other statutory offences Mr Foster might have committed.
I cannot now remember if I phoned One Brick Court, libel chambers, while Mr Foster was in my office or shortly thereafter but I do know I spoke to junior counsel around this time and he confirmed that S55 of the DPA had a public-interest defence and it might be available. He did not mention anything about Section 1 of the Computer Misuse Act 1990 during that conversation or point me in that direction.
I do remember being furious with Mr Foster.
I told him he had put TNL and me into an incredibly difficult position. I said I would have to give careful consideration to whether or not I reported the matter to David Chappell, the managing editor of the newspaper and the person on the newspaper who was responsible for issuing formal warnings to journalists and could ultimately hire or fire them.
As Mr Barrow, the home news editor, had brought Mr Foster up to see me, I assumed that he was also fully aware of Mr Foster having accessed NightJack’s email account and that he, as Mr Foster’s immediate line manager, would take whatever disciplinary action he thought appropriate about a journalist in his newsroom.
I also remember making it clear that the story was unpublishable from a legal perspective, if it was based on unlawfully obtained information. It was therefore “dead in the water” unless the same information -- NightJack’s identity -- could be obtained through information in the public domain.
I told him he had been incredibly stupid. He apologised, promised not to do it again but did stress how he believed the story was in the public interest and how important it was to stop DC Horton using police information on his blog.
He said he thought he could identify NightJack using publicly available sources of information. I told him that even if he could identify NightJack through totally legitimate means, he would still have to put the allegation to DC Horton before publication. This process is called “fronting up”, and is an essential element of the Reynolds qualified privilege defence in libel actions.
Alastair [Brett] on side.
Foster then told Barrow:
Am trying to take it out of paper this Saturday for three reasons: (1) am away this Friday, (2) want a little more time to put ducks in a row and pix [photographs], (3) want little more space between the dirty deed and publishing.
The “dirty deed” was presumably the unauthorised hacking of the victim’s email account, to which he had just admitted to the Times legal manager.
More from New Statesman
- Online writers:
- Steven Baxter
- Rowenna Davis
- David Allen Green
- Mehdi Hasan
- Nelson Jones
- Gavin Kelly
- Helen Lewis
- Laurie Penny
- The V Spot
- Alex Hern
- Martha Gill
- Alan White
- Samira Shackle
- Alex Andreou
- Nicky Woolf in America
- Bim Adewunmi
- Kate Mossman on pop
- Ryan Gilbey on Film
- Martin Robbins
- Rafael Behr
- Eleanor Margolis