Tory app data breach: Is Theresa May’s conference over before it’s even begun?

The personal data of cabinet ministers and every Tory conference attendee was exposed to the public by the party's official conference app - a fiasco that has enraged already unhappy MPs. 

NS

Sign Up

Get the New Statesman's Morning Call email.

Theresa May’s make-or-break week in Birmingham has not even begun and already there are calls for resignations after the official Conservative conference app was revealed to have a security glitch that allowed anyone to access the personal data of attendees.

Journalists discovered this afternoon that logging into the app only required an email address, with no additional verification. This offered members of the public an open door to the profiles of cabinet ministers, MPs, or indeed anyone attending conference, and with them their mobile phone numbers.

Members of the public promptly wrought havoc. Boris Johnson’s profile picture was changed to hardcore pornography, and Michael Gove’s to a picture of Rupert Murdoch. Ministers and MPs are said to have had prank calls on their personal numbers, which some are now considering changing.

After angry messages in the Tory MPs WhatsApp group, Helen Whately, parliamentary private secretary to party chairman Brandon Lewis, was dispatched to tell colleagues that the loophole had been closed.

Lewis himself has since apologised, albeit limply. “We’ve had a technical issue with our Conference App that has been resolved and it is now functioning securely. We are investigating the issue further and apologise for any concern caused.”

A Momentum source, however, says describing it as such disguises the fact that the fault almost certainly lies with CCHQ and not the technology. “It isn’t a tech glitch but a feature the Tories didn’t turn off after they purchased it off the shelf,” they say.

It is not the start to conference that the leadership would have liked. An investigation – and fine – by the Information Commissioner’s Office and a prosecution under GDPR could well follow. And there will be political consequences too.

Tory divisions over Brexit have already guaranteed that conference will be fractious, and this incident will only compound the misgivings unhappy MPs have about the party operation and its incompetence.

Lewis, appointed in part due to his reputation as a straight and dependable operator, has not impressed his colleagues in the nine months since his appointment. He is perceived to have responded maladroitly to Boris Johnson’s comments over the burqa – promising a disciplinary investigation and giving rise to calls of an establishment plot to thwart Leavers.

He also had the misfortune to brief the Evening Standard on Wednesday that the ill-fated app was evidence of how far the party had come since last year’s disastrous conference in Manchester.

The Prime Minister’s calamitous speech ultimately saw Lewis's predecessor, Patrick McLoughlin, fall on his sword. The Tory chairman is already perceived by some to be a Remainer cuckoo in the nest and his stock will fall even further as a result of today’s mishap. This is another blot on his copybook.

As for the Prime Minister – who will face the indignity of watching her cabinet participate in a beauty contest to succeed her over the coming days – the fallout risks enhancing the stench of decay already around her administration. Just as her disastrous speech defined last year’s conference, the app fiasco risks defining this year’s.

It is a stretch to say that it will hasten her demise, but what it has done is further squander the limited amount of goodwill that an already restive parliamentary party has for her leadership. With tensions already running high, she can ill afford to further antagonise MPs. Sadly, that is precisely what CCHQ has done this afternoon.

Patrick Maguire is the New Statesman's political correspondent.