Less than three hours after launching a new Hotmail address to expose government waste, the Australian Labor Party has warned public servants to never use their work computers or e-mail addresses to send information to it.
Labor shadow for public accountability and human services, Kelvin Thomson launched the new e-dobbing facility, whistleblowersonhoward@hotmail.com, as a way for conscientious public servants to alert the opposition to government waste.
However, the launch immediately caused IT security vendors and privacy advocates to warn that free, hosted, e-mail services are nowhere near secure enough to handle sensitive information.
Sophos head of technology Paul Ducklin said he was surprised a better e-mail address could not be found and that he would have at least hoped the servers concerned resided in Australia.
Similarly, senior systems engineer at Trend Micro, Adam Biviano is worried about "potential for misconduct" if Australian government information is to be stored on servers outside the country.
He added that access to Hotmail is not secured and a person reading their account "may have their traffic intercepted", Biviano said.
At MessageLabs director of partners Andy Lake said Hotmail was simply not designed for the repository of secrets.
"E-mail in a basic format is always inherently insecure and everybody who uses the Internet is either aware of that, or should be," Lake said.
Senior director of security solutions for Symantec, Tim Hartman said the ultimate concern with such an address is there are no service level agreements (SLAs) between Hotmail and the federal government to ensure information has not been tampered with and has arrived at the address intact.
However, Thomson has defended the Hotmail address, saying he didn't intend it to be used as a destination for direct leaks from public servants' work computers or .gov.au domain e-mail addresses.
"We would never propose anyone send anything from their work computers," Thomson said.
He added all e-mails received would be deleted in a timely manner.
Hotmail's local spokeperson, NineMSN corporate communications manager Kate Bedoe, said Hotmail's security was "world class" for its intended use - personal, Web-based e-mail.
"Hotmail is great for personal use. Whether or not it fits the needs of the Australian Labor Party is a really matter for [the party] to decide. We have advice for all consumers of Hotmail on how to make Hotmail the most secure experience," Bedoe said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.