The recent theft of emails from the University of East Anglia Climate Research Unit (UEA CRU) has proved embarrassing, but the incident does not change any of the facts regarding global warming. New Scientist (9th Dec 2009) summaries it well:

"The emails suggest some of the scientists may have tried to shut out critics, which, if true, goes against advancing knowledge through open debate. On the other hand, the aim of peer review is to prevent substandard research from being published, so you could argue that the scientists were just doing their job because they felt the papers in question were not scientifically rigorous."

The full article is viewable here.

As a research company, albeit looking into matters not quite so prescient for the future of life on Earth, Quocirca can sympathise with New Scientist's view. Should our own email server be hacked, you would find discussions along the lines of "how can we present this in the best light", "this research seems to contradict previous research, how do we explain that?" and so on. This does not represent any attempt to falsify the findings, but just ensuring a reasoned interpretation provides an understanding of how, in the complex markets Quocirca covers, contradictions occur and what they mean. Once work is published findings have to be explained, justified and defended.

However, one thing most people will agree on is that emails that were meant to be private are best kept that way. The Norfolk Police are investigating the crime that led to all this, but it seems that the UEA CRU was targeted by persons unknown with the specific aim of undermining the Dec 2009 Copenhagen Climate conference. For an outsider with malicious intent to gain access to private email servers suggest poor security somewhere along the line, perhaps finding a privileged back door, which can be all too easy (see Quocirca free report, Privileged User Management, Nov 2009). However the theft was perpetrated, it should have been preventable.

Of course, it may be that someone chose to leak the email. The volume involved (thousands of emails and other documents) would have shown up as anomalous behaviour had data loss prevention (DLP) software been in place (see Quocirca free report, Content security for the next decade, Nov 2008). Only about 25 per cent of organisations have such tools in place, as a new Quocirca report on DLP, to be published in early 2010, will show, and public sector organisations like the UEA CRU lag other industries in deploying it.

Government sponsored research units have an important job to do and, in some cases where their work may get in the way of others, they may become targets of criminal activity. While it is understandable that scientists are focused on their day-to-day work it's unacceptable when they are let down by poor IT security that, in this case, has been exploited to try and undermine the efforts of thousands of politicians trying to grapple with global society's most pressing problem. In this case, it looks like the attempt has failed, on another day it might not.