Some Members of Parliament don’t appear to understand basic cyber security issues.
Politicians regularly share their log-in details with staff and interns, according to Twitter postings by one MP.
Referring to a row about who could have had access to a PC in First Secretary of State Damian Green’s office, which was used to view pornography, Conservative MP Nadine Dorries posted a tweet in which she suggested that it wasn’t always clear cut who was using a PC in the House of Commons.
“My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous,” she said.
Dorries later added that it’s common for staff to share passwords in the office.
“All my staff have my login details. A frequent shout when I manage to sit at my desk myself is, ‘what is the password?’, she said, also adding “I’m not the Gov. I’m an MP with a computer in a shared office upon which lives an email account. That’s as exciting as my computer gets.”
Parliament is already a high-profile target for cyber attacks, and earlier this year hackers attempted to break into the email system there, with some accounts being breached.
Dorries isn’t even the only Member of Parliament to openly admit to password sharing: Nick Boles MP also tweeted that the practice is known to occur within his office.
Perhaps unsurprisingly this stance has been met with criticism from security experts.
See also: What is phishing? Everything you need to know to protect yourself from scam emails and more
The password sharing occurs despite the House of Commons staff handbook chapter on information security specifically stating that MPs must not share passwords.
“The news that MPs regularly share their passwords with members of their staff is an example of the dangers caused by the mentality that ‘it won’t happen to me’, or ‘it won’t happen to me again’. In this case, the need for teams to easily and quickly access email, social media, or other information has clearly become more of a priority than securing data,” Raj Samani, Chief Scientist at McAfee told ZDNet.
“The House of Commons needs to take steps to ensure that MPs are aware of the dangers of sharing password, it is clear that better cyber education policy is needed in government,” he said.
“It is a reminder that the human element is often the weakest link in the chain – both Dorries herself as a weak link and those she’s willing to trust with her credentials, ” Paul Bernal, senior lecturer, UEA Law School and specialist in internet privacy, told ZDNet.
Bernal suggests that if MPs can’t understand why sharing a password is bad, then they don’t have a chance of scrutinizing legislation around technology.
“If she can’t understand why what she says is so reckless, she’s demonstrating a fundamental misunderstanding of privacy, confidentiality and technology. That’s simply unacceptable in an MP these days – she’s expected to vote responsibly on tech laws including surveillance, intellectual property and more,” he said.
On Monday, the Information Commissioner’s Office said “We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure.”
ZDNet has contacted the House of Commons, but hasn’t received a reply at the time of publication.
READ MORE ON CYBER SECURITYBigger than WannaCry: A giant cyber attack will happen unless we rethink security, says GCHQUK Parliament gets hit by hackers [CNET]Fines for being hacked: If a breach is down to bad security it could cost you millionsBlame shoddy security for UK parliament hack, says reportDefending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse [TechRepublic]