Password-sharing MPS ‘put UK at risk of attack’
MPS have been warned they could be unwittingly helping foreign hackers access Government secrets after admitting they share their work computer passwords. It follows tweets from three Conservative MPS claiming their staff regularly used their login details.
The Information Commissioner’s Office, which protects data-privacy in the UK, said it was making enquiries. Commons officials emailed MPS to warn them that such actions “put the entire parliamentary network at risk”.
The House of Commons handbook says MPS’ staff must not share passwords, but this does not appear to extend to MPS themselves. Conservative MP Nadine Dorries (pictured) was the first to reveal she shares her password. She was defending First Secretary of State Damian Green who has been accused of having pornography on a work computer.
The Mid Bedfordshire MP said it was “utterly preposterous” for police officers to assume that because the PC was used by Green, he was responsible for downloading the porn. She said that her staff, including interns, logged on to her computer “every day”. She added: “A frequent shout when I manage to sit at my desk myself is, ‘what is the password?’”
Other MPS also admitted sharing passwords, including Nick Boles, who represents Grantham and Stamford. He said he gives access to four members of staff so they can deal with letters and emails from constituents. Will Quince, MP for Colchester, said he leaves his computer unlocked so staff can use it, adding: “Ultimately, I trust my team”.
Security experts slammed the MPS’ “cavalier” attitude to passwords. Australian researcher Troy Hunt, who runs the website Have I Been Pwned? ( https://haveibeenpwned.com), said it shows “a fundamental lack of privacy and security education”.
Consultant Graham Cluley wrote on his blog ( www.snipca.com/26438): “It should worry us all if the very people who are tasked with legislating on internet privacy and security issues are proving to be so utterly clueless”.