Digital Life
I know it’s a while ago, but the fuss surrounding the MP Damian Green’s enforced resignation in December has been bothering me. If you recall, he lost his job partly because of a claim there was pornography stored on his House of Commons computer.
Unsavoury though that thought is, it’s not what upset me. What did irritate me was the level of ignorance of basic computer security – verging on arrogance – displayed by some other MPS at the time. They clearly do not understand how computers work but, worse, they openly, even proudly, displayed a reckless contempt for the integrity of parliamentary data.
Nadine Dorries MP said, ‘My staff log on to my computer on my desk with my login every day, including interns on exchange programmes.’ Nick Boles MP can’t recall his password and asks his staff what it is; Will Quince MP admitted leaving his computer unlocked, so anyone can use it.
Each of these computers is linked to the parliamentary network, and so each has the potential to be used to access all other parts of the network by a determined felon. I don’t say that Dorries & Co could do it; in fact, I’m sure they couldn’t, especially if they can’t even remember a password. But plenty of others can. (How about those ‘interns on exchange programmes’? Any of them Russian?)
Secondly, while there is nothing wrong with sharing a computer with colleagues, it is simple good practice that each person logs in with their own password. This has two main benefits. It means the computer will, magically, revert to looking and behaving as each user wants it to, and it removes any doubt as to who is doing what from time to time. This is especially important when remote access to the computer is allowed, as it is for MPS, because anyone in the world with the password might be able to connect and poke around.
What most people don’t realise is that computers record almost every keystroke and click, and who was logged in at the time; I’ve no doubt this capacity is enhanced and centralised on a big network like the parliamentary one. So, if you share your password, not only are you enabling others to behave badly in your name, but you are also, in effect, leaving your front-door key in the lock when you go out.
The people who run the Commons system know all this and, in their staff handbook, they say, firmly, ‘You must… lock your workstation, even if you are away for only a few moments’ and ‘You must not (sic) … share your password.’
Locking a computer is easy and is a good habit to get into, especially with grandchildren buzzing around the house. Simply hold down a Windows key and then press L (the Windows keys are bottom left and right on your keyboard, with the Windows symbol on them) or, if you are an Apple user, and depending on which one you have and how it’s set up, control+shift+power or control+shift+ eject. Unlock with your normal password.
What are we to do with MPS who are careless about security? The best I can hope for, to quote Mr Bumble, is that their eyes may be opened by experience. It is quite possible that, as well as running security risks, these MPS are breaching the Data Protection Act, and a prosecution or two pour encourager les autres might be a valuable revelation.
I suspect that almost all MPS stick to the rules, but a network is only as strong as its weakest links – which, in this case, are the more thoughtless Honourable Members.