UK watchdog has to remind MPs not to share their passwords
Three Conservative MPs believe that sharing passwords is for the greater good.
With the number of computer-based attacks steadily rising in the UK, Britons have been warned over and over again to use strong passwords, to ensure they're not recycled and to never disclose them to a third party. So when three Conservative MPs came out over the weekend admitting to sharing their credentials with interns and other members of staff, it's easy to see why the UK's data watchdog is none too pleased.
In the space of the last few days, Nadine Dorries MP, Nick Boles MP and Crispin Blunt MP claimed that they share passwords with fellow office workers in order to perform tasks on their behalf. Ms Dorries said that her team logged into her computer using her details "everyday," which was a message that was later echoed by Mr Boles in a tweeted reply. Mr Blunt later explained on Channel 4 News that he allowed such actions because "we don't live a life where we are actually able to spend lots of time sitting in our office browsing our computers."
My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!
— Nadine Dorries (@NadineDorries) December 2, 2017
The admissions came after claims that First Secretary of State Damian Green should be held responsible for viewing pornography on his work computer. Mr Green denied doing so and has since been urged to step down.
Today, the Information Commissioner's Office acknowledged that it had been made aware of reports that MPs are happy to pass around their logins and passwords and has begun talking to the "relevant parliamentary authorities":
We're aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure. https://t.co/FLPeP8M7c8
— ICO (@ICOnews) December 4, 2017
Sharing logins isn't illegal but the House of Commons Staff Handbook categorically states that party employees should not share their passwords. However, MPs are allowed to decide for themselves how they interpret such instructions.
The common reason for interns and other staff members to access MP computers appears to be to update calendars and respond to emails on a minister's behalf, tasks that could be handled remotely via a shared inbox or grouped computer policies.
As a nation, politicians aren't expected to be cybersecurity experts, but they are expected to be aware of basic online and computer protections. That's why today's warning, while embarrassing, is totally necessary.