It has been reported that an MP and House of Lords peer travelled to Syria earlier this month and inexplicably, decided to live tweet their location.
Lloyd Russell-Moyle and Maurice Glasman informed no one of the trip.
According to the Guido Fawkes blog, order-order.com here, the news that the pair were in Syria ‘sparked panic across the two departments’, with officials ‘furious that the lives of British armed forces would be put at risk’ if they had to be sent in should something go wrong.
In the article, the government are quoted as responding:
“This was an utterly reckless act that could have led to our armed forces being put in danger had they been kidnapped. It is mind-numbingly stupid given the political climate and could have severe consequences in terms of ongoing court cases over here.”
Read more about this here.
This is perhaps the worst example of what appears to be a severe lack of information security on display by many in Parliament. Earlier in the year, we reported that Member of Parliament Nadine Dorries sparked widespread concern after claiming it was common practice for MPs to share computer log-in details with staff and interns.
This is an incredibly irresponsible example of poor cyber security, information security awareness and overall lack of accountability this generates. One of the most basic security mistakes out there is sharing account credentials. It should also be noted, this is one of the MPs who is trying to ban or limit encryption.
Parliamentary ICT (PICT) Security Policy specifically states on the matter:
Additional sections repeatedly make clear that passwords must not be shared.
My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!
— Nadine Dorries (@NadineDorries) December 2, 2017
Jim Killock, of the Open Rights campaign group, said:
“On the face of it, Nadine Dorries is admitting to breaching basic data protection laws, making sure her constituents’ emails and correspondence is kept confidential and secure. She should not be sharing her log-in with interns.
“More worryingly, it appears this practice of MPs sharing their log-ins may be rather widespread. If so, we need to know.”
I certainly do. In fact I often forget my password and have to ask my staff what it is.
— Nick Boles MP (@NickBoles) December 3, 2017
The Information Commissioners Office said:
“We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. In the meantime, we would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure.”
We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure. https://t.co/FLPeP8M7c8
— ICO (@ICOnews) December 4, 2017
Raj Samani, chief scientist at McAfee said in an interview with the Telegraph today:
“The news that MPs regularly share their passwords with members of their staff is an example of the dangers caused by the mentality that ‘it won’t happen to me’, or ‘it won’t happen to me again. In this case, the need for teams to easily and quickly access email, social media, or other information has clearly become more of a priority than securing data.
The House of Commons needs to take steps to ensure that MPs are appropriately educated on the dangers of sharing their passwords. It is clear that better cyber education policy is needed in government.”
They need their own logins for traceability, data protection, security & more. The set up you describe is a shambles that you should be ashamed of and must fix ASAP
— FXFollower (@FollowingFX) December 2, 2017
It’s disturbing how careless MPs of all stripes are so careless about basic cyber security, especially as 2017 has seen cyber attack wreak havoc with public sector systems such as the NHS.