Newsletter - sign up here
Search Webster
Webster's pieces from The Oldie
Webster's Webwatch

Lock it up!

March 2018

I know it’s a while ago, but the fuss surrounding the MP Damian Green’s enforced resignation in December has been bothering me.  If you recall, he lost his job partly because of a claim that there was pornography stored on his House of Commons computer.

Unsavoury though that thought is, it’s not what upset me.  What did irritate me was the level of ignorance of basic computer security – verging on arrogance – displayed by some other MPs at the time.  They clearly do not understand how computers work but worse, they openly, even proudly, displayed a reckless contempt for the integrity of parliamentary data.

Nadine Dorries MP, for example, said ‘My staff log onto my computer on my desk with my login every day. Including interns on exchange programmes’.  Nick Boles MP can’t recall his password and asks his staff what it is; Will Quince MP admitted leaving his computer unlocked so anyone can use it.

Let’s understand what’s at stake, here.  Each of these computers is linked to the Parliamentary network, and so each has the potential to be used to access all other parts of the network by a determined felon.  I don’t say that Dorries & Co could do it, in fact I’m sure they couldn’t, especially if they can’t even remember a password, but plenty of others can (how about those ‘interns on exchange programmes’, Miss Dorries?  Any of them Russian?). 

Secondly, whilst there is nothing wrong with sharing a computer between colleagues, it is simple good practice that each person logs in with their own password.

This has two main benefits.  It means that the computer will, magically, revert to looking and behaving as each user wants it to, and it removes any doubt as to who is doing what from time to time.  This is especially important when remote access to the computer is allowed, as it is for MPs, because anyone in the world with the password might be able to connect and poke around.

What most people don’t realise is that computers record almost every keystroke and click and who was logged in in at the time; I’ve no doubt this capacity is enhanced and centralised on a big network like the Parliamentary one, as in any large company.  So, if you share your password, not only are you enabling others to behave badly in your name, but you are, in effect, leaving your front door key in the lock when you go out.

Of course, the people who run the House of Commons system know all this, and in their Staff Handbook they say, firmly, ‘You must…lock your workstation, even if you are away for only a few moments’ and ‘You MUST NOT (sic) … share your password’.

Locking a computer is easy, by the way, and is a very good habit to get into, especially if there are grandchildren buzzing around the house. Simply hold down a Windows Key and then press ’L’ (the Windows Keys are bottom left and right on your keyboard, with the Windows symbol on them).  Unlock with your normal password.

So, what are we to do with MPs who are careless with security and expose the Mother of Parliaments to unknown risks?  The best I can hope, to quote Mr Bumble, is that their eyes may be opened by experience.  It is quite possible that as well as running security risks, these MPs are breaching the Data Protection Act (the Information Commissioner has already raised an eyebrow), and a prosecution or two pour encourager les autres might be a valuable revelation.

I suspect that almost all MPs stick to the rules, but a network is only as strong as its weakest links – which, in this case, are the more thoughtless Honourable Members.

Some useful links: 

Click here for the House of Commons Staff Handbook

Link to the Chapter on Information Security

Click here for Nadine Dorries’s Tweets and the responses she received