Documents: UK lawmakers flout explicit password-sharing ban

Cybersecurity awareness posters obtained through a Freedom of Information are pictured in Paris, Monday, Dec. 4, 2017. British lawmakers are flouting explicit instructions to lock their computers and not to share their passwords, documents obtained by The Associated Press show, a revelation that raises questions about the security of Britain's parliamentary network only months after a well-publicized email break-in. (AP photo/Raphael Satter)

Documents obtained by The Associated Press show that British lawmakers are flouting explicit instructions not to share their computer passwords

LONDON β€” British lawmakers are flouting explicit instructions to lock their computers and not to share their passwords, documents obtained by The Associated Press show, a revelation that raises questions about the security of Britain's parliamentary network only months after a well-publicized email break-in.

Conservative Member of Parliament Nadine Dorries first drew attention to the practice on Saturday when she said in a message posted to Twitter that her staff and even interns had access to her log-in details. Dorries defended herself by suggesting that the practice was widespread and that colleagues had no choice but to outsource email management to employees.

"All staff send emails in our name," she said , a statement echoed by fellow Tory lawmakers Will Quince, who said he left his office computer unlocked, and Nick Boles, who revealed that he often forgot his own password "and have to ask my staff what it is."

Documents recently obtained through a British public records request show that lawmakers are explicitly warned by parliament's information technology division to keep their computers locked and not to tell anyone their passwords.

"Make sure that you never share them," reads a slideshow shown to incoming lawmakers, with the words "never share" in bold. Another document β€” a digital services guide addressed to members of the House of Commons β€” warns that lawmakers have been targeted by hackers.

"Never share your password or write it down where others could find it" is among the "minimum" practices the guide advises them to follow. It goes on to suggest that there is no need for lawmakers to share their passwords with employees.

"We can arrange for your staff to access your mailbox, calendar and documents through their own accounts," the guide states. It also reminds lawmakers to keep their computers locked and that: "Cyber security is everyone's responsibility."

The House of Commons press office, which handles inquiries for the lower house of Parliament, confirmed that the ban on password-sharing applied to lawmakers.

"We will generally aim to engage constructively with people found to have been breaching policy inadvertently," the press office said in a statement.

An email sent to Dorries' office wasn't immediately answered. In a Twitter message posted Sunday, Dorries seemed to shrug off the concern over digital safety, suggesting there weren't any government documents on her machine.

"On my computer, there is a shared email account," she said . "That's it. Nothing else. Sorry to disappoint!"

British security researcher Kevin Beaumont said lawmakers routinely handled sensitive messages from their constituents and that by flouting IT staff's instructions "they are failing to provide any protection to those people, their voters."

"Members also sit on the internal Parliamentary network," Beaumont said in an email. "They might not think their PCs can access sensitive information, but rogue actors would absolutely test this theory."

The digital security of Britain's Parliament was thrust into the spotlight in June following an aggressive attempt to break into lawmakers' emails. The hack, which was closely covered in the United Kingdom, came about a year after the dramatic leak of Democratic Party operatives' emails in the heat of the U.S. presidential contest.

Those leaks were blamed by some for derailing the candidacy of former Secretary of State Hillary Clinton and their fallout has overshadowed the presidency of Donald Trump.

___

A previous version of this story has corrected the surname of a British lawmaker to Boles, not Boyles.

___

Online:

Documents relating to Parliament's cybersecurity: https://www.documentcloud.org/public/search/projectid:34689-British-Parliamentary-Documents

___

Raphael Satter can be reached here: http://raphaelsatter.com

Related News

Apple boss Tim Cook optimistic about UK's future...

Feb 9, 2017

Apple CEO Tim Cook says the company the technology giant is committed to Britain's future outside...

Apple's Tim Cook: Fake news is 'killing people's...

Feb 11, 2017

Apple chief executive Tim Cook says fake news is "killing minds," and governments and tech firms...

Yahoo issues another warning in fallout from...

Feb 15, 2017

Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016

Epic 'Planet Earth II' offers creatures'-eye view...

Feb 16, 2017

From jungles to deserts to mountains, the BBC's epic nature series "Planet Earth II" takes viewers...

Uber to investigate sexual harassment claim by...

Feb 20, 2017

Uber's CEO has ordered an investigation into a sexual harassment claim made by a female engineer...

The dirty dozen: UN issues list of 12 most...

Feb 27, 2017

The World Health Organization has issued a list of the top dozen bacteria most dangerous to humans,...

Sign up now!