Skip to main content
banner image
venafi logo

British MPs Pushing for Encryption Backdoors, Leave Their Own Front Doors Open

British MPs Pushing for Encryption Backdoors, Leave Their Own Front Doors Open

encryption backdoors
December 8, 2017 | David Bisson

Numerous UK citizens have expressed their concerns over what are flagrantly poor data security practices among several members of Parliament (MPs).

On 2 December, MP Nadine Dorries was just one of several politicians to come to the defense of Damian Green following the publication of a BBC News article a day earlier. In the story, former Scotland Yard detective Neil Lewis explains how he examined the senior Tory MP's computer during a government inquiry in 2008 and came across "thousands" of pornographic thumbnail images. The Metropolitan Police chastised Lewis for making information acquired through a government inquiry public, but the damage was done.

Which brings us to Dorries. The MP took to Twitter to dispute the notion that Green was responsible for having downloaded the pornographic content to his computer. She did so by revealing that her staff use her login to access her computer every day, thereby raising the possibility that one of Green's staff members could have accessed the porn.


Those upset by Green as well as members of the information security community immediately turned their attention to Dorries. She did her best to justify her answer. However, she only made matters worse.


See the resulting Twitter storm:

For example, one individual asked her if she was aware of foreign hackers accessing UK government computers. In response, she wondered whether anyone would want to target "an MP with a computer in a shared office upon which lives an email account." Security expert Graham Cluley explains what's wrong with that statement:

Oh dear... She's wrong, of course. I would bet my bottom dollar that there is plenty of information on her PC that would be of value to criminals (they'd probably ignore the porn). It's not just the personal information of the people she corresponds with, but also the fact that her PC, email and social media accounts could be used as a launchpad for attacks against others.

Dorries also claimed that an investigation into all MPs' computers would yield a record of porn viewership, which doesn't paint a flattering picture of how UK politicians spend their time.

At that point, other MPs joined the conversation. Their comments revealed similarly poor data security practices in the UK government. Will Quince, for example, said he routinely leaves his computer unlocked because he trusts his team with his computer and that his office manager knows his password. And then there's Nick Boles, who admitted he doesn't know his password and that he frequently needs to ask his staff for it.

Needless to say, people were not pleased by these MPs' confessions of risky behavior, and they had reason to feel disgusted. On the one hand, it's an issue of following government regulations. Some Twitter users pointed out that the House of Commons Staff Handbook (PDF) specifically urges members to not share their passwords with others. The Information Commissioner's Office (ICO) affirmed this obligation among MPs in a tweet:

We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure.

On the other hand, it's about a failure to lead by example. If Dorries, Quince, Boles, and other MPs refuse to follow best data security practices, they are in a weak position to discuss encryption backdoors and other measures that would affect all UK citizens' data security. Until they change their behaviors, they therefore can't claim the authority to know for what reasons regular people use encrypted messaging apps like WhatsApp and Telegram, among other issues of security and privacy.

Members of Parliament should not be accessing pornographic content on their computers. Even more importantly, however, they should be taking steps to strengthen their digital security. That includes guarding their passwords…just like ordinary users should do.

Like this blog? We think you will love this.
Featured Blog

EARN IT Act Is Back and So Is Debate Over End-To-End Encryption

The Eliminating Abusive and Rampant Neglect of Interactive T

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more