Skip to main content
banner image
venafi logo

British MPs Pushing for Encryption Backdoors, Leave Their Own Front Doors Open

British MPs Pushing for Encryption Backdoors, Leave Their Own Front Doors Open

encryption backdoors
December 8, 2017 | David Bisson

Numerous UK citizens have expressed their concerns over what are flagrantly poor data security practices among several members of Parliament (MPs).

On 2 December, MP Nadine Dorries was just one of several politicians to come to the defense of Damian Green following the publication of a BBC News article a day earlier. In the story, former Scotland Yard detective Neil Lewis explains how he examined the senior Tory MP's computer during a government inquiry in 2008 and came across "thousands" of pornographic thumbnail images. The Metropolitan Police chastised Lewis for making information acquired through a government inquiry public, but the damage was done.

Which brings us to Dorries. The MP took to Twitter to dispute the notion that Green was responsible for having downloaded the pornographic content to his computer. She did so by revealing that her staff use her login to access her computer every day, thereby raising the possibility that one of Green's staff members could have accessed the porn.

MP-passwords-1.png

Those upset by Green as well as members of the information security community immediately turned their attention to Dorries. She did her best to justify her answer. However, she only made matters worse.

MP-passwords-2.png

See the resulting Twitter storm: https://twitter.com/NadineDorries/status/937019367572803590

For example, one individual asked her if she was aware of foreign hackers accessing UK government computers. In response, she wondered whether anyone would want to target "an MP with a computer in a shared office upon which lives an email account." Security expert Graham Cluley explains what's wrong with that statement:

Oh dear... She's wrong, of course. I would bet my bottom dollar that there is plenty of information on her PC that would be of value to criminals (they'd probably ignore the porn). It's not just the personal information of the people she corresponds with, but also the fact that her PC, email and social media accounts could be used as a launchpad for attacks against others.

Dorries also claimed that an investigation into all MPs' computers would yield a record of porn viewership, which doesn't paint a flattering picture of how UK politicians spend their time.

At that point, other MPs joined the conversation. Their comments revealed similarly poor data security practices in the UK government. Will Quince, for example, said he routinely leaves his computer unlocked because he trusts his team with his computer and that his office manager knows his password. And then there's Nick Boles, who admitted he doesn't know his password and that he frequently needs to ask his staff for it.

Needless to say, people were not pleased by these MPs' confessions of risky behavior, and they had reason to feel disgusted. On the one hand, it's an issue of following government regulations. Some Twitter users pointed out that the House of Commons Staff Handbook (PDF) specifically urges members to not share their passwords with others. The Information Commissioner's Office (ICO) affirmed this obligation among MPs in a tweet:

We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure.

On the other hand, it's about a failure to lead by example. If Dorries, Quince, Boles, and other MPs refuse to follow best data security practices, they are in a weak position to discuss encryption backdoors and other measures that would affect all UK citizens' data security. Until they change their behaviors, they therefore can't claim the authority to know for what reasons regular people use encrypted messaging apps like WhatsApp and Telegram, among other issues of security and privacy.

Members of Parliament should not be accessing pornographic content on their computers. Even more importantly, however, they should be taking steps to strengthen their digital security. That includes guarding their passwords…just like ordinary users should do.

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Why Encryption Should Be the Next Step in Operationalizing GDPR Compliance

Why Encryption Should Be the Next Step in Operationalizing GDPR Compliance

Russia-Yandex Encryption Spat Highlights Trust as a Competitive Business Advantage

Russia-Yandex Encryption Spat Highlights Trust as a Competitive Business Advantage

https phishing, tls certificate, phishing scam

FBI Warns Users about Phishing Campaigns that Leverage HTTPS Websites

About the author

David Bisson
David Bisson

David Bisson writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat