According to an MP, it’s common to share one’s login passwords with their colleagues in the House of Commons.
Defending over just who might have had access to Damian Green’s computer and therefore potentially used it to view pornography, the Tory MP Nadine Dorries admitted that she allows all levels of staff to log on to her computer, including temporary interns.
Dorries revealed her lax attitude to cyber security on Twitter when a retired police officer said Green must have been responsible for the material found on his machine.
“My staff log onto my computer on my desk with my login every day. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!”
Later she went on: “All my staff have my login details. A frequent shout when I manage to sit at my desk myself is, ‘what is the password?'”
“My staff log onto my computer on my desk with my login every day. Including interns on exchange programmes.”
Cyber-security Twitter was horrified. “Nobody, whatever their seniority, should have anyone else’s login details,” said technology writer Kate Bevan.
“I’m going to assume UK MP @NadineDorries didn’t admit to such crazy infosec practices, and instead just had someone else use her Twitter account instead,” said security blogger Graham Cluley.
A social media backlash ensued, forcing the Mid Bedfordshire MP to defend her position with a flurry of tweets claiming sharing passwords was standard practice around parliament, despite being a breach of IT security rules.
Responding to claims she has a “cavalier attitude to data security”, she said she was a backbench MP who did not have access to government documents.
Dorries explained that MPs dealt with vast amounts of email, so had to give staff the ability to read them and respond. But plenty of people pointed out that you can give an assistant access to your email without handing over your password to the whole system.