Documents: UK lawmakers flout explicit password-sharing ban

  

British lawmakers are flouting explicit instructions to lock their computers and not to share their passwords, according to documents obtained by The Associated Press, a revelation that raises questions about the security of Britain's parliamentary network only months after a well-publicized email break-in.

Conservative Member of Parliament Nadine Dorries first drew attention to the practice on Saturday when she said in a message posted to Twitter that her staff and even interns had access to her log-in details. Dorries defended herself by suggesting that the practice was widespread and that colleagues had no choice but to outsource email management to employees.

"All staff send emails in our name," she said , a statement echoed by fellow Tory lawmakers Will Quince, who said he left his office computer unlocked, and Nick Boyles, who revealed that he often forgot his own password "and have to ask my staff what it is."

Documents recently obtained through a British public records request show that lawmakers are explicitly warned by parliament's information technology division to keep their computers locked and not to tell anyone their passwords.

"Make sure that you never share them," reads a slideshow shown to incoming lawmakers, with the words "never share" in bold. Another document—a digital services guide addressed to members of the House of Commons—warns that lawmakers have previously been targeted by hackers and that, "At a minimum, you should make sure that you ... Never share your password or write it down where others could find it."

The guide goes on to suggest that there is no need for lawmakers to share their passwords with employees.

"We can arrange for your staff to access your mailbox, calendar and documents through their own accounts," the guide says. Elsewhere, it reminds lawmakers to keep their computers locked and that: "Cyber security is everyone's responsibility."

The House of Commons press office—which handles inquiries for the lower house of Parliament—did not immediately return messages seeking comment. An email sent to Dorries' office was not immediately answered either. In message posted to Twitter on Sunday, Dorries seemed to shrug off the concern over her digital safety, suggesting there weren't any government documents on her machine.

"On my computer, there is a shared email account," she said . "That's it. Nothing else. Sorry to disappoint!"

British security researcher Kevin Beaumont said lawmakers routinely handled sensitive messages from their constituents and that by flouting IT staff's instructions "they are failing to provide any protection to those people, their voters."

"Members also sit on the internal Parliamentary network," Beaumont said in an email. "They might not think their PCs can access sensitive information, but rogue actors would absolutely test this theory."

The digital security of Britain's Parliament was thrust into the spotlight in June following an aggressive attempt to break into lawmakers' emails. The hack, which was closely covered in the United Kingdom, came about a year after the dramatic leak of Democratic Party operatives' emails in the heat of the U.S. presidential contest.

Those leaks were blamed by some for derailing the candidacy of former Secretary of State Hillary Clinton and their fallout has overshadowed the presidency of Donald Trump.

Explore further: UK Parliament investigates cyberattack on user accounts

More information: Documents relating to Parliament's cybersecurity: www.documentcloud.org/public/s … liamentary-Documents