Discussion in 'Article Discussion' started by bit-tech, 4 Dec 2017.
Damn those MPs and their annoying creaching
In most other organisations, sharing logon details is a disciplinary or even a sackable offence. I don't suppose we'll be so lucky with our MPs?
What's more worrying is that these people are in charge of important legislation like the Snoopers' Charter. How can they be expected to legislate on our national IT security when they don't seem to be aware of even the most basic of security precautions?
Whoopsie-dupsie - I'll go fix, ta!
Haha wow, and we're supposed to listen to some of these people about cyber security?
So I guess the £10 million for cyber security from here will be spent training MPs in how to keep their passwords safe?
It's very convenient for MPs to do this as all auditing of their actions goes out the window.
Cue a clause exempting MPs and parliamentary staff from the Data Protection Act and/or Misuse of Computers Act getting snuck through in 3... 2... 1...
They don't know what they're doing, and moreover they don't think it matters because they are in charge.
Also idly wonders how many of the MPs who've fessed up to doing **** like this, were also up in arms after that NHS Ransomware incident...
'I don't need to know how Encryption works...'
I feel all warm and snugly knowing the people passing laws on my privacy and security can't even grasp the most basic tenants of both.
I don't see why sharing their passwords is an issue. You know they are probably using the word, 'password' anyway.
Also, I just figured 'creach' was one of those British-only words.
If the problem is widespread, it's an indication that either their IT infrastructure or the governing procedures don't meet the actual working requirements of the MPs.
From what i gather the governing procedures are fairly unambiguous, there's the Advice for Members and their staff handbook, the Information Security Responsibilities handbook, the Data protection law that they actually passed, discussed, and voted on, and i dare say there's loads more rules and regulations telling them not to share their password and allowing any tom, dick, or harry access to their constituents confidential communications.
It's also my understand that because MP's are using Office 365 that they can use 'delegate level access' so it seems doubtful that it would be an infrastructure issue.
Apparently though we're all misogynistic trolls according to Nadine for making such a big issue of this, maybe that's why this hasn't been covered more by the media, i would have thought MPs from whatever party their from as it seems the practice of sharing login details is wide spread, i would have thought admitting that there's no confidentiality between constituents and the people they elected to represent them would be headline news, i guess I'm wrong though. /R
With Amber "I don't need to understand how encryption works" Rudd at the helm, that's not surprising.
I was referring to governance of the IT system such as access levels granted to people rather than the rules that users must follow.
Article updated with MPs being told to stop being idiots by both the Parliamentary ICT Security team and ICO.
More likely that the MPs have no idea what they're doing and are too arrogant to ask. I know for a fact they use Outlook with an Exchange server, and as Troy Hunt proves 'ere there are proper, fully-functional, secure, trackable ways to let your staff handle your emails without throwing your username and password at 'em - and they're literally a couple of clicks away at any time.
Hey, @MLyons - it's done it again. I typo'd "breach" as "creach" in the lede, fixed it yesterday, and now it says "creach" again. (Well, not any more, 'cos I've fixed it again - but it did.)
I'm not saying they're not inept and need training. Just that people doing silly things across a full organisation is an indication of systems and pragmatic reality not matching up. An indicator not a definite concrete piece of evidence.
Separate names with a comma.