Members of Parliament have become the latest victim of hackers. Jeremy Swinfen Green, Teiss’s Head of Consulting and Training, wonders whether they are fit to legislate on technical matters.
Is the Parliament qualified to decide on data security, privacy and online censorship laws, given they keep getting breached?
Last week’s hacking of the Parliamentary email system demonstrates the weakness of at least some MPs when it comes to keeping cyber safe.
As is so often the case, it looks as though MPs trusted technical defences to do the work of keeping them safe. In fact they should bear at least some of the burden by behaving safely.
However, they failed to behave safely. According to parliament.uk, accounts that were hacked “as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service”.
If that is the case then it is hardly the fault of technical defences. Although one might argue that compulsory two factor authentication (2FA) would have helped secure even accounts with very weak passwords. (2FA involves users have to enter a code they have been sent, as well as their password and user name, to log in. It's easy although it can be irritating. Which is perhaps why it isn't used in Parliament.)
Hacking is big business
MPs will surely hold a good deal of personal information about their constituents. Some of this will be highly sensitive information: information about health, discrimination, or criminal records, as individual raise issues of unfairness or incompetence with their representatives.
So why do some MPs feel that it is acceptable to be slapdash about security?
A lack of basic knowledge about technology
Their attitude to security is just one example of the misunderstandings about technology that seem to be common in the Commons. Let’s think of a few other examples.
- A proposal in the Conservative manifesto that social media services should be forced to take down content posted by children when those children reach 18. Admirable on the surface, given the foolish posts people make. But ineffective as content frequently gets shared and posted elsewhere. Such a proposal if enacted would be likely to give people false confidence and potentially spur children to make posts that were damaging to themselves
- A proposal by ex-PM David Cameron to force technology companies to build “back-doors” into devices and services so that content can be investigated by security services. This troubling proposal would be likely to have massively damaging effects on privacy as those back-doors would inevitably and quickly become known to hackers.
- A proposal in the Labour manifesto to deliver universal superfast broadband (30Mbps+) by 2022. Wonderful. And in my house in southwest London I get around 70Mbps. Or at least I pay for that. The reality is that I get around a tenth of that most of the time. And on occasion it can be as low as 300kbps! (Yes I live as far away as is possible from the boxes at both ends of my street.) Delivering reliable universal superfast broadband would in practice involve laying a lot of cable in a lot of streets. Any pledges about broadband speed need to take account of reality.
- A proposal in the Conservative manifesto to “put a responsibility on industry not to direct users – even unintentionally – to hate speech, pornography, or other sources of harm”. Even unintentionally? How is that going to work? Again, this proposal would simply give people a false sense of confidence.
- An ambition to “create a new presumption of digital government services by default and an expectation that all government services are fully accessible online, with assisted digital support available for all public sector websites.” Unfortunately while 90% of UK households have internet access, 10% (2.5 million) don’t. In fact only around 55% of single pensioner households have internet access. So providing them with “assisted digital support” won’t be much use. The digitally dispossessed will be with us for a while yet and government needs to take account of that.
There seems to be a lack of common sense as well as a lack of knowledge when it comes to digital technology. An inability to go beyond the hype and look at the reality of people’s everyday experience.
In the future one might expect our representatives to have a better idea of the reality of living with digital technology. Unfortunately the education we provide at school doesn’t fill me with hope that this will happen. And the opportunity to provide this education to at least some people, with an IT GCSE that focusses on business and social realities, has been lost.
Digital technology may be hard to understand. But the reality of what it provides, and how to live safely with it, is not complex. MPs need to develop better insights if they are to be fit to legislate on this crucial area.
Image under licence from thinkstockphotos.co.uk, copyright fisfra