For help, advice and discussion about stuff not related to aviation. Play nice: no religion, no politics and no axe grinding please.
#1575191
In most arenas this would get you the sack, so I wonder if Nadine Dorries actually means what she tweeted





Semi expect this tweet to be gone by the morning so here's a screenshot
User avatar
By Genghis the Engineer
FLYER Club Member  FLYER Club Member
#1575193
(1) Practices were different 10 years ago - we've all learned a lot more since then about computer security.

(2) I don't know what was on his computer, but if the police found it a decade ago and didn't take any action then, frankly any views now of a retired police officer are of no relevance whatsoever.

(3) There's a difference between a login for the PC, and for things like mail / HR / etc. access - maybe.

G
By riverrock
FLYER Club Member  FLYER Club Member
#1575194
Some longstanding MPs have bought their own computers - which they can use how they want, but most hire them from the Parliamentary Digital Service, for which there are no guest logins. You need a security clearance and network login. So if an MP wants to be able to give an intern something meaningful to do, they end up giving their interns the passwords. Similar happens (for the less IT literate) for office staff to be able to access the MP's official emails (it is their job to help the MP deal with those emails.
Its the joys of having a restrictive IT Security policy which stops people doing the work that they need done - so they ignore it or go round it. Similar happens in companies all of the country.

However - admitting that is what happens / you are doing is probably a bad thing.
By riverrock
FLYER Club Member  FLYER Club Member
#1575195
I will say - the police officer should have either:
a) kept his mouth shut
b) only told the investigating team of his memory

Also it was apparently only one of the PCs in the MP's office. Has anyone said whether it was the MP's PC?

Legal porn hasn't been shown to be a precursor to anything more sinister ( as far as I'm aware). Whether it is moral (etc) is a different discussion. However I struggle to see this as anything more than a smear campaign. The PCs involved must be very close to breaking the Data Protection Act in divulging private information, never mind the ECHR right to privacy. If the "public interest" defence holds up - then that means anything that a red top paper would print could be considered "public interest". It would mean it was legal for a band to print a copy of any celebrity's band statement on the front page, with no more justification than "public interest". There is no special clause in there for the police. If I was Damien Green - I'd be reporting a crime...
By johnm
FLYER Club Member  FLYER Club Member
#1575209
I can only conclude that the retired officers are deliberately out to make trouble. Their motivation is a mystery at this point, but I know who ought to be under detailed investigation and it's not Damien Green.

Shared passwords in the Palace of Westminster was and is probably inevitable, because the set up isn't great and don't ask me how I know because I won't tell you :D
#1575213
I listened to the interview on R4 on Friday and immediately asked SWMBO "who is pulling the strings behind this". The tone of news reports by the Friday night news makes it obvious that a pushback has started, and rightly so.

Use the laws of the land to test whatever gripe you have, or STFU. For an ex officer to be involved, whether as instigator, or pawn, is wrong.
#1575254
Sharing a login is just not necessary. Email addresses can be set up separately for personal, constituency, ministerial role etc, and specific email accounts have logins that can be shared or they can be group accounts for multiple people to access. There is no need to share a computer login and it does break the IT security policy that has been pretty standard across HMG since I've been involved with it (13 years), so should have disciplinary consequences for Ministers the same as for civil servants/contract staff.
By johnm
FLYER Club Member  FLYER Club Member
#1575256
Lindsayp wrote:Sharing a login is just not necessary. Email addresses can be set up separately for personal, constituency, ministerial role etc, and specific email accounts have logins that can be shared or they can be group accounts for multiple people to access. There is no need to share a computer login and it does break the IT security policy that has been pretty standard across HMG since I've been involved with it (13 years), so should have disciplinary consequences for Ministers the same as for civil servants/contract staff.



You know that and I know that, but the users in the Palace of Westminster certainly didn't 10 years ago :roll: :D
#1575265
Indeed the politicians are unlikely to have known it but the IT staff there did - I worked with a guy at that time in the HO who had come from being IT Manager for the Houses of P.

As they say in court, ignorance is not an excuse, just a way of being...
#1575296
Lindsayp wrote:.. it does break the IT security policy.., so should have disciplinary consequences for Ministers the same as for civil servants/contract staff.


ah, but, at that time the MP was 'only' a Shadow Spokesman, not a Minister. Thus, technically, he was 'self-employed', as all MPs except Ministers and (senior) Government Whips (and the Leader of the Opposition, who has a salary as such) are. Thus, he could not be 'disciplined' then as an employee by any sort of 'HR' action. Any 'discipline' could only come, then and now, through his Party (National or Constituency). The media coverage suggests that this could now be problematic for his Leader :roll:

[of course, I do know and should mention that he has denied downloading or viewing even legal (at the time) 'porn' using a computer in that office. If that denial is disbelieved by the Cabinet Office investigators, or his Leader, his false denial may be regarded as a more serious offence than any original 'porn']

For a Civil Servant (to my knowledge, from a fairly recently retired local CS senior HR bod), and I assume for any employee in the public sector and presumably many private companies, viewing even legal 'porn' at the workplace or using work-provided facilities would certainly invite disciplinary action, and in many Civil Service ones likely dismissal.

On the other issue raised, the actions of the retired Police Officers: AIUI (but happy to be corrected), the recent sequence of events was: the senior Officer conducting the 'leak' investigation which lead to the seizures at Portcullis House (which were presumably with a Warrant and with the permission of the Speaker) recently published his memoirs, in which he repeated the allegation about 'porn' which had been made at the time; the MP repeated the denials which he had made at the time; another Officer, who had been the one who actually examined the seized PCs then described what he had found, which was download and viewing of (legal) 'porn' thoroughly mixed in adjacent timings with correspondence both private and official from the MP. This did not 'prove' that the MP had done it, of course, as the Officer admitted. The Officer was thus publicly defending and corroborating his colleague who had just been equally publicly accused of malicious mendacity by the MP. I understand the Officer's dilemma.

And, finally, yes, sharing passwords is a bad idea, and was unnecessary even then with a properly organised set-up and trained and disciplined users. But MPs did not and do not have to accept any training nor discipline from mere 'officials' :roll:
#1575298
riverrock wrote:Its the joys of having a restrictive IT Security policy which stops people doing the work that they need done - so they ignore it or go round it. Similar happens in companies all of the country.

It is possible that the security policy is 'too restrictive' (maybe johnm or lindsaysp could comment on that) but in my experience even sensible security policies which are properly designed to protect personal and organisational data are disparaged or ignored by people who think they are too (self-)important for the rules to apply to them, or that they would never fall victim to any kind of threat, targeted or otherwise. Modern IT systems can cater for the needs of shared access, group work, and collaboration perfectly well, without the need to share passwords, if resourced and built properly (and not going for the cheapest, 'minimum viable product' approach)

riverrock wrote:However - admitting that is what happens / you are doing is probably a bad thing.

That too.
#1575302
dhs wrote:..even sensible security policies which are properly designed to protect personal and organisational data are disparaged or ignored by people who think they are too (self-)important for the rules to apply to them, or that they would never fall victim to any kind of threat, targeted or otherwise. ...


.. and/or may be instinctively hostile to or suspicious of those offering advice, which I have been told has happened with some MPs when offered advice by 'mere officials' :roll:

[This sort of suspicion of expert and well-meant security advice is not new, of course. During WW2 the folks at Bletchley Park were systematically monitoring the enciphered diplomatic communications passing between the Free French Government in exile in London and the extant Free French diplomatic representations overseas. They discovered that the ciphers were weak, and almost certainly breakable by German codebreakers as they were by BP ones; in some cases ULTRA proved this was so. Furthermore, the deciphered contents revealed sensitive Allied diplomatic and occasionally military secrets. A demarche to FFG was approved under the coverstory that the transmissions had been serendipitously monitored, and the fact that they were Free French was determined only when the ciphers had been readily broken. A better cipher system was offered. The FFG response was 'ah, but if we take your advice on this, you British will be able to read our messages'; 'but we already could if we chose, but if you make these changes we still could if we chose, but the Germans will not be able to, although they probably can now'. The FFG did change their ciphers, but out of suspicion of British motives it was to a new one of their own devising, which was just as weak. This led to a policy of UK, US and Canadian diplomatic and military officials sharing much less withthem, which infuriated de Gaulle]
#1575305
kanga wrote:
dhs wrote:..even sensible security policies which are properly designed to protect personal and organisational data are disparaged or ignored by people who think they are too (self-)important for the rules to apply to them, or that they would never fall victim to any kind of threat, targeted or otherwise. ...


.. and/or may be instinctively hostile to or suspicious of those offering advice, which I have been told has happened with some MPs when offered advice by 'mere officials' :roll:

And not just MPs... :evil: