The Twitter opening of Anna Kontula, member of parliament for the Left Alliance, has caused consternation. The data security expert considers the activity alarming.
Kontula’s tweet has caused concern. Petteri Paalasmaa / Screenshot
Anna Kontula (Left) tweeted on Tuesday that he used the open Wifi connection of the Helsinki metro to update his phone.
“I use the Wifi of the Helsinki metro when I need to make mandatory updates to the phone for the parliament, which it does not agree to do with mobile data”, Kontula tweeted.
When a Twitter user further asked in detail whether Kontula does parliamentary work on a public open network, Kontula replied: “Yup.”
Picture from Kontula’s tweet. Screenshot
The opening of Kontula was worrying, as open networks can be a data security risk.
Data security expert Petteri Järvinen finds Kontula’s actions worrying and even reprehensible.
– When I saw the tweet, I thought that this couldn’t be true. Is Kontula making a joke here? The fact that a member of parliament would have to work or even update his phone on the subway network cannot be true. It’s a bad joke, Järvinen tells Iltalehte.
– If you have logged into such a network once, the device will automatically log into it whenever you are near it, unless you delete the login information from others. This is deceptive, because even if no work is done, the device is logged into the network.
Using an open network is a data security risk that, according to Järvinen, an MP should not take under any circumstances.
– When connected to such a network, the phone is visible to all other users of that network. Someone will definitely recognize the person or can intentionally monitor and monitor the message traffic. Even if a VPN is in use, there is always a risk that some data will be leaked, says Järvinen and adds:
– If the IT expertise in the parliament is really at this level, is the VPN also in bombproof condition?
Attackers at risk
According to Järvinen, an actor with sufficient knowledge could gain access to the data of a phone connected to an open network.
– We can talk directly about, for example, Russia and the Pegasus spying programs or the Chinese, whom Supo revealed a couple of years ago had access to the parliament’s e-mail. Actors at this level are able to develop or buy spyware themselves, which can be tried to be entered into MPs’ phones, which in turn can be used to access, for example, the Parliament’s internal network.
According to Järvinen, if it is a parliamentary phone, it should be remotely controlled so that its access to open networks can be prevented.
– If it is a parliamentary phone, information security and device management cannot be at this level, Järvinen states.
Parliament’s wireless network is notoriously bad. This has also been confirmed by journalists who worked there. However, according to Järvinen, a bad network cannot be the reason why open networks are being used.
– In such cases, there should be alternatives other than public network connections. There should be at least one point in Parliament where you can update your device. There is an unusual risk that the devices would not be updated because it is not possible to do so at the workplace. After all, it is even an obligation at all workplaces that the devices are updated.
Administrative director: MPs instructed
Administrative Director of the Parliament Pertti Rauhio says that it is not possible to comment directly on the affairs of an individual customer or to provide information on the basis of which an external entity could evaluate the parliament’s information security arrangements.
– Yes, the parliament offers a WLAN network for various purposes, and of course there are bugs and errors. For that, we have professionals who fix these defects and deal with these problems, says Rauhio.
Many journalists working in the parliament have come across the poor functionality of the parliament’s visitor network. Rauhio says that there has been no similar feedback from the parliament’s own internal network.
– There has been no such feedback regarding the use of the (Parliament’s) own internal network, where representatives and civil servants can work. This is not in itself a statement on whether any of our individual customers have made a mistake on their own behalf. These issues must be determined on a case-by-case basis, Rauhio answers.
According to Rauhio, MPs have been given instructions regarding data security both at home and abroad. Especially for foreign countries, the instructions are quite precise.
However, Rauhio does not want to take a position on whether the use of public and open networks is prohibited.
– I will not take a position on that, because it is directly related to this discussion, says Rauhio.
MP Kontula tells Iltalehti that he does not remember receiving formal instructions on the use of public networks.