IT loaned to MPs (2023)

Response

In the first instance, please note that, apart from loans via the Parliamentary Digital Service (PDS), Members may also possess computer equipment which they have purchased directly themselves. In these instances, they may choose to make expense claims for these purchases to the Independent Parliamentary Standards Authority (IPSA), and you may wish to make a request to them also; details on how to do this can be found on the IPSA website.

[I would like to request the following information:]
1) The makes & models of phones, laptops, and tablets issued to currently serving MPs.
and
2) The total number of each phone, laptop and tablet model issued to MPs.

Some information is held by the House of Commons. We hold details of the makes and models of laptops and tablets issued to currently serving MPs by PDS at the time of your request, as well as the total number of each. Please note however that we do not issue mobile phones to Members.

• Details of the makes and models of laptops and tablets issued to currently serving MPs by PDS

Please note however that while we hold further information about the models of computers and tablets issued to currently serving MPs, it is withheld in accordance with Sections 24 & 31 of the Freedom of Information Act 2000 (FOIA). Details on these exemptions are provided below:

Section 24 – National Security

Details on specific models of IT equipment supplied to MP is exempt by virtue of section 24(1) FOIA because this is necessary to prevent prejudice to national security. This is a qualified exemption and the public interest test applies.

We have considered the public interest in disclosing this information. As IT equipment provided to Members by the House is publicly funded, there is an innate public interest in being transparent about the full details of any equipment used by MP, and releasing this information in this instance would go towards that end, as well as providing accountability also. Furthermore, as this equipment have been financed from the public purse, we accept that it is also in the public interest to be able to scrutinise details of the exact models purchased to ensure that they are sensible, cost-effective and fit for purpose.

However, we have also considered the public interest in withholding this information. Our network forms part of the Critical National Infrastructure and has been identified as an asset which faces a high level of threat from cyber-attacks and which, if breached, would cause damage to the national interest. The network is used by MPs and their staff, as well as MPs in their capacity as Ministers, for the purposes of communication, scrutinising the work of the government and also in their parliamentary functions. Providing detailed information on specific models of equipment used by Members however would make it significantly easier for cyber attackers to target their equipment and the parliamentary network as a whole by extension. Furthermore, if any information arises regarding flaws or vulnerabilities specific to equipment issued to Members, this could be used in the combination to more easily target this equipment (also known as a mosaic effect), significantly increasing the chance of a cyber-attack against Members’ equipment and the parliamentary network by extension.

Any breach of the network could enable access to personal constituency data, and perhaps classified material, and could affect the ability of the House to carry out its business properly. It could also expose individuals to criminal activities, who are linked through their work to government departments or other branches of the state, compromising national security as a result. As this information has the potential to compromise the fundamental systems of the House and by extension the functioning of government departments, and also to render them potentially vulnerable to cyber security and terroristic threats, the wider public interest is therefore to favour non-disclosure in this instance.

For these reasons, we have concluded that the public interest in withholding the information outweighs the public interest in disclosure.

Section 31 – Law Enforcement

We also consider that disclosing the same information would be likely to prejudice the prevention or detection of crime and the apprehension of offenders. This information is therefore also exempt by virtue of section 31(1)(a) and (b) FOIA. This is a qualified exemption and the public interest test applies.

We have considered the public interest in disclosing this information. As stated before, there is a general public interest in transparency and accountability regarding this information. IT equipment provided to Members by the House is publicly funded, and there is therefore an innate interest informing the public of the exact equipment has been issued to MPs. Furthermore, as these systems have been financed from the public purse, we accept that it is also in the public interest to be able to scrutinise any equipment purchased by the House of Commons in order to ensure that purchases made were sensible, cost-effective and fit for purpose.

We have also considered the public interest in withholding this information. As stated before, the release of this information could potentially be used, along with other public information, in order to launch cyber-attacks against both devices used by Members as well as the parliamentary network by extension. The House faces persistent cyber threats, and restricting the release of security sensitive information is therefore necessary in order to mitigate these threats. Releasing the details requested in this instance however would provide a significant advantage to malicious groups and individuals, as it would significantly increase their ability to launch cyber-attacks against these devices directly, particularly if any flaws/issues regarding these systems became public knowledge (usually known as the mosaic effect). If hackers were able to access our systems or devices , either in part or in full, they would then be able to hold these to ransom in order to extort them for financial gain, or to steal confidential information for the same purpose. Groups such as these are known to indiscriminately target public authorities, including the NHS, for disruption and profit, and disclosing this information therefore carries this risk. The release of this information would therefore hinder the prevention and detection of crime as it would provide an advantage to cyber attackers looking to target the House, in turn providing them an advantage which they would not gain were this information withheld from release instead.

In these circumstances therefore, it is our view that the public interest in maintaining the exemption outweighs the public interest in disclosing the information.