This article is more than 1 year old

Spy agency GCHQ told me Gmail's more secure than Microsoft 365, insists British MP as facepalming security bods tell him to zip it

Keep using the provided tools, NCSC says

Conservative MP Tom Tugendhat has publicly claimed GCHQ sources told him Gmail was more secure than Parliament’s own Microsoft Office 365 deployment – but both Parliament and a GCHQ offshoot have told him to stop being silly.

The outspoken parliamentarian, who is chairman of the Foreign Affairs Select Committee, made his comments to BBC radio after person or persons unknown sent emails to his colleagues claiming he had quit the committee.

"I was told by friends at GCHQ that I was better off sticking to Gmail rather than using the parliamentary system because it was more secure," Tugendhat told the BBC’s Today Programme. He continued to splutter: "Frankly, that tells you the level of security and the priority we're giving to democracy in the United Kingdom."

Tugendhat has been outspoken on China’s treatment of the Uighur minority ethnic group, which has been subjected to concentration camps branded "reeducation" camps. Uighurs who move abroad to escape this targeted maltreatment continue to receive intimidation from the state, whose officials have repeatedly refused to accept their camps or their bizarre medical experiments are wrong.

Parliament in the clouds

The only way is Office: UK Parliament to migrate to Microsoft cloud


In return for his campaigning, Tugendhat has been hit with personal sanctions, as gleefully announced by Chinese state-run Global Times. In the eyes of the Middle Kingdom’s ruling Communist Party, Tugendhat’s Foreign Affairs Committee has sinned by launching “unreasonable inquiries into Xinjiang affairs citing ‘forced labor’ and is behind many foreign policies coercing China over Xinjiang.”

Yet today’s email security outburst prompted officials to start wagging their fingers at Tugendhat after he suggested using Google’s email service.

A Parliamentary spokesperson said in a statement: "We have robust cybersecurity measures in place and work closely with partners in the National Cyber Security Centre. In line with guidance from the NCSC we would always encourage MPs to use parliamentary email, which offers significantly higher levels of security than external providers."

An email was sent around Parliament purporting to have proceeded from the parliamentarian himself, proffering his resignation from the Foreign Affairs committee.

The House of Commons’ spokeswoman added that the above email was sent from an AOL account impersonating Tugendhat and not from an official account.

GCHQ declined to comment, referring us to its NCSC offshoot. A spokesman for that told us: "The NCSC works closely with the Parliamentary Digital Service who make use of the NCSC’s cyber security guidance, support and Active Cyber Defence services. The Parliamentary email system follows NCSC best practice, including the use of two-factor authentication (2FA), and MPs should continue to use it.”

We have asked Microsoft for comment.

Back in 2017 Parliament’s network was hit by a brute-forcing attack that saw 90 email addresses compromised by Iranian criminals.

The mother of parliaments adopted Office 365 in 2013, with the House of Lords Management Board deciding at the time that “only a small amount of House data” required “a high level of security”. Times and attitudes have changed a fair bit since then – or so we hope. ®

More about

More about

More about


Send us news

Other stories you might like