The problem is zombies; the problem has been zombies since at least 2002. Zombie problems are not solved by snooping on email, they are solved by getting a more secure operating system and disconnecting exploited machines from the Internet.

It’s a trick. Get an axe.

(’Botnet’ may be no more comprehensible to the average punter, but it’s less likely to be confused with a Day of the Dead style scenario.)

Seriously though, the easy solution to this (media beat-up or not) is to use freely available encryption programs like PGP. They’re available for almost every program, and unlike when PGP first came out are actually reasonably useable. Sure, it’s not something that everyone can install on their work PC, but those who can, should.

The more encrypted traffic there is coming out of your machine, the less suspicious any given email will be. Even if you aren’t doing anything wrong. With all the VPN traffic going across the net these days, pretty soon a packet of gibberish going across a backbone wont cause a single eyebrow to be raised.

The problem I have is that none of my friends or family care sufficiently enough to issue to download and install an encryption program. In the meantime, I do most of my personal emailing via an SSL connection to an off-site email server, meaning that my employer has little opportunity to intercept it. Running something like Gmail over SSL is a pretty good start, from one end, anyway.

But timewasting or nickel-and-diming computer resources is statedly NOT what this mooted law is about.

Ask yourself - who will define what enterprises are classified as critical industries for national security or not, such that this law would apply ?

And what other controls might eventually be put in place once the government designation of “critical industry” is applied ?

And who will read the employee emails in these enterprises looking for terrorist intent ? Are we going to see security checks on the screeners ? Will the screeners be trained ? Will they be required to sit in secure areas for screening purposes ?

Who will they report suspicious activity to - their employer or a government agency ??

Can you imagine the havoc based on the spurious notion that terrorists are going to leave an audit trail on their company email ??

Note to Terrorist Central - I doubt too many email scanning persons will be fluent in anything other than Aussie English - write in another tongue. That’ll get ‘em going !

I … reserve the right to chuck an angry wobbly about political ignorance in future.

That one should go into an Australian Bill of Rights. And it should trump such “offences” as sedition and contempt of the Parliament.

If I keep repeating it I might begin to believe it.

The functionary at the A-G’s office didn’t know how the story got started or why Julia Gillard got involved in the way she did — ie spouting total gibberish.

So I retract my claim that they’re worse than Alston, but reserve the right to chuck an angry wobbly about political ignorance in future.

Ah, democracy at work.

The real threat to critical industries is actually the lack of awareness by managers over simple things like patch management (the May 2001 horror stories in US and Oz were mainly due to long-known and patchable sendmail weaknesses). If they are critical, they should be up to DSD ACSI 33 standards for that level of criticality, and up to PSM standards for incident investigations.

If the gov was serious, they’d make all executives in all agencies, subcontractors to agencies, and critical industries get at least “idiots guide” certificates in risk management (AS4360), information classification, DSD services, the PSM incident post-mortem procedures and ISO 27000 series before being allowed to make any decision on information management.

Well, I’m not sure I’d go that far… wasn’t he the nimrod who, after banning internet gambling sites in Australia, declared people weren’t very likely to use off-shore internet gambling sites because of the costs of long distance calls?