And then, a stupidity occurs.
Posted by Jacques Chester on Monday, April 14, 2008
I honestly thought that the Coalition had set the low point for IT policy in Australia. Between Richard Alston and Helen Coombs the whole scene was comprehensively botched; Mark Vaille’s being utterly sucked in by slick US negotiators in the FTA negotiations — and the Chapter 17 trainwreck we got from his ignorance — just set the seal on it.
But the ALP started strong. First of, Senator Conroy introduced mandatory filtering at the ISP level. For the kiddies, of course! In no possible universe would this lead to people opting out receiving more scrutiny from the already dangerously overpowered AFP and ASIO wonks. And of course my occasional consumption of tasteful erotica will never, ever be leaked to the press if I ever represented a political threat. What are you, a communist terrorist pedophile?
Now Julia Gillard has introduced another jaw-dropper of a policy. Employers in “critical industries” (which apparently includes just about everything) will now have the power to snoop on employees’ use of email and web surfing without consent. Why? National Security, of course11. We have always been at war with Eurasia: And they’d never abuse that legal protection, employers. Never. They’re spotless lambs, our best mates. Unless of course it’s the 2007 election, in which case they’re evil bastards, out to punish Working Families and single mums. [↩].
Employers already have this power in practice if not in law. Try and find a company which doesn’t include this in their contractual terms. Try and find a company who have Mandatory Access Controls which make it impossible for employers to snoop anyway. You won’t, I promise you; the intersecting set is empty.
And national security? Huh? To “prevent cyber-attacks”? What are they smoking in Canberra and why won’t they legalise it? Email has almost nothing to do with it. The problem is zombies; the problem has been zombies since at least 2002. Zombie problems are not solved by snooping on email, they are solved by getting a more secure operating system and disconnecting exploited machines from the Internet.
Oh yes, it “might help them to catch terrorists”. Uhuh. Because terrorists often go to work specifically to send each other planning emails. Oh my aching sides, how can they pass this off with a straight face?
Either the ALP are ignorant, which is downright unacceptable — even dangerous — in a field like IT policy, or they are lying about their motives. Neither alternative is very palatable22. The EFA: Incidentally, kudos goes to Australia’s stalwart defenders of internet freedoms and common bloody sense, the Electronic Frontiers Association, for talking about the pointlessness of this policy and the circus parade of abuse that will inevitably follow in its wake. Go and donate. [↩].
But hey, look on the bright side. Now Richard Alston actually looks good by comparison. That’s a miracle in anyone’s book.
Update: According to Robert McClelland’s office, it’s a total beatup by the media. Surely some journo asked the same question I did: “WTF?”
Update 2: I lay out the whole sorry story.
ShareThis
This entry was posted on Monday, April 14th, 2008 at 11:59 AM and filed under IT and Internet, Politics - national.
Follow comments here with the RSS 2.0 feed.
Post a comment or leave a trackback.
Actually, it has been obvious for a long time that Labor’s IT policy is stuck in the same era as the CFMEU.
Posted on 14-Apr-08 at 12:17 pm | PermalinkWell, I’m not sure I’d go that far… wasn’t he the nimrod who, after banning internet gambling sites in Australia, declared people weren’t very likely to use off-shore internet gambling sites because of the costs of long distance calls?
Posted on 14-Apr-08 at 12:19 pm | PermalinkHmmmm.
The “National Security” argument is just plain dumb.
The real threat to critical industries is actually the lack of awareness by managers over simple things like patch management (the May 2001 horror stories in US and Oz were mainly due to long-known and patchable sendmail weaknesses). If they are critical, they should be up to DSD ACSI 33 standards for that level of criticality, and up to PSM standards for incident investigations.
If the gov was serious, they’d make all executives in all agencies, subcontractors to agencies, and critical industries get at least “idiots guide” certificates in risk management (AS4360), information classification, DSD services, the PSM incident post-mortem procedures and ISO 27000 series before being allowed to make any decision on information management.
Posted on 14-Apr-08 at 12:34 pm | PermalinkJust rang my local member. They said to ring Julia Gillard’s office.
Ah, democracy at work.
Posted on 14-Apr-08 at 12:48 pm | PermalinkHer office has referred me to A-G Robert McClellan’s office.
Posted on 14-Apr-08 at 12:52 pm | PermalinkOK. His office say it’s all been misrepresented by the media. A media beatup, they reckon. Apparently they’re worried that companies who copy emails for virus-scanning purposes might be in contravention of the Telecommunications Interception Act and they’d like to remove the potential problem.
The functionary at the A-G’s office didn’t know how the story got started or why Julia Gillard got involved in the way she did — ie spouting total gibberish.
So I retract my claim that they’re worse than Alston, but reserve the right to chuck an angry wobbly about political ignorance in future.
Posted on 14-Apr-08 at 12:56 pm | PermalinkThey’re not as bad as the Howard government … They’re not as bad as the Howard government … They’re not as bad as the Howard government … They’re not as bad as the Howard government … They’re not as bad as the Howard government … They’re not as bad as the Howard government … They’re not as bad as the Howard government … They’re not as bad as the Howard government … They’re not as bad as the Howard government … They’re not as bad as the Howard government … They’re not as bad as the Howard government …
If I keep repeating it I might begin to believe it.
Posted on 14-Apr-08 at 12:58 pm | PermalinkThat one should go into an Australian Bill of Rights. And it should trump such “offences” as sedition and contempt of the Parliament.
Posted on 14-Apr-08 at 1:04 pm | PermalinkThere is some comment that employers should have the right to supervise use of company computers and connections.
But timewasting or nickel-and-diming computer resources is statedly NOT what this mooted law is about.
Ask yourself - who will define what enterprises are classified as critical industries for national security or not, such that this law would apply ?
And what other controls might eventually be put in place once the government designation of “critical industry” is applied ?
And who will read the employee emails in these enterprises looking for terrorist intent ? Are we going to see security checks on the screeners ? Will the screeners be trained ? Will they be required to sit in secure areas for screening purposes ?
Who will they report suspicious activity to - their employer or a government agency ??
Can you imagine the havoc based on the spurious notion that terrorists are going to leave an audit trail on their company email ??
Note to Terrorist Central - I doubt too many email scanning persons will be fluent in anything other than Aussie English - write in another tongue. That’ll get ‘em going !
Posted on 14-Apr-08 at 1:05 pm | PermalinkIt’s a trick. Get an axe.
(’Botnet’ may be no more comprehensible to the average punter, but it’s less likely to be confused with a Day of the Dead style scenario.)
Seriously though, the easy solution to this (media beat-up or not) is to use freely available encryption programs like PGP. They’re available for almost every program, and unlike when PGP first came out are actually reasonably useable. Sure, it’s not something that everyone can install on their work PC, but those who can, should.
The more encrypted traffic there is coming out of your machine, the less suspicious any given email will be. Even if you aren’t doing anything wrong. With all the VPN traffic going across the net these days, pretty soon a packet of gibberish going across a backbone wont cause a single eyebrow to be raised.
The problem I have is that none of my friends or family care sufficiently enough to issue to download and install an encryption program. In the meantime, I do most of my personal emailing via an SSL connection to an off-site email server, meaning that my employer has little opportunity to intercept it. Running something like Gmail over SSL is a pretty good start, from one end, anyway.
Posted on 14-Apr-08 at 1:41 pm | PermalinkJacques: Many thanks for calling the AG’s office. That was well done.
Posted on 14-Apr-08 at 10:00 pm | PermalinkWhether they are fools or knaves is not as important as the damage done in ignorance. Pretty soon it’ll be ‘no-one left to lie to”.
Posted on 14-Apr-08 at 10:02 pm | PermalinkHonestly, when did you last believe a word any politician or bureaucrat said? Any group or organisation beyond a certain size or complexity begins to devote disproportionately more of its resources to its maintenance rather than the ostensible original purpose.
Even if it was being aimed at “terrorism” as Gillard said I think the point would have been trying to safeguard against versions of Kevin Melnick. That is, people who use social hacking to get information from employees of a company.
Posted on 15-Apr-08 at 4:57 am | PermalinkGoddamn zombies always fucking things up. One minute they are reading your emails, the next they are giving birth to zombie babies and eating through your supermarket fortress.
Posted on 15-Apr-08 at 5:18 am | PermalinkBlog posts like this one are a clear and present danger to the continued existence of the nation. You are are giving aid and comfort to our enemies by revealing the level of ministerial and official incompetence rampant among the organs of national security. I hope the government will speedily block this gaping hole by legislating that no-one is allowed to read Club Troppo without the previous written consent of the Deputy Prime Minister.
Posted on 15-Apr-08 at 7:22 am | Permalink[...] — Dave Bath For those following Jacques Chester’s recent Club Troppo posts (here and here) on our Federal Government’s cluelessness on IT security and privacy issues, I’d point [...]
Posted on 16-Apr-08 at 12:28 pm | Permalink