Wednesday, July 18, 2012

I Am Having A Bad Case Of Cognitive Dissonance With This - The Government Can’t Have It Both Ways.

In the last few days there have been a number of articles on the Government’s desire to access historical web and phone data.

Government defends web spy powers

Date: July 13, 2012

Dylan Welch and Ben Grubb

THE Gillard government has defended a plan to force telcos to store the internet and phone data of all Australians for up to two years, saying it is needed to allow our intelligence and police agencies to effectively target organised criminals and terrorists.
''In this day and age, an age where governments all around the world are grappling with the challenges of terrorism and organised crime, it is important that our relevant agencies have access to the information that they need,'' the assistant Treasurer, David Bradbury, said.
The Coalition, however, has refused to throw its support behind the controversial data-retention scheme, with its legal spokesman, George Brandis, who also sits on the committee reviewing the proposal, only saying he would ''examine the issues carefully''.
His response was sparked by a Fairfax Media report, which stated the scheme was being considered as part of a review of national security legislation by a parliamentary committee.
More here:
At the same time we have an enormous song a dance about how secure and private information flowing back and forth to our NEHRS / PCEHR record is going to be.
While opinions vary there are certainly some experts who are already a little concerned about the general security of the system.
See here for example.

E-health record will be hacked, says AusCERT

Written by Nayantara Mallya, Chillibreeze on Monday, March 12, 2012 10:18
news One of Australia’s top IT security organisations has warned that the Federal Government’s flagship e-health records project is likely to be broken into, with Australians’ medical and identity information to be used for fraud and other criminal activities.
AusCERT, Australia’s Computer Emergency Response Team, which is not associated with the Government, in its submission to an inquiry about the legislation dated in January (PDF), criticised the Government’s Personally Controlled Electronic Health Records (PCEHR) Bill (2011). In its commitment to protecting the privacy and security of Australian Internet users, AusCERT has expressed concern that miscreants could potentially use the PCEHR for identity theft and fraud. The submission was first reported by the AustralianIT.
AusCERT opines that enabling accessibility to personal identifying information in the form of the PCEHR from personal computers over the Internet will only worsen an ongoing problem that will make Australians vulnerable to fraud and identity theft. The submission focuses on the use of untrustworthy end point computers and mobile devices, which when compromised, will enable attackers exert full control over the PCEHR to look at or change its contents with the same privileges as the owner or authorised users.
Vastly more detail here:
So what we have here is the following.
1. The Government wants to be able to get at and track any internet activity we have undertaken in the last 2 years.
2. The PCEHR is claimed to be secure but some are not so sure.
3. You are going to be using the Government ‘hackable’ internet to send your private personal information to and from the PCEHR.
Whether you are comfortable with all this depends on your view about whether ‘the Government is always here to help’ or not. For mine, I would be carefully considering before putting any information in the NEHRS / PCEHR that I seriously wanted to remain private.
As always it is your call, but I just wonder how the claims of great security and a desire from Government to be a legal ‘hacker’ when it feels it needs to be, actually gel together.

1 comment:

Cris Kerr said...

I too would be concerned about privacy protections and capacity to secure, but also...

I can't see how they'd collect any data on professional criminal activity. I mean, if someone's doing something that's against the law, then, in most cases, I'm thinking they'd be adept at hiding their tracks, right? They could have their own servers located anywhere in the world, their own private or coded networks, their own coded data storage or capacity to wipe data clean, and maybe even their own software or software developer team, etc. They be highly unlikely to be using mainstream networks and data storage linked to everyday consumer telcos like Telstra or Optus or whatever. So all the info the govt is talking about storing would really just be day-to-day consumer and business activities... or maybe the activities of a few political activists... or maybe even the activities of a few active consumer advocates like myself :-)

I'm not the tech-head here, but if the intent is to gather evidence of criminal activity, wouldn't time and money be better spent deploying or developing systems that can detect unusual patterns of activity outside of the norm; and especially activities moving money around because in the end, it's nearly always about the money, isn't it? I'm pretty sure Australia would already have a system in place to monitor money trails.

Out of respect and consideration for the average Australian getting up, getting children off to school, going to work, trying to do the right thing each day, but regardless has to; have a million passwords on everything, have locks on letterboxes or double bolts on doors and bars on windows, and in recent years... now also has to be careful not to throw mail directly into the trash that ID thieves might retrieve... all because other people do the wrong thing... the govt needs to consider a path forward that doesn't necessitate further burdening or disadvantaging average Australians.