{"id":1733,"date":"2024-09-25T06:26:39","date_gmt":"2024-09-25T06:26:39","guid":{"rendered":"https:\/\/xdr-mdr.lmntrix.com\/main_web\/?p=1733"},"modified":"2024-10-18T17:34:55","modified_gmt":"2024-10-18T17:34:55","slug":"the-australian-government-doesnt-care-about-your-data","status":"publish","type":"post","link":"https:\/\/lmntrix.com\/blog\/the-australian-government-doesnt-care-about-your-data\/","title":{"rendered":"The Australian government doesnt care about your data"},"content":{"rendered":"
\n
\"\"<\/figure>\n<\/div>\n\n\n

Earlier this month, Australian Parliament computer systems were breached in what is just the latest horse on a perpetual carousel of screw ups.

On this week\u2019s episode of The Australian Government Gets Hacked<\/em>, an attack on the parliamentary computer network was widely described as an \u201cattempted attack<\/a>\u201d. This is despite officials saying their main concern<\/a> was to \u201cget the offender out of the system and keep them out of the system\u201d.

By any definition I\u2019m aware of that, if the attacker is in the system that\u2019s a successful attempt.    

The breached computer network is used by politicians and their staff, complete with databases, emails and troves of personal information. As yet, we\u2019re still in the dark about how long the attackers have been in the system. 

There\u2019s only so much benefit of the doubt we can give, and the Government has time and again failed to live up to the most basic cyber security standards. 

This is the same institution that rushed through the most ill-informed, destructive legislation ever to come out of Canberra. The anti-encryption laws passed before Christmas let enforcement bodies compel a backdoor to be built into any encrypted messaging platform, when investigating crimes with at least a three year prison sentence.

These laws are already causing Australian tech companies to lose customers, but the government is refusing to consider amendments<\/a>. Despite the fallout, the bill will be completely ineffective<\/a>, thanks to how little our politicians understand encryption (that is, not at all).

With the latest breach, it seems inevitable that our Government will be unable to keep this anti-encryption skeleton key out of the hands of cyber attackers. Whether it’s the Chinese, who are supposedly behind the latest breach, the Russians, or some other malcontent doesn\u2019t matter – once this decryption tool is in the wild, it\u2019s game over. The horse has left stables.    

There\u2019s a dizzying array of examples highlighting Government cyber ineptitude, a laundry list which underscores just how likely it is these tools will end up in the wrong hands.

In December 2015 an ABC report<\/a> uncovered a hack into the Bureau of Meteorology that saw confidential documents stolen and malware installed. The attack was in early 2015, but it took the government until April 2016 to confirm it.

In September 2016 patient\u2019s medical information was made publically available on a government website. It took a tip from a university researcher for the government to realise their cock-up. This particular example also helps explain the exodus of the Australians opting out of the My Health Record initiative.  

Less than a week later a workplace census with the records of 96,000 public servants was hacked and downloaded 60 times. Agency codes included in the records make them potentially identifiable, despite the promise of anonymity to staff.

Then in March 2017 the Department of Human Services gave a journalist the personal information of a welfare recipient who criticised Centrelink\u2019s automated debt recovery system in the media. The recipient was then identified in an article defending the government. The minister claimed it was justified, despite not obtaining a public interest certificate. Legal or not, it shows a flagrant disregard for the personal privacy of individuals.

This is a government that releases the personal information of critics for publication, then doggedly pursues the destruction of the tech industry to look tough on crime. It\u2019s no surprise they\u2019re unable to prevent potentially disastrous cyber attacks. They\u2019re either embarrassingly incompetent or, as the evidence seems to indicate, they just don\u2019t care.

Government is slow and no one expects perfection, but there are improvements government could take: Put an end to race-to-the-bottom tenders; pay for a high-quality digital security; change how we collect data to prevent painting a digital target on government departments.

Or listen to the tech industry when its screaming at you that the anti-encryption laws are a terrible idea.

Any one of these options would have been a start to making Australia\u2019s data safe. Instead, both parties make excuses and do nothing to improve the situation. All we get is the occasional underbaked piece of legislation to feign progress on the issue.

There\u2019s a deep irony here, with China suspected to have been behind the latest attack. One minute our politicians condemn China\u2019s digital espionage, then a moment later take inspiration from its corporate-government relations on encryption and privacy, without regard for the technical, financial, or social ramifications.

Rarely does proposed legislation unify an industry in the way the anti-encryption laws did. Technology firms, both Australian and from around the world, spoke out firmly and frequently about the consequences of this law. The gravest concern was these decryption tools would fall into the hands of cyber attackers, a fear which seems justified in the wake of the latest breach.  

We tried, but we were ignored. You can lead a horse to water, but you can\u2019t force a horse to drink. 

This article originally appeared in the Australian Financial Review<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Earlier this month, Australian Parliament computer systems were breached in what is just the latest horse on a perpetual carousel of screw ups. On this week’s episode of The Australian Government Gets Hacked, an attack on the parliamentary computer network was widely described as an “attempted attack”. This is despite officials saying their main concern […]<\/p>\n","protected":false},"author":1,"featured_media":1735,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1733","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1733","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/comments?post=1733"}],"version-history":[{"count":4,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1733\/revisions"}],"predecessor-version":[{"id":4134,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1733\/revisions\/4134"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media\/1735"}],"wp:attachment":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media?parent=1733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/categories?post=1733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/tags?post=1733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}