Morpsetek

I’ve been skimming the Australian Inquiry into Cyber Crime found here: http://www.aph.gov.au/house/committee/coms/cybercrime/report.htm

Most of the report is geared to scare lawmakers. The damn thing reads like every computer on the internet is out to get you and anyone not running the latest McAffee or Norton is some kind of rube and their computers are in botnets (that may be roughly true, but the insults to the intelligence of their citizens in a government report are interesting).  Most of what I read focuses on just how bad botnets are. Most of the other information I’ve seen on this report focuses on how it recommended that all computers must have anti-virus and firewalls in place before they are allowed onto the internet. Many of them also catch that you could be disconnected from the internet if your machine gets a virus. While these are interesting debate points and for any modern operating system adding a AV is trivial, most already have firewalls, that’s not the really important parts of the report.

Fun Key Phrases:

“By necessity this has to be a joint public-private effort because the
architecture of the Internet and the IT technology is in private hands.

…

-public-private information sharing on a wider range of cyber crime
types.”

Gee, I wonder what they have in mind here. The first line acknowledges that the majority of IT infrastructure is privately owned and operated. The second line says that they want wider sharing of information on cyber crime. Given that it’s a government on the lacking side of the data, just how do you think they are going to go about getting it? I doubt very much that they will ask nicely.

“That the Australian Communications and Media Authority further
increase its access to network data for the purpose of detecting malware
compromised computers. This should include active consideration of
how to increase access to network data held by global IT security
companies and, in consultation with relevant departments, whether legal
protections to address commercial, regulatory and privacy concerns are
desirable. “

Sure the stated purpose is detecting malware, but look at what they are asking for here. “We want to see all the data associated with any networked computers.” This isn’t just your home computer through your ISP. This is any networked system in the country, meaning business with appreciable IT infrastructure will fall under this. Schools, companies, and ISPs will have some way of the government tapping into their networks to monitor them. Now, I’m no legal expert and I’m even less familiar with Australian law but this reads to me like they want to wire tap the whole damn country.

“That the Treasurer consult with State and Territory counterparts with a
view to amending the Australian Consumer Law to provide a cause of

action for compensation against a manufacturer who releases an IT
product onto the Australian market with known vulnerabilities that
causes losses that could not have reasonably been avoided.”

This is the biggie. The anti-virus argument can be fun to have, the network monitoring is probably going on anyway, but this one takes the cake. That little paragraph right there means that anytime a bug or problem or backdoor is found in any kind of IT product (be that software, hardware, embedded devices, ect.) the company that sold it could be sued for every product sold after the bug is found. Who ever wrote that line has absolutely no understanding of the current state of software today. As an example, new bugs and vulnerabilities are found in Windows, IE, Firefox, or Adobe Flash almost daily; if any one of those products (that are all generally on any new computer sold today) are found to have some kind of vulnerability the manufacturer (i.e Dell, HP, Gateway) would immediately have to pull their computers from the market until the bug is patched. Essentially, all IT hardware would not be sold directly in Australia anymore. It would all have to be imported directly by citizens (adding to the cost) with the understanding that the Australian law doesn’t apply because they bought it from outside the country. Obviously I’m reading that at a bit of an extreme here, but even with that nice key word ‘reasonable” in there the threat of lawsuits against companies for security flaws would at best slow down new innovations and devices so they could be tested, or at worst keep the product from entering the Australian market at all.

Security and convenience are always at odds, and while this report isn’t making up the threats (the internet is not a nice place) the reaction to them seems WAY overblown. The report reads like an excuse for the government to move in and monitor all data traffic through the country, and let them shake down IT companies that sell equipment there.

Comments are closed.