[LINK] Bugbear runs rampant in Australian parliament

Craig Sanders cas@taz.net.au
Fri, 25 Oct 2002 12:17:46 +1000 

On Fri, Oct 25, 2002 at 10:14:49AM +1000, Simon Davis wrote:
> Craig Sanders wrote:
> > is anyone else scared by the thought that australian government
> > secrets may be spread around the internet by bugbear or similar
> > viruses?
>
> The network at Parliament House might hold much information that is
> politically sensitive for MPs and their staff, but I don't think you
> would find too many 'government secrets'. But you general point is
> nevertheless a good one.

yep, and if an MP or staff member gets a virus, they probably have email
addreses belonging to people on more secure networks in their
addressbook - after all, they need to communicate with them.

a windows virus could thus spread from the insecure parliamentary
network to the more secure network.  if it's a new virus unknown to
anti-virus tools, it'll probably slip through the AV scanner on the
secure network.


even aside from national security issues, there are other kinds of
sensitive or in-confidence documents stored on the parliament network.

working drafts of the next budget for example.

correspondence between ministers and various industry lobby groups.

copies of the tampa memos from last year.



some of this stuff should, perhaps, be available to the public anyway :-)
i'd probably be laughing my head off at the government's embarassment if
stuff like the above got forwarded by a virus to journalists or the
opposition or whoever....but that's not the point.  the point is that
even when a government is 100% trustworthy and honest (hah, now we're
heading off to fantasyland!) there is still a need for them to keep some
things secret.  they certainly have an obligation to keep personal
information private.  the use of insecure software by government can
have devastating consequences for australia.


the fact that the examples given above don't scare the government into
taking real action about computer security proves, IMO, that they don't
have any understanding of either the issues or the risks.  if they did,
they'd be in a panic to make sure their dirty laundry couldn't get aired
in public....purely out of self-interest.



on a more personal note, a bugbear-like virus that got onto ATO
computers would be a disastrous breach of privacy for all australians.
would you want your tax records (or more likely correspondence)
forwarded by a virus to random addresses?

same for the DSS.  and the various police forces.  and many other
government departments.

governments at all levels hold a huge amount of private information on
citizens, some of it mandatorily acquired by legislation.  what recourse
do we have if sloppy computer security results in our private
information being made public?

none of the above, btw, is outlandish fantasy or unrealistic.  it's not
even improbable.  i suspect that the only reason people aren't up in
arms about the risks is that most people have no understanding of even
basic computer security and consequently no idea of the risk posed by
the governments (local, state, and federal) using insecure operating
systems and applications.

craig

-- 
craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch
----------
For Link list information see http://sunsite.anu.edu.au/link/