Aardvark DailyNew Zealand's longest-running online daily news and commentary publication, now in its 25th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.
Content copyright © 1995 - 2019 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk
Please visit the sponsor!
We have some pretty stiff laws in place to protect us against hackers.
Well no, that's wrong, let me put the situation honestly...
We have some pretty stiff laws and penalties in place to punish those who get caught hacking. And that's a whole lot different to my first statement.
The reality is that a lot of malevolent hacking goes on every day and in the vast majority of cases, those responsible for such evil deeds go unpunished because they are never caught. And hackers know this.
Therefore, the threat of dire penalties probably has little effect and does not "protect" us as much as our politicians would like us to believe.
But if we accept that hackers will hack and that all data stored on computers with an internet connection is vulnerable to unauthorised access -- what should happen when government computers get rooted?
If a private company is found to have been negligent in the configuration of their hardware or software and this results in the disclosure of personal or sensitive information, chances are that they will face censure and penalty for their slackness.
But what happens when it's a government agency or department whose security is found wanting?
What if, for instance, someone was to hack the NZ Treasury?
Nah... it would never happen... right?
Well apparently it did.
From the limited information available it seems that this was one of those breaches that really don't qualify as a true hack -- since someone may well have posted the documents concerned to a publicly accessible site, from where they were downloaded using nothing more than a browser and the click of a mouse.
Who is at fault in such cases?
Was it the "hacker" who stumbled upon a publicly accessible page carrying links to the documents in question?
Or was it whoever was stupid enough to rely on "security by obscurity" and thought that it was okay to leave the files accessible because "nobody will find them"?
In law, it was probably the person that downloaded them but in reality I think we all know that this may well have been a case of gross negligence.
Sadly for the "hacker", if they're caught they'll probably get a penalty for using their mouse in such a way -- but given that the negligent party is paid out of taxpayers' pockets, they will enjoy the indemnity that comes from being in the employ of the state.
To delve into the world of analogies for a moment...
This situation is somewhat akin to leaving a document on a public park bench and trusting nobody will read it because they don't know it's there. It's also somewhat akin to blaming someone who happened to stroll past and browse said document -- all while it was sitting on that park bench in a public place.
Who's at fault there?
This also raises a far more important issue - that of the simply massive amount of data that governments now hold on each and every one of us, and the apparent ease with which that data could be hacked by unknown third parties. Who will be held to account when that happens?
Answer: nobody who is truly responsible, that's for sure.
While our data is safely cosseted away on government computers everything is fine. However, if some smart-arsed Eastern European hacker group decide to grab a copy for themselves and flog it on the open market, where will you, I and every other NZ resident be then?
There's a huge amount of power available to the holder of this information and while that holder is working *for* us, all well and good. But when that holder is working against us, that data becomes a powerful weapon.
I trust that the woodenheads in Wellington have thought of that and applied a whole lot more attention to the security of our personal data than they've applied to protecting the latest budget.
Why do I feel more than a little uneasy right now?
Please visit the sponsor!
Have your say in the Aardvark Forums.