Australia wants to jail infosec researchers for pointing out dodgy data Australia's proposed laws outlawing research into data de-anonymisation look set to proceed after a Senate Committee report landed yesterday complete with just one recommendation: that the bill be passed. The Privacy Amendment (Re-identification Offence) Bill 2016 was proposed after researchers Dr Vanessa Teague, Dr Chris …
Then they might just decide to cut all the link going in and out of the country. Its in my experience that governments, in response to a horse escaping the barn, will tend to just burn the entire farm to the ground and salt the ashes. That or waste billions of dollars on an impenetrable gate that no one wants or needs.
Basically, this concept could be applied to any finding that was against the desired outcome.
So, for example, I (Claudius) could stipulate that naming of my mistresses names is a crime. You, prole, could show that you can determine your mistresses names rather easily by matching their carriages to my home address. I could then punish you for even pointing out that obvious fact.
Just depends on who is in charge. Not on right/wrong.
De-identification of data is a bitch of a job. And in the end mainly useless. Good forensics and enough will/horsepower will find the answer. Now that this response has been cataloged by several agencies and pseudo-commercial interests, they have drawn the conclusion "Nothing to worry about with that idiot."
Don't Speak Badly About My Baby
To be fair, there is some data that the public should be aware of. Like if a town next to a military base suffers from a higher rate of certain respiratory issues, or if the demographics of people voting in an election doesn't match up with the actual demographics (EG, an entire segment of the population's votes weren't counted).
Anonymization is hard, which is why need more researches finding potential holes in the process.
"Anonymization is hard, which is why need more researches finding potential holes in the process."
Indeed, and there are many fine researchers outside Australia who will be glad to have a bit less competition now. It 's a hilarious example of jobsworths who, only 70 years after the invention of general purpose programmable information processors, and 50 years after the invention of packet switching networks, still don't understand the first thing about them.
If I was cynical which I am then the only reason I can possibly think this has happened is that if you make the data unidentifiable it loses it's value therefore you can't have people stopping your revenue stream by pointing out the flaws.
The other option of sheer stupidity is just to stupid to comprehend and my head hurts just trying contemplate the logic process someone has gone through to come to this outcome because surely nobody and I mean absolutely nobody could sit down and say we have a problem which someone has pointed out so we can fix it but what we will do is pass a law so they and anyone else can't tell us about any other problems in the future. Plausible deniability?
I'd be surprised if this Bill passes the senate. There's no chance Labor or Greens will support it, and I doubt Xenophon will either.
The committee that Brandis appointed were 3 LNP (Tory) stooges none of whom have a clue about anything made post 1960, pretty much everyone recognises that so they will ignore the recommendation.
"Seems like a new take on 'Shoot The Messenger'."
It might have been better if the dissenting report had simply said "don't shoot the messenger". It might be a cliché but clichés are an effective means of getting simple ideas into the heads of simple people.
There needs to be an induction process for people entering high office. Learning not to shoot the messenger would be one part. A recitation of Ozymandias would be another. The pail of water experiment* would be a third.
*Dip your hand into a pail of water. Take it out again. Examine the impression you left behind.
You missed a <sarcasm> tag there.
This sounds like a CYA law, possibly preceded in private by an "Oh s**t" moment as someone pointed out to them how p**s poor their anonymization process actually is.
But I'm with earlier posters. Let me say it loud and clear.
IT'S NOT THEIR DATA, IT'S YOURS.
If a government insists you supply this data they should be aware of a)How it can be misused and b)How to store it securely.
If they can't maybe they should not be collecting it in the first place?
I always say this. "The views of our government in no way are representative of the views of the Australian people." Please don't judge us by the behaviour of our government.
So many utterly embarrassing and / or horrifying pieces of legislature that no sane or moderately intelligent person would support are knocking around in Canberra. If only real life was simple as flatten and reinstall.
Solving the security problem is like boiling the ocean. It is a huge issue - like manufacturing back in the 60's. Demming laid out a series of rules and process improvements focused on getting a handle on these problems and addressing them systematically. The Japanese took up this practice and in a few years defects dropped. They became so rare that each new discovered defect was considered a cherished guide for management priorities.
Without concerted efforts to test systems and surface defects in our dodgy security systems, we end up with exploitable failures across a broad spectrum - allowing Chinese, Russians and North Koreans waltz in and take truckloads of data whilst our MP's shoot our scouts as they warn us of vulnerabilities. This sound like something Trump would do. We should be paying for these scouts and codifying their observations into specifications on how to build new systems without these flaws.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
