OnPoint: The Source
217 Responses
First ←Older Page 1 … 3 4 5 6 7 … 9 Newer→ Last
-
Ian Dalziel, in reply to
...targeting departments at random
– but, again, cost.Yet after the fact there's always money to clean up the mess these things can create...
an ounce of prevention....
I'm just wondering why the then Minister of Communications and Information Technology, Steven Joyce, or current minister Amy Adams hasn't been called on the appalling failure, thus far, of the 2011 NZ Cyber Security Strategy (links to PDF file)In which they assert that:
"The Government has a responsibility to protect its own systems and assist critical national infrastructure providers to ensure New Zealanders and New Zealand businesses can access government and other essential services."
and
"New Zealand’s Cyber Security Strategy has three priority areas:
1. Increasing Awareness and Online Security
2. Protecting Government Systems and Information
3. Incident Response and Planning"(my emphasis)
-
Chris Miller, in reply to
Fairly likely that someone in employment would do that for any number of reasons - they're underemployed (ie, have a shitty part time job only), their job is terrible, they're helping someone else, they want to move and find a new job there, they do like their job but a better position is opening up and they want to try for it.
More importantly, what does it matter whether he's employed or not?
-
merc, in reply to
Yes but no legal duty of care, at all.
-
Sacha, in reply to
but no legal duty of care, at all.
does case law support that?
-
andin, in reply to
Interesting that *reputation* is how we decide who's telling the truth about this as well
Yes, well! It depends on perception don't it.
johnnygoldentonsils sez"[He was] just pointing to the system and wanting an incentive payment or wanting cash basically to tell us where the problem was," he told TV3's Firstline programme.
Bad spin johnny.
Wanting cash basically? right. dirty word is it? -
merc, in reply to
I started with trying to find what the legal situation in NZ is with Govt. Dept's legal duty of care. As far as I can find, there is none. There are statements of care, mission statements, not legally binding ones. Case law exists but that is to contend if there was duty of care, nominal position. I can find no actual legal requirement for in this instance WINZ or DSW having to protect your private information if you have been required to provide it. Prisons and Police hopefully have it.
All this is essential because if you are going to have inquiries it behoves you to define just what law the inquiry is against and most law is contractual in these cases.
Otherwise it's just experts arguing with each other over he said, she said. If there is no legal requirement for Govt. to adequately protect citizens private information, then why bother? -
Chris Waugh, in reply to
I can find no actual legal requirement for in this instance WINZ or DSW having to protect your private information if you have been required to provide it.
...
If there is no legal requirement for Govt. to adequately protect citizens private information, then why bother?Privacy act?
-
merc, in reply to
Sadly I think, way too far down the chain. If the Dept. has a legal requirement to perform to described duty of care practices there would be no need for further down the chain buck passing that frankly you and I could not afford.
Interesting that BORA is not enshrined in law no? All this is heading in one direction for me. -
Roger Lacey, in reply to
bain of her life.
Lovely Freudian slip there. :-)
-
Sacha, in reply to
dirty word is it?
Impugning the motivation of the source is standard practice for these guys, rather than taking responsibility for failings.
-
Ds, in reply to
BUT what about this from a stuff report
On Thursday, Bailey's Linkdin profile had been checked out by an adviser in Social Development Minister Paula Bennett's office, Ng said.
-
Sacha, in reply to
Govt. Dept's legal duty of care. As far as I can find, there is none.
I'm not a lawyer but recall some cases that hinged on exactly that - and Susan Couch vs Corrections is one higher-profile current example.
-
Sacha, in reply to
from a stuff report
wow. link?
-
Joshua Franklin, in reply to
-
ScottY, in reply to
I can find no actual legal requirement for in this instance WINZ or DSW having to protect your private information if you have been required to provide it.
…
If there is no legal requirement for Govt. to adequately protect citizens private information, then why bother?...
Privacy act?
There is a requirement. Privacy Act 1993, section 6:
Principle 5
Storage and security of personal information
An agency that holds personal information shall ensure—
(a) that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against—
(i) loss; and
(ii) access, use, modification, or disclosure, except with the authority of the agency that holds the information; and
(iii) other misuse; and
(b) that if it is necessary for the information to be given to a person in connection with the provision of a service to the agency, everything reasonably within the power of the agency is done to prevent unauthorised use or unauthorised disclosure of the information.There are lots of exceptions to the privacy principles, but I can't think of any that excuse this degree of negligence.
-
merc, in reply to
I thought answered that. I'm talking about before not after the fact. If Govt. has no legal ramifications for not providing duty of care (notified in law), then why should they bother, and it appears, they don't.
Hence why Bennett can out a person's file with impunity...needless to say there appears to be a problem with Police deciding prosecutions, ref Key teapot tapes and so on.
It's not a sophisticated argument, it's really about what we are actually voting for. -
But getting a meaningful remedy out of MSD's breach of the Privacy Act may be another matter...
-
merc, in reply to
Agreed. Yes but you have to prosecute it in order to get any redress. The main thing I am going to watch for is how the Govt. gets away with total negligence, once again.
-
Related: Given the treatment Bailey is receiving, can anyone advise on the correct way to inform Paula Bennett if, hypothetically, her blog seemed to be vulnerable to SQL injection?
-
merc,
Oh what a tangled web she weaves,
Ms Bennett said the issue of Ira Bailey asking about some form of payment in return for the information before he went to Ng was only a "side issue'' and she had bigger problems to deal with.
She said Mr Bailey and Ng had ultimately done the department a favour.
"I feel no ill-feeling towards any of them. At the end of the day, it's not their fault there is such a security flaw in the system and that is quite frankly the responsibility of the ministry. The main issue is that people were able to access information they shouldn't have been able to access.''
Asked if she believed Mr Bailey had tried to 'blackmail' the Ministry of Social Development in return for his cooperation, she said she believed he was asking for a 'reward.'
"You can take from that what you want to.''http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10840860
Minister Bennett, have you at any time seen any reference to the security flaw in the kiosk system prior to this latest revelation? -
Steve Barnes, in reply to
I suspect that there weren't any jobs at KPMG advertised on the Work and Income database.
Time for an anecdote...
About 10 years back I had occasion to go to a WINZ office, or whatever they were called back then, because I was in between jobs and thought it might be worth looking at what jobs they had on the books.
Back then they had a brand new computer set-up in the public area, two in fact, that you punched in your details and it delivered a list of jobs that would suit you.
Thjere were a couple of other people doing this so I waited my turn and watched.
he two guys in front of me got their print-outs and read the results.
"Aircraft Refueller" said one.
"Hey, same here' the other guy retorted.
They hung around while I did the punching in of my skills and attributes. The result?
Aircraft Refueller.
We figured out that the machine was just spitting out the first job on an alphabetical list regardless of input.
"So" said one of the guys "No jobs for accountants then".
Oh how we laughed... -
Lucy Stewart, in reply to
Yet after the fact there’s always money to clean up the mess these things can create…
an ounce of prevention….
I’m just wondering why the then Minister of Communications and Information Technology, Steven Joyce, or current minister Amy Adams hasn’t been called on the appalling failure, thus far, of the 2011 NZ Cyber Security Strategy (links to PDF file)Strategy is, of course, very far from implementation, but the key thing about the Cyber Security group and this report is that the focus is on active attacks, not basic architecture. Look at their headings; cyber crime, cyber espionage (the nineties are calling…). As has been mentioned in the other thread, this is fundamentally a failure to perceive data security as a basic principle of operations; no-one cared enough to do the basics.
ETA: Also, keep in mind that the Cyber Security Centre has grown out of the Center for Critical Infrastructure Protection, which was a branch of the GCSB, That should give you some idea of their priorities.
-
Hrom what information we have at present Keith and Ira have both treated personal informstion with more respect than the minister in question and the affected government agencies. Stating the obvious I know but the pot/kettle black-calling is either attempted delibertate distraction or politians denying themselves a moment think about the degree of damage their departments have allowed.
-
Sacha, in reply to
Thanks. That detail is well worth sharing around.
Bailey had left his name and number when he called the Social Development Ministry last week to raise concerns about the vulnerability of Work and Income's systems.
On Thursday, Bailey's Linkdin profile had been checked out by an adviser in Social Development Minister Paula Bennett's office, Ng said.
The Social Development Ministry had "categorically denied" leaking Bailey's name, Ng said.
"I have no evidence it came from the minister's office but I think that is a reasonable guess."
Ng said the Government wanted to "turn the conversation around" to focus on Bailey.
However, Bennett today denied the leak came from her office and Prime Minister John Key ruled out involvement from his staff.
-
nzlemming, in reply to
does case law support that?
Yes. It's a strategy, not a regulation, or even a policy.
Post your response…
This topic is closed.