Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
JackoBoy987

Australian Federal MPs' computer network hacked

Recommended Posts

 

22 minutes ago, leadeater said:

It is in fact totally opposite to what you are saying, especially in light of the law having provisions that can force companies to modify software or infrastructure to facilitate the evidence collection. 

As said. This is the societary bit I see as changing. I gave the example of Apple being ink pen and paper producers, and how these requests make seemingly impossible tasks for them. I'll not repost it. But think of such a request for any physical goods company. For example, we make dangerous goods *illegal* or we force safety on them. Or think of how it differs with postal services. There is no guarantee on a postal service being "encrypted". These systems show, we can only have 1 or the other. We cannot have both!

 

These things exist, but they exist in an either cost/physical system, or a systematic/national system (either you buy/pay for skeleton keys, or you nationalise the phone/postal service or access to it). You cannot have your cake and eat it. There are going to have to be other changes to facilitate such actions. These may end up clarified in courts (as said, I'm not against it or for it, just trying to see what it applies to, and it may become clearer what the meanings are later on).

 

Again, I'm not against this. :) I just see that there is a lot of misunderstanding, and the main thing is I've been posting my observations, asking questions, and giving examples. I have noted MrMoose's comment on this not being a contradictory law, and yours stating it does apply to non-encrypted (e2e anyhow) data. Great! I did not see that detail of it's application (I assumed existing laws covered that!). So no arguments from me on those aspects!

[edit as I got lost in multiple posts updates on 2800s! :P ]

 

Quote

Yes but you aren't actively dismissing the law that makes it illegal to break and enter or trespass either. Locks don't stop a persistent criminal wanting to commit a crime but first there has to be a law they are breaking for it to be a crime.

This is not a law preventing a crime. It's a law requiring action. "You must facilitate a police officer in a car chase by smashing into the criminals car" is very different from "you must not speed".

 

I'm not saying we should not help. I'm saying if one law says "you have no obligation to speak, and can remain silent" then the next law saying "you must give out passwords" is contradictory, unless we have "you may not speak, with the exception of passwords". At which case it becomes problematic if said person has no passwords, as they automatically break the law by having no passwords, they cannot speak! 🤣

 

As said, this is a natural problem with the logic/maths of the situation. It is fine if the users of such a system see that, and don't abuse it... but for the half of the planet that know of that weakness, and thus do exploit it... it's sad. (I know of how it's being applied right now for such actions, thankfully not in Aus though!)

Link to post
Share on other sites
16 minutes ago, TechyBen said:

Yes! They already are! So, I just feel it's turning more and more, and fixing less and less. I'm happy to see people trying to fix these problems (data access, security, preventing unwanted actors using such things)... but sad to see them failing.

 

Again, I know of specific places this is not true. Same with the comments that fears of abuse are misguided. AFAIK for Aus they are not misapplying these laws. I know of places they do. Not a problem with the law (and as said, I'm not against this law), but those who apply it and carry out their interpretation, or plain purposeful misinterpretation of it.

 

Probably more than half the planet is in that situation!

https://ourworldindata.org/corruption

And because corruption is strongly linked too human development:

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&ved=2ahUKEwjA7YXou7jgAhUGXCsKHUNgDTQQFjAOegQICxAC&url=http%3A%2F%2Ffaculty.georgetown.edu%2Fmh5%2Fclass%2Fecon102%2Freadings%2FStandard%20of%20Living%201800.pdf&usg=AOvVaw03lYLnNBVVSoS_a1rBL0bA

 

It really is good news for all of us if we can just get past this last hurdle (being the internet one).

5 minutes ago, TechyBen said:

Again, I'm not against this. :) I just see that there is a lot of misunderstanding, and the main thing is I've been posting my observations, asking questions, and giving examples. I have noted MrMoose's comment on this not being a contradictory law, and yours stating it does apply to non-encrypted (e2e anyhow) data. Great! I did not see that detail of it's application (I assumed existing laws covered that!). So no arguments from me on those aspects!

That's a refreshing paragraph. :D


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
55 minutes ago, TechyBen said:

And yours stating it does apply to non-encrypted (e2e anyhow) data

No it 100% applies to encrypted data as well as non-encrypted. Do you not understand that E2E is only 1 possible encryption method NOT widely used on the internet? This site is HTTPS so the communication between your computer and the website is encrypted but it is not 'End to End User controlled', the website owner has the private encryption key and can read the information otherwise how else does it know which page you asked for, what you're now typing in the text field now to reply to me.

 

I am stating it does apply to encrypted data, lots of it but not all of it.

Link to post
Share on other sites
1 hour ago, TechyBen said:

These things exist, but they exist in an either cost/physical system, or a systematic/national system (either you buy/pay for skeleton keys, or you nationalise the phone/postal service or access to it). You cannot have your cake and eat it. There are going to have to be other changes to facilitate such actions. These may end up clarified in courts (as said, I'm not against it or for it, just trying to see what it applies to, and it may become clearer what the meanings are later on).

This doesn't make any sense to me, legally requiring a company to hand over data when it can, because it can in fact access the encrypted data or disable the encryption is not the same thing as getting a skeleton key at all. This is about a legal framework enforcing the companies operating in Australia facilitate evidence requests as much as they technically can not how much they are willing using least effort possible.

 

I genuinely do not understand why you think it's an impossible task for companies to provide such assistance nor why you think it requires giving law enforcement actual access in to their systems, or a key, or something else similar to that. Most of that is specifically not allowed anyway i.e. Encryption Key Escrow. 

 

1 hour ago, TechyBen said:

This is not a law preventing a crime. It's a law requiring action. "You must facilitate a police officer in a car chase by smashing into the criminals car" is very different from "you must not speed".

This is an exaggeration. It's more along the lines of in the road code you must yield to emergency vehicles and get out of their way, with the step further being heavy fines if you don't get out of the way. Getting out of the way would be assisting emergency vehicles, not that comparable to this situation at all but it's a heck of a lot more than saying this law is like requiring crashing in to criminal's cars.

 

P.S. Trespassing laws don't prevent crime either.

 

1 hour ago, TechyBen said:

 

I'm not saying we should not help. I'm saying if one law says "you have no obligation to speak, and can remain silent" then the next law saying "you must give out passwords" is contradictory, unless we have "you may not speak, with the exception of passwords". At which case it becomes problematic if said person has no passwords, as they automatically break the law by having no passwords, they cannot speak! 🤣

Except they aren't asking the suspect here at all, so no they are not asking you to give out your password. Remain silent or not this doesn't involve such a thing at all, your ISP doesn't care about your right to remain silent and has zero bearing on them.

Link to post
Share on other sites
6 hours ago, leadeater said:

No it 100% applies to encrypted data as well as non-encrypted. Do you not understand that E2E is only 1 possible encryption method NOT widely used on the internet? This site is HTTPS so the communication between your computer and the website is encrypted but it is not 'End to End User controlled', the website owner has the private encryption key and can read the information otherwise how else does it know which page you asked for, what you're now typing in the text field now to reply to me.

 

I am stating it does apply to encrypted data, lots of it but not all of it.

I *defined* my statement to e2e only. Look. STOP. I literally said "(e2e anyhow)"... I defined "Encrypted[e2e]"... :/

 

I understand it's only 1 possibility... but guess what, I considered all possibilities. Thus my comments. On the other possibilities.

https://www.wordfence.com/blog/2017/03/support-end-to-end-encryption/

Quote

When your web browser connects directly to a website using HTTPS, your connection is end-to-end encrypted.

You need to clarify yourself. As I am not sure what you mean. Services *on* the cloud are not always e2e encrypted, but HTTPs is, else internet banking would fail.

 

I never said it does not apply to encrypted data! Just that it physically cannot apply to all data... and therein lies the problem, as how do you convince people to understand that? How do we convince those in authority, what is and is not possible, when they turn up and are panicking over timescales (an emergency) and data?

 

Facilitate would be equal to giving a skeleton key... It is literally done in the USA over customs/baggage. How do you "facilitate" if you never give/access the data with the encryption keys that do exist? As said, I have experience with keys and safes and law/audits. If I had access to a key, it was a security risk (though manageable), if the customer only had the key, it moved the risk. Could the law force me to hand over keys? Yes. Could they request if I did not have the keys? They could try.

 

Quote

Except they aren't asking the suspect here at all, so no they are not asking you to give out your password. Remain silent or not this doesn't involve such a thing at all, your ISP doesn't care about your right to remain silent and has zero bearing on them.

You missed the point again. Sorry. Your ISP would be an "accomplice" in this case, if not helping the investigation. If they help, then they are not an accomplice. If they cannot prove they are helping, and cannot prove they don't have the keys (you cannot prove a negative ;) ), then what? Do the police/law go "ok, that's fine, you obviously don't have the data we need, sorry *we* made a mistake."?

 

Actual difference is, if the law turns up and asks for a physical key, I can show my pockets to have/not have the key. If the law turns up and asks for an encryption key, how do you prove you do/do not have it? That is the kind of error/problem/weakness to such a law I see. Weather that is a big problem or a small one I'm not saying. Just stating it exists, as a real thing.

 

6 hours ago, mr moose said:

...

It really is good news for all of us if we can just get past this last hurdle (being the internet one).

That's a refreshing paragraph. :D

Um. Post and no context, so not reading all those hundreds of pages of linked material there. I'm assuming you mean to show me the personal experiences I know of don't exist because of statistical analysis? Hmmmm. Go tell that to the thousands of people who right now the opposite is happening to. Define "quality of life", because even locally, I can see people who have never had it better, yet it is causing them more trouble (more money and security, yet to them = more alcoholism/drug abuse/violence etc, when it should help them, but something else is preventing that).

 

Just giving people the material things is not enough. Even educating them just in factual things is not enough. They seem to miss the desire or understanding in actually helping people instead of causing harm.

Link to post
Share on other sites
2 hours ago, TechyBen said:

I understand it's only 1 possibility... but guess what, I considered all possibilities. Thus my comments. On the other possibilities.

Not in the past you haven't, you've said multiple times that this law would be impossible to enforce and I haven't seen anything since  then that differs from that. I know you've mentioned E2E but that's literally the only thing you've mentioned and you've used it when talking about how the law would be impossible to enforce. How am I supposed to tell what you actually mean when you've raised it that way before?

 

2 hours ago, TechyBen said:

You need to clarify yourself. As I am not sure what you mean. Services *on* the cloud are not always e2e encrypted, but HTTPs is, else internet banking would fail.

I did clarify it, I said End to End User Controlled. HTTPS is not user controlled encryption, the user does not have the private key only the public key. The service host has the private key and can decrypt anything encrypted using the public key, that model covers the majority of encryption in use by companies that offer services on the internet. Even some cloud storage and backup services can access the data if the really have to, some have the option to enable user encryption but that doesn't mean it's default that.

 

Or another example, I managed the Ednpoint backups at work. Laptops are backed up but users can also encrypt that laptop and the backup data if they so choose, that password they use to encrypt that laptop I can never see so never know what it is. I could use that to get around a data request and technically be correct in saying I don't have the password to decypt that laptop, however the product we use can force disable the encryption without ever knowing the password. We could have company policy to never do that but under this proposed law we could be forced to do so, because we do have the capability to do that.

 

How would law enforcement know we could do that? Well we would have to tell them what we use and why we would not access the data, you take that information to the company that makes the product and they would tell them that removing the encryption is a feature of the product. Would we have ever given them direct access to the system and the data, no. Did we or would we give them any access to encryption keys, no. Did we give them some kind of key or access, no. We would be giving them the requested data, how does this equate to law enforcement having a skeleton key?

 

End to End encryption is not at all a problem because all you need to do is go to the endpoint, the service provider with the data request order. You don't ask a middle man entity that couldn't ever help like the ISP. The only time a company would be unable to access the data is when the user controls the encryption completely like for example encrypting the files before uploading them to Dropbox or Google Drive or OneDrive. In that instance there is nothing any of those companies could do to assist with a data request because they were never involved at any step of the files getting encrypted.

 

E2E encryption in no way makes this law unenforceable, only user controlled encryption specifically does so. Whatsapp is an example of such a service.

 

2 hours ago, TechyBen said:

Actual difference is, if the law turns up and asks for a physical key, I can show my pockets to have/not have the key. If the law turns up and asks for an encryption key, how do you prove you do/do not have it? That is the kind of error/problem/weakness to such a law I see. Weather that is a big problem or a small one I'm not saying. Just stating it exists, as a real thing.

Like literally everything non physical in law you provide evidence as to how it's not possible. Something not being a physical entity doesn't make something not provable. It is not hard to explain/show how your service encrypts data, under this law that information could be used to request a change to make it possible. You don't need to prove if you have the key or not, you could have a way that doesn't require the key at all.

 

2 hours ago, TechyBen said:

You missed the point again. Sorry. Your ISP would be an "accomplice" in this case, if not helping the investigation. If they help, then they are not an accomplice. If they cannot prove they are helping, and cannot prove they don't have the keys (you cannot prove a negative ;) ), then what? Do the police/law go "ok, that's fine, you obviously don't have the data we need, sorry *we* made a mistake."?

No I didn't miss the point, the ISP does not care about your personal right to silence or right to not self incriminate. That is the example you gave and I replied to. 

Link to post
Share on other sites
40 minutes ago, leadeater said:

 We could have company policy to never do that but under this proposed law we could be forced to do so, because we do have the capability to do that.

And for that data they also want that does not appear on the first decrypt? You *must* have the key to the other folder. That locked one. You just demonstrated you could unlock the first laptop, why not the second, or third? ;)

See. I never said it applies where it does not apply. Or that it's impossible if MS/Dropbox store local unencrypted (or encrypted but accessible servers) versions. I said it's not possible for some technology. That and I assumed existing warrants/special powers covered existing requests.

 

As said, there seem to be conflicts in the laws. GDPR and access to remote servers are one example. Sometimes there are exceptions (as in the law say "except in these circumstances"), sometimes there are layers (this law above the others etc). Other times, it's contradictory. And I just wanted to point out where the law is contradictory. It appears there are caveats for "if this is not possible", as I later found out. Just wanted to say that though the law does then cover that, there is little chance everyone understands where it can and cannot apply.

 

So yeah, you lot here tend to treat me like someone who cannot learn, :P

 

Quote

I did clarify it, I said End to End User Controlled. HTTPS is not user controlled encryption, the user does not have the private key only the public key. The service host has the private key and can decrypt anything encrypted using the public key, that model covers the majority of encryption in use by companies that offer services on the internet. Even some cloud storage and backup services can access the data if the really have to, some have the option to enable user encryption but that doesn't mean it's default that.

Cool. As said, I was not aware that they could not request "logs", "records" or "data" already. If this is stored in plaintext on the server, or stored protected on the server by the companies, then the companies have access. As with physical situations. AFAIK we know of the ability to search physical places, and understand the liberties involved there. It's any creep past that kind of power that is interesting to discuss.

 

However, this law still involves interception of communications. There I'd have to see if it was self contradictory, or impossibly to implement, or open for abuse (such as, are they sidestepping the needs for warrants or oversight).

 

Quote

It is not hard to explain/show how your service encrypts data, under this law that information could be used to request a change to make it possible. You don't need to prove if you have the key or not, you could have a way that doesn't require the key at all.

Yeah, and *thats* where it muddies the water. As said. Is this stepping into "you must make skeleton keys for every lock" territory.

Quote

No I didn't miss the point, the ISP does not care about your personal right to silence or right to not self incriminate. That is the example you gave and I replied to. 

I gave the example of a *negative* proof. If you have no key, you cannot give a key. But the "right to silence" could be mistaken for a "breaking of the law". Illustrations/analogies don't match the object, you match the *method*. If there is no method to add third party/government listening to a communication, there is no method.

Link to post
Share on other sites
3 hours ago, TechyBen said:

Um. Post and no context, so not reading all those hundreds of pages of linked material there. I'm assuming you mean to show me the personal experiences I know of don't exist because of statistical analysis? Hmmmm. Go tell that to the thousands of people who right now the opposite is happening to. Define "quality of life", because even locally, I can see people who have never had it better, yet it is causing them more trouble (more money and security, yet to them = more alcoholism/drug abuse/violence etc, when it should help them, but something else is preventing that).

 

No, As I said, corruption is getting less, I did not say it had gone completely and I said standard of living (human development) is getting better, I did not say it was perfect for everyone already.   The general trend across the world is that life is getting better for everyone.  Some countries are still in squalor where corruption is rife and others of use live in countries where corruption laws and whistle blower policies actually work and are reducing the corruption.

 

3 hours ago, TechyBen said:

Just giving people the material things is not enough. Even educating them just in factual things is not enough. They seem to miss the desire or understanding in actually helping people instead of causing harm.

 

It may not be 100% enough but it sure goes a very long way, The studies I linked support that claim.

 

 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
6 minutes ago, mr moose said:

 

No, As I said, corruption is getting less, I did not say it had gone completely and I said standard of living (human development) is getting better, I did not say it was perfect for everyone already.   The general trend across the world is that life is getting better for everyone.  Some countries are still in squalor where corruption is rife and others of use live in countries where corruption laws and whistle blower policies actually work and are reducing the corruption.

 

 

It may not be 100% enough but it sure goes a very long way, The studies I linked support that claim.

 

 

I do agree that people with more of the necessities should do better. I'm not convinced the "corruption is getting less" thing is so. Something seems off in that observation (Especially since, AFAIK the 3 large countries contributing to the majority of the population of the planet probably have the worse and/or worsening corruption!). For example, I know road deaths are down. But I also know, road deaths were a self caused problem in the first place. Fixing a fire you started yourself (https://en.wikipedia.org/wiki/Hero_syndrome is a thing ) to be the hero, while not a thing in large scales, is a thing politically. Or the fact we later realise error (CFCs, Lead in petrol) shows of cause, we can reverse some trends, but currently not the majority (see Global warming, unsustainable material use in other areas etc).

 

Yes, we fix one or two things here or there. But it does not seem to be the majority, or worldwide.

 

As said, I'd not equate quality of life to happiness/safety/etc. The richest people can still be the most illness/drug addictive/crime/war ridden. :(

Link to post
Share on other sites
12 minutes ago, TechyBen said:

And for that data they also want that does not appear on the first decrypt? You *must* have the key to the other folder. That locked one. You just demonstrated you could unlock the first laptop, why not the second, or third? ;)

Yes but without the law we could get away with not complying with the data request via the reasoning of the user has encrypted the laptop with a password we do not know. We could doesn't mean we have to, with the law change we can be made to as opposed to if we want to.

Link to post
Share on other sites
2 minutes ago, TechyBen said:

I do agree that people with more of the necessities should do better. I'm not convinced the "corruption is getting less" thing is so. Something seems off in that observation (Especially since, AFAIK the 3 large countries contributing to the majority of the population of the planet probably have the worse and/or worsening corruption!). For example, I know road deaths are down. But I also know, road deaths were a self caused problem in the first place. Fixing a fire you started yourself (https://en.wikipedia.org/wiki/Hero_syndrome is a thing ) to be the hero, while not a thing in large scales, is a thing politically. Or the fact we later realise error (CFCs, Lead in petrol) shows of cause, we can reverse some trends, but currently not the majority (see Global warming, unsustainable material use in other areas etc).

 

Yes, we fix one or two things here or there. But it does not seem to be the majority, or worldwide.

 

As said, I'd not equate quality of life to happiness/safety/etc. The richest people can still be the most illness/drug addictive/crime/war ridden. :(

I think it is important to understand corruption,  it is not necessarily a black and white condition that can be measured as if it means only one thing.  There are places where certain types of corruption are actually good for a community.  Perceived corruption  is less in countries like Australia, NZ, Sweden, Norway etc because 1. they are smaller and 2. the corruption that does exist is more about who gets what contract, meaning the work still gets done, people still get employed, standard of living still goes up and the rich still get to be richer.  Juxtaposition this to Sudan, Zimbabwe et al, and the corruption does nothing for the population except make it harder to live.   This is largely because the corruption is not at the petty level of deciding who gets to build the bridge/tower that was always going to be built, but about maintaining control over what little resources and power they have.

 

I really think if you want to discuss/debate this you should set a side a few hours to read those links.  They are really deeply researched and have many qualifiers letting the reader know exactly what is a best guess and what correlates most strongly and why.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
14 hours ago, mr moose said:

There are places where certain types of corruption are actually good for a community.

What?! And that is me checking out of the conversation. Thanks for your input. But no.

 

As said, the Aus can ask for a consistent law, or a self contradicting one. Having an internal failure of security (or a sadly successful attack on it), has shown it's not as clear cut as perhaps they make out. I hope they sort it, but I see the current trend is for socially constructed groups to be falling apart.

Link to post
Share on other sites
26 minutes ago, TechyBen said:

What?! And that is me checking out of the conversation. Thanks for your input. But no.

 

As said, the Aus can ask for a consistent law, or a self contradicting one. Having an internal failure of security (or a sadly successful attack on it), has shown it's not as clear cut as perhaps they make out. I hope they sort it, but I see the current trend is for socially constructed groups to be falling apart.

Do yourself a favor, and get educated before checking out of a conversation.  defining corruption by only one severity metric and then ignoring the enormity of the scale and its effects means you will never truly be able to understand why and when it is bad.

 

http://fortune.com/2014/08/07/corruption-economic-benefits/

 

Quote

Of course, most corruption is nowhere near as outrageous, and there are times when the presence of corruption can actually lead to just outcomes. According to Chris Blattman, an associate professor of political science at Columbia University, this might be why economists have not been able to link levels of corruption to growth rates. While overall wealth is associated with lower levels of corruption, there is very little evidence that corruption leads to slower economic growth.

http://blogs.worldbank.org/psd/when-is-corruption-good

Quote

Corruption may be ethically unsavory, but, according to some economists, it may also be economically beneficial.

 

there is quite a wealth of discussion on the topic and it's not all the way many people think it is.

 

 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
2 minutes ago, mr moose said:

Corruption may be ethically unsavory, but, according to some economists, it may also be economically beneficial

Most economies in today's world didn't get to where they are by being moral and ethical

Link to post
Share on other sites

Upside down land is the greatest meme on Earth.


AMD Ryzen 9 3950X | BeQuiet! Dark Rock Pro 4 | Crosshair VIII Impact | Trident Z 3200MHz 2x4GB | GTX 1080 HOF

Samsung Galaxy S7 Edge Black 32GB | Exynos 8890 Octa | SanDisk Ultra 200GB SDXC

1 | 2 | 3 | 4 | Valley | Superposition

Link to post
Share on other sites

@mr moose

 

No need for me to reply really. Others have pointed out the scary thoughts such suggestions convey. Try to look back at what you are proposing.

 

Aus Gov got hacked, that's not nice. Considering ways to help prevent it, and not panic and respond in a harmful way is what this thread was trying to comment on. How existing/new laws can either make things better or worse. Can be easy to understand/impliment or impossible. I can see who understands this, and where their understanding falls apart, or breaks for bias.

Link to post
Share on other sites
5 hours ago, TechyBen said:

Aus Gov got hacked, that's not nice. Considering ways to help prevent it, and not panic and respond in a harmful way is what this thread was trying to comment on. How existing/new laws can either make things better or worse.

The proposed law being talked about has been on the table for a long time being worked out, it's actually got little to do with this security breach. Neither do any of these law makers actually have anything to do with the computer network that was breached either nor have much to do with it's operations and procedures, much the same way doctors don't at medical practices.

Link to post
Share on other sites
13 hours ago, leadeater said:

The proposed law being talked about has been on the table for a long time being worked out, it's actually got little to do with this security breach. Neither do any of these law makers actually have anything to do with the computer network that was breached either nor have much to do with it's operations and procedures, much the same way doctors don't at medical practices.

Yes. I know. Again "Whooooosh" over heads.

 

It is a tech and security incident that shows tech and security is not simple. It is an incident that will possibly have an effect on future laws. A pass, recent law, that was applied was the one for helping gain access to cloud services.

 

Quote

much the same way doctors don't at medical practices.

Drs make decisions on health. Government make decisions on everything. Not the same. Sorry.

Link to post
Share on other sites
13 hours ago, TechyBen said:

Drs make decisions on health. Government make decisions on everything. Not the same. Sorry.

It is much the same, politicians have nothing to do with the failings of the IT staff at the place of work they go to. The problem for the IT staff is that when things happen like this proposed law around encryption and it getting so much negative attention people want to see it fail so target them in some way. While you can never be perfect, when that happens you really need to have your bases covered.

 

They were probably well aware they were a big target for something like this.

 

Also the laws these politicians debate like the one being discussed do not effect the network security and policies of the federal government, the proposed law doesn't even apply to them in the first place.

 

13 hours ago, TechyBen said:

Yes. I know. Again "Whooooosh" over heads.

Sorry but that needed to be pointed out even if you knew that. What you said in the context of the discussion was making it sound like the law being discussed was reactionary to the security breach when it wasn't. Anyone could read that and get the wrong impression.

 

Edit:

I understand and agree with what you were saying however, aside from my above comment that no reactionary measures have been taken yet, I disagree anything these politicians would end up passing in to law have as direct impact on computer network security as being made out by many. Working in IT in very much government adjacent and funded industry sector and having family in IT in an even closer situation I understand very well how these do and don't apply in the legislative sense to actual company security policy and practices. Example being regulations of where healthcare information is allowed to be kept doesn't effect the security measures you enact on that data where you are allowed to store it.

 

Laws are not perfect and there are ways to get around them, that doesn't make them wholly useless or impractical or impossible to implement.

Link to post
Share on other sites
On 2/15/2019 at 2:08 AM, TechyBen said:

@mr moose

 

No need for me to reply really. Others have pointed out the scary thoughts such suggestions convey. Try to look back at what you are proposing.

 

Aus Gov got hacked, that's not nice. Considering ways to help prevent it, and not panic and respond in a harmful way is what this thread was trying to comment on. How existing/new laws can either make things better or worse. Can be easy to understand/impliment or impossible. I can see who understands this, and where their understanding falls apart, or breaks for bias.

Claims no need for me to reply,  then makes a reply.

 

I know exactly what I am proposing.  The world isn't black and white, it is not absolute in many ways.  You need to understand that the implications of such things aren't always just bad or just good, there are many steps in the middle that can be be both depending on thousands of other factors.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
16 hours ago, mr moose said:

Claims no need for me to reply,  then makes a reply.

 

I know exactly what I am proposing.  The world isn't black and white, it is not absolute in many ways.  You need to understand that the implications of such things aren't always just bad or just good, there are many steps in the middle that can be be both depending on thousands of other factors.

Again. Think about what you are proposing. Easy to do so, if it's not towards you. Or would you concede to someone else saying "it's not black and white" even if they are taking such actions against you?

Link to post
Share on other sites
4 hours ago, TechyBen said:

Again. Think about what you are proposing. Easy to do so, if it's not towards you. Or would you concede to someone else saying "it's not black and white" even if they are taking such actions against you?

Yes.  Of course I would, that's the whole point, it would be pretty naive to think we haven't been affected if not a direct victim of corruption at some point in your life.   But not all  acts of corruption have an absolute negative effect, some acts of corruption actually net a positive result for nearly all involved.  

 

If you would just read the material I linked you would understand what I am saying.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
12 minutes ago, mr moose said:

Yes.  Of course I would, that's the whole point, it would be pretty naive to think we haven't been affected if not a direct victim of corruption at some point in your life.   But not all  acts of corruption have an absolute negative effect, some acts of corruption actually net a positive result for nearly all involved.  

 

If you would just read the material I linked you would understand what I am saying.

So you are saying your happy to be a victim of corruption? You are going to welcome in a squad taking your stuff because [any corruption reason]? Because it's good to have corruptions sometimes? That includes if the sometimes would leave you economically, or health, or safety deprived to the extreme?

 

Quote

 some acts of corruption actually net a positive result for nearly all involved.  

Wait huh? Again. If someone takes your stuff/punches you/other corruption related offense against you, you are saying *sometimes* this is good for you?

Link to post
Share on other sites
3 hours ago, TechyBen said:

Wait huh? Again. If someone takes your stuff/punches you/other corruption related offense against you, you are saying *sometimes* this is good for you?

Because economic corruption and police/military corruption are the same thing? A contract kick back to a corporate/business friend is the same as political arrests?

 

We don't have to support corruption or believe it is a good thing but a corrupt act doesn't necessarily hurt you or others, sometimes the worst outcome is a company that would have gotten the contract didn't. That sort of thing won't end a business, lose employees their jobs or anything otherwise unless the company was not viable in the first place and should never have been awarded the contract.

 

Why are you replying to a point being made about corruption in some cases not having a direct detrimental effect with an example of one that is bad. Because bad things exist all things are equally as bad or can only be bad?

 

Why am a pointing this out at all, because it's a common trend I have noticed with the discussion with me earlier, the inability to separate or acknowledge that not all acts are the same, not all outcomes are the same, not everything fits perfectly or applies equally. You say not everything is black and white but will only accept things as black and white, good or bad, perfectly applicable or not at all. Pointing to examples or evidence where something has not been bad doesn't mean some supports that act.

Link to post
Share on other sites

Someone takes all your money. Because economic corruption.

Do you say "this is ok, because corruption is sometimes beneficial"?

 

Again. Tying oneself in knots does not excuse an action.

 

7 hours ago, leadeater said:

Why are you replying to a point being made about corruption in some cases not having a direct detrimental effect with an example of one that is bad. Because bad things exist all things are equally as bad or can only be bad?

Because we are able to discuss things. "Third degree burns are bad", "oh why are you discussing this one instance where third degree burns are bad, sometimes they can be good!" is a statement. It's one that misses the point of the damage of third degree burns. And yes, if we try hard enough we can find a grey area where third degree burns will be beneficial. Still misses the point.

 

I never said some corruption is less harmful. I said it's never "beneficial". Anymore than say, any other harm is beneficial to one party, but harmful to another. If I pretend to live in isolation, I could make that wrong conclusion. If I understand there are multiple people involved, and have empathy, I can see that it would not excuse actions just because 1 part of the example has "benefit".

 

Never mind. Go think about the proposition. Really. Sit down and chew on it and the consequences.

 

Quote

Why am a pointing this out at all, because it's a common trend I have noticed with the discussion with me earlier, the inability to separate or acknowledge that not all acts are the same, not all outcomes are the same, not everything fits perfectly or applies equally.

"There is no decimalised representation of pi" is not the same statement as "there are no numbers that can be decimalised". I can make a statement "all corruption is harmful" that is an acknowledging 1 part as all the same, and another statement "some corruption is less harmful than others" acknowledging some parts are different. Both can be true. They are not exclusive/excluding. So yeah. No problem here. Where is the problem in that? Both those statements fit "perfectly", where we put each corrupt act is opinion then.

 

I mean, you can try and redefine corruption if you like. But that's going even further off topic. I hope the Aus Government finds communication easier. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×