CSO: Voluntary filtering removes the controversy

My first op-ed for CSO, “The Resource for Data Security Executives”, has just been posted. It’s voluntary ISP-level internet filtering, but a different angle from my Crikey piece earlier today.

After nearly four chaotic years, Australia’s internet filtering scheme is finally coming together in a way that makes sense technically and politically, if not necessarily for effective child protection.

The chaos wasn’t all communications minister Senator Stephen Conroy’s fault. The “clean feed” was announced as Labor policy back in March 2006 by then-leader Kim Beazley. ISPs would filter out the nasties hosted overseas, where they couldn’t be hit with a takedown notice from the Australian Communications and Media Authority (ACMA).

But Conroy’s name was on Labor’s Plan for Cyber-safety published just five days out from the federal election in late 2007, and once in government it was Conroy’s job to explain that plan and sell it to voters. Everyone presumably imagined it’d be a protect-the-kiddies no-brainer.

Problem was, neither the plan not Conroy’s explanations were clear…

As I say, it’s my first outing for CSO, but if all goes according to plan there’ll be more. And in case you’re wondering, CSO is a job title. Chief Security Officer.

Crikey: Internet filtering isnt compulsory, but…

Over at Crikey I’ve written a summary of what’s happening with Australia’s internet filter.

Australia’s mandatory internet filtering by internet service providers (ISPs) won’t happen for at least two years. But we’re getting filtering anyway. Voluntarily. By ISPs. Next month…

Telstra and Optus are expected to have their filters ready within weeks, although the situation with Primus is unclear…

The Internet Industry Association (IIA) is also about to release a voluntary industry code that would see an estimated 80% to 90% of Australian internet connections filtered by the Interpol blacklist over the next year. Attempts to access domains on the list would be redirected to an Interpol block page.

Overall, I reckon the process that’s now unfolding could well result in the gvernment’s planned mandatory ISP-level filtering disappearing off the table entirely.

As a bonus link, here’s Interpol’s explanation of their “worst-of” blacklist of child exploitation material.

Wanted: Your infosec war stories, anonymity preserved

Information security has an image problem, I reckon. No-one apart from the infosec geeks themselves know what’s really involved in hacking or fighting hackers. So the public thinks it’s all like the bullshit in movies.

Like Hugh Jackman creating a virus in Swordfish, pictured.

Does anyone remember the episode of Spooks where the office lights went out when the hacker breached the firewall?

Let’s fix that.

Let’s hear more about the real war stories. OK, everything has always gotta be so goddam SEKRIT! No-one wants to admit to an embarrassing problem. But I reckon we can tell some of these stories while leaving out the identifying details.

We don’t need to reveal which bank nearly had its data centre pwned by a 14-year-old Ukrainian, nor which vendor’s product provided the bloody great hole he came through. But we can certainly talk about the processes, the time pressures and the paranoia.

This week I’ve started writing for a certain as-yet-undisclosed masthead. I reckon we could do regular stories from the front line of cybersecurity. I’ve been told to go for it. And I reckon it’d be fun to write in a stronger narrative style for a change.

If you are, or know of, someone that I should meet for a few drinks in a quiet place while I take notes, please contact me.

Talking business information security on BTalk podcast

Yesterday I was the guest on Phil Dobbie’s BTalk podcast at BNet Australia, a CBS Interactive masthead. The topic? Information security for small business.

I covered quite a bit of stuff fairly quickly. The state of anti-banking malware. Virus protection for smartphones. Password management. Encrypting you hard drives. Mandatory data breach notification laws. And more.

You can see the podcast in its written context as a BNet blog post, A Security Breach is Only a Matter of Time. Or you can just listen below.

This podcast is ©2011 CBS Interactive.

Talking Google vs Facebook on ABC Gold Coast

I continue to be fascinated by what I get asked to talk about on the radio. Today it was news about Google, with an amused emphasis on the product names.

The station was ABC Gold Coast, the presenter was Bernadette Young, and producer Nicole Gundi had chosen two specific stories. The Australian’s coverage of the launch of Google+, the competitor to Facebook, and the Herald Sun’s story on the smartphone operating system wars.

Speaking live from the pub at fairly short notice, I managed to wrap a few facts and opinions into the 10-minute interview. And here’s a recording.

This material is ©2011 Australian Broadcasting Corporation, presented here as always because the ABC doesn’t post it and it’s a decent plug for them.

Respect, please, NSW Police!

Respecting someone’s religious beliefs is something I though was basic etiquette. But apparently not so, according to NSW Police Commissioner Andrew Scipione and Police and Emergency Services Minister Michael Gallacher.

I have no idea who the women in the photo are. I cannot identify them. But I know that if I wanted to identify them, asking them to remove their burqas would cause offence.

If I needed to identify them, I know that in 2011 there are methods other than demanding they show their faces. They’re Muslim women, so I’m fairly sure that I could arrange for another Muslim woman to view their faces in private, without men present.

But this is how those aforementioned gentlemen’s views were explained in a NSW Police media release headed Police Commissioner meets Minister to close Burqa loophole earlier this evening:

Mr Scipione made the meeting a priority today, declaring the Carnita Matthews Appeal decision [my linkage] raised “real concerns” for police officers.

“The Minister and I are in total agreement that we need to take action to close this potential loophole and strengthen police powers to demand identification where necessary,” Mr Scipione said.

“We are working together to fix this issue and legislative change may be the answer,” the Commissioner added.

As I said on Twitter, I thought it might have been nice if the Commissioner and Minister had even just hinted that respect for people’s religious beliefs might enter into their thinking.

But apparently someone’s sincerely-held religious beliefs are a “real concern” and a “loophole”. We must change the laws so the police can ignore them. At least that’s what it sounds like.

I would like to think that this is simply a poorly-worded media release. After all, I respect the NSW Police for doing a difficult job that I wouldn’t touch with a barge pole and, looking at the world scale, I know they’re mostly on my side. Unlike some countries we could all name.

I would like to think that the police minister, being an experienced politician, knew how to balance the different factors at play in the community.

But this is the same police minister who reckons we shouldn’t worry that people are illegally arrested because police computer information is out of date. This doesn’t exactly fill me with confidence.

[Photo: Afghan women wearing their traditional burqas when going outside in northern Afghanistan, by Steve Evans. This image is licensed under the Creative Commons Attribution 2.0 Generic license.]