Weekly Wrap 125: Intelligence and infection

It’s hard to believe that just two weeks ago I was dealing with snow because this week, Monday 22 to Sunday 28 October 2012, included a day of working at Manly beach.

As you’ll read in a moment, it also included a series of digs at Australia’s law enforcement and intelligence communities. And it wrapped up on Saturday with the discovery that I’ve been suffering from a rather nasty throat infection. Which explains why I was so tired and irritable.

Penicillin to the rescue!

Podcasts

Articles

Media Appearances

Corporate Largesse

None.

The Week Ahead

The week begins tonight with a midnight recording for this week’s Patch Monday podcast. Then I have to complete a story for Technology Spectator by 1000 AEDT before wrapping up Patch Monday. And then I catch the train to Sydney.

I’m then staying in Sydney overnight so I can be at Microsoft’s Tuesday morning breakfast briefing on Windows Phone 8, and after that the rest of the week is as yet unplanned. Chaos is my friend. Stand by.

[Photo: Freelancing, a picture of my working environment on Thursday. That’s the Steyne Hotel overlooking the beach at Manly in Sydney.]

ASIO’s got it easy, says terrorism expert

“ASIO don’t seem to realise how privileged they are compared to intel orgs in other Western democracies,” tweeted terrorism researcher Andrew Zammit (pictured) yesterday.

Zammit is a researcher at the Global Terrorism Research Centre (Monash University) and Australian Policy Online (Swinburne University), and he was responding to my blog post from yesterday, “Insulted, ASIO? That’s not really the problem, surely?” and the attached podcast.

Here are his subsequent tweets, turned into continuous prose:

CIA for example has ongoing congressional oversight (of actual operations) as opposed to our occasional parl[iamentary] inquiries, people can FOI CIA docs only a few years old (ASIO has 20-30 year exemption) and some of the CIA’s analytical roles are transparent, as in analysts will have CIA business cards whereas even an ASIO kitchen hand’s identity will be kept secret. And CIA isn’t even a domestically-focused agency. So yes, ASIO needs to be less precious about being asked questions.

I agree. From the perspective of the United States I’m a foreign national, yet I’ve spoken with officers from the FBI, NSA and the Secret Service — all of whom had business cards with their full names. The closest I’ve gotten in Australia is chatting briefly with a DSD chap, one of two attending Linux.conf.au in January this year — given names only, and I suspect that those given names were really in scare quotes.

The excuse always given is “operational security”, but I do think the world has changed. The tools and methods are surely not so different from SEKRIT agencies to private-sector security companies and even analysis in non-security realms, given that so much technology is now available off the shelf to all comers.

Surely these days OPSEC is more about protecting sources and the specific operations that are or are not being conducted?

Of course I really don’t know this stuff. I’ve never worked in this field. I’ve never even held a security clearance. I’m just an interested bystander mouthing off. But I am intrigued.

Talking data retention (again) on Balls Radio

My regular spot on Phil Dobbie’s Balls Radio this week was a conversation (yes, another one) about the Australian government’s data retention proposals.

Here’s the audio of my segment. As you’ll hear, it’s much the same argument as in my last post about the Patch Monday podcast, with random asides about the meaning of misogyny and what should be done with real estate agents.

Yes, there’s a few audio dropouts. Welcome to the joys of using Skype over Telstra Next G mobile broadband while 1.5 kilometres into the eucalypt scrubland.

If you’d like more Balls Radio, have a listen to the full episode. You can subscribe over at the website.

Insulted, ASIO? That’s not really the problem, surely?

There aren’t many places in the world where you can openly accuse the nation’s top police and intelligence agencies of having an attitude problem, as I did on Monday, without being visited by the men in the van with the canvas sack. Which is a good thing.

In this week’s Patch Monday podcast, embedded immediately below for your convenience and CBS Interactive’s traffic logging, I departed from the usual format to present a personal opinion.

Data retention for law enforcement is one of the most important political issues relating to our use of the internet now and as far into the future as we care to imagine, I said, and it’s being mishandled.

The Australian government’s current one-page working definition (PDF) of what constitutes communications metadata (which can be requested by law enforcement agencies without a warrant) as opposed to communications content (which generally does require a warrant) is, to anyone with a technical understanding of how the internet actually works and is evolving, virtual gibberish.

“Dangerously immature” is how I described it.

I also raised three points where I think the version of reality being promoted by the Australian Federal Police (AFP) and the Australian Security and Intelligence Organisation (ASIO) is wrong.

  • This is a push for more power. We conduct so much more of our lives online than we ever did on the phone, and that means the balance of power is changing. We need to have a conversation about this.
  • The AFP says quite specifically that they’re not after our web browsing activity, but I don’t see how the working document supports that argument. And other agencies, including the Australian Securities and Investment Commission (ASIC), are after that stuff.
  • ASIO and the AFP constantly talk about the powers being needed to catch the terrorists and pedophiles. But the law will probably be modelled on the current law for the phone, which provides access to communication metadata to many other agencies with far less stringent accountability rules for many other, far less serious, crimes.

Please have a listen and tell me what you think.

The podcast stands on its own, but I want to emphasise the thing that still disturbs me…

Continue reading “Insulted, ASIO? That’s not really the problem, surely?”

Visiting Coffs Harbour for FlexibilITy 2012

The travels continue. I’m heading to Coffs Harbour in northern New South Wales next month to speak at Flexibility 2012, the 15th Annual IT Conference for Local Government.

You’ll be surprised, I’m sure, to discover that I’m talking about information security.

The Hacker Threat: Let’s bust some myths

The headlines portray the internet as a scary, scary place. Anonymous hacktivists mock the powerful, defacing websites and stealing vast troves of confidential information. Criminals plunder bank accounts and destroy credit ratings. Shady “nation-state actors” infiltrate secure government and corporate networks, stealing every secret they can find.

Information security companies publish research “proving” the vast scale of global online crime. Defence experts point to the vast sums being spent on military-grade hacking and talk of looming cyberwar. Of course both groups have a vested interest in talking up the threat.

The hackers are certainly real, ranging from youthful vandals with unfocussed quasi-political motivations to highly-organised international crime gangs and well-funded national defence and intelligence agencies.

Sophisticated hacking tools are now developed by professional software development teams. They can be bought in the online underground for just a few hundred dollars, complete with technical support provided under a service level agreement.

So how should organisations respond?

The threat landscape is certainly changing, so new tools will certainly be required. But it’s important to understand the real threats and their relative significance, and respond as part of a coherent strategy, rather than reacting to the latest panic.

This session will present an overview of current internet security threats based on the latest research with the bovine excrement filtered out.

I’ll be in Coffs Harbour from the morning of Wednesday 14 November through to the afternoon of Saturday 17 November. Apart from the conference itself, I’m open to suggestions.

Visiting Singapore for Verizon media briefing

Verizon has noticed that most Australians know them only for their US mobile phone business — if they know them at all. So as part of their process of fixing that, they’re sending me to Singapore.

The main focus of the trip is a media briefing day on Wednesday 7 November, where I’ll learn more about Verizon Enterprise Solutions and, of course, the information security work they do. So I daresay I’ll be writing about that sort of thing at some point.

I’m arriving in Singapore on the evening of Tuesday 6 November and, since it’s my first visit to Shopping Mall and Container Terminal Island, I’ll be staying through to Sunday night before returning to Sydney.

Verizon has also invited me to their hospitality tent at the Barclay Singapore Open. Golf. Yes, I know, I’m not the least bit interested in golf. But it’ll be a handy “networking opportunity”. Yes, I know.

So, what do I need to know about Singapore? Where must I go? And who must I meet?