Stories
Slash Boxes
Comments

SoylentNews is people

posted by Dopefish on Friday February 21 2014, @08:00PM   Printer-friendly
from the another-nope-from-down-under dept.

RobotMonster writes:

"The Guardian reports that a vast database containing the full names, nationalities, location, arrival date, and boat arrival information for a third of all asylum seekers held in Australia -- almost 10,000 adults and children -- had been inadvertently released by the Department of Immigration and Border Protection in one of the most serious privacy breaches in Australia's history.

The disclosure of the database is a major embarrassment for the federal government, which has adopted a policy of extreme secrecy on asylum-seeker issues. As the department is likely to have breached Australia's privacy laws, it will be interesting to see what the repercussions are for the people who should be held responsible."

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by SMI on Friday February 21 2014, @08:05PM

    by SMI (333) on Friday February 21 2014, @08:05PM (#4511)

    "...it will be interesting to see what the repercussions are for the people who should be held responsible."

    It will be interesting to see simply if there are repercussions for the people who should be held responsible.

    • (Score: 5, Interesting) by edIII on Friday February 21 2014, @09:08PM

      by edIII (791) on Friday February 21 2014, @09:08PM (#4546)

      Nice UID :)

      Yeah, I doubt that truly responsible people ever suffer consequences in this world anymore.

      We can absolutely destroy a young mother with millions in punitive damages, and possibly even jail time, over some copyright infringement.

      Isn't that done ostensibly because those warez sites and resulting torrent/data traffic causes untold billions upon trillions upon gadjagagillions of money lost to the economy and dead puppies and bruised fruit?

      If what they say is true, why are they not suing the shit out of those ad networks for supporting terrorism and crime? Where is the hundred million dollar lawsuit against McDonalds for supporting piracy?

      The double speak, logical fallacies, and double standards of those groups is simply staggering to behold sometimes.

      --
      Technically, lunchtime is at any moment. It's just a wave function.
      • (Score: 1) by SMI on Friday February 21 2014, @09:59PM

        by SMI (333) on Friday February 21 2014, @09:59PM (#4568)

        Thanks, I agree. Please mod up!

    • (Score: 5, Informative) by Fluffeh on Friday February 21 2014, @09:37PM

      by Fluffeh (954) Subscriber Badge on Friday February 21 2014, @09:37PM (#4562) Journal

      I would personally hope that before worrying about repercussions, they worry about making sure it doesn't happen again. I'm also happy with the way that the Guardian acted:

      Guardian Australia has chosen not to identify the location of the data and made the department aware of the breach before publication.

      The Department of Immigration has released a statement saying the information was never intended to be in the public domain.

      "The department acknowledges that the file was vulnerable to unauthorised access. The department is investigating how this occurred to ensure that it does not happen again," it said.

      • (Score: 4, Insightful) by lentilla on Saturday February 22 2014, @03:32AM

        by lentilla (1770) on Saturday February 22 2014, @03:32AM (#4667)

        I would personally hope that before worrying about repercussions, they worry about making sure it doesn't happen again.

        I'm not convinced that's good enough. Serious data leaks happen again and again. And again and again and again. Not a single week goes past where some large organisation isn't doing the red-faced, public-relations, spin-doctoring dance... and they are only the ones that weren't able to cover the leaks up!

        Every time there is a leak we have the same response: "err, computer error, *cough*, looking into making sure that this doesn't happen again, making enquiries, etc". The damage has already been done. It is now well-known to even average people that data must be protected with the greatest of diligence. Failure to do so is not a case for "oops, sorry about that", it's a simple case of negligence.

        Punishment - even if it's on a small scale - would go a long way to helping the "average man" understand that data security is everyone's business. Simply fire those responsible for leaking the data, and those that made it available in an easy-to-leak format. If you have access to data, you have a responsibility to look after it.

        • (Score: 1) by SMI on Saturday February 22 2014, @07:26AM

          by SMI (333) on Saturday February 22 2014, @07:26AM (#4723)

          "If you have access to data, you have a responsibility to look after it."

          Well said. Now if we could just find a way to apply that to situations such as people giving away other people's information (without their knowledge or permission) to companies like Facebook... I'd like to see a law defining people's personal information as IP, with legal takedown capability and fines. After all, at least in the US, if someone calls a place of business looking for one employee, the only info that anyone else at the company can legally give out are the person's first name and the next time they are scheduled to work.

          I realize that legal takedowns and fines might very well be a slippery slope, but it seems, at least to me, that it would be a more balanced approach than what we have now.

  • (Score: 0) by GungnirSniper on Friday February 21 2014, @08:05PM

    by GungnirSniper (1671) on Friday February 21 2014, @08:05PM (#4512) Journal

    Am I too cynical, or was this a rogue release to force the state to accept these asylum seekers, now that this release increases their risk of persecution in their homelands?

    • (Score: 5, Insightful) by tbuddy on Friday February 21 2014, @08:19PM

      by tbuddy (932) on Friday February 21 2014, @08:19PM (#4520)

      I'd go with Hanlon's Razor [wikipedia.org].

      • (Score: 3, Insightful) by mwvdlee on Friday February 21 2014, @09:06PM

        by mwvdlee (169) on Friday February 21 2014, @09:06PM (#4543)

        Never attribute to stupidity that which is adequately explained by government abuse of power.

    • (Score: 4, Interesting) by randmcnatt on Friday February 21 2014, @08:23PM

      by randmcnatt (671) on Friday February 21 2014, @08:23PM (#4522)

      Just try 'patient data accidentally released' or something similar on Google and see how many hits you get. This kind of thing happens all too frequently, from sheer incompetence.

      --
      The Wright brothers were not the first to fly: they were the first to land.
      • (Score: 4, Insightful) by tbuddy on Friday February 21 2014, @08:45PM

        by tbuddy (932) on Friday February 21 2014, @08:45PM (#4531)

        The sheer number of offices who have to follow HIPAA standards that have 40+ people with the same login, default passwords on home great network equipment, and any other security practices that should have been given up a decade ago are staggering. If that's not bad enough at least a few times a year you'll read about gobs of medical records popping up from laptops getting stolen from cars. I'd guess most who are willing to smash your car window aren't breaking high level security, so you know it is a case of double stupidity.
         
        I think a big part of it is in the same vein as pollution. There is no financial incentive to have great security in the health sector the same as their isn't an incentive to be green in manufacturing. The fines, if any, aren't worth the costs involved and people in the insurance business especially know cost-risk analysis.

        • (Score: 1) by SMI on Friday February 21 2014, @08:57PM

          by SMI (333) on Friday February 21 2014, @08:57PM (#4537)

          I've heard of a doctor carrying all of his patient's records on a flash drive around his neck. Yet another good argument for widespread adoption of strong encryption...

          • (Score: 2) by ticho on Saturday February 22 2014, @11:17AM

            by ticho (89) on Saturday February 22 2014, @11:17AM (#4785) Homepage Journal

            Won't help - that doctor would just have the encryption passphrase written on the side of that flash drive. Alas, you can't fix stupid.

    • (Score: 1) by forkazoo on Friday February 21 2014, @10:57PM

      by forkazoo (2561) on Friday February 21 2014, @10:57PM (#4590)

      It's certainly not a crazy idea. OTOH, somebody doing it just for the lulz, purely by incompetence, or in order to promote harassment of people to prevent them from getting asylum are probably all equally plausible on the face of it. Given that this is referred to as an "inadvertent release" "on the department's web site," I'd be inclined to say it was just a genuine screwup. If they thought they could blame somebody, they almost certainly would.

      The mentality of "it all goes on 'the' server" is pretty common, and it can lead to exactly this sort of thing. If I had to guess, there is either a database that is meant to be secure, but accessible remotely with valid credentials that got accidentally exposed, or else there is a shared network storage that is used for the web server which is used as a a drop box type location, and the wrong file was copied there either by a misunderstanding of the purpose of the storage, or a simple fat fingering.

      • (Score: 4, Interesting) by glyph on Saturday February 22 2014, @03:08AM

        by glyph (245) on Saturday February 22 2014, @03:08AM (#4663)

        It doesn't sound anywhere near that simple. It's not a case of the wrong file in the wrong place, or lax database security. Apparently, the data was embedded in documents that are supposed to be public.

        People will have downloaded these documents without knowing the refugee data is included. The reports are coy about how the data was embedded, but apparently you do need specialised software to access it. Either way, embedding secret data in public documents doesn't sound like a normal slip up.

    • (Score: 0) by Anonymous Coward on Saturday February 22 2014, @01:04AM

      by Anonymous Coward on Saturday February 22 2014, @01:04AM (#4642)

      No, you are not being too cynical in the current climate. There is a war going on and like all modern wars it is not declared fought in secret forever dipping in and out of the news of the day right in front of everyone.

      Specific groups of people have been trying to enter australia by any means possible with the specific goal of increasing their numbers for which since 2007 they have been highly successful; society in australia is changing and with more people coming in they are slowly influencing every day life. Right now they are not allowed to enter the country. They are very upset [theguardian.com] about this. Unfortunately for them the Christian people of PNG are more direct. So is the australian government [theguardian.com]. The Australian [theguardian.com] has a lot of information about this.

      It would not be too surprising to find a bleeding heart inside the australian government looking for an opportunity to advance the cause of people who arrive in australia by boat.

      The dept of immigration has tight controls over production servers, this information should not have been anywhere near a production web server let alone linked

    • (Score: 0) by Anonymous Coward on Saturday February 22 2014, @02:14AM

      by Anonymous Coward on Saturday February 22 2014, @02:14AM (#4654)

      quite possibly
      I wonder if the database includes people who have sexually assaulted others or threatened to sexual assault others [news.com.au]

    • (Score: 2, Interesting) by sparrowhawk on Saturday February 22 2014, @03:40AM

      by sparrowhawk (503) on Saturday February 22 2014, @03:40AM (#4669)

      Watching ABC TV (our national carrier) in Australia just a few days ago, a prominent Human Rights Lawyer (refugee representative) stated that if the identity of a refugee became known, that in itself would be sufficient to trigger permanent protection, for fear of persecution if that person were returned. The proximity of these very public comments to the time of the breach, will certainly seem suspicious to many.

      • (Score: 1) by Popeidol on Saturday February 22 2014, @08:12AM

        by Popeidol (35) on Saturday February 22 2014, @08:12AM (#4735) Journal

        That is a very interesting angle. The Australian Government has been getting some attention from the UN over our harsh treatment of refugees, and how they respond to this will probably be closely scrutinized by the international community. If the government's own incompetence has increased the danger these people are in, that puts them in a very difficult position: If they continue as they are now they could face serious consequences, but if they do the humane thing they look weak to many of the hardline supporters they've built up with the current policy.

      • (Score: 1) by qwade on Sunday February 23 2014, @11:21PM

        by qwade (1006) on Sunday February 23 2014, @11:21PM (#5363)

        ...if the identity of a refugee became known, that in itself would be sufficient to trigger permanent protection, for fear of persecution if that person were returned

        ooh - conspiracy theory time - let's say you worked in federal government and were one of the decent sort that sees asylum seekers as actual people instead of the invasive force of freeloaders that the media paints them as and are actually trying to help. So if you "accidentally" let out the information that would identify an asylum seeker, they would be more or less guaranteed to get asylum ...

  • (Score: 5, Insightful) by Zz9zZ on Friday February 21 2014, @08:29PM

    by Zz9zZ (1348) on Friday February 21 2014, @08:29PM (#4525)

    I sort of like these breaches, it shows the necessity for encryption and security in a way that non-techies will respond to. You can see how Net Neutrality didn't becomes as big of a thing until Netflix slowed down...

    --
    ~Tilting at windmills~
    • (Score: 5, Insightful) by visaris on Friday February 21 2014, @08:48PM

      by visaris (2041) on Friday February 21 2014, @08:48PM (#4532) Journal

      I have similar issues when trying to motivate people (friends, family, etc.) to use encryption, sane passwords, etc. They couldn't care less what someone actually working in the computer industry with a graduate degree in computer science says, but if one of the talking heads on the news mentions a major hack/breach, they are all over it. These breaches and their increasing frequency do help the "common folk" become motivated to deal with the problem.

      • (Score: 0) by ragequit on Friday February 21 2014, @09:07PM

        by ragequit (44) on Friday February 21 2014, @09:07PM (#4545) Journal

        T some point though it will reach saturation and it will no longer be news.

        --
        The above views are fabricated for your reading pleasure.
    • (Score: 2) by tlezer on Friday February 21 2014, @08:55PM

      by tlezer (708) on Friday February 21 2014, @08:55PM (#4534)

      Getting their attention is one thing, but there also has to be easy to use tools that they can quickly adopt and make part of their daily habit.

      • (Score: 1) by muthauzem on Friday February 21 2014, @10:28PM

        by muthauzem (2084) on Friday February 21 2014, @10:28PM (#4580)

        Totally agree with you, but I can't feel hopeful about it changing someday for the common user.

        In the end, the problem is that there's always a compromise between security and convenience.

        While you only need one breach of security to have a major problem, it's easy to minimize the risk in your head since they are not really that frequent. It's not like you have your credit card stolen every 1h, day, week or even a year.

        On the other hand, the steps you take to be 'sufficiently' secured (since you'll never be 100%) will probably be a minor inconvenience multiple times a day. Even typing a password can be a hassle for most people.

        But about the main topic, we are not even dealing with "common users". You'd expect there were professionals around it. That's what is scary. But usually it's the same old story... probably the management responsible for the database don't really grasp the real importance of security to care or is just too incompetent.

    • (Score: 2, Interesting) by mechanicjay on Saturday February 22 2014, @02:39AM

      by mechanicjay (7) <reversethis-{gro ... a} {yajcinahcem}> on Saturday February 22 2014, @02:39AM (#4659) Homepage Journal

      I'm in the final stages of rolling out a two factor authentication system at work. This is on the recommendation of our auditors and insurance co in direct response to a databreach in the fall.

      Even the minor breach, actually got the higher-ups scared enough that security has become somewhat of a hot topic around the organization.

      Even so, today as I was assisting a user with enrolling their account and token they lamented, "All of this because someone let their password out, I'm so annoyed." To which I responded, "If it wasn't someone, it would have been someone else eventually. This stops password leaks from ever being an issue."

      Again, people are just hostile to anything tech people say that might be seen as an inconvenience. Never mind that the directive came from the top. Never mind that you, user, have access to *MY* person information with your account. Go ahead and tell me it's dumb -- thanks.

      --
      My VMS box beat up your Windows box.
  • (Score: 2, Funny) by EvilOverlord on Friday February 21 2014, @09:43PM

    by EvilOverlord (23) on Friday February 21 2014, @09:43PM (#4565) Journal

    "One of the most..." Are there others we should know about?

    Apropos of nothing, and putting on my nazi grammer robe and wizard hat, that phrase always grates on me.

    It should be "one of the few", and in most cases it's used to avoid taking a position. "Likely the worst" is better, but how about just "the worst"?

    Are we going to tolerate smarmy Nazi grammarians on the new site?

    One of my favourite quotes from the original Robocop reads:

    Casey Wong: On the international scene, the Amazon nuclear facility has blown its stack, irradiating the world's largest rain forest. Environmentalists are calling it a disaster.

    Jess Perkins: But don't they always.

    Wow - I must be on tilt [wikipedia.org]. Time for a break...

    • (Score: 1) by Foobar Bazbot on Saturday February 22 2014, @04:35AM

      by Foobar Bazbot (37) on Saturday February 22 2014, @04:35AM (#4687) Journal

      I don't understand why you'd suggest that when they say "one of the most serious foo", they mean "one of the few serious foo". Those are two different statements that say different things; to say "one of the most serious" suggests a distribution of foos over a continuum of seriousness, and asserts that the foo under discussion is in the upper tail of that distribution. To say "one of the few serious", OTOH, suggests that we may categorize foos as serious or non-serious (this boolean seriousness may be natural or may reflect a discretization of an underlying continuum of seriousness), that most foos are not serious, but the foo under discussion is.

      So in the case where many or most foos are serious, but this foo is even more serious than most, saying "one of the most serious foo" is correct, but saying "one of the few serious foo" is wrong, because serious foo aren't few at all.