web analytics

Bill Bennett

Menu

Tag: government

UK spy chief: “For better cybersecurity, the west has to go it alone”

“Cybersecurity is an increasingly strategic issue that needs a whole-nation approach. The rules are changing in ways not always controlled by government.

“Without action it is increasingly clear that the key technologies on which we will rely for our future prosperity and security won’t be shaped and controlled by the west.

“We are now facing a moment of reckoning.”

– Jeremy Fleming’s speech notes as reported in the Guardian.

Fleming heads GCHQ;  the UK spy agency. It provides the UK government with signals intelligence.

China in the cybersecurity frame

He doesn’t mention China by name in these speech notes. Yet it is clear that’s what he means when he talks about the west not shaping key technologies.

There is no other plausible candidate.

Elsewhere, the Register reports Fleming actual speech. He says:

“China’s  size and technological weight means that it has the potential  to  control the global operating system”.

Fleming’s main cybersecurity concern is China, but he has strong words to say about Russia. It has sophisticated world-class state-sponsored hacking. Russia was behind the attacks on the SolarWinds software used by US government departments.

Emerging technologies

He says China is working on emerging technologies, but it has a competing vision of the future. It’s a vision that doesn’t respect liberal western thinking.

His answer is for the west to develop its own technologies. He also wants allies to work more closely to build better cyber defence networks.

Up to a point this is an extension of the earlier campaign against Huawei. That resulted in western governments banning the company from building strategic 5G cellular networks.

At the same time it reflects increased tension between China and the west.

There’s a deepening rivalry between China and America. Western nations are being asked to pick sides. This now extends beyond commerce, both sides have increased their military activity.

Russia is opportunistic and threatens Eastern European nations. That presents the rest of Europe with a security problem.

Behind these rivalries nations are fighting a tech war online. Many of the threats facing computer users come from state controlled teams.

Mood swing

There’s a mood swing against globalisation and world wide technology supply chains.

Many tech companies have become dependent on China. That presents western countries with a diplomatic problem.

It make it harder for them to criticise Chinese aggression or human rights abuses. There’s always a threat China could turn the manufacturing tap off.

The UK is preparing legislation that will allow the government to block foreign take-overs. That’s another step away from the liberal economic model that has dominated the last 30-odd years.

None of this will pass New Zealand by. We’re in a difficult spot. We are caught between our traditional alliances and our trade relationship with China.

It’s going to be a bumpy ride.

You can hear me discuss this story on RNZ Nine-to-Noon with Kathryn Ryan

Australia’s muddle-headed media law

Google and Facebook are too powerful, but monetization won’t solve the core problems

Source: A New Australian Law Is the Wrong Answer to Big Tech | by Owen Williams | Feb, 2021 | OneZero

At OneZero Owen Williams writes about the Australian government’s proposed legislation that will make online giants pay local media.

He writes:

…the News Media and Digital Platforms Mandatory Bargaining Code, would require social media platforms to negotiate with local media in order to use their content. For instance, whenever Google publishes headlines and summaries on Google News, Google would have to pay a small sum to the newspapers or magazines listed.

European governments have attempted similar laws and rules with little success.

Devastating for traditional media

There’s a huge disconnect with the plan. Yes, the likes of Google and Facebook have devastated traditional media. They, and other world scale media giants, have sucked almost all the advertising revenue that once paid for a vibrant and diverse market of newspapers, radio stations and television channels.

And yet today’s media companies depend on the same tech companies to drive online readers to their sites allowing them to pick up the few remaining revenue crumbs. Without that traffic they’d wither and die.

The analogy that comes to mind is that the media companies have a prescription drug dependency. The medicine reduces their pain and allows them to function, but in the long term it is killing them.

Doomed

Australia’s proposed legislation isn’t only doomed to failure. It will almost certainly end up doing more harm than good. The likes of Google and Facebook need to be dragged into line, but this is not the way to do it.

What would I do? First, I’d flatten the playing field by making sure all revenue sucked out of the local market is subject to tax. If local media companies pay tax, but their more successful rivals do not, they don’t stand a chance of competing. While that train has already left the station, taxing the giants on an equal footing with local publishers might create local opportunities that would not otherwise exist.

Second, I legislate so that the likes of Google and Facebook have the same responsibilities for their content that more traditional publishers have. It’s not good enough for them to wash their hands of damaging and harmful material published on their sites. It’s not as if they don’t have the rivers of gold pouring into their coffers to help them pay for teams of editors.

In the meantime, I’m also concerned the Australian moves could have implications for New Zealand. Like it or not, the tech giants tend to treat us and Australia as a single, unimportant market.

Five Eyes wants access to encrypted messages

New Zealand joined its Five Eyes security partners to ask social media companies like Facebook to allow access to encrypted data.

Five Eyes is a security partnership that includes the United States, Britain, Canada, Australia and New Zealand. India and Japan also took part in the move.

At first sight this looks like a continuation of a long campaign by Western governments to unravel digital encryption. I talked to Kathryn Ryan about this on RNZ Nine-to-Noon last week.

Governments say they worry that criminals and terrorists can use encryption to keep illegal online activity private. There’s no question this goes on.

Important role

The difference this time is that the governments acknowledge encryption plays an important role. It gives people privacy and enables online commerce including banking. This would be difficult to do without encryption.

When Justice minister Andrew Little announced New Zealand’s support earlier this week he was clear that any access to encrypted data would require a warrant.

This would subject large technology companies like Facebook and Google to the same measures as local companies like Spark or Vodafone. New Zealand’s Telecommunications Interception Capability and Security Act (TICSA) means local companies must comply with proper warrants.

Hard to enforce

While New Zealand law applies to foreign technology giants, our system has little power to enforce warrants. An international agreement and a common legislative framework will make it easier for local law enforcement.

The UK and US have legislation to address this. Australia has anti-encryption legislation, which has not been effective because it can’t be enforce.

Five Eyes is not asking for carte blanch. At this stage it is making a request and asking the tech companies for their ideas.

The security partnership says it wants to embed public safety in system designs. This would let companies act against illegal content and activity without reducing user safety.

Five Eyes wants law enforcement access to content in a readable and usable format where an authorisation is lawfully issued. At the moment companies can respond to warrants with indecipherable encrypted data.

There are, as you’d expect, fears about privacy and freedom.

While we shouldn’t play these fears down, in part this is back to the question of social media companies taking more responsibility for what happens on their sites.

Encryption works

There’s a clear message here that governments remain frustrated by their inability to access encrypted material. In other words, encryption is working.

There’s a contraction here, earlier in the week GCSB director Andrew Hampton talked about this on Nine-to-Noon. The relevant clip is the last few minutes of a long 27 minute interview.

He rightly talked about the “threat surface” and security vulnerabilities. Yet encryption is on of the best tools we have to reduce these threats and vulnerabilities.

This action is not about making tech companies give government agencies back doors into encryption. That has been discussed in the past.

Back doors are a bad idea because the moment there is an entry point for government agencies there is one for criminals and terrorists. It takes one law enforcement officer anywhere in the world to hand those keys over to a criminal.

New Zealand’s bias challenging algorithm charter could save lives

Statistics minister James Shaw launched the Algorithm Charter for Aotearoa New Zealand. He says it is a world first.

The charter might not seem a huge deal. Yet overseas experience suggests it could save lives.

Shaw’s press release says the charter will “give New Zealanders confidence that data is being used safely and effectively across government.”

Make that: “parts of government”. The charter is not compulsory. A total of 21 government departments have signed. The biggest data users are there: Inland Revenue and The Ministry of Social Development are important. The New Zealand Defence Force has signed, the Police has not.

New Zealanders would be more confident they would not be on the wrong end of a rogue algorithm if the charter was compulsory across government.

Ethical data use

The charter draws on work by the head of Statistics NZ, Liz MacPherson. She also has the title of chief data steward. MacPherson has been working on ethical data use in government.

Last year the government looked at how it used algorithms. It decided they needed more transparency. In July it set up a Data Ethics Advisory Group.

The thinking behind the charter is sound enough. Government departments use vast amounts of data. At times the software used to sift the data is complex, although it can be straightforward at times.

This can work fine, but humans write algorithms. They can be biased or based on false premises. Algorithms can be broken. People using them can make bad decisions.

Algorithm chaos

There are plenty of stories of algorithms serving up inaccuracies and discriminatory decisions. The process is opaque, government employees have been known to hide behind bad decisions. The logic used to feed algorithms is often kept secret from the public.

When this happens, the consequences can be dire. At times the most vulnerable members of society can be at risk.

One of the worst examples of how bad this gets is Australia’s so called Robodebt saga. Australians who had received welfare payments were automatically sent debt notices, often without explanation if data matching between different departments showed inconsistencies.

Many Robodebt demands were wrong. Fighting or even questioning the demands saw people descend into a Kafkaesque digital distopia. There were suicides as a result.

Agencies signing the charter commit to explaining their algorithms to the people on the receiving end. The rules used are supposed to be transparent and published in plain English. Good luck with that one.

Fit for purpose

Elsewhere the New Zealand charter wants algorithm users to “make sure data is fit for purpose” by “understanding its limitations” and “identifying and managing bias”. It sounds good, but there is a danger public servants might push the meaning of those words to the limit.

Any agency signing the charter has to give the public a point of contact for enquiries about algorithms. The charter expects agencies to offer a way of appealing against algorithm decisions.

There’s a specific New Zealand twist. The charter asks agencies to take Māori views on data collection into account. This is important. Algorithms tend to be written by people from other cultures and Māori are disproportionately on the wrong end of bad decisions.

One area not covered in the documents published at the launch is how agencies might deal with data that is manipulated by external agencies. Given that government outsources data work, this could be a problem. There may even be cases where external organisations use proprietary algorithms.

New Zealand won’t follow UK’s Huawei 5G ban | RNZ News

“TICSA has been in place since 2014, and works well. We are confident that New Zealand’s telecommunications networks are secure, and that our regulatory model serves New Zealanders well.”He said every decision was made on a case-by-case basis, and in accordance with New Zealand laws.

Source: Andrew Little says New Zealand won’t follow UK’s Huawei 5G ban | RNZ News

Rachel Thomas at RNZ interviewed me on the likelihood of Huawei being allow to take part in New Zealand’s 5G networks.

Huawei doesn’t meet the standard set out in the Telecommunications (Interception Capability and Security) Act 2013 (TICSA).

Huawei didn’t pass the test the first time around and everyone goes out of your way to tell you that’s not a ban, that in effect bans it from the network until it passes that test, so we’re already in the ‘not going to be buying Huawei’ camp.

This could change if there is a change of government either here or in the US. The National Party is closer to China than Labour, Green or New Zealand First. A Democrat lead government in the US may want to take the heat out of trade tension with China.

Currently, no telco providers are using Huawei technology as part of their 5G networks in New Zealand – with Vodafone and Spark both working with Nokia.

But Spark and 2 Degrees have refused to say whether they would rule out partnering with Huawei for 5G networks in the future.