Basically, the world is divided into two types of people: those who think the Panama Papers illustrate the bad shit that some people do, and those who think the Panama Papers illustrate what needs to be done to make sure no-one else discovers the shit – good or bad – that they’re doing. Interesting then, that in yesterday’s speech to an audience of corporate leaders at the first Cyber Security Summit in Auckland, Prime Minister John Key didn’t advise the captains of industry on how being a good corporate citizen might be the best way of preventing them from becoming a hacking target in the first place. Instead, he urged them to invest in a really, really good cyber-security firewall:
[Prime Minister John Key] said the massive information leak from the Panamanian law firm, Mossack Fonseca, which revealed global tax avoidance practices, is proof no company was safe from hacking. “Whatever the rights and wrongs of whatever business they do, these people have sat there thinking they’re dealing with their clients on a confidential basis.”
“Their information has been hacked and is now in the public domain.” He said businesses should not think that would never happen to them.
To give this the most charitable reading….maybe Mossack Fonseca wasn’t the best example of a hacking victim that Key might have selected. Oh true, he did also mention the hack of Sony Pictures. But that example isn’t any better. The Sony hack is widely believed to have been a North Korean operation, motivated by the Pyongyang regime’s desire for payback after Sony had financed a James Franco/Seth Rogen ‘comedy’ film about the assassination of North Korea’s political leader. In addition : among the many revelations from the Sony hack was the cold, hard evidence that the female stars on the film American Hustle ( Jennifer Lawrence, Amy Adams) were paid considerably less than their male co-stars. Subsequently, the Sony revelations have triggered a useful debate on institutionalized sexism in the US entertainment industry and corporate life in general. As noted in this great essay by Jennifer Lawrence.
Meaning: as with Mossack Fonseca, the Sony hack put material into the public domain that has proved to be in the public interest. Key, however, has chosen to cite both these examples as red light warnings to New Zealand corporates to beef up their online secrecy. All of this was merely the prelude to the government unveiling its solution to the cyber threats allegedly facing this country : a Computer Emergency Response Team (CERT) that will receive $2.2 million to set itself up, and then have $5 million a year to spend on helping to keep New Zealand business safe from the stranger dangers out there online:
The Government has announced it will spend $22.2 million over the next four years on improving New Zealand’s cyber security.
Of that, $2.2 million will be spent setting up a Computer Emergency Response Team (CERT). The remaining $20 million will be CERT’s operational funds.
That’s the problem of course. If you portray the risks online in apocalyptic terms – yikes, the Chinese/North Koreans/Eastern Europeans etc are coming to steal our intellectual property and all of our trade secrets ! – then $5 million a year in operational funding looks like a pretty token response. Go big though, and it looks even more like corporate welfare, and state provision of protections that New Zealand business should be paying for itself. Incidentally, won’t CERT’s efforts overlap with what the GCSB is supposed to be doing in this same area ? Isn’t the GCSB supposed to be concerned with online threats to New Zealand’s economic interests? Who’s going to be the sheriff here ? Funny. Normally, our freedom-loving captains of industry fancy themselves as bold adventurers on the oceans of commerce…yet this proposal not only invites them to share their secrets with Big Brother, but to actively seek its protection. An odd fit, wouldn’t you say, ideologically speaking.
Basic question : is the bulk of the online risk to New Zealand of the ‘stranger danger’ kind located offshore – or are most of this country’s online violations originating within branches of the New Zealand corporate family, as firms raid each other for market advantage ? If, as one would suspect, it really is the latter….CERT would readily become part of the problem, rather than part of the solution. How, for instance, will CERT be supposed to handle and store the confidential information that will be essential to it assisting in the provision of a significant defence? And why would any sane NZ firm think that sharing its defensive strategies with a government agency wasn’t going to pose an additional security risk in itself?
In other words, everything about CERT smacks of it offering merely generic advice, and being marketing fluff for the security industry that stands to gain an influx of business from this handout of public money. Surely, if firms had genuine secrets worth keeping, then they should pay for the expertise required to keep themselves safe? Isn’t that how the free market is supposed to work? Already, the state pays for the bulk of the research and development work carried out in New Zealand, and from which the private sector reaps a good deal of private gain. Now the taxpayer is helping to pay for their online security as well; primarily, to enable the private sector to conceal information that (in some cases at least) the public needs to know.
Footnote: XKCD’s Randall Munroe on the urge to ‘Cyber-‘.
Songs about secrets? First, from the Pierces, doing that vampy thing they did so well :
And then I suppose, there are these guys: