Our tax dollars at work

Simply incredible.

A federal government contractor that was paid more than $1 million to deliver e-security alert services to Australians has lost 8000 subscribers’ personal information in the postal system.

AusCERT, which was paid $1,199,484.52 by the federal government to run staysmartonline.gov.au between April 29 2008 and April 29 2012*, lost subscribers’ data after using Australia Post to send it on a DVD to the Department of Broadband, Communications and the Digital Economy (DBCDE) on April 11 when its contract to run the alerts service expired.

(HT: CL)

This entry was posted in Uncategorized. Bookmark the permalink.

47 Responses to Our tax dollars at work

  1. With the Labor Party, your personal data are in the very best of hands.

    #WeAreUs

  2. Gab

    “Out” damned Spot. Or should that be ‘Our’?

  3. I want to link this on Twitter, but not till Sinc fixes his typo ;-P

  4. Gab

    That’s what I was trying to tell him, subtly.

  5. entropy

    I thought it must have been some play on the fact the work was outsourced to a contractor.

  6. Sinc’s a Dismal Scientist, Gab. He don’t do ‘nuance’.

  7. Every 3 months my accountant starts to give me grief about filling the damn BAS thing in and remiiting it back to the ATO, and every 3 months I do it, perhaps after a bit of nagging, but every time I do it I see stories like this and seriously, i’ts enough to make me almost weep in frustration.

  8. Pickles

    They only got paid $1.2m to mail a CD. Can’t expect too much.

  9. Sinclair Davidson

    Thanks Gab

  10. Alice

    Hang on a minute – didnt we all in here want a small government and most jobs handed out to the private sector? So a contractor stuffs up? I thought the private sector was supposedly more efficient?

    I dont get the line here at all? Is the private sector contractor to blame here or is it the government for picking a miserable inefficient private sector player or is it the government for being unable to do the job themselves or is it just the government to blame even when they do shrink themselves and give it to a private sector failure of a firm.

    I dont get it. Should I blame the government for my conception?

  11. “As a not-for-profit, self-funded organisation based at The University of Queensland, AusCERT relies on member subscriptions to cover its operating costs.”

    But they got $1.2 million to run a guvvie website for four years?

  12. Hang on a minute – didnt we all in here want a small government and most jobs handed out to the private sector?

    /concern troll is concerned

  13. Jarrah

    “/concern troll is concerned”

    And also has a point.

  14. And also has a point.

    Um, no.

  15. Jarrah

    A facile point, but it’s there – privatisation is no guarantee of improvement, something well worth remembering.

  16. JC

    A facile point, but it’s there – privatisation is no guarantee of improvement, something well worth remembering.

    Ummm yea, but the shareholders lose money, not the taxpayer. Or in your example, that’s the shareholders problem, not ours.

  17. Jarrah

    “that’s the shareholders problem, not ours.”

    True. I wonder why it’s featured on Catallaxy, then?

  18. Jarrah, Alice trolololled, concernedly,

    “Hang on a minute – didnt we all in here want a small government and most jobs handed out to the private sector?”

    To which I would reply,

    “Hang on a minute – since when does wanting a small government mean that we even accept the basic premise that it’s the Government’s job to create, as @GeordieGuy puts it, a Department of ‘Be Careful With Your Data’, and furthermore even if we were to accept that that’s a legitimate function of a small, limited government, how does the manner in which a government department lost control of the data they were entrusted with, lost control of the data they were entrusted with, somehow provide ULTIMATE PWNAGE!!!1111!!! of private enterprise?”

    Please think before mindlessly spewing forth GetUp talking points.

  19. Also, see Geordie Guy’s response to a similar comment here:

    At the end of the day, DBCDE sets the standards and operational procedures for anybody that it has either an operational level agreement, service level agreement or underpinning contract with. Where there is a circumstance that a person sends them a thing via a method, the thing is their responsibility and they are further responsible for the outcomes of the method. If it was the responsibility of this so-called external entity and inarguably beyond the department’s reach, it’d be that entity that was notifying of the breach and not the department.

    They always had control of this. Ironically, the postal service comes under DBCDE’s remit. So they had control of it end-to-end, at least in theory 🙂

    Quite so.

  20. Jarrah

    Sounds like Australia Post is to blame.

  21. Sounds like Australia Post is to blame.

    Yeah, it’s gone to shit since Labor privatized it.

    Oh, wait.

  22. Gab

    I’d be asking just how rigorous the tender process was- that’s of course if there was a tender process or was it just another mate of a mate in the former government?

  23. Jarrah

    Good point, Gab. Nice to see you recovering from your recent bout of ODS.

  24. Gab

    AusCERT is the leading Computer Emergency Response Team for Australia and provides computer information security advice to the Australian public, its members, including the higher education sector.

    Lemme guess: “don’t use Aust Post when sending sensitive/confidential/highly private info”?

  25. Gab

    Let me know when you’ve gotten over yourself, Jarrah 🙂

  26. Gab

    lost subscribers’ data after using Australia Post to send it on a DVD to the Department of Broadband, etc etc long wanky departmental name

    Hmmm. Ya don’t suppose someone in the NBN department actually misplaced the receipted data and decided it was better to blame the supplier? Nah, they wouldn’t do anything like that now would they?

  27. Jarrah

    “Let me know when you’ve gotten over yourself, Jarrah”

    Am I crowing too much? Sorry. I should try to be a better winner.

  28. Gab

    You haven’t “won” anything you delusional pinhead.

  29. Jarrah

    So your silence on the other thread is just… what, exactly?

  30. Gab

    Oh for goodness’ sake. I don’t know what you’re talking about and if it does not pertain to this thread then take it outside.

  31. Christian K

    “Please think before mindlessly spewing forth GetUp talking points.”

    Thats a little below the belt for those poor swabs and it would test and strain their mental capacity to such a degree as to request another Gov. Assist applications, you know that!!

  32. Jarrah

    Sure, Gab, sure. 😉

  33. JC

    Jarrah…

    Honest question and I don’t mean in any rude way at all. Are you okay? Everything okay?

  34. Jarrah

    “Are you okay? Everything okay?”

    Yes, thanks for asking.

  35. C.L.

    I’d be asking just how rigorous the tender process was- that’s of course if there was a tender process or was it just another mate of a mate in the former government?

    Bingo.

  36. C.L.

    I thought Alice’s point was reasonable but I would have thought the context is everything (and obvious). And the context is the Gillard government – specifically, its chilling gift for encrappening everything it touches.

  37. Gab

    Bad enough the data was sent via Australia Post, but they didn’t even bother to send it registered, allegedly.

    C’mon, who actually works in AusCERT? UQ first year IT students?

    This AusCERT sounds like a UQ IT department cost centre.

  38. Gab

    Oh and Australia Post comes under the purview of the Dept on NBN etc.

  39. wreckage

    Equally, the gov’t tendered a job to somebody and didn’t insist on proper backups.

  40. So have the Jarrah and the Alice given up trying to pretend that yet another LaborFAIL somehow “proves” that Liberalism/Libertariansism/Conservatism & capitalism suck?

    One hopes so.

  41. Although Alice has a valid point, sorta… kinda…

    AusCERT is a massive circle jerk of elitist lefty nerds, the vast majority are employees of UQ and their ITS department.

    Seddon building (or their previous building 42) where ITS at UQ are housed is only around one hundred meters from the Australia Post store on the St Lucia campus… so take the blame away from the Feds as much as you want, but you can still blame their lefty breeding ground, UQ.

  42. Winston SMITH

    “encrappening”

    Thanks for that CL. It’s a shorter way of describing this government than:
    Goat Rodeo,
    Totally Stuffed,
    Incompetent beyond belief,
    The Lying Slappers Kindy.

    I steals it and puts it in my dictionary…

  43. Paul

    AusCERT are useless.

    This is my opinion only but I believe it’s reflective of the Australian IT community in general. They are a classic example of a service nobody uses which is propped out for political reasons (no government wants to cut spending to universities or an “emergency response team”).

    TL/DR: they provide a taxpayer funded “security” newsletter that provides information too late to be of use

    AusCERT don’t actually do anything besides publish summaries of security bulletins they get from vendors, which are the same security bullets *I* get from vendors. They only publish what’s publicly known, and why should I get the news from AusCERT a day late when I can get it straight from the vendor? Security is a time-sensitive: the alert is useless if it arrives after I get attacked.

    As you can tell from the name, AusCERT only operate in Australia which means they don’t understand the big picture. Cyber attacks are worldwide and if a new threat is appearing over the globe, they’ll have no idea until someone else does the correlation (the difficult work). AusCERT then does the “hard work” of reading their research and republishing it.

    If I am responsible for a network and I’m seeing a new sort of attack, my first external phone call won’t be to AusCERT. It’ll be to my network security vendor who can advise me if any of their customers (worldwide) have experienced the same attack. And if it’s an actual attack, they can have new IPS signatures out within the hour. The best AusCERT can do it say “That sounds bad…do you want the phone number for Cisco?” The security vendor will have a precise understanding my network infrastructure: if I called AusCERT, I’d have to explain it all from scratch. And given this debacle in the news, would I want to give AusCERT any details about my network?!

    Nobody wants to use their professional services because there’s no point. Security is part of design and architecture, and AusCERT don’t do either. Plus, why would you want to involve AusCERT? They’re a bunch of uni students and university IT employees who don’t operate under the urgency or have the level of understanding they need to assist anybody. I’m already paying Cisco/Juniper/Symantec/Bluecoat, engaging AusCERT would be like putting a third wheel on a bicycle.

    AusCERT have a 24×7 phone line, but their researchers don’t work 24×7 (unlike the big security vendors like Symantec, Cisco, Microsoft who have follow-the-sun teams in every timezone). AusCERT’s 24×7 security response hotline isn’t staffed on Queensland public holidays! I’m confused as to why: do hackers stop working on Queensland public holidays?!

    AusCERT started to provide PKI services, but in reality are a fancy reseller of Comodo. Again, why buy from AusCert when I can buy directly from Comodo.com?!

    To top it all off, they’re mailing around DVDs with unencrypted data: with all their security “expertise”, haven’t yet figured out how to send data over the internet securely.

    /rant off

  44. Pingback: Your Taxes at Work: $1million e-security alerts service loses 8000 subscribers' personal information

  45. Alice

    sdog is so off the friggin scent it isnt funny. He has too much flea powder interfering with his detection skills (ie up his nose). The day Jarrah and I see eye to eye os a long way off but getting closer now that I can see jarrah’s views in here.
    Sdog – I cant see any of your real opinions. All I see is an attack dog lost behind the barn chasing the chooks not the fox.

  46. sdog

    Alice, you’re just ticked off because the first time you came on this blog, you blatantly – and some might say, dishonestly – misrepresented yourself. It wasn’t just me who called you out on it, either.

    Your disingenuous question/comment here,

    Hang on a minute – didnt we all in here want a small government and most jobs handed out to the private sector? So a contractor stuffs up? I thought the private sector was supposedly more efficient?

    I dont get it. Should I blame the government for my conception?

    was just moronic. This latest big Labor government stuff-up has NOTHING to do with “small government” or “the private sector,” and I don’t believe anyone here is stupid enough to believe it does. You’re not very good at concern-trolling. Give it up. Go play whatever game you want to play elsewhere and stop wasting peoples’ time.

    And get over yourself.

  47. Alice

    Oh sdog

    You are some sort of guardian for what? An ideology? Your ideas arent original. You only know how to fight one side of a political debate and for one political master but you cannot see when both sides betray you. In your dog like eyes you have only one loyal master. But at least I have none. Go off and chew a bone somewhere and stop the incessant yapping.

Comments are closed.