SaaS data loss: The problem you didn’t know you had

Australia’s Attorney-General Nicola Roxon has re-stated the case for a European-style data retention regime, arguing that there’s no point bringing a knife to a gun fight when it comes to protecting Australia’s interests.

In a speech delivered to the 2012 Security in Government conference in Canberra today, Roxon quickly addressed the argument that it is dangerous for governments to hold a lot of information about their citizens, saying:

The Australian government is therefore “turning up the heat on our own systems to ensure we’re secure from insiders who might have the ability and access to threaten our national security.” That heating process is using a new “Protective Security Policy Framework” Roxon said has been “…specifically written with an eye on the online environment” and “marks an important shift from a compliance based model to a risk management approach, providing guidance on how to identify risks, as well as the controls needed to mitigate them.”

Her speech moved on to privacy and how it is, in her view, important “to strike a balance between ensuring we have the investigative tools needed to protect the community and individual privacy.”

That balance, she argues, can be achieved even under a regime that allows data retention, because it is such a useful investigative tool.

“Many investigations require law enforcement to build a picture of criminal activity over a period of time. Without data retention, this capability will be lost,” Roxon argued. “Many of you will recall the disturbing murder of Cabramatta MP John Newman in Sydney in 1994. Call charge records and cell tower information were instrumental in the investigation and subsequent conviction on Phuong Ngo (FONG NO). These records allowed police to reconstruct the crime scene.

She added that there has been plenty of attention paid to data retention laws, the consultation process that sparked the ire of Anonymous is just a consultation process and is being conducted in the open, which should quell fears about governments granting themselves unfettered power.

She then explained the Raison d'être for the data retention proposal and other reforms:

“We cannot live in a society where criminals and terrorists operate freely on the internet without fear of prosecution. We cannot allow technology to create a ‘safe haven’ for criminals, or a ‘no go’ zone for law enforcement.

But, this does not mean unfettered access to private data either.

What it does mean are carefully drafted, tested and oversighted national security laws – and this is what I’m focussed on delivering.”

Roxon signed off by pledging that “, I will focus on delivering the right checks and balances to ensure that national security powers are not abused and that the privacy of Australians is respected.”

The difficulty of achieving that level of security is, however, what Anonymous thought it had pointed out by revealing personal data found on a neglected server belonging to Australian telco AAPT. The Reg mentioned the contents of Roxon’s speech in an IRC channel frequented by entities who use the iconography and identity of Anonymous. The response indicated considerable displeasure and intent to again protest vigorously, in Anonymous’ particular fashion. ®

Agentless Backup is Not a Myth