Governments stand ready to regulate a cyberscape they do not understand

As governments become more attuned to the threats posed in the IT space, the first reaction is to reflexively clamp down on them.
Written by Chris Duckett, Contributor

As the very likely winner of the upcoming UK election, the ideas contained within the Conservative party election manifesto [PDF] provide a signpost on the direction of the British government.

"Some people say that it is not for government to regulate when it comes to technology and the internet," a bolded line at the rear end of the document states.

"We disagree."

What follows are sentences to justify the position of government stepping into an area that has traditionally had few rules.

"It is for government, not private companies, to protect the security of people and ensure the fairness of the rules by which people and businesses abide," the manifesto reasons. "Nor do we agree that the risks of such an approach outweigh the potential benefits."

The Tories may very well argue that the government is able to protect the citizenry from the excesses of multinational technology companies, but to be so steadfast in that line of argument is to ignore the history of what has gone before.

The phrase "I told you so" succinctly sums up the experiences of governments attempting to bring rules and standard modes of operation into a technical area.

Take the Australian example, where a Commonwealth Ombudsman report into access of the data stored under warrantless data retention laws [PDF] showed a spate of agencies passing set criteria, but often with exceptions.

One such agency was the Australian Federal Police (AFP), which owned up to breaking the metadata laws in April, was found to have incorrect templates for issuing warrants, and had six instances where warrants were issued by unauthorised people.

During the week, the AFP claimed the metadata breach was the only time it had flouted one of the few rules concerning data retention, even though it had attempted to access the metadata of a journalist communicating with a source 12 months earlier.

These metadata laws were not rushed, and authorities had been baying for them for some time, yet the Ombudsman showed it was a rare agency that was squeaky clean in the handling of citizen data -- and still the government wants more power.

Telecommunications companies across Australia are currently fighting to prevent the government from handing itself the power to demand telcos hand over information on networks, and, if the government deems a network to be too risky, the power to unilaterally suspend it.

After a week of Senate hearings where the issue of technology and security permeated discussions, all that was achieved was to confirm that Australian politicians should not be let anywhere near technical discussions, let alone decisions.

On Tuesday, the Opposition party gleefully touted that it had revealed the Immigration Department was under a "cyber attack" as recently as last week. After failing an security audit and breaching the Privacy Act in years past, Immigration is hardly the tightest of security ships getting around, but the attacks Labor was yelling about were nothing more than spear-phishing emails.

When coupled with a Monday pronouncement that the government had not done enough to protect businesses from WannaCry malware, what is revealed is a mentality to throw regulation and cocksure thoughtbubbles at an area that is full of nuance and grey areas.

But if Australia is a mess, the UK is making sure it ploughs itself into the dirt after setting itself on fire, with its latest scheme of installing black box equipment into telco networks.

Besides some welcome privacy changes in Europe -- to which the rest of the world is finally realising it needs to pay attention -- the pendulum is swinging from decades of laissez-faire light touch to a full-on "government knows best" footing.

But governments have shown that they do not know what they are doing, and that when they get their hands on information, they cannot handle it.

A stroke of a pen, a new regulation, and a back-slapping press conference does nothing to make systems more secure, and in all probability does more harm than good.

Hunker down, things are about to get a lot worse before they get better.

ZDNet Monday Morning Opener

The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet's global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and the US.

Previously on Monday Morning Opener:

Editorial standards