IT Essentials: Hanging by a thread
The fabric of the state is crumbling, and that applies to the digital realm as much as the physical.
The Online Safety Bill finally cleared its last parliamentary hurdle this week and is set to become law by the end of the year. The government will breathe a sigh of relief that the battle to pass the highly contentious bill is, at last, over. Plenty of questions remain about the enforcement mechanisms available to the government, should Big Tech persist in its attachment to concepts like privacy but those are for later.
Computing respectfully(ish) suggests that the government now takes a look at the state of the digital public realm. Because while they've been arguing with Mark Zuckerberg and other representatives of Team Tech over whether technology which enables privacy only for good people exists (spoiler - it doesn't) it's become increasingly clear that the digital infrastructure holding data belonging to all of us, is in as parlous a condition as the physical fabric of the state. The cybersecurity framework in particular seems to have more holes in than a seventies-built primary school, and in both physical and digital worlds, bits are falling off.
The evidence? Well, we can start with the multiple attacks on police forces that were reported throughout the summer. Some of these were related to a third-party supplier, some were the result of apparent carelessness from staff, but all have resulted in the personal information of thousands of police officers being compromised and also in the case of Norfolk and Suffolk, confidential data pertaining to victims of crime, witnesses and suspects.
Then of course we have The Electoral Commission. In addition to the fact that hostile actors as yet unknown were able to lurk on the Commission's servers for well over a year helping themselves to who knows what data, it became clear recently that the Commission failed to meet the most basic cybersecurity standards around the time they were attacked. There have been attacks on schools and last week the National Audit Office warned that frontline troops could be affected by the creaking infrastructure at the MOD. Reports of data loss in the NHS due to cyberattack are commonplace.
The governments obsession with encryption has led them to overlook the blindingly obvious. Public sector digital infrastructure is crumbling in the face of continual cyberattacks and attitudes towards cyber security are unforgivably lax. Public data and public money deserve better care.
Perhaps the biggest irony of the argument between the government and the tech companies over encryption and the possibility of client-side scanning being mandated is the apparent failure of certain ministers to realise that back doors, once opened, can be used by all sorts. The impression given of the digital public realm hanging by a thread doesn't exactly inspire confidence in the ability of those in charge to keep our data safe from those with ill intent.