Aussie Gov't Drafting Privacy Law in Wake of PSN Breach

John Funk

U.N. Owen Was Him?
Dec 20, 2005
20,364
0
0
Aussie Gov't Drafting Privacy Law in Wake of PSN Breach

Australia wants online privacy laws to be beefed up in light of the attack that broke into Sony's PlayStation Network.

By now, most people lay the blame for the told everybody as soon as it knew [http://www.escapistmagazine.com/news/view/109568-Sony-Admits-Private-PSN-Info-Has-Been-Stolen-All-Of-It].

While politicians and political groups from around the world like UK Information Commissioner [http://www.escapistmagazine.com/news/view/109578-U-S-Senator-Blasts-Sony-for-Keeping-Breach-Secret] have all lambasted Sony for its role (or lack thereof) in the event, it's the island nation/continent of Australia that may be actually doing something about it.

According to WA Today [http://www.watoday.com.au/technology/security/privacy-laws-to-be-beefed-up-following-sony-attack-20110502-1e578.html], the Australian government has announced plans to introduce legislation that will force companies like Sony to announce security breaches and the theft of personal information immediately. Of the millions and millions of PSN users worldwide whose data is now compromised, says the article, 1,560,791 of them were Australian and 280,000 had credit card details attached to their accounts.

Privacy Minister Brendan O'Connor said that he was "very concerned" about the potential theft of personal information, and disappointed that it had taken Sony "several days" to notify its customers of the breach. As such, he said, a mandatory notification law now appeared to be necessary.

That said, he didn't say that this was Sony's problem and Sony's alone. "Sony isn't alone. We've seen serious privacy-related incidents in recent months involving other large companies," said O'Connor, apparently referring to incidents involving companies like Dell Australia and Telstra. "All companies that collect customers' personal information must ensure that the information is safe and secure from misuse."

The Australian government has been investigating the incident, said Privacy Commissioner Timothy Pilgrim, who said that he was waiting to hear answers from a series of questions he'd sent Sony. (No offense, Mr. Pilgrim, but I think Sony is a bit busy right now).

David Valle, the executive director for theCyberspace Law and Policy Centre at the University of New South Wales in Sydney, called the breach a "chilling example" of what could happen when companies stored so much information in a central database, no matter how much security they put on the lock.

"The protectors have to be 100 percent perfect in their defense, while the attackers only need to find one tiny ***** to get through."

(Via GamePolitics [http://gamepolitics.com/2011/05/03/australian-government-planning-law-response-psn-security-breach])

Permalink
 

Woodsey

New member
Aug 9, 2009
14,553
0
0
""The protectors have to be 100 percent perfect in their defense, while the attackers only need to find one tiny ***** to get through.""

Can't really be arsed to read through all the law stuff, but I hope they're not actually basing a law on the premise that a system should be 100% full-proof.

""All companies that collect customers' personal information must ensure that the information is safe and secure from misuse.""

Oh, err... OK then. Maybe they are.
 
Apr 28, 2008
14,634
0
0
Woodsey said:
""The protectors have to be 100 percent perfect in their defense, while the attackers only need to find one tiny ***** to get through.""

Can't really be arsed to read through all the law stuff, but I hope they're not actually basing a law on the premise that a system should be 100% full-proof.

""All companies that collect customers' personal information must ensure that the information is safe and secure from misuse.""

Oh, err... OK then. Maybe they are.
They do realize that anything, anywhere can be hacked, right? I mean yeah, Sony should use more protection when it comes to user data, but saying it must be 100% full-proof? Do they not know how technology works?
 

mjc0961

YOU'RE a pie chart.
Nov 30, 2009
3,847
0
0
Woodsey said:
""The protectors have to be 100 percent perfect in their defense, while the attackers only need to find one tiny ***** to get through.""

Can't really be arsed to read through all the law stuff, but I hope they're not actually basing a law on the premise that a system should be 100% full-proof.

""All companies that collect customers' personal information must ensure that the information is safe and secure from misuse.""

Oh, err... OK then. Maybe they are.
Irridium said:
They do realize that anything, anywhere can be hacked, right? I mean yeah, Sony should use more protection when it comes to user data, but saying it must be 100% full-proof? Do they not know how technology works?
And you two do realize that this law is about mandatory and immediate reporting of security breaches and stolen information, right? It's right there in the article. Read it again and stop focusing quite so much on that last statement, because that statement isn't what this law is about. That statement is just some dude trying to get some good PR with people who are pissed about their info being stolen.

And I for one think a law saying they have to own up right away is a great idea. No more of this telling people "oh we don't know why it's down lawlz" for two days before admitting you got hacked bullshit. I hope other countries follow suit.
 

Woodsey

New member
Aug 9, 2009
14,553
0
0
mjc0961 said:
Woodsey said:
""The protectors have to be 100 percent perfect in their defense, while the attackers only need to find one tiny ***** to get through.""

Can't really be arsed to read through all the law stuff, but I hope they're not actually basing a law on the premise that a system should be 100% full-proof.

""All companies that collect customers' personal information must ensure that the information is safe and secure from misuse.""

Oh, err... OK then. Maybe they are.
Irridium said:
They do realize that anything, anywhere can be hacked, right? I mean yeah, Sony should use more protection when it comes to user data, but saying it must be 100% full-proof? Do they not know how technology works?
And you two do realize that this law is about mandatory and immediate reporting of security breaches and stolen information, right? It's right there in the article. Read it again and stop focusing quite so much on that last statement, because that statement isn't what this law is about. That statement is just some dude trying to get some good PR with people who are pissed about their info being stolen.

And I for one think a law saying they have to own up right away is a great idea. No more of this telling people "oh we don't know why it's down lawlz" for two days before admitting you got hacked bullshit. I hope other countries follow suit.
Saw that too, but those two comments still showed some naivety.

And I'm pretty sure they admitted the system had been hacked way before, the issue was that they didn't know if stuff had actually been stolen.
 

viranimus

Thread killer
Nov 20, 2009
4,952
0
0
On one side I think, Way to go Australia.. this is a good idea.

On the other side I think... Man it must suck to live in the merry ole land of Aus, given they have such grievous over regulation
 

RhombusHatesYou

Surreal Estate Agent
Mar 21, 2010
7,595
1,910
118
Between There and There.
Country
The Wide, Brown One.
Blitzwing said:
viranimus said:
On one side I think, Way to go Australia.. this is a good idea.

On the other side I think... Man it must suck to live in the merry ole land of Aus, given they have such grievous over regulation
It?s not as bad as you think.
And most of us ignore it when it's inconvenient.
 

Alexnader

$20 For Steve
May 18, 2009
526
0
0
I love how so many people seem to think Australia is this Orwellian place where the government has pervaded all aspects of life including gaming. "Cheap(er)" healthcare does not mean we're being rounded up nightly by the thought police and be forced to enjoy G rated games about ponies.

This is a common sense law that the government is using as a response to the biggest issue in Australia that has anything to do with videogames or the industry in general. Given the amount of news coverage this is getting on everything from nightly news to specialised business programs I'm pretty sure people would be whining if the government wasn't doing anything.
 

Speakercone

New member
May 21, 2010
480
0
0
Woodsey said:
mjc0961 said:
Woodsey said:
""The protectors have to be 100 percent perfect in their defense, while the attackers only need to find one tiny ***** to get through.""

Can't really be arsed to read through all the law stuff, but I hope they're not actually basing a law on the premise that a system should be 100% full-proof.

""All companies that collect customers' personal information must ensure that the information is safe and secure from misuse.""

Oh, err... OK then. Maybe they are.
Irridium said:
They do realize that anything, anywhere can be hacked, right? I mean yeah, Sony should use more protection when it comes to user data, but saying it must be 100% full-proof? Do they not know how technology works?
And you two do realize that this law is about mandatory and immediate reporting of security breaches and stolen information, right? It's right there in the article. Read it again and stop focusing quite so much on that last statement, because that statement isn't what this law is about. That statement is just some dude trying to get some good PR with people who are pissed about their info being stolen.

And I for one think a law saying they have to own up right away is a great idea. No more of this telling people "oh we don't know why it's down lawlz" for two days before admitting you got hacked bullshit. I hope other countries follow suit.
Saw that too, but those two comments still showed some naivety.

And I'm pretty sure they admitted the system had been hacked way before, the issue was that they didn't know if stuff had actually been stolen.
My takeaway from this was essentially:
"we understand the difficulties involved in securing information systems"
"we also understand that attackers have an inherent strategic advantage over defenders of information."
"companies in posession of personal information of clients should take every possible step to ensure the security of personal data entrusted to them."
"companies should be required to inform customers immediately of any breach of security involving personal data."

Their claims aren't that ludicrous as far as I can see, though the presentation is slightly hyperbolic. What do you expect? they're politicians. They have to make the threat seem big or their law doesn't get passed.

I'd personally support such a law in the UK. I like transparency.
 

The Random One

New member
May 29, 2008
3,310
0
0
This looks like one of those stupid, hastily thought, kneejerk reaction laws that always follow when politicians want to show off after a disaster they didn't directly cause, except this one may actually help with what it's supposed to.
 

Baresark

New member
Dec 19, 2010
3,908
0
0
I can't disagree with what the law says, but this is just letting Sony off scot-free. This is pretty much a bailout without saying so. Sony is given a pass by people because there is a law now. If you had two brain cells to rub together, this should teach you that perhaps putting all your information on what is basically a social network, is a bad idea.

I still plan on sticking with my plan of not purchasing Sony products in the future. They waited far too long to tell people, and now they have lost my business. Everyone should consider this line of action because there are plenty of companies out there that have kept my information safe without fail. To name a few: Steam, Amazon, and Newegg. I know it's (probably) not Sony's fault for getting attacked like that, and their security was apparently laughable anyway, so they need to be held accountable by people. And it shouldn't take a law to make some sort of reaction felt by Sony. People are so weak, it's actually funny.
 

Alexnader

$20 For Steve
May 18, 2009
526
0
0
Baresark said:
I can't disagree with what the law says, but this is just letting Sony off scot-free. This is pretty much a bailout without saying so. Sony is given a pass by people because there is a law now. If you had two brain cells to rub together, this should teach you that perhaps putting all your information on what is basically a social network, is a bad idea.

I still plan on sticking with my plan of not purchasing Sony products in the future. They waited far too long to tell people, and now they have lost my business. Everyone should consider this line of action because there are plenty of companies out there that have kept my information safe without fail. To name a few: Steam, Amazon, and Newegg. I know it's (probably) not Sony's fault for getting attacked like that, and their security was apparently laughable anyway, so they need to be held accountable by people. And it shouldn't take a law to make some sort of reaction felt by Sony. People are so weak, it's actually funny.
People like their Killzone apparently.
 

008Zulu_v1legacy

New member
Sep 6, 2009
6,019
0
0
Arontala said:
008Zulu said:
Its fortunate that Sony thinks itself is above the law.
Can you.... elaborate?
In 2005 Sony knowingly infected their products with root-kit malware. This opened significant vulnerabilities in computers they infected and in some cases, the infected computers were rendered inoperable.

Sony received a small fine. If it had been a single individual, or a group of people, they would be serving lengthy prison terms. Not Sony.
 

tkioz

Fussy Fiddler
May 7, 2009
2,301
0
0
Woodsey said:
""The protectors have to be 100 percent perfect in their defense, while the attackers only need to find one tiny ***** to get through.""

Can't really be arsed to read through all the law stuff, but I hope they're not actually basing a law on the premise that a system should be 100% full-proof.

""All companies that collect customers' personal information must ensure that the information is safe and secure from misuse.""

Oh, err... OK then. Maybe they are.
err no it's a common saying "you have to be lucky all the time, I only have to be lucky once", that's what he is pointing out, corporations collect data, hackers only need one lucky day to impact millions of lives, so of course they there needs to be regulation saying they have to let customers know (not the media, customers directly, and IMO via phone not bloody email they will likely get binned as spam).
 

tkioz

Fussy Fiddler
May 7, 2009
2,301
0
0
RhombusHatesYou said:
Blitzwing said:
viranimus said:
On one side I think, Way to go Australia.. this is a good idea.

On the other side I think... Man it must suck to live in the merry ole land of Aus, given they have such grievous over regulation
It?s not as bad as you think.
And most of us ignore it when it's inconvenient.
Speaking over over-regulation, I've got a pet goat to get rid of, if anyone wants it, council paid a visit this morning. Apparently one of my neighbours did the dirty and complained, I didn't even know we weren't allowed to keep it "in a residential zone"... sucks to high heaven because it was great at keeping the grass in the backyard down, reducing my workload at a considerable amount.

But meh, it's not normally so bad, just gotta sneak around a bit.
 

uguito-93

This space for rent
Jul 16, 2009
359
0
0
man am i glad we're shifting from a crazy banhammer-wielding government to a more sensible thinking one