Written By:
QoT - Date published:
7:43 am, October 15th, 2012 - 230 comments
Categories: benefits, paula bennett, you couldn't make this shit up -
Tags:
Keith Ng has uncovered a truly massive breach in MSD’s computer security, and posted about it last night at Public Address. From Keith’s post:
My jeans were torn, my hoodie was pretty ragged, and I hadn’t shaved for a week. It turned out that bloggers are remarkably good at disguising themselves as unemployed, without even trying.
Last week, I got tipped-off that the parts of the MSD network were completely exposed to the public. You could go into any WINZ office and use their self-service kiosks to access their corporate network.
Do go and read the rest. It gets a lot worse.
The NBR picked this up first, but it’s now on Stuff and the Herald as well. You can also join in the ragefun on Twitter using the hashtag #wtfmsd.
If you feel like giving Keith some financial lovin’, you can also donate here.
The current rise of populism challenges the way we think about people’s relationship to the economy.We seem to be entering an era of populism, in which leadership in a democracy is based on preferences of the population which do not seem entirely rational nor serving their longer interests. ...
The server will be getting hardware changes this evening starting at 10pm NZDT.
The site will be off line for some hours.
What plummets faster than Felix?
National’s credibility as a Government
Felix Baumgartner that is!
yeah fuck, sorry Felix,
very very sorry for the merest possibiltiy that your good character was slighted by my words
lolz no offense taken at all 😀
How about…
“What goes down faster than Queen of Thorns at the annual Auckland Lesbian Ball?”
“National’s credibility as a Government!”
Jeez k_p, I am QoT. How many times do I have to explain that?
K_P proves that there is life lower than slime.
Oh god, you’ve called me a lesbian, that’s so terrible. Oh wait, no, there’s nothing wrong with being a lesbian, nor with performing cunninlingus on consenting partners, so … I don’t think that analogy is working out too well for you, k_p.
🙂
(personally, I prefer the cunning language to the fella’ ratio)
did I just say that, oh My Lord
now, you must read the Gospel of Thomas, in fact, there is much been hidden in the apocrypha.
🙂
So here we go already with this week’s stuff up! It never stops, nor do National’s supporters cease to back up such a government (that is, in any meaningful numbers).
Gross incompetence and appalling governance…….. I expect the higher salaries commission to recommend an immediate pay rise to rectify this situation.
LOL 🙂
And as Danyl highlights here:
http://dimpost.wordpress.com/2012/10/15/open-government/
The fact that it was open to the public in the kiosks just explains how it was found out. Everyone at MSD had full access.
Guess WINZ had the GCSB audit their IT security.
Read the CEs bio……. comedy gold.
http://www.ssc.govt.nz/appt-ce-msd-aug11
.
Hahahahaha . . .
. . . glorious!
Hilarious, auckland’s a basket case so good to see he’s continued the good work at MSD, bravo old bean.
This type of system laxity does not look good given Porker Bennetts White Paper that will see more information sharing and prying exacted on select groups of citizens.
Interesting Ng was able to access the information with minimal key strokes at the kiosk, I used to snort with laughter during 90s action movies when characters accessed secure data bases or stopped nuclear deployments with 3 or 4 taps on the key board, but that is what Keith appears to have managed.
Go blogger journalism.
picturing John Armstrong having conniptions !!!
all joking aside this is as serious as it gets.
We know it is serious because the PM used ‘at the end of the day ” before mouthing innaccuracies about old IT gear and outdated systems. They just spent half a gazillion dollars in the last few years getting new gear ffs!
That and not a single spokesperson was willing to front from MSD
Judging by the interview I saw on Breakfast the fool doesn’t seem to think that any thing is serious and Corin Dann my god he’s a journo?
Corin gave up journalism for government spin doctoring a while back.
Hopefully beneficiaries will have a couple of bash free weeks as Bennett deals with this debacle …
Then the pogrom will start to find out how many beneficiaries have accessed sensitive info… A 50% cut in pay for a first offense.. full cut for any other episodes discovered…
Full reinstatement if said bennie threatens to sell info to womens day…
now, There is that voodoo that you do, you do..
This is Bigger than ” gettin’ the Bash” !
The Social Security Benefit Categories and Work Capacity Amendment Bill, or whatever it is called, must NOW be withdrawn, stopped and put back into the drawer, until a complete, thorough, comprehensive, all departments, offices and service-centres encompassing investigation on system security, on privacy standards and integrity has been conducted and completed. A proper, independent official investigation, overseen by a long serving High Court judge, staffed with other outsiders (including IT specialists), is necessary now, and a report must be presented to the government, Parliament and the public afterwards.
NO further welfare changes must be introduced and implemented, until system security is safeguarded.
Hence Bennett must tomorrow withdraw the bill, or at least put it on hold, until this has been done. The present situation puts all beneficiaries and OTHERS at risk, exposes them to privacy exposure that is unacceptable, could lead to dire consequences, in some cases perhaps self harm and death, and this must be given serious consideration.
Naturally all plans for the new system to store details about children at risk of abuse, about at risk parents and so forth, must also be put on hold right away.
I expect the opposition leaders and spokespersons in Parliament to seek nothing less than this tomorrow!
It would help for the Chief Executive to step down. I demand also that Bennett herself takes responsibility and steps down, as her uncompromising, continued push for changes in welfare, while major system failures are not addressed and sorted out, is inexcusable and irresponsible.
That is not the conduct of a responsible minister. She also pushed for the introduction of these self service kiosks, to save costs, so that makes her complicit in all this.
this from a minister who values privacy “depending on the circumstances”… Bas say they notified winz of this when the kiosks first appeared.
apparently those reports/complaints were made to MSD a year ago
On the radio they made it sound like those initial reports were about some other problem that was rectified at the time. Hard to tell.
I’d err on the side of caution and just assume that anything they raised over a year ago was a separate (although possibly related?) issue.
haven’t heard the radio. I only had the tv at work, I listened carefully to what Jacinda Ardern said when she mentioned the advocacy groups had told her they raised the issue a year ago
and speaking of work i better go do some before i end up having to go see the MSD myself, something i never ever want to do again
Its important to realise that this isn’t an IT problem. This is a massive failure of competence and leadership.
National will try and spin this as a minor technical glitch.
From what I can see, MSD left virtually every part of their internal networks completely open. Any polytech student who has a 1 year network admin course knows not to do that and how to prevent it.
Yes indeed.
“Key this morning told TVNZ’s Breakfast programme accessing the information wasn’t easy, but he conceded it was a “huge problem”.
“You had to go looking for it, but if you knew what to do, you could get in there,” he said.”
This is quite plainly bullshit. Choosing “File->Open” might not be easy for John Key, but it is for almost anyone else.
Not having your publicly accessible services connected to your corporate network is really CompSec 101. And what were their testers doing?
Quite remarkable comments coming from a man who likes to feign ignorance by saying he doesn’t know,
who tends to conveniently suffer from memory loss and is quick to say he can’t recall, and
who resists reading especially if the report is vital for him to make real decisions crucial for the continuing existence of his government.
I wonder if he shares similar values and character traits with the puppeteer who parachuted him in to hijack my family’s Party which I used to vote for.
Supporting your statement; I was listening to Radio Live w Rodney Hide (filling in for Michael Laws , I on occasion, enjoy listening to bigoted rants of talkback) this morning and a caller came on, stating that they had witnessed this sort of network access first hand (with a colleague, Nelson WINZ I think?) and subsequently reported it – get this, over a year ago!
Should be interesting/amusing to watch Bennett squirm…
I heard that on Radio NZ this morning… Kathryn Ryan was interviewing the beneficiary support woman.
Now, This is Bigger than Texas
(must have been something in the water)
Big Yawn.
Another rogue opinion poll
actually, I know a few Rogues, and AT, and HB and Wairoa, and Porirua; do you?
(I know for a Fact, they have not supported National since the passing of Muldoon)
Rogue Trooper does NOT support National.
you know the “Rogues” I mean Viper (coals to Newcastle; love it)
however, clever, nonetheless
🙂
Guess what? MSD’s CEO’s immediate previous job was – wait for it – Government Chief Information Officer.
Time for a full wide ranging enquiry into departmental information security, and the activities of National Party appointees and ministers. Prosecutions where appropriate.
.
And National Ltd™’s IT contractors.
It’s in the cloud isn’t it ? With a great view of Planet Key.
Google to the rescue as one SOE has already gone down that path.
Proper link (although not in the proper format as I don’t know how to do that):
http://computerworld.co.nz/news.nsf/news/boyle-to-leave-dia-and-government-cio-role
Dear Paula,
“Without doubt the greatest injury of all was done by basing morals on myth. For sooner or later, myth is recognised for what it is, and disappears. Then morality loses the foundation on which it has been built”
Kind Regards,
Lord Samuel (that’s, First Viscount Samuel to you Minister)
apparently, Hegel says somewhere that all great events and personalities in world history reappear in one fashion or another. he forgot to add; the first time as tragedy, the second as farce.
Kind Regards
Karl Marx
(now there is some schadenfreude)
Lanthanide, when alerted to the initial problem the entire security system shld have been analysed… If it was and its happened again…
Apparently it was ‘rebuilt’ after the initial security thing.
Obviously for something like this to end up in production, the process was deeply flawed from start to finish.
Wonder who the consultants were.
Good to see you guys finally getting on board the “incompetence of the civil service” bus.
Lets join together to give those tax payer funded cockroaches what for!
It’s only incompetence when the right do it.
When Whaleoil managed to get into the backend of Labour’s website it was theft and hacking.
(For the record I think labour and National are as incompetent as each other)
Nah that was slack as too, and Labour got rightfully slapped around by their own supporters for it.
There was another question there though, which was that no-one believes the Slater child actually did it himself.
Apart from that video where he showed everyone how he did it. But it’s moot now anyway I suppose.
Ok then, one person believes he figured it out himself.
(Felix, really sorry for any offense i may have inadvertently created earlier)
Eh?
See 1. above. Apparently though you are not the only felix in the world.
Oh there are quite a few of us around.
No no, not at all!
It’s quite different from the Whaleoil affair. Whilst Labour’s site was wide open if someone knew how use additional software and had a modicum of knowledge of back end coding, the MSD was open for anyone with a mouse and knew how to click file open. Also the files were editable, meaning they could be copied, changed and deleted.
And as Felix said, Labour was rightly slapped about for their fuck up.
try not to confuse decades of solid systems security and knowledge (albeit a tad slow) with NACT’s high profile, highly paid Consultants driven initiatives combined with their slashing of workforce numbers.
The fact is it was probably done by a private contractor who got the cheapest help available. Sure, the MSD should have overseen the work but who there actually knows what’s what in IT? What this really shows is that the government need a professional IT department.
.
1. EQC, despite having 80 years to prepare, finds itself without a plan to deal with an earthquake striking a major New Zealand city.
2. The Prime Minister allows the GSCB to openly spy on New Zealanders despite it being clearly against the law.
3. The MSD just has complete massive botch up after complete massive botch up.
You know, in the private sector these organisations would fire the people responsible for these sorts of things or even go right out of business.
Complete and utter incompetence. Why is this?
botch up after botch up after botch up.
Because public service is somewhat accountable compared to the private sector, it is also under immense pressure with sinking lids, funding removed and less people to do the same amount of work creating a highly stressed work force including roaming bands of lame duck over priced consultants.
One point-how many $Billion was it that SCF received from the long suffereing tax payer? A reasonable sized botch up, 30 plus finance companies down the toilet owing millions to hundreds of greedy (I mean mum and dad) fleeced kiwi investors. A another reasonable size botch up and a bit of jail time too for some. The business is better at stuff argument is slimmer than Rod Petrecevric’s xmas card list vto.
Well, you have a bit of a point, but you have actually confirmed the point I made. In business when massive botch-ups occur businesses go bust, people lose their jobs and people go to jail at times. The same sanctions / accountability rarely seem to apply in the public service. That was my point. Happy to be proved wrong though ….
“In business when massive botch-ups occur businesses go bust, people lose their jobs and people go to jail at times.” – yeah, like all those banks that went bust, CFOs who lost their jobs and bankers who went to jail for bringing about the Great Financial Stuff-up?
Banks and Brash aren’t in jail, as they should be, for signing false documents.
The accountability needs to be there at a professional and individual level, yes.
But, you’re not going to close down or make bankrupt the MSD or the NZ Army or the Fire Service or Starship Hospital because there is a fuck up, are you?
The analogy is inappropriate. You fix the problem and move on.
Starting to look like a Black Caps batting collapse. Add a few SI items
Parata and the ChCh schools fiasco
The ECan continuing takeover, against advice
The Pike River scuttle
for starters – a full NZ list, just for the last couple of months, would be a shocker.
Great analogy!
For the last 30 years we’ve been cutting government. Now we get to reap what we sowed.
“Complete and utter incompetence. Why is this?”
Tories without a clue. The problem started at the top and has progressively spread throughout the public service sector.
The hallmark of leadership is how you take responsibility for the failure of those you lead. As for incompetence of the cs, are we sure it wasnt a system built by consultants or contractors?
Very very likely outsourced.
The kiosk was connected to the main msd data base,which is a no,no,so those
highflyers need their arse’s kicked out of office.
Is any private information private anymore,in any govt dept ? probably not.
What’s going to happen next with this happless,hopeless keyness,lot.
“Is any private information private anymore,in any govt dept ? probably not.”
ha ha, you have to be fricking joking. Anyone who trusts an organisation (public and private) over anything is a fool. The world is simply too large and everyone is too far removed to feel accountable over anything today imo. It’s all fucked.
Yep, there’s too many cut outs so that those who should be held responsible aren’t.
Bennet will be gone by the end of the week.
Key will want to reassert the authority which has all but gone as a result of his governments complete failure to fuction this year.
He will sack her as a pathetic show of being the boss.
Dream on ..
Ah Tom, you’ve not thought through the strategic implications for the National Party of Bennett’s Ministry having massively blundered under her watch.
I personally hope you are right and that Bennett limps on like a wounded predator in her portfolio until Christmas.
I tend to agree with Tom – for Key to demand accountability from his ministers would be a precedent that he would well fear as being a petard that should hoist him equally well.
But if he does sack Benefit, then the others could turn on him..
Then he should also sack Parata Joyce Brownlee they have all been as incompetent just haven’t had the massive security breaches yet.
But to not have set the profiles with no access to sensitive areas was dumb. No not dumb, this was incompetence on a grand scale. Any one that’s been near a network knows you have to set the shares to secure drives that you don’t want seen. Why were the kiosks even on the same network? this has to be the biggest question.
Well key wanted to get the Dot Com scandal off the front pages. There you go John. Be careful of what you wish for…
🙂 (of course I am laughing, off and on, all day today) as I prepare to serve at the meal for a small sub-section of those of our People that this mis-direction of a minister chooses to malign
I wish I thought you were right!
We know how seriously Poorer Benefit regards ‘her’ beneficiaries privacy by the way she was happy to reveal individuals’ private information to the media because she was annoyed at suggestions of bad decisions. So Princess Poorer is quite prepared to demean the people using her government portfolio. So now there is a hole in the information security – this just follows the trend.
NZ citizens are getting less and more inefficient services from our elected government. They are bad managers of the country with a bad attitude and Princess Poorer reigns over the most vulnerable. Further government is no longer ready to deal with people directly and making this more difficult or impossible and replacing the personal by pushing bennies into the far distance having to use machines . This may be difficult for the ordinary beneficiary, or the beneficiary may find he or she is talking to some faceless person who is just a voice over the phone, sometimes after a long wait to a call centre that may not supply correct or full information. See what has happened to Housing NZ tenants!
Princess Poorer was once a beneficiary, John Key was once a beneficiary, and indeed many in Parliament have received benefits in their families as a result of need while they were young. All Parliamentarians too, receive advantage from the NZ government as ordinary citizens apart from their salaries. Let’s spread this advantage further. I think that other beneficiaries should be given opportunities for free education and trips overseas. Perhaps there could be a weekly draw for this as in Lotto. Though when a couple of keen hip hop music devotees got $26,000 to go overseas and study what was being done with this art resource overseas this was frowned on by Helen Clark. Perhaps it has resulted in opportunities from that information for the young in Christchurch. Anyone know what were the downstream effects?
Vto
Like the former ceo of brierlys who got 4m to fuck off after he plunged the shares. To 25c. Now he gets to chair companies and crown entities. I bet he feels punished.
I aint defending that at all. It is the system that allows that to happen (a system designed and monitored by the public service I note).
Tell me, did anyone ever take a proper fall for the Cave Creek disaster? (no pun intended)
From memory, I think the Minister eventuallt resigned after it was determined that there were ‘systemic’ problems.
Yes, Denis Marshall was the Minister of Conservation and he resigned. Of course that was back in 1995 when quaint notions like ministerial accountability were still held to be important.
Chief Executive, Ministry of Social Development Brendan Boyle will be paid tens of thousands as a bonus for detecting computer leaks and for managing the recovery. Meanwhile a lowly ranked IT person will be sacked for incompetence. That is the way the system works. (Wonder if downsizing State Services has a connection?)
How is this Nationals fault and it wouldn’t be Labours fault either if they were in government.
All I see is incompetence on behalf of the programmers that set up the system.
If it was set up by a private firm, sack their arses and hire some one competent
if it was done in house sack their arses and hire some one competent.
Great another BS media side show that’s going to drag on for weeks.
“How is this Nationals fault and it wouldn’t be Labours fault either if they were in government.”
Fair question. Had it happened under a Labour Government it would be responsible.
The relevant questions are:
1. Is it less likely to have happened under a Labour Government, and
2. Is there likely to be any difference in the responses to its happening under a Labour or a National Government?
I suggest the answer to 1 is, yes, it is less likely to have happened under a Labour Government because under Labour the system is more likely to have been implimented by in-house employees with a stake in getting it done right and a seamless hierarchy of responsibility to the top. Under National it is more likely to have been done on the cheap by outsiders with no incentives to build a robust system and very responsibilites once they’ve been paid.
I suggest the answer to 2 is, as under Labour it was done in-house those responsible right up to the Minister would have to carry the can. Under National the can will be kicked from department to contractor and back ad infinitum and the Minister will be able to hide behind ‘operational matters’ excuses and contractual confidentiality.
I disagree, from my experience in working for the public service no body gave a shit and the wastage was immense.
You basically have to kill someone to get fired.
On the other hand if a private firm fucks up a job, they get black listed, no more government work, bit more of an incentive to get it right .
How’d your theory go for the private contractors who put the kiosks together for the MSD?
Oh it didn’t, what a surprise.
Who do you think is paying for this fuckup to be fixed?
Not the government that’s for sure.
The company either fixes the issue if it’s fixable at their cost otherwise they’re out the door.
So they just walk away from it and the government coughs up the costs of fixing it. That particular company might even get wound up and then the owners will create another one doing exactly the same things.
How many people have had their privacy jeopardised or breached? The company’s going to compensate them all, is it? Deep pockets they must have.
No ones information has been spread around, apart from this guy Ng who else has seen anything
What I do find disturbing though, is that the person that tipped him off never thought of letting the MSD know about it but instead past the information onto a blogger so he could write a story to try and embarrass the government.
Was it another Labour party supporter within the MSD spreading confidential information in an attempt to make National look bad?, wouldn’t surprise me.
[lprent: Tell me, if you are a WINZ ‘client’ living in a climate of fear caused by Paula Bennett’s actions targeting critics drawing a benefit, or threatened by cuts to benefits when WINZ staff notice you – then why would you want to help such an organisation?
Haven’t you read comments around here about peoples experiences dealing with WINZ these days. They have zero interest in dealing with them for any reason. The reason for that comes partly and directly from Paula Bennett targeting active opponents of National’s stupid welfare policies. An attitude that carries through into their approach to trying to get people off benefits by starving them rather than helping find them work.
But in answer to your last point. If I see a file open on a public system then I have a look inside it because I presume that it was put there for me to look at. Most people are the same. It doesn’t require any special skills. I’m sure even our IT illiterate PM could do it almost as well as any kid who has been using a computer since shortly after birth. ]
Hey mate did you get access to the MSD’s systems too, in order to check that no one else had accessed the information?
LOL!
“No ones information has been spread around,” Says who? Forgive me if I don’t take your word for it.
No doubt the lawyers will make much of the uncertainty, the extra stress of not knowing…
Deep deeeeeepppp pockets.
P.S.: a random grab-bag of “collectors” were in the files last year. Someone tipped Ng off. Wanna lay odds on the whole lot having been downloaded by someone?
I think we should asume the entire database has been copied multiple times.
This could potentially have been undertaken by pedophiles looking to find their victims whereabouts to continue the abuse… It could have been used by gangs to find out the addresses of people.
The potential harm such a gross breach of privacy may have caused should not be underestimated, but unfortunately it’s unlikely we’ll ever find out the true extent of the damage caused.
Definitely, if they wanted the info they’ve got it.
Oh oh oh oo ooo, I feel a ‘John Key moment’ descending on my mind … too late, rats, here goes …..
if those pedophiles and gangs already have got the information, they should come forward and “prove it”.
“if those pedophiles and gangs already have got the information, they should come forward and “prove it”
That’s how the burden of proof works, if someone says something, a tape of me saying something for example, exists then it is up to them to justify that claim.
It’ll happen TC.
In all of these cases it took a PM from another party too get the info released.
(i.e. If Sparkles aint the PM he can’t order them not too anymore)
Well, if not Shearer looks like a fucking moron.
Edit: more than already does I mean
It’s not how information security works, though. If you can’t guarantee its confidentiality to an acceptable level, then it needs to be regarded as compromised.
True McFlock, It’s a case of “Healthy Paranoia”
“Edit: more than already does I mean”
What idyllic picture are you judging that on TC?
Key has been lying about everything for 30 years straight and you’ve just started callin him on it.
Name your Ideal Leader TC.
“Was it another Labour party supporter within the MSD spreading confidential information in an attempt to make National look bad?, wouldn’t surprise me.”
BM
That comment is almost as retarded as the security flaw. How could you logically even think that, someone in MSD wants to undermine their department to make National look bad, because… oh right, Labour gives them a huge payout, but then wouldn’t further investigation find the individual or parties involved. Seems like a huge political risk to take, in fact i would suggest it would border on treason to knowingly let sensitive information out on purpose. Wouldn’t that essentially destroy the Labour party for the sake of some mud slinging?
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10840247
I’m not sure what this has to do with anything, especially since the only proof of anything is that the guy said, “awesome graphic,” oh and he lists interests Labour on his facebook page. Hardly a smoking gun, honestly that article is a clusterfuck of nothing, I suggest you read the article again. Or perhaps there is some “subtext” i’m missing.
BM
You’re a funny one. The fact that there is something like this to report by a blogger is the example of why it is important for bloggers to reveal such things publicly. Otherwise its put some masking tape on it and carry on. The government get embarrassed? I understand that special big elephant guns are required to bag them and this government and most, combine the cunning and watchfulness of a meercat with the hide of an elephant. Either way nothing ordinary gets them.
Not sure how a company providing the kiosks could be blamed for unrestricted access to MSD corporate servers. It would be the MSD IT people who control access and protocols around getting access, as well as the comms links.
My uneducated guess is that the kiosks are only supposed to give access to public online info but were connected as internal MSD computers – because they are in MSD premises – so sitting at one is like sitting at a company workstation.
Makes sense, the question is how did Ng know that, who gave him that information?
Ah yes, must be time to Kill the Messenger. A very predictable CT led tactic.
Why don’t we wait until we get some Ministerial and Excecutive responsibility first, boys?
Exactly what I was thinking.
He was told by someone who had probably had a play on it earlier. It’s a public computer so nothing sinister.
I’d pin the blame equally 50/50 on the external contractor and the MSD IT department, unless it can be shown that one group instructed the other on how it should be done in which case it would then be 100% the fault of whichever had been instructed (most likely the contractor instructing MSD IT).
Either group should have caught this, in the design or rollout and testing of the units, which both groups should have been involved in.
Its a wonder that a tonne of ordinary internal users at MSD didn’t notice this.
A kiosk is just a vanilla OS install (Windows in this case) that has had a lot of the functionality tied down, or disabled. The “File/Open” issue is a well known one, so whoever did the kiosk build is a retard.
The fact that it was also connected to their internal network is huge no-no and just plain unforgivable. The reason that decision was made needs to be looked at. ($$ would be my guess)
So in your personal opinion, do you think it’s a one off? or could it be much more widespread.
Not sure why I can’t reply to your post BM. (So I’ve replied to mine!)
I assume that all of these kiosks will be the same build, so they were most likely all capable of the same access.
This really is basic basic stuff, it’s pretty frightening that it happened at all, and is also why I would think that it has got to be a one-off. It won’t be a widespread issue in my opinion.
The site won’t let me reply to the one underneath.
Maybe this link will help answer your question.
http://computerworld.co.nz/news.nsf/news/winz-kiosk-security-issues-may-extend-to-other-agencies-expert
[lprent: There is a limit on comment thread depth of 10 indents. Otherwise the comment get more and more vertical. You can tell when you have hit it – no reply link ]
@lprent: actually it might be better if it showed the reply link, but simply made it reply to the parent post instead. Would certainly be easier for those really long threads where it can take a bit of scrolling to get to the right post to reply to.
So it would be like the Government Shared Network?
Bm, you havent noticed a pattern of privacy breaches under this government? Acc, ird, winz… Do you give bennet credit for allegedly clamping down on welfare or do you praise the civili servants for it? You cant have it both ways
Key on tv earlier ‘minimising the maximus’ its ok, not a prob.
Well Keith Ng on TV3 said this
http://www.3news.co.nz/Staggering-security-lapse-at-WINZ/tabid/370/articleID/272707/Default.aspx
makes interesting watching and to see Rachel Smalley asking some very good questions, Keith is followed by Jacinda Adern.
Have donated Keith Ng a few dollars. Come on peeps lets see if we can’t get the man over $3K for this story.
I’ m with Kiwibank
🙂
(just foolin’ a round)
I wonder if the details of his blind trust were made public he would be so blase
Whose blind trust – Keys or Ngs?
Looks like Shearer’s/Labour’s poor handling of the supposed GCSB-Key tapes will be smothered by this story. Lucky break.
Memo from Crosby Textor
To John Key
Continuing disclosures concerning Kim Dotcom
The situation is now grave. The good will that we have been able to manufacture for you concerning your personality is being undermined by your contiuous failure to know what is happening. The perception of your competence level is now in grave danger of matching your actual competence. And you have misunderstood plausible deniability. You are only meant to tell lies when it cannot be shown that you knew you were lying.
The situation is grave and so we are now recommending the nuclear option. This may obliterate one of your strongest performers and her career but these are drastic times.
The proposal is that you manufacture a crisis. This Government is renowned for privacy breaches so we recommend that the breach involves the MSD. And it has to be really simple to do, along the lines of walking in off the streets with a USB drive and downloading thousands of potentially significant items of information. And to make it worse the breach ought to have been pointed out previously but not acted on. And it has to undermine Minister Bennett and take down her flagship data matching project which was recently announced.
The only benefit is that Dotcom will no longer be the lead story on the news. Until the next disclosure …
The MSD and the Privacy Commissioner have known about this problem for a considerable amount of time.
That was last November. The article makes no mention of the time period over which the offending occurred.
Amazing that some seem more concerned about Keith Ng’s behaviour than the ministry’s, and yes, of course this is a management issue, and of course the Minister has to take responsibility for it. As for Mr. Ng, he was authorised to access the data – it was a public server and people were encouraged to use it.
Looks like a completely different issue – the one you link to is staff using their computers for illegal acts. Ng’s work involves public terminals accessing back office systems.
Nope – the lax security in the network is obvious. Ng’s investigation demonstrates that once in, it’s access all areas. The article demonstrates it isn’t the first time this has caused problems.
Damn straight, only the boss is allowed to do that.
gonna be big allright.
the biggest cockup by infantilised adults new zealand has ever seen.
this lot cant get anything right.
must of been distracted by facebook or sumfing.
For all the BIG issues that have been occurring for weeks and months, how is it that we get a poll result such as that delivered by TV 3 yesterday? Will the Standard comment on this, for there is a good deal I would like to day.
“For the great majority of mankind are satisfied with appearances, as though they were realities, and are often more influenced by the things that seem than by those that are.”
Niccolo Machiavelli (1469-1527): Discourses, 1513-1517
Frankly I find it hard to believe this was an “open hole”
The solutioning behind the work, which would of course have been carried out by an external vendor, but most likely QA’d internally, not to mentioned security assessed, as government departments must do.
This is an oversight too stupid to have been missed by accident.
hey muzza, if not that then what? deliberate?
Apparently the system was built and tested by KPMG regularly. Up until today they had never seen a hole. Stupidity, lack of inclination, lack of budget are a few other options I can imagine, the reality is National couldn’t give a fuck about beneficiaries.
Why spend money protecting people you absolutely hate?
Guessed it would be KPMG. Matches their long standing performance record.
All I can say is that technology is over-rated.
For example, eftpos is slower than cash. And nowehere near as aesthetically pleasing. Eftpos is such a stupid idea.
But an important idea in the roadmap to a cashless society!
Depends on the amount of cash. If you’re talking $200+ in $20’s, eftpos could easily be faster.
Faster than counting to ten? You must have some pretty quick eftpos where you live.
Increases dependency on electronic transaction systems and provides highly traceable transaction activity located to time and place.
my thoughts exactly. all CONSUMPTION habits are recorded and analysed
( I withdraw my small income in cash, and meet my commitments, in cash, generally, unless I forget)
+1 So do I. I also remove all savings and investments from New Zealand while National is in power. Better to be safe than sorry.
Amen Brother / Sister
(I tried to comment on your site but technology / luddite difficulties (we all have our Achilles heel, personally, for me it was flow charts in the eighties; now for most people it is super-cession, this is just an old desktop that sat in the corner until I came along)
🙂
Not really. If you wish to purchase something over a certain amount of money then Eftpos is likely faster and more efficient for you.
Try not to use cash any more as it’s a PITA. I actually find cash slower and then I actually have to carry the stuff around and make sure I have enough etc etc.
Fuck the aesthetics.
Nope, it’s absolutely brilliant. It’s only downside is that it’s run by the private sector.
Your problem with it being run by the Private sector is what exactly?
BTW Kiwibank could set up a rival Eftpos system just as the ANZ bank did.
Duplicate systems are costly and unnecessary. Just nationalise it and have it run as a utility for the public good. Businesses will love the lower costs.
You assume the costs will be lower which is definitely not a given. Business seems happy with the status quo but I suspect you think you know better than those silly business people.
Is it being run for profit? If so it can be run for less.
EFT-POS in NZ is owned by the four Australian banks so it can be assumed that they’re making a profit.
@Gosman
Businesses don’t have a choice.
Gossie demonstrates how out of touch with SMEs he is. SMEs fucking hate the EFTPOS fees, the bullshit costs to upgrade EFTPOS terminals, the incessant predatory ticket clipping which goes on.
Basically, Gossie has no concept.
Who are your contacts in the business world CV which you base your claim on?
Ordinary NZers working to get ahead, not foreign based corporate thieves 🙂
Yeah I am kinda confused by why being run by the private sector is a downside.
big surprise, dat.
Amusing as always
the resolution for your confusion.
Sure. You can assume all types of things.
Setting aside there is no guarantee of cheaper prices (because you know, no government has ever run anything to make a profit from it) what’s wrong with providing a service for profit? Those business who use eftpos, say coffee shops, also pay for food and coffee. Shit, that should all be nationalised to because it would be cheaper than paying those greedy coffee producers to funnel their money overseas.
If food and coffee were monopolies I’d go along with that.
Depends.
Is the barista the sole or near sole supplier of a piece of infrastructure that is essential for modern society? There’s the reason your coffee analogy is intensely stupid.
Have you seen what happens in a supermarket when the EFTPOS goes down?
“Have you seen what happens in a supermarket when the EFTPOS goes down?”
Because under the watchful eye of government EFTPOS will never go down!
wow, you overdosed on the stupid pills tonight, didn’t you.
Show me in this thread where anyone has said that perfect operation is a benefit of state ownership. I merely pointed out that EFTPOS going down tends to block customer ability to purchase goods much more significantly than a barista taking a break shortens my options for a morning coffee.
Great, so we both agree that neither in private or public owner can guarantee that EFTPOS service won’t go down. We are making progress, sorta.
So then your gripe must be about profit, as my example about the cafe pointed out, the business owner has other outgoings which profit others too. Are you going to complain about that too?
are those other outgoings being paid to near-monopolistic suppliers of goods or services essential to the operation of a modern society?
No, raw sugar and milk thermometers don’t meet that criteria? Oh. well I guess not. Maybe you should learn to read.
“are those other outgoings being paid to near-monopolistic suppliers of goods or services essential to the operation of a modern society?”
Since we have already established that the government is no guarantee these “services essential to the operation of a modern society” will run anymore efficiently than they already do then this is a mere red herring.
So your problem is the money is going to something you don’t support despite it providing a service that the public seem to be fairly happy with, as well as the business that use them.
edit: Anyways, lets take this up in the morning. I have an early networking breakfast to attend…which sounds more boring than it is.
Fucking slide there with extra lube.
1: no guarantee of never failing != comparative efficiency
2: failure rate is not the only measure of economic efficiency. Extra money being sucked out by profit-seeking also counts.
3: use of a near-monopolistic service that is essential to modern life no more equals “people seem to be happy with it” than drinking from the only polluted water source in the area signifies that the water is safe.
Slippery cont.
If ever meet you in real life, McFlock, I am going to insert an oily penis into your ear.
You fucking Tory.
[lprent: Where was the point of that comment? McF managed to make several points with extra abuse. Yours just read like a stupid threat.
And I suggest that you be curtail giving a “humourous” response. This is a warning that you may yet achieve your ambition to self-matyrdom. ]
“Since we have already established that the government is no guarantee these “services essential to the operation of a modern society” will run anymore efficiently than they already do then this is a mere red herring.”
No, its the entire argument you’ve been working so hard to ignore. It’s about removing the drag of profit from monopolistic essential services and nothing to do with any of the strawmen you’ve failed to erect.
cheers, cottonbud…
See you tomorrow, sweet-pea
Lord, Contrarian, you, like myself, appear to let your self down at times; yet often so witty?
1.) The dead weight loss of profit
2.) The fact that unaccountable private businesses have such information about me and everyone else
3.) The transfer of money is an essential public service and, as such, should be done by the government.
Why increase the expense?
“1.) The dead weight loss of profit”
Profit is not always ‘dead weight’. It is only dead weight if shuffled off into a tax haven. If it is spent and invested it becomes active in the economy.
“2.) The fact that unaccountable private businesses have such information about me and everyone else”
Like your WINZ details? Or like the credit card numbers Labour accidentally left unsecured? Or some ACC details which rolled a top minister?
“3.) The transfer of money is an essential public service and, as such, should be done by the government.”
The payment between the organization I work for and myself is an arrangement between myself and them. I have a legal as well as social contract between them. The government does not come into it expect to tax my tax (which I am happy to pay). When I buy something from a private company, that is a transaction between myself and them using a means of monetary transfer which has been agreed upon by both parties. The government does not have any need to be a party to this.
BULLSHIT
Investments in overseas bonds and derivatives does nothing for the “economy” that real people live in. (although it might help Wall St investment bankers).
The best way to make sure that money stays in the community which generated the profits is to pay more workers in those communities more.
“The best way to make sure that money stays in the community which generated the profits is to pay more workers in those communities more.”
So profit is not always dead weight. Glad we agree.
(p.s. I never said “overseas bonds and derivatives”. I meant spent in the local economy, invested into infrastructure, new technologies and start-ups. i.e in useful, productive sectors.)
Paying workers isn’t profit and you know that. It’s payment to cover their living expenses.
1.) Profit is always a dead weight loss.
2.) WINZ is democratically accountable.
3.) So you’d be fine with accepting IOUs from every Tom, Dick and Harry?
Incorrect. The government essentially makes the money used in society worth something.
A transaction that, most likely, can only come about due to the existence of government.
Wrong again. Without the government setting and enforcing rules for the transaction there’s no way you’d be able to trust that the transaction was worthwhile – not in a society larger than about 200 hundred anyway.
But that’s not the point. If the government owned and ran EFT-POS they’d come into the transaction no more than the banks do now. The only difference is that the government wouldn’t clip the ticket and so you’d get to keep more of the money from the transaction.
Here is a challenge for you VTO
Pay power account, telephone, trade me purchase to someone in wairoa, amazon book purchase in cash in 20 min with no extra cost like petrol.
Good point. It is possible if VTO can wire the cash via something like Western Union. However that is simply another form of electronic transfer albeit a more primative version.
Dv you can just do all of that on line. Why would you bother driving to all those places to use their eftpos machines? And what if the person in Wairoa doesn’t have one?
What’s this “on line” you speak of? Is there a line somewhere I don’t know about?
So Eftpos is somehow not useful yet the Visa and Mastercard payment systems , (which are owned by those dreaded foreign companies), via the internet is fine??? Go figure.
Sorry Gosman, I didn’t realise “EFT” stood for “Every Fucking Thing”.
Can you remind me again what the “POS” stands for?
You seem to be making an assumption that a payment via Eftpos is fundamentally different to making a payment online. I’m letting you know that they are not really. In many countries they use Creditcard systems to replicate what we have here with Eftpos.
Interesting that people think Eftpos is a monopoly, or near monopoly, and thus should be nationalised. There are two main players in the POS industry in NZ. This is similar to how many main players are in the operating system market. Do people want to see Microsoft nationalised as well?
“You seem to be making an assumption that a payment via Eftpos is fundamentally different to making a payment online.”
Not an assumption. There’s very a clear distinction between a POS transaction and an online one. The clue is in the name.
“I’m letting you know that they are not really.”
But you’re a moron. Not only have you failed to note the context of the discussion, you’ve also missed all of the detail. The answer you pretend to seek has already been spelled out for you several hours earlier.
The context of this discussion was that VTO stated technology was overated. VTO then went on to use Eftpos as an example and stated cash was much better.
In that context pointing out that Eftpos transactions and Internet transactions are pretty much the same is valid. It would be completely idiotic for VTO to state Eftpos is not good but internet transactions are fine.
vto compared cash vs electronic at the shop counter. That’s what “POS” means you fucking dunce.
Whether it is POS or not is irrelevant when it comes to the underlying technology. Both POS and Internet payments utilise similar infrastructure. To try and argue that one is fine while the other is a waste of time is a stupid argument.
Except for the fact that:
– EFTPOS came out many years ahead of internet purchasing,
– EFTPOS cannot be performed in a card absent transaction
– EFTPOS does not require the use of a credit card style product whereas internet transactions do
– EFTPOS cannot be used by internet businesses to transact sales.
“Whether it is POS or not is irrelevant when it comes to the underlying technology”
No, because that was the comparison. Cash at point of sale vs eft at point of sale.
It’s not my fault you didn’t understand it, but there’s nothing new about that.
Felix my point exactly.
VTO said Eftpos is such a stupid idea.
But your examples have nothing to do with eftpos, which is by definition a point of sale transaction.
Okay you have a points decision!
Yay, points!
That is a bit pointed felix!!!!!!
ALL WINZ FILES SHOULD BE CONSIDERED COMPROMISED.
http://publicaddress.net/system/cafe/onpoint-msds-leaky-servers/?p=272452#post272452
All of them, including secure files such as mine. I expect a sizeable offer in the mail and an apology by phone within the week.
CERA could also be compromised now ,what a shame, gerry wont be happy.
CERA = Closer Economic Relations with Australia ?
Following links from twitter…
La Maison du Che’z, About 6 hours ago
I worked for WINZ (frontline in various roles) for 24 years, finishing in 2010. All these details that you have been able to access are amazing, considering we, as staff, were NEVER able to access any of them. Even our Service Managers couldnt get into them.
It was so ’locked down” that we couldnt even access Internet unless we personally had been granted electronic licence. (so no Trade Me, Facebook, Twitter etc)
We did have our own internal “Intranet” and access to our own client’s benefit records, but I am appalled that the public has been able to access stuff, even we as staff, could never get to, or would even attempt to get to.
Thank you for exposing this anomaly in their system, but would appreciate it being reported that it is reported that it is not WINZ information that you have been able to see, it is other organisations within MSD.
http://publicaddress.net/system/cafe/onpoint-msds-leaky-servers/?p=272298#post272298
La Maison du Che’z: “Thank you for exposing this anomaly in their system, but would appreciate it being reported that it is reported that it is not WINZ information that you have been able to see, it is other organisations within MSD.”
Ah yes, but which ones ?
Funnily enough I had to drop some forms off at the WINZ today, i walked in and found a security guard next to the kiosk, which was turned off and covered up with blank sheets of A4.
Nothing to see here, pay no attention to the man behind the curtain.
Question to the Minister of Social Development in Parliament tomorrow:
“Does the Minister stand by her statement on Radio Live at 5.15 pm on Monday: “It ain’t gonna happen twice“?
Just ask the DIRECT question. Can you guys please do this, for once?
Follow up as necessary: “When she said “It ain’t gonna happen twice”, was that a promise, or just empty words?”
“If it ain’t gonna happen twice, will she resign if it does?”
(I know, you don’t read blogs, and you can come up with a much more long-winded question yourselves, and let Bennett off the hook, as you’ve been doing for 4 years … or you could try something else? Please?).
I have been busy all day.
Has Bennet resigned yet?
Heard Bennett on the radio when driving home work claiming that she was extremely concerned about how easily private information could be accessed and that it was extremely concerning – kind of ironic considering she was the minister who was more than happy to ride rough shod over the rights of two beneficiaries who spoke out against policy changes that directly effected them when there was no reason to do so other than to silence them and use her position to bully people into keeping quiet. Words can’t even begin to describe how much that woman disgusts me.
Do you mean the 2 idiots who went public with only half the story being told? They “earned” more than I did working a 40 hr week.
You want disgusting, look at the liar-bore from bench. Nuff said.
So double standards are all fine and well depending on the situation? You can’t have it both ways. It’s either right or wrong to divulge or make otherwise private information public. Surely?
And did you have all the same expenses? I suspect that you didn’t and didn’t even consider that the amount that they were getting wasn’t enough to cover their expenses whereas you did get enough.
So how much money did they waist on these Kiosks?
Obviously another qualified contractor
(That’s sarcasm by the way)
PRIVACY LEAK or Information GAP?
Ha, what a joke! Who cares about any innocent, public person having a double check through a “self service kiosk” at good ol WINZ on what goes on inside the department and Ministry?
Is it not just fair that information is “shared”?
Paula was happy “sharing” information about some of her “difficult” clients herself. Lest we forget:
http://www.stuff.co.nz/national/politics/2740483/Privacy-Commissioner-confirms-investigation-into-Paula-Bennett
http://brianedwardsmedia.co.nz/2009/07/why-paula-bennett-is-not-fit-to-be-a-minister/
These are just two links to what went on during 2009! I am sure there are heaps more.
And yes, maybe your attempts to keep hidden the “designated doctor training” that was managed and done through your cherished “work focused” Principal Health Advisor Dr David Bratt, and the previous senior advisor for health matters at MSD, Dr David Rankin (now with ACC, as I believe) from 2008 on, thus “compromising” the “independence” of such doctors “examining” and “assessing” client’s health, can now no longer be maintained either?
Open the whole can of worms, please, Keith Ng and others. More people know what I am on about. Come forward, share with us, what you found through WINZ service points, on their systems and servers, please, we want to get square with dear Paula Bandit Benefit now, for good, thanks!
Time to say good bye Paula!
Paula must be trying to get people off welfare.
Nice PR line, but the implementation is “High School” at best.
Keith Ng just tweeted that the name of the person who put him on to the breach has been leaked to the media:
https://twitter.com/keith_ng/status/257732420785303552
Full post on it here:
http://publicaddress.net/onpoint/the-source/
The leaker would appear to be MSD.
No doubt with the personal approval of Bennett herself, given her track record.
Question time in Parliament tomorrow won’t be much fun for either Key (GCSB illegal spying) or Bennett (WINZ privacy breaches)
Ira should be given a knighthood. Public support for people who have high standards.
Keith should be recognised with New Years honours.
I’m bloody furious about this. It’s our version of the Pentagon papers, when the government machinery turned its guns on the truth-tellers, in so many nasty ways.
I’m furious about Bennett and Key and their spin machine, and I’m almost as furious with the fucking fuckwits who think Labour should be more like them. That’s really working out great, isn’t it?
Let’s hear some fire in Parliament tomorrow. Let’s hear some principle and conviction and some anger. No more fucking appeasement.
Well Said M8!
Ignore the non sensicle comebacks and hammer them on everything.
Exorbitant remuneration + incompetent leadership/portfolio management = Our Current Government.
Where’s the Money John! Those shares are gonna take years to sell.
gobsmacked: “I’m furious about Bennett and Key and their spin machine, and I’m almost as furious with the fucking fuckwits who think Labour should be more like them. That’s really working out great, isn’t it?”
I am as furious as you, totally!
But forget much “real” fire in Parliament. We will get the usual: Tit for tat political game playing, some challenging questions rather for gaining political points, than for genuine wish to achieve a change of the whole system (which we need urgently). They (Labour, Greens and NZ First) will of course hammer Bennett on the WINZ privacy gap, Key on GCSB and Dotcom saga, and others for their cock-ups and lies, but they do this only to discredit the government enough, to work on getting more votes next time. Then they may take over as an alternative government, and most likely they will soon forget all the questions they asked, the matters they raise, apart from what they see convenient to achieve under their watch.
They will keep systems in place, be ministers or supporting MPs, run the show by working with all the departments, agencies and so, which are powers within the state making their own laws (they give government to pass), and not all that much will change.
International obligations and ties will force them to work with the US government, with the Mainland Chinese government, with the EU and others, they will hang onto FTAs, let trade continue as it is, maybe put a few more checks and balances in, and soon enough the public will moan about them.
Realise, please, these parties have low memberships, unions have low memberships, they are without solid basis, they only get votes by pandering to enough voters to get voted in, but they are non-committal supporters, who swiftly change their preferences.
Hence parties of any direction have become just “opportunistic operators” having their systems, that are intent on getting as much of their agenda and policies into law, as may be allowed by public sentiment, which again is largely influenced by a manipulative, commercialised media, which is there to cater for businesses selling advertising, which are their bread and butter, and which are other forces with their agendas.
So nothing will change much in the musical chairs of modern politics.
I am resigned and see no solution, but to start new movements and parties like the “Pirate Parties” in Europe. But they are now failing, because they also struggle to develop a cohesive direction and policies.
A radical change is needed, and people must be involved face to face, be made MEMBERS and be taken serious, not just used as opportune votes to win an election.
So Bennett and Key know all this, they are part of the system and part of the problem. They will manipulate the public and media, keep their jobs, and all will be forgotten within days, the MSM happily assisting in keeping things as they are (also ensuring their own survival).
People only have power if they have guts, are not complacent and take action. That is NOT happening. Mouseclics will NOT change anything, it is also just like a reaction to “appeals to votes” for perceived alternatives, that will only be moderate “alternatives” for a short while.
Full of privacy assurances, just last week
http://tvnz.co.nz/politics-news/bennett-promises-lessons-winz-hacking-5133143/video?vid=5133228
This week, not so good.
Assumed office, November 2008. Presumably responsible for policy since then. All her own work.