Dan Tehan has just provided the country with adequate reasons as to why he should not be allowed anywhere near any post that has anything to do with online security. Least of all a federal ministerial position.
Tehan, the Minister assisting the Prime Minister on Cyber Security, wrote an op-ed for the West Australian on Friday; some of the statements he made would fight for primacy with one made by former communications minister Richard Alston. (Unfortunately, The West Australian's website is a pay-only site, but Tehan's gem is linked from here.)
Alston, who was described by some as the world's biggest Luddite, once said during his tenure that the only reason people wanted faster broadband was to download porn.
Tehan has made statements that are on par with this; for one, he is credited with saying that the government is contemplating laws to make telecommunications providers take responsibility for "scrubbing the Web of viruses and malware".
{loadposition sam08}The West Australian's Nick Butterly referred to this as a "radical plan" in what he characterised as an exclusive story, oblivious to the fact that it could not be any other, as the article he wrote was based on Tehan's op-ed published by his employer.
Scrubbing the Web? What does that involve? Not blocking of websites, according to Tehan. No, that turned out to be a miserable failure when the Labor Party tried to play nanny some years ago. But then what? Scrubbing with soap and water?
Dan Tehan: "The government is testing a capability to prevent government users visiting sites known to be malicious."
It is possible that Tehan has drawn inspiration from his boss, Prime Minister Malcolm Turnbull, who has sought to portray himself as someone who is in the groove when it comes to matters digital. Turnbull's method of projecting this image is by using the words "innovation" and "agile" frequently; I suspect that he has set a timer on his (expensive) smartphone to alert him when to next use either of these weasel words.
But back to Tehan; exactly what inspired him to write this op-ed is unknown. Perhaps it was the release this week by the Australian Cyber Security Centre of its cyber security survey for 2016, an eminently sensible document and nowhere near the level of ignorance displayed by Tehan.
One of the gems from Tehan was this: "Just as we trust banks to hold our money, just as we trust doctors with our health, in a digital age we need to be able to trust telecommunications companies to protect our information from threats."
So if telcos cannot block sites they deem dangerous, how do they do that, minister? When it comes to detail, Tehan predictably goes missing.
By extension, if you receive a spam phone call offering you glorious discounts on your international phone rates, then you should blame Telstra or Optus, depending on who supplies that line. But that line (pun intended) of reasoning can only be described as stupid.
More gems from Tehan: "Technology should improve our online experience, like stopping spam emails and providing SMS authentication for your banking services. We are calling on businesses to provide enhanced cyber security services to provide greater choice for users who wish to protect themselves online."
Apart from the dubious grammar in these pronouncements — and right through this op-ed — the minister seems to be blissfully unaware that most banks do provide SMS authentication. Of course, how one prevents spam coming in from a popular provider like Gmail was not dealt with at any length by Tehan. Those details are left to nitpickers.
Tehan further said that the government would work with business "to enhance the identification and patching of vulnerabilities that online criminals are exploiting. We will also enhance our scanning of government networks to identify vulnerabilities before the criminals do".
Good luck with that, Dan. Security experts in Russia, China, Israel and the US haven't been able to do so, but I'm sure you have some mysterious plan that will succeed.
The minister also said that the government "is testing a capability to prevent government users visiting sites known to be malicious. We will look at how we can share this information to provide greater protection to the private sector and broader community. We will improve the monitoring of data as it moves across government networks to support active cyber defence."
It's puzzling to divine exactly what Tehan means by this "capability", unless he is talking of surveillance as per the NSA model. But one doubts he will go down that path; the government of which he is part is already trailing badly in opinion polls and any talk of more surveillance (we already have data retention laws in place) would only make the figures worse.
But having knocked Tehan for his ridiculous op-ed, what does one really do to reduce the chances of online attacks?
Number one, minister, insist that Microsoft make it compulsory for users of its Windows operating systems — which the government uses to the exclusion of all other systems — to operate only with user privileges when doing their daily work.
And no, that advice does not emanate from me. It comes from the security firm Avecto, who came to this conclusion after analysing the entire list of Microsoft's security announcements for 2016.
One more thing that Tehan could do is to mandate that government employees digitally sign their emails, and also make this compulsory for businesses; the number of email-borne infections would drop by a fair amount if that was done.
But going after telcos and all the other waffle mentioned by Tehan is a waste of time. It is an attempt to be seen to be doing something when you have no clue as to what that "something" is.
There is a golden rule about what one should do when one is in electoral trouble: "When you're up to your neck in shit, keep your mouth shut." Obviously, nobody told Dan about this.
Pictures: courtesy Dan Tehan's website.