Posts by Graeme Edgeler

Last ←Newer Page 1 2 3 4 5 Older→ First

  • Legal Beagle: Crowdsourcing Project Cortex, in reply to BenWilson,

    Um…presumably you’re all joking? Because:

    In terms and conditions of use, for example.

    According to Jagose's speech, an organisation obtaining the capability must consent to receiving it – and ... advise those who interact with their computer systems (staff, customers) that their communications may be accessed for cyber security purposes...

    Now, I am a person who has interacted with DPMC computer systems, I have sent emails to the DPMC, and I have used the content submission forms on the DPMC website. If they have informed me that my interactions with their systems may be accessed for cyber security services, I have missed it. If they are going to do this, there aren't many options: it could be in their terms and conditions; it could be in their privacy policy, it could be a note on the page of the form you fill in to submit a query, but it has to be somewhere. And it's in none of those places.

    If such advice isn't somewhere where I, as a person who has interacted with their computer systems, can see it, I have having difficulty seeing how they can have met the pre-condition for access to Cortex. They are required to advise those who may interact with their computer systems that their communications may be accessed for cyber security purposes.

    Now, with some organisations, there is a lack of clarity because the terms may be silent, and maybe they've got Cortex, and just haven't said. But many of the agencies I've looked at aren't in that position. For example, with the DPMC, we're not just dealing with silence. The DPMC have a privacy policy in which they state that they do not disclose personal information voluntarily provided to them with any third parties. Use of Cortex in the way described by Jagose in her interview with Patrick Gower on The Nation is inconsistent with that.

    Now, is it possible that either Jagose was misleading us, or the DPMC is misleading us in its privacy statement? Of course. How would I know? But whether this blog post is pointing out the absurdity of Cortex not protecting the DPMC, or if it is pointing out that the DPMC etc. are lying by providing a privacy statement which forswears use of Cortex, or if it is pointing out that Jagose is wrong when she described the pre-conditions of the use of Cortex, I'm pretty happy with it, because those seem to be the only options.

    You're right that I'm not going to be able to use this process to know which one of those three options is correct, but that one of them is true is noteworthy enough.

    Wellington, New Zealand • Since Nov 2006 • 3097 posts Report Reply

  • Legal Beagle: Crowdsourcing Project Cortex, in reply to steve black,

    compare that to the phrasing we’ve seen so far

    may be subject to monitoring.

    then the sites found so far are failing to say what use the monitoring is for. What happened to the “for cyber defence purposes” guys?

    They are indeed. I wonder if there is any agency that is as explicit as Ms Jagose implied they need to be as a precondition to receiving cyber protection services from the GCSB as part of Cortex? My guess, is probably not.

    Wellington, New Zealand • Since Nov 2006 • 3097 posts Report Reply

  • Legal Beagle: Crowdsourcing Project Cortex,

    And more:

    there is language sufficient to fulfil the precondition about disclosure of monitoring at the National Infrastructure Unit within treasury, but not Treasury itself.

    And the Energy Safety unit within Worksafe NZ says "WorkSafe New Zealand systems to which this website connects and related equipment may be subject to monitoring." However, Worksafe NZ, disagrees, carrying no language capable of fulfilling the disclosure pre-condition, as does the Ministry of Business, Innovation and Employment of which both are a part.

    Wellington, New Zealand • Since Nov 2006 • 3097 posts Report Reply

  • Legal Beagle: Crowdsourcing Project Cortex,

    Find one, and then Google does your work for you!

    Two further possible Cortex-protectees:

    The Charities Service!
    And
    The New Zealand Debt Management Office!

    Similar language appears in the Privacy Statement on the website of The Maori Land Court which says "The Ministry of Justice systems to which this web site connects and related equipment may be subject to monitoring." However, the Ministry of Justice website states, however, that the monitoring done is Google Analytics.

    Wellington, New Zealand • Since Nov 2006 • 3097 posts Report Reply

  • Legal Beagle: Crowdsourcing Project Cortex,

    Found one!

    While the Ministry of Defence has not met the preconditions for protection by Cortex, the New Zealand Defence Force has something. It doesn’t mention monitoring for cyber defence in particular, but I guess we can’t be too picky:

    The New Zealand Defence Force systems to which this web site connects and related equipment may be subject to monitoring.

    As have the New Zealand Army:

    The New Zealand Defence Force systems to which this web site connects and related equipment may be subject to monitoring.

    The Royal New Zealand Navy:

    The Royal New Zealand Navy systems to which this web site connects and related equipment may be subject to monitoring.

    And the Royal New Zealand Air Force:

    The New Zealand Defence Force systems to which this web site connects and related equipment may be subject to monitoring.

    Along with both the Cadet Forces and Veterans Affairs.

    Wellington, New Zealand • Since Nov 2006 • 3097 posts Report Reply

  • Legal Beagle: Crowdsourcing Project Cortex, in reply to linger,

    (Hence also references to Cortext protection; Protect Cortext.)

    I typed that pretty much every time, and did correct a lot of them, but it was after midnight, and I had to get up at 5:00am!

    Wellington, New Zealand • Since Nov 2006 • 3097 posts Report Reply

  • Legal Beagle: Crowdsourcing Project Cortex,

    You'd have thunk, for a blog post I specifically asked for comments in, that I'd remember to turn comments on.

    Wellington, New Zealand • Since Nov 2006 • 3097 posts Report Reply

  • Legal Beagle: The Greg King Memorial…, in reply to Andrew R266,

    Graeme I think you need to account for the age of the person at the time of the offences. As I understand it there is a reducing offence rate as people get older, over 30 years old. Is that a factor”

    It's relevant to individual likelihood of reoffending, but not sure it would have too much of a factor overall over so short a time-frame (five years before, five years after). Probably something to look at longer term, however.

    Wellington, New Zealand • Since Nov 2006 • 3097 posts Report Reply

  • Legal Beagle: The Greg King Memorial…, in reply to MPH,

    But that does raise quite an important point. Do your numbers account for the fact that people committing strike offences in 2005-2010 include young people under 18 years old? Again – possibly very significant impact on the results.

    I was careful to limit my questions in all comparator groups to those offending at age 18 or above.

    Wellington, New Zealand • Since Nov 2006 • 3097 posts Report Reply

  • Legal Beagle: The Greg King Memorial…, in reply to chris,

    In this article I can’t seem to find how many third strike convictions there were. If only the first and second are being discussed then why have three?

    I believe there are yet to be any (maybe one).

    The consequence of a second strike is that you aren't eligible for parole, so people who have committed a second strike are reasonably likely to still be in prison, and unable to easily commit a third strike (although a serious prison assault can count, of course).

    Wellington, New Zealand • Since Nov 2006 • 3097 posts Report Reply

Last ←Newer Page 1 2 3 4 5 6 309 Older→ First