“The challenge we face is that the same qualities that enable us freely to harness cyberspace for prosperity can also provide an avenue for those who may wish to do us harm.”

–Malcolm Turnbull

LAST week the Prime Minister launched Australia’s Cyber-Security Strategy, which in its way is a good thing to have.

From a Prime Minister more prone than most to techno-utopianism, not to mention insecure online behaviour, it was refreshing to see some acknowledgement of the risks.

Let us not forget that only late in the Godwin Grech affair did the then-opposition leader’s office realise that email headers are easily falsified.

There’s a fundamental flaw in our technological future as we hurtle towards an unpredictable future.

That failing is that humans are incapable of writing secure software.

I realise this is a big call, but I can offer some very tangible evidence of this.

Between Google, Apple and Microsoft we have some of the biggest companies in the world, hiring the very best software writers they can find, to write products that their businesses depend on.

Despite this, several times a year, we need to update that software because the biggest and the best have discovered crucial flaws in their software.

It’s been thirty odd years since some of these products went mainstream and there’s no sign at all that any of the big players are close to producing a secure product.

This is something we all need to have a little think about the next time we enthusiastically sack the little man, who used to drive out to the reservoir in a van to open and shut valves, with a SCADA system that lets the CEO control the dam with his mobile phone.

The reek surrounding cyber-security only grows when you consider Edward Snowden’s revelations that the same security organisations that are now supposed to safeguard us online deliberately infiltrated flaws and weaknesses into key software decades ago to make it easier for them to snoop on us.

Oddly enough, the Prime Minister in his recent announcement made mention of Snowden, but chose to ignore the more salient points:

“Authorised working relationships between government and certain private-sector partners were unfortunately damaged in the release of stolen documents by Edward Snowden”.

The issue with the Snowden revelations is that agencies of the governments of Australia, the US, UK, Canada, and NZ have acted completely outside of “agreed legal frameworks and appropriate oversight” as the Prime Minister hopefully described them, this illegal behaviour is what motivated Snowden to blow the whistle.

Yours truly is not going to be the first in line suggesting a return to Luddism or the bad, old days.

But when it comes to our IT security we’re going to need better than “trust us, we’re the government”, when the government has demonstrably acted in untrustworthy ways in the past.

“Trust us we’re a huge software company and we know what we’re doing,” similarly has a vast tide of history against it.

As with everything else we do; things might be better when we let the machines take over. Most recent railway and plane crashes would not have occurred if the machines were fully in control. Machines will potentially write less error-prone software in future.

It’s just a pity we’ve done such a bad job making the machines safe up until now.