ATO and Defence throwing cash out the wrong Windows

Published Feb 02, 2020 by Xiph

Australian agencies continue to invest in irrelevant technologies Remember LaserDiscs? That oversized frisbee of a disc that was set to take over A/V in the home during the 1980s, but was a bit too cumbersome and is now way too dated in both audio and visual quality to make any kind of a resurgence? Yes, that one. If anyone is still spending their weekends tracking down the last remaining LaserDisc copy of Police Academy 4: Citizens on Patrol, then the Australian government would love to give you a chest-bump. Or, if you’re looking for work, I’m sure they’d bend over backwards to offer you a job.

This ridiculous but amusing picture has been painted because it’s not too far off what’s going on right now with both the Australian Tax Office and The Department of Defence. Both have just devoted a significant amount of cash towards ensuring that department computers continue to run on dying (or as the tech world politely call them, end-of-life) systems: Windows 7 and Server 2008. And dying systems take you to a single place: Security Loophole City. A place no Australian citizen wants to visit for any longer than they have to (and they already have to it would seem, daily).

Two very expensive funerals

Okay, so the ATO and DoD are forking out a significant amount of cash. What’s that… $50K? $100K?

Oh, come on…It can’t be more than $500K, can it?

Yes, it can and it is. Together, these organisations have doled out $8.7 million in contracts — with the government’s Microsoft licence reseller, Data#3— that supposedly “extend support” for these dying systems until at least 2021.

Extending support sounds lovely and all, until you discover that even with that support, if you were to use Windows 7, you would never again receive automatic updates to combat new security flaws. The contracts, therefore, are merely extremely expensive pieces of paper that would only make sense to someone who hasn’t turned on a computer since the Apple II.

$6.1 million of the colossal cost has been willingly worn by the DoD, even though they migrated 105,000 of their devices from Windows XP to Windows 10 in 2019. The remainder of their devices will still live in Security Loophole City and due to alleged “confidence reasons”, exactly how many devices constitute the remainder cannot be disclosed. In this case, we can only assume those confidence reasons refer to the fact that the truth would lose what little confidence Australia has left in the government’s decision-making on the technological front.

Jokes merely mask the fear

In all seriousness, consider the ramifications of such backwards attitudes to technological integrity. Two agencies that trade in highly sensitive information that affects the lives of every single Australian, are treating privacy and security as an afterthought. The inability to patch Windows 7 and Server 2008 with bug fixes to maintain the impenetrability of an already porous commercial software – is downright frightening.

On the ATO side of things, it means that any hacker with an axe to grind could use it to lop off a citizen’s head – forcing them to pay money they don’t owe or worst-case scenario – sending them to prison. On the DoD side, this apathy towards security could result in the most heinous situation your imagination can conjure. If you’re currently picturing a particularly bloody battle from Call of Duty, then technically, we couldn’t fault you. Yes, it’s a stretch, but it’s stretched from a fixed point of truth: that the electronic aspect of the department assigned to manage the defence of the continent, can now more easily be broken into and manipulated.

Let’s get real and talk reality

Hyperbole and wandering imaginations aside. The Australian government is proving time and time again that they do not care about our privacy and security. In fact, they don’t even seem to care about their own. It’s easy to reduce the significance of a few government agencies failing to keep up with the latest software to a punchline: “oh, those crazy Boomers and their Boomer-ing ways”. But this latest development is emblematic of a far more sinister reality… our nation has always been and still is in the hands of those who do not understand the power and therefore potential danger of the digital world. And that’s just plain wrong.

It’s up to us to make sure that our future leaders live in THIS PRESENT REALITY and therefore know which buttons should and shouldn’t be pressed – and when. And most importantly – why. How do we do that? We start acknowledging that privacy and security is a serious matter that requires serious thought. Otherwise, everything will —at best— remain the same or —at worse— get much, much worse.


Posted in: Security