Politicians’ iPad prank sets poor standards for electorate

MPs in the New South Wales Parliament couldn’t resist perpetrating an online prank on one of their number earlier this week.

The victim of the prank was Andrew Gee MP, sitting member for Orange. Naked Security readers will remember Orange as the home of convicted Aussie hacker David Cecil, a.k.a. Evil, who clocked up a two-and-a-half year prison sentence earlier this year for offences relating to the unauthorised access to and modification of data.

Gee was up on his hind legs, orating to the House, when messages started coming from his Twitter account. He’s deleted them now, but that hasn’t expunged them from the record – the Sydney Morning Herald faithfully reported them on its light-hearted Friday back page, The Diary:

I’m talking about really good things now

So many memories being had

My shoes are shiny

Gee’s iPad wasn’t lost or stolen. It was lying in what I’m sure he imagined was supervised safety on the parliamentary furniture. He simply hadn’t banked on the sort of “supervision” his party colleagues had in mind.

Tweets not yet eradicated by the embarrassed Mr Gee explain away his apparently magical Tweet-whilst-talking powers, laying the blame on Messrs Wollondilly and Drummoyne (those are the names of the seats, not the MPs!) and unnamed others.

Gee’s boss, State Premier Barry O’Farrell, joined in online with a short but entirely pertinent Tweet to say:

@AndrewGeeMP & set your iPad lock

This, in turn, provoked the Member for Orange to observe:

But you wouldn’t have thought you’d need to use it in such distinguished company.

A fair comment, perhaps.

In truth, though, you would (or at least should) have thought exactly that.

Computer security is no longer really suited to the idea of a trusted interior and a hostile exterior.

You should work on the assumption that bad things could happen at any time. Then take a defensive security posture to suit that assumption.

The Premier is right. Set your iPad lock. While you’re about it, consider all the other security-oriented settings from which you and your users could benefit, and think about how to ensure that everyone is doing the right thing.

(Yes, that image to the right is a shameless plug for a Sophos product which helps you do just that 🙂

And never mess with another guy’s computer or mobile phone.

Wollondilly and Drummoyne, it seems, were careful not to put anything truly embarrassing or derogatory into Andrew Gee’s mouth, with the result that little harm was done. But it would have been much better – and would have set much higher standards – if they’d resisted the temptation altogether.

I may sound like a bit of a wet blanket for saying that, but it’s hard to take a position against hacking, cybercrime, identity theft and other serious online crimes if you’re prepared to condone the unauthorised use of someone else’s iPad simply because it suits your own sense of humour.

As it happens, Section 308D of the New South Wales Crimes Act of 1900 (as of 6 July 2012) specifies a penatly of up to ten year’s imprisonment for Unauthorised modification of data with intent to cause impairment.

Gee’s jesting chums may not quite have broken this law [*], but that doesn’t matter.

They shouldn’t have done what they did…and Gee shouldn’t have made it easy for them.

[*] Are you a lawyer? If so, why not leave us a comment letting us know how close you think these MP pranksters came to breaking the portentously-named Crimes Act of 1900?