Ira Bailey has been revealed as Keith Ng’s informant about the MSD kiosk security problems. Bailey is reported as an ‘activist’, and has raised some eyebrows by asking MSD if they offered incentive payments for discoverying system vulnerabilities.
We could quibble about Bailey’s motives and methods, but that’s a minor side issue at most.
What is most important:
- That the gaping data security hole was discovered
- That it was disclosed without (as far as we know) releasing any data or aiding any release of data.
So Bailey should be heaped with praised for this. It could have been a data disaster rather than a data vulnerability.
Bailey’s involvement has prompted a few digs and queries. John Key has ‘quipped’ on TV3′s Firstline:
“Obviously it would have been better if the individual involved had actually told the government and not tried to charge the government some sort of ‘fee’ – to put it in those terms – but he didn’t and goodness knows what he did with the blogger. I don’t know if he gave it to him or sold it to him”.
If Bailey had wanted to tout for the biggest payback for his disclosure he would surely have gone to media with far bigger pockets than Ng.
I think Ng’s journalistic prowess in this revelation has been overstated – he was handed a scoop and did a good job with confirming and disclosing it, but it has not been the resuklt of months of sleuthing and probing.
But Ng was a good choice of media to deal with this, and Ng seems to have handled it very competently and responsibly, so credit where it’s due, but this one story doesn’t justify promotion to journo superstar.
So this was a job well done by both Bailey and Ng due to a job appallingly done by MSD.
Now the attention should be on addressing data access in MSD, and across all Government data.
And MSD should be urgently investigating whether their data was also accessed and possibly copied by anyone else.