How secure is our registry?
Imagine if criminals hacked into Victoria’s firearms registry.
Tech giants such as Yahoo and Sony have had their systems hacked, so it is not hard to imagine that our registry is a viable target.
Importantly, we don’t know how well – or poorly – it is protected.
The registries: are they a key vulnerability?
There’s no doubt the Victoria Police hold information which is valuable to every criminal. Information about us.
Normally holders of private information, such as what is in our bank accounts, is subject to commonly accepted assurance practices which involve independent verification.
VicPol does not do this.
Only recently, details of over 8,000 licensed shooters were inadvertently released by the Game Management authority. All on the strength of an email attachment. While it was accidental, it shows the danger that the poor management of data can be.
The security of firearms is a shared responsibility
Responsibility for maintaining the security of firearms doesn’t just fall on the firearms owner.
It also falls on our regulators who have a duty-of-care to keep your information secure. If a gun is stolen, then it shouldn’t be just the owner who is questioned by the police.
As is the case with money sitting in our bank accounts, the security of our firearms is useless if the information is not sufficiently protected.
No public assurance exists in Victoria
Good business practices follow established standards. For example, businesses which comply with ISO 9000, are certifying they have quality management processes.
When it comes to the protection of information on firearms held by Victoria’s 200,000 licensed shooters, we are entitled to ask what assurance does Victoria Police provide?
We don’t know.
What we do know is that the GMA leak follows similar data breaches by, in our understanding, every other firearms registry in Australia.
We need independently and credible assurance of the security of our registry
We believe the Victorian Auditor General’s Office should audit the security around the data held on Victoria’s firearm registry.
We believe it should provide a certificate of assurance to parliament every second year.
Who should pay for any improvements?
Audits often find room for improvement. If changes to our registry are needed, then the question is who should pay?
Come along and have your say!
Gun owners have been paying for the management of our firearms registry from their licence and registration fees for decades.
If improvements were needed, then it needs to be funded out of VicPol’s budget: shooters should not have to pay a second time.
If the costs of this outweigh the benefits – which was the case in New Zealand and Canada – then that’s another matter the government should be prepared to have an open discussion about.
Without assurance, there cannot be confidence
No accreditation means no confidence.
The government, community and shooters are entitled to expect confidence that information held by our registry is safe and never be stolen or leaked. Like a bank. In line with some published industry standard.
Otherwise, as we saw with the GMA leak, there can be no confidence that our Registry can live up to it’s obligation of shared responsibility.