Smart Nation, dumb move?
Posted June 9, 2016on:
This tweet woke me up yesterday morning like no alarm clock could.
Here is the short version of the article:
- By May next year, civil servants* in government offices will only be allowed to access the Internet via dedicated terminals
- These workers will be allowed to use their own personal mobile devices for “web surfing”
- “Public servants will be allowed to forward work e-mails to their private accounts, if they need to”
- The Asia-Pacific executive vice-president of global computing security association, Cloud Security Alliance, described the move as returning to the 1990s
- The move is by the Infocomm Development Authority (IDA) and could affect 100,000 computers
*These do not include mainstream schools teachers.
Part of me wants to react emotionally and scream why not also limit workers to electricity, water, and toilet breaks? Have the authorities not caught on to the revised hierarchy of needs?
Another part of me is confused. Did the same agency not trumpet our plans to be a Smart Nation?
Are we sending a message that we want the Internet of Things but not the Internet of People? Perhaps it is wise for just objects to communicate with each other. The weakest links tend to be the humans after all. If you do not believe me, imagine what has happened, already happens, and will happen with the forwarding email policy.
Perhaps this is an accidental conspiracy by the IDA to get civil servants to use their own mobile devices. That way government agencies spend less on digital bandwidth and can claim that they have people-centric BYOD programmes. Smart, eh?
Since we like to call these devices smart — smart phones, smart boards, smart rooms — we can stop thinking altogether.
The powers-that-be might not have embraced the fact that the Internet is a socio-technical system. The clampdown is an attempt to minimise stupid human behaviour like security leaks by addressing the technical component. This will still allow ignorant people access to limited terminals and their own “smart” devices.
Where is the long-running, long-term educational or professional development programme in all this? Perhaps there is one and the press found it too mundane to highlight.
Whatever the scenario, anyone who has worked in a large organisation knows how their IT departments operate. Instead of supporting work and learning, they end up determining policy and creating more red tape. They would rather dictate than educate.
Computer security is important in the modern workplace, but it should not be an excuse to revert to dumb or blind practice. The very people that security policies seek to control are the same assets it needs to inform and educate instead.
We need to play the long game of creating a culture of tech-savvy and actually smart practice. A policy like restricting access has immediate returns on the security front, but it does little to nurture a long term culture of trust, critical thinking, and ethical practice.