There has never been a better time to #WashYourCyberHands.
The COVID-19 pandemic has provided the perfect breeding ground for cyber criminals to capitalise on, and exploit the outbreak of the virus to steal data, commit fraud and circulate online scams. Law enforcement agencies and the cybersecurity industry have seen an increase in the number of targeted cyberattacks by criminals since the outbreak began.
INTERPOL has announced it is launching a global campaign to raise awareness about the top coronavirus related cyber threats throughout the globe. The campaign will provide basic cyber hygiene advice to businesses and individuals on how to ‘wash your cyber hands’ and protect systems and data from cyber threats.Read More
We previously blogged about the plethora of Asian countries who are using telecommunications networks, smart phone applications and messaging services to inform, track and monitor individuals who may have contracted COVID-19. It appears that Australia’s eyes are on similar technology opportunities, as according to an article from the SMH, the Federal Government will ask Australians “within weeks” to opt in and sign up for a mobile application that uses tracking data to alert individuals as to their risks of contracting COVID-19.
According to the article, the relevant application will monitor the movements of participants to inform individuals whether they have been close to someone already infected with COVID-19. The application also has the functionality to enable someone who has contracted the virus to notify health authorities and ensure that an alert is sent to anyone he or she has been in contact with over the previous 24 hours. Both of these processes are part of what is known as “contact tracing”.Read More
Governments around the world are imposing more responsibilities on tech providers to deal with online harms. In response to the recent attacks in Christchurch, in which a gunman livestreamed on Facebook his attack on a mosque, the Australian Government recently enacted the Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019 (Cth) (Act). The Act, which commenced on 6 April 2019, was pushed through swiftly and has a broad reach.
Under the Act, internet, content and hosting service providers must refer details of any ‘abhorrent violent material’ that records or streams ‘abhorrent violent conduct’ to the Australian Federal Police. Abhorrent violent material is material that is audio, visual or audio-visual, and that records or streams ‘abhorrent violent conduct’. Such conduct includes acts of terrorism, murder, attempted murder, torture, rape and kidnapping.Read More
The deadline for submissions on the ACCC’s draft Competition and Consumer (Consumer Data) Rules 2019 (Draft Rules) is fast approaching. The ACCC is seeking feedback from community organisations, businesses and consumers on the approach and positions of the Draft Rules for the Consumer Data Right (CDR) regime until this Friday, 10 May 2019.
Key aspects of the Draft Rules (which are available on the ACCC’s website) include:
- the three ways in which CDR data may be requested;
- the requirements for consent to collect CDR data;
- rules relating to the accreditation process; and
- rules relating to the thirteen privacy safeguards for CDR data.
By Cameron Abbott and Ella Richards
Following an unprecedented surge in cyber attacks against Australian businesses, an attack on Australia’s political infrastructure was imminent. New information reveals that the cyber attack against the Federal Parliament earlier this year was accompanied by yet another directed towards the Liberal, Labour and National parties.Read More
By Cameron Abbott and Ella Richards
In response to the new controversial anti-encryption laws, Australian tech heavyweights have banded together to kick and scream over the restrictive implications the laws are already having on their industry.
Quick history lesson; the Assistance and Access Bill permit law enforcement to demand companies running applications such as Whatsapp to allow “lawful access to information”. This can be through either decryption of encrypted technology, or providing access to communications which are not yet encrypted. These ‘backdoors’ are intended to provide the good guys with the opportunity to fight serious crime, however there’s serious fear that in reality, these doors could throw out privacy or let in unwanted guests.
While the legislation states that backdoors should only be created if it doesn’t result in any ‘systemic weakness’; this is yet to be defined in a concrete and informative way. Industry points out that once created any such measure has the potential to be exploited by others. There is no such thing as a “once” only back door.
There is little doubt that this will end up in litigation as larger industry players challenge the abstract concepts in the legislation against the reality of their technology.
StartupAUS, an industry group of tech executives, have made several recommendations to amend the legislation. Even though they’re not holding their breath for any significant changes, they’re demanding more transparency around the requirements. Their recommendations include scrapping the requirement for an employee to build capabilities to intercept communications, tightening the scope of ‘designated communication providers’, giving oversight on how companies will be targeted and increasing what constitutes a ‘serious offence’.
Australia’s legislative response to the problem faced by law enforcement is one of the most heavy handed in the democratic world, and now has the world of technology companies with their significant impact on our economy watching the latest debate on reforms with great concern.
By Cameron Abbott and Wendy Mansell
The Coalition government is attempting to pass large-scale decryption reforms which will give sweeping powers to law enforcement agencies for overt and covert computer access.
The reforms have caused significant controversy as they may force tech companies and communications providers to modify their services, creating “systemic weaknesses” for intelligence agencies to exploit. However many point out these same vulnerabilities may be utilised by criminals.
Further the potential repercussions of these reforms may undermine consumers’ privacy, safety and trust through unprecedented access to private communications. This could have anti-competitive effects, as the reputations of Australian software developers and hardware manufacturers will suffer within international markets.
At the same time, the harsh reality that terrorists and organised crime increasingly utilise these technologies to evade surveillance highlights a very clear problem for law enforcement authorities.
We won’t seek to suggest where the balance between these interests should lie, but the debate rages on. Stay tuned.
By Cameron Abbott and Keely O’Dowd
Australians now have until 31 January 2019 to decide whether or not to have a My Health Record. The deadline to opt-out of having a My Health Record has been extended again.
Due to privacy and security concerns raised by various stakeholders and medical professionals, the Australian Government has proposed two sets of legislative changes to the My Health Record legislation to strengthen existing privacy protections set out in the legislation and established a Senate Committee inquiry to assess whether the My Health Record system is working and how it can be improved. In July this year, we blogged about the privacy and security concerns raised about the My Health Record system.
During the Senate Committee inquiry, it was revealed by the Office of the Australian Information Commissioner (OAIC) that since the My Health Record system commenced in July 2012, the OAIC has received 88 My Health Records mandatory data breach notifications and 11 mandatory data breach notifications. The data breaches generally involved incorrect information being uploaded to a My Health record.
It is evident to us that the My Health Record system has significant privacy and security issues that should be properly considered before the opt-out period ends. These issues are highlighted in the Senate Committee inquiry final report. In addition, the amending legislation designed to strengthen the privacy protections of the My Health Record system is still being debated in the Senate.
Extending the time for people to decide whether or not to opt-out of a My Health Record is a sensible approach. This gives individuals more time to properly understand the implications of having a My Health Record and for important privacy issues to be considered by the Australian Government.
However if ongoing concerns remain about the privacy and security protections of the My Health Record System by 31 January 2019, if in doubt, better to opt out!
By Cameron Abbott and Colette Légeret
Yesterday, the Australian Government unveiled the draft Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 which aims to compel telecommunication and multi-national tech companies (Providers) to give law enforcement and security agencies (Agencies) access to personal encrypted data of suspected criminals, including terrorists, child sex offenders and criminal organisations.