Saturday, March 6, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

How the B-Team watches over Australia’s encryption laws and cybersecurity

February 6, 2020
in Internet Security
How the B-Team watches over Australia’s encryption laws and cybersecurity
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The cybersecurity of the Attorney-General’s Department (AGD) has not been independently assessed by the Australian Signals Directorate (ASD) despite it being made an action item nearly four years ago.

The nation’s Cyber Security Strategy of April 2016 said that government agencies “at higher risk of malicious cyber activity” would receive “independent cybersecurity assessments”.

You might also like

Cyberattack shuts down online learning at 15 UK schools

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

A discussion paper [PDF] for the 2020 strategy, released in September 2019, reported that “ASD has conducted active vulnerability assessments of a number of key government agencies”.

But in written evidence given to the Senate Standing Committee on Legal and Constitutional Affairs this week, AGD revealed it wasn’t one of them.

“ASD has not conducted an independent security assessment against Attorney-General’s Department networks,” it wrote.

“No additional funding has been provided to AGD for cybersecurity remediation activity.”

AGD has vastly increased its spend on cybersecurity across the last four years, however.

From a base of AU$47,197 in 2015-2016, when they began tracking the annual operational spending of the IT Security Section, it rose to AU$225,826 in 2016-2017, then to AU$641,985 in 2017-2018. In 2018-2019, it declined slightly to AU$562,222.

“Other sections, projects, and activities make a substantial contribution to improving the overall cybersecurity posture, but are associated to other cost centres,” AGD wrote.

But the department declined to answer specific questions about its compliance with the ASD Essential Eight cybersecurity controls, citing security concerns.

“Publicly identifying details of any briefings provided to the Attorney-General on cybersecurity vulnerabilities on departmental networks would provide an individualised snapshot in time and may provide a heat map of vulnerabilities for departmental networks, which malicious actors may exploit and thus increase the agency’s risk of cyber incidents,” it wrote.

Telco intercept warrants issued after mere minutes of consideration

It’s bad enough that most telecommunications interception warrants are not approved by judges but by members of the Administrative Appeals Tribunal (AAT).

What’s worse is that these less-qualified officials can spend mere minutes making their decision with no legal support from AAT staff.

After so little thought, and without further independent oversight, law enforcement agencies are free to use their controversial new powers under the controversial Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018.

They can issue a “voluntary” Technical Assistance Request (TAR) to get a communications provider to help access the contents of an encrypted communication. Or they can issue a compulsory Technical Assistance Notice (TAN) to the same end.

Some seven TARs or TANs were issued by law enforcement in the first seven months of the Act’s operations. The number issued by the spooky agencies, meanwhile, is unknown.

The concern, first raised by The Saturday Paper a year ago, is that AAT members might more readily approve warrants than judges, although there’s no data on this one way or the other.

There have been concerns that many AAT members are political appointees with no legal qualifications. More than 60% of members appointed since 1 July 2015 are not legally trained, according to further AGD evidence to the Legal and Constitutional Affairs Committee.

And while section 5DA of the Telecommunications (Interception and Access) Act 1979 states that only AAT members who are “enrolled as a legal practitioner of the High Court, of another federal court, or of the Supreme Court of a State or of the Australian Capital Territory” for at least five years are approved to issue warrants — a lawyer with five years experience is not a judge.

“Some legal experts argue that judges are more experienced and therefore more qualified to assess warrant applications than a lawyer with five years’ practising experience,” The Saturday Paper wrote.

“Key to this is the fact that during these warrant proceedings, there is no party making an opposing argument.”

Judges are experienced in weighing up the pros and cons of a case to ensure fairness. Lawyers are experienced at arguing for their client’s position. They’re not the same.

Also concerning is the amount of support given to AAT members in this role: None.

The Senate was told that “members undertake these functions in a personal capacity (as a persona designata) and not as part of their duties as a member of the AAT”.

“AAT staff do not provide any legal support in respect of applications considered by an AAT member under the Act,” AGD wrote.

“The AAT and AAT staff provide limited assistance to facilitate the performance of these functions, particularly scheduling appointments.”

Those appointments can be very brief indeed.

“Since 1 July 2015 the average (mean) length of all appointments with AAT members for warrant-related purposes is just 18 minutes,” AGD wrote.

“The shortest amount of time recorded for an appointment that proceeded is 1 minute. The data is not subject to auditing.”

Maybe the members spend hours of their own time wrestling over whether to approve each warrant. On that matter, your writer has a simple response: Prove it.

Either way, it might well be argued that one minute doesn’t allow for a serious challenge to a warrant application’s claimed merits.

Information Commissioner to focus on healthcare industry

Australia’s health sector continues to be the most affected by data breaches, according to the Office of the Australian Information Commissioner (OAIC).

Some 58 notifiable data breaches (NDBs) were received by the OAIC between 1 January 2019 and 31 March 2019.

“The OAIC’s 2019-20 corporate plan includes a continued focus on the health sector, particularly centred on uplifting the health sector’s security posture,” it told the Senate this week.

In September 2019, the OAIC released a Guide to Health Privacy.

“[The OAIC] is currently undertaking an associated outreach and social media campaign. This campaign includes the development of a toolkit to assist health service providers improve their information handling practices,” it said.

Also during Estimates in November, the OAIC was asked if it was conducting an investigation into an alleged AU$10 million international identity theft scam that had affected several of Australia’s largest super funds, including REST Super, AustralianSuper, and HESTA.

“The Information Commissioner has not opened an investigation into the named organisations in relation to the media report of an alleged identity theft scam,” the OAIC said.

It did add, however, that the maximum current penalty that the Federal Court can impose for a serious or repeated interference with privacy is AU$2.1 million for a body corporate.

In recent years, the OAIC has found it difficult to process Freedom of Information (FOI) requests promptly. A substantial increase in all types of requests has since widened the gap, resulting in increased delays and backlogs.

This week the OAIC revealed that meeting the demand for FOI regulatory work would require nine more staff at a cost A$1.65 million a year, plus A$300,000 in the first year for accommodation.

Your writer is of the view that this is back-of-the-couch money, given that it would deliver a significant increase in government transparency.

RELATED COVERAGE

Credit: Zdnet

Previous Post

The Rise of the Open Bug Bounty Project

Next Post

How AI has helped improve Google Maps

Related Posts

Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
These two unusual versions of ransomware tell us a lot about how attacks are evolving
Internet Security

These two unusual versions of ransomware tell us a lot about how attacks are evolving

March 6, 2021
Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers
Internet Security

Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers

March 6, 2021
Next Post
How AI has helped improve Google Maps

How AI has helped improve Google Maps

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Facebook enhances AI computer vision with SEER
Machine Learning

Facebook enhances AI computer vision with SEER

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
Hands-on Guide to Interpret Machine Learning with SHAP –
Machine Learning

Hands-on Guide to Interpret Machine Learning with SHAP –

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
Revolution by Artificial Intelligence, Machine Learning and Deep Learning in the healthcare industry
Machine Learning

Revolution by Artificial Intelligence, Machine Learning and Deep Learning in the healthcare industry

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Cyberattack shuts down online learning at 15 UK schools March 6, 2021
  • Facebook enhances AI computer vision with SEER March 6, 2021
  • Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments March 6, 2021
  • Hands-on Guide to Interpret Machine Learning with SHAP – March 6, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates