Tag Archives: access

Home rapid antigen testing is on its way. But we need to make sure everyone has access

Posted on by

Shutterstock

Lesley Russell, University of SydneyAs Australia opens up and we learn to live with COVID-19, rapid antigen tests are likely to play an increasingly important role in limiting the spread of the virus.

So we can expect growing demand for these tests, which can give a result in minutes, and are already used in other countries, including the United Kingdom.

Airline travel, accommodation, entry to ticketed events and school attendance may depend on this type of testing. Large-scale family gatherings and community events will also want to ensure the safety of all attendees, especially if some, for whatever reason, are unvaccinated.



Read more:
Rapid antigen tests have long been used overseas to detect COVID. Here’s what Australia can learn

What are rapid antigen tests?

Rapid antigen tests have many advantages over the polymerase chain reaction (PCR) tests used at public testing centres. They are cheaper,
can be used anywhere at any time, and results are available within minutes. But they are also less reliable than PCR tests.

The Therapeutic Goods Administration (TGA) has approved dozens of these rapid antigen tests. But these are only available for use in health care, aged care, schools and workplaces.

These tests are not commercially available for home use, although this is on its way. Health Minister Greg Hunt expects home tests will be available from November 1.

Between now and then, here are four issues we need to consider if individuals and families are expected to use these tests and if rapid antigen testing is to be an effective and equitable gateway to activities and services.

1. Do they work?

The TGA will need to ensure the tests, many of which were developed more than a year ago, perform well with the Delta variant.

A Cochrane review recommends evaluations of the tests in the settings where they are intended to be used to fully establish how well they work in practice. It is not clear if this research is being done in Australia.

Tests from different manufacturers vary in accuracy and are less accurate in people without symptoms and/or with low viral loads – when they will most likely be used.



Read more:
Rapid antigen testing isn’t perfect. But it could be a useful part of Australia’s COVID response

Many home tests advise testing twice over a three-day period, with at least 36 hours between tests; they work best when testing is done regularly.

Appropriate consumer information material needs to be included with the tests to ensure people are using and interpreting them correctly at home.

There also needs to be a back-up service (such as a telephone hotline) for people who are confused, get unexpected results, and for those who test positive and need PCR testing to confirm their status.

Person at home dropping reagent into a rapid antigen test
People need adequate instructions to use these tests correctly.
Shutterstock

2. Do we have enough tests?

There are already signs supply of these tests could be a problem.

The biggest Australian manufacturer of rapid antigen tests has a large government supply contract with the United States, where supply of such tests cannot keep pace with demand.

India has also recently acted to restrict export of rapid antigen tests.

There are indications the federal government has supplies for distribution to aged-care facilities and local government areas as needed. However, the extent of the stockpile – and whether tests might be released from the stockpile for home use – is unknown.

3. What will they cost?

Once approved for use at home, people will most likely be able to buy these tests in pharmacies. However, there’s been no suggestion these will be subsidised or their price controlled.

There are different international approaches. In the UK, people can order two packs of seven tests free from a government website and can pick them up from places including pharmacies and libraries.

In Germany, people can buy tests in supermarkets for about €25 (about AU$39) for a pack of five.

In the US, there are huge price variations with each test costing US$5-30 (about AU$6.80-$40.90).

In Australia, worksites in Sydney can buy tests direct from suppliers for AU$8.50-$12.50 (depending on quantity). But they also need to employ a health-care professional to oversee their use.

Companies providing rapid antigen tests are reportedly contacting schools, saying they can supply tests at A$15 each (with additional costs for a nurse and administration).

It will not be sustainable to ask parents of schoolchildren and university students to pay such costs on an ongoing basis.



Read more:
Keeping workers COVID-safe requires more than just following public health orders

4. How do we ensure equity?

US survey results indicate Americans’ willingness to regularly use home testing is price sensitive. That surely is also the case in Australia.

To date, all the signs are the federal government is taking a hands-off approach to the introduction of rapid antigen testing for home use. But it’s essential we have effective distribution mechanisms to cover all of Australia. We also need a regulated price structure and/or subsidies to make the cost of these tests affordable.

Failure to ensure availability and affordability of home testing will further disadvantage Australians already disproportionately affected by the pandemic.



Read more:
As lockdowns ease, vaccination disparities risk further entrenching disadvantage


The Conversation

Lesley Russell, Adjunct Associate Professor, Menzies Centre for Health Policy, University of Sydney

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Police access to COVID check-in data is an affront to our privacy. We need stronger and more consistent rules in place

Posted on by

Graham Greenleaf, UNSW and Katharine Kemp, UNSWThe Australian Information Commissioner this week called for a ban on police accessing QR code check-in data, unless for COVID-19 contact tracing purposes.

State police have already accessed this data on at least six occasions for unrelated criminal investigations, including in Queensland and Western Australia — the latter of which has now banned this. Victorian police also attempted access at least three times, according to reports, but were unsuccessful.

The ACT is considering a law preventing police from engaging in such activity, but the position is different in every state and territory.

We need cooperation and clarity regarding how COVID surveillance data is handled, to protect people’s privacy and maintain public trust in surveillance measures. There is currently no consistent, overarching law that governs these various measures — which range from QR code check-ins to vaccine certificates.



Read more:
Australia has all but abandoned the COVIDSafe app in favour of QR codes (so make sure you check in)

Last week the Office of the Australian Information Commissioner released a set of five national COVID-19 privacy principles as a guide to “best practice” for governments and businesses handling personal COVID surveillance data.

But we believe these principles are vague and fail to address a range of issues, including whether or not police can access our data. We propose more detailed and consistent laws to be enacted throughout Australia, covering all COVID surveillance.

Multiple surveillance tools are being used

There are multiple COVID surveillance tools currently in use in Australia.

Proximity tracking through the COVIDSafe app has been available since last year, aiming to identify individuals who have come into contact with an infected person. But despite costing millions to develop, the app has reportedly disclosed only 17 unique unknown cases.

Over the past year we’ve also seen widespread attendance tracking via QR codes, now required by every state and territory government. This is probably the most extensive surveillance operation Australia has ever seen, with millions of check-ins each week. Fake apps have even emerged in an effort to bypass contact tracing.

In addition, COVID status certificates showing vaccination status are now available on MyGov (subject to problems of registration failure and forgery). They don’t yet display COVID test results or COVID recovery status (as they do in countries in the European Union).

It’s unclear exactly where Australian residents will need to show COVID status certificates, but this will likely include for travel between states or local government areas, attendance at events (such as sport events and funerals) and hospitality venues, and in some “no jab no job” workplaces.

As a possible substitute for hotel quarantine, South Australia is currently testing precise location tracking to enable home quarantine. This combines geolocation tracking of phones with facial recognition of the person answering the phone.
Shutterstock

The proposed principles don’t go far enough

The vague privacy principles proposed by Australia’s privacy watchdogs are completely inadequate in the face of this complexity. They are mostly “privacy 101” requirements of existing privacy laws.

Here they are summarised, with some weaknesses noted.

  1. Data minimisation. The personal information collected should be limited to the minimum necessary to achieve a legitimate purpose.
  2. Purpose limitation. Information collected to mitigate COVID-19 risks “should generally not be used for other purposes”. The term “generally” is undefined, and police are not specifically excluded.
  3. Security. “Reasonable steps” should be taken to protect this data. Data localisation (storing it in Australia) is mentioned in the principles, but data encryption is not.
  4. Data retention/deletion. The data should be deleted once no longer needed for the purpose for which it was collected. But there is no mention of a “sunset clause” requiring whole surveillance systems to also be dismantled when no longer needed.
  5. Regulation under privacy law. The data should be protected by “an enforceable privacy law to ensure individuals have redress if their information is mishandled”. The implied call for South Australia and Western Australia to enact privacy laws is welcome.

A proposal for detailed and consistent laws

Since COVID-19 surveillance requirements are justified as “emergency measures”, they also require emergency quality protections.

Last year, the federal COVIDSafe Act provided the strongest privacy protections for any category of personal information collected in Australia. Although the app was a dud, the Act was not.

The EU has enacted thorough legislation for EU COVID digital certificates, which are being used across EU country borders. We can learn from this and establish principles that apply to all types of COVID surveillance in Australia. Here’s what we recommend:

  1. Legislation, not regulations, of “emergency quality”. Regulations can be changed at will by the responsible minister, whereas changes in legislation require parliamentary approval. Regarding COVID surveillance data, a separate act in each jurisdiction should state the main rules and there should be no exceptions to these — not even for police or ASIO.
  2. Prevent unjustifiable discrimination. This would include preventing discrimination against those who are unable to get vaccinated such as for health reasons, or those without access to digital technology such as mobile phones. In the EU, it’s free to obtain a paper certificate and these must be accepted.
  3. Prohibit and penalise unauthorised use of data. Permitted uses of surveillance data should be limited, with no exceptions for police or intelligence. COVID status certificates may be abused by employers or venues that decide to grant certain rights privileges based on them, without authorisation by law.
  4. Give individuals the right to sue. If anyone breaches the acts we propose above for each state, individuals concerned should be able to sue in the courts for compensation for an interference with privacy.
  5. Prevent surveillance creep. The law should make it as difficult as possible for any extra uses of the data to be authorised, say for marketing or town planning.
  6. Minimise data collection. The minimum data necessary should be collected, and not collected with other data. If data is only needed for inspection, it should not be retained.
  7. Ongoing data deletion. Data must be deleted periodically once it is no longer needed for pandemic purposes. In the EU, COVID certificate data inspected for border crossings is not recorded or retained.
  8. A “sunset clause” for the whole system. Emergency measures should provide for their own termination. The law requires the COVIDSafe app to be terminated when it’s no longer required or effective, along with its data. A similar plan should be in place for QR-code data and COVID status certificates.
  9. Active supervision and reports. Privacy authorities should have clear obligations to report on COVID surveillance operations, and express views on termination of the system.
  10. Transparency. Overarching all of these principles should be requirements for transparency. This should include publicly releasing medical/epidemiological advice on necessary measures, open-source software in all cases of digital COVID surveillance, initial privacy impact assessments and sunset clause recommendations.

COVID-19 has necessitated the most pervasive surveillance most of us have ever experienced. But such surveillance is really only justifiable as an emergency measure. It must not become a permanent part of state surveillance.



Read more:
Coronavirus: digital contact tracing doesn’t have to sacrifice privacy


The Conversation

Graham Greenleaf, Professor of Law and Information Systems, UNSW and Katharine Kemp, Senior Lecturer, Faculty of Law & Justice, UNSW, UNSW

This article is republished from The Conversation under a Creative Commons license. Read the original article.

India’s not joining the latest free-trade deal which limits Australia’s market access

Posted on by

Pat Ranald, University of Sydney

Australian prime minister Scott Morrison and other leaders involved in the Regional Comprehensive Economic Partnership (RCEP) announced late yesterday that 15 of the 16 countries have finalised the text, and are prepared to sign the trade deal in early 2020.

India is the only one not to join, a joint leaders’ statement saying the country had “significant outstanding issues”. Negotiations will continue in the hope it may join later.

The RCEP now involves Australia, New Zealand, China, Japan, South Korea and the 10 Association of Southeast Asian Nations (ASEAN) countries, covering 2.5 billion people.



Read more:
Arrogance destroyed the World Trade Organisation. What replaces it will be even worse

A lost Indian market, for now, and concerns about corporate power

India’s absence severely diminishes the market access Australia hoped to gain. Australia already has a free trade agreement with ASEAN, and has bilateral free trade agreements with all of the other countries.

India would have been the main area of additional market access for Australian agricultural and other exports.

RCEP negotiations have dragged on since 2012. Much attention has focused on India’s resistance to lower tariffs and emphasised the importance of concluding a major trade deal in the face of US president Donald Trump’s America-first protectionism.

But there is a hidden contentious agenda of non-tariff issues that has influenced India’s decision and could restrict future government regulation by giving more rights to global corporations.

These deserve more public discussion in Australia, and reflect the widely divergent levels of economic development of RECP countries.

A secret deal

As usual, the wording of the RECP deal is secret. The final text will not be revealed until after it is signed.

It’s a process widely criticised by both civil society groups and the Productivity Commission.

This secrecy favours corporate players, which have the most resources to lobby governments.

Leaked documents reveal the industrialised countries, including Japan, South Korea and Australia, have been pushing non-tariff rules that suit their major corporations, similar to those in the controversial Trans-Pacific Partnership (TPP).

These have been resisted by developing countries, which have more vulnerable populations, and wish to preserve regulatory space to develop local industries.

Concern over foreign investor rights

The contested proposals include foreign investor rights to bypass national courts and sue governments for millions of dollars in international tribunals if they can argue a change in law or policy will harm their investment. This is known as Investor-State Dispute Settlement or ISDS.



Read more:
Suddenly, the world’s biggest trade agreement won’t allow corporations to sue governments

Tobacco company Philip Morris used ISDS to sue our government for compensation over our plain packaging law, a public health measure designed to discourage young smokers. Australia won in the end, but at a cost to taxpayers of $12 million.

Most of the 983 known ISDS cases have been taken against developing countries, with increasing numbers against health, environment, indigenous land rights, labour laws and other public interest regulation in both developing and industrialised countries.

RCEP members India and Indonesia have policies to exclude or severely restrict investor rights in new agreements.

ISDS has been reportedly excluded from the RCEP text. India was one of the main opponents of ISDS. We won’t know for sure whether ISDS is still excluded until the text is released after signing.

Other concerns over patents and e-commerce

Even more contentious are proposals that pharmaceutical companies should be given longer patent monopolies on medicines than the current 20 years. This would delay the availability of cheaper medicines, at greatest cost to developing countries.

There are also proposals to extend to developing countries’ rules on patenting of seeds and plants that apply to industrialised countries. This would make it more difficult for millions of small-scale farmers in developing countries to save and exchange seeds with each other as they have done for centuries. They lack the capacity to use the legal system to obtain patent rights and lack the funds to buy patented seeds.

The RCEP also includes an e-commerce chapter that mandates free cross-border data flows for global corporations such as Google and Facebook. This makes it more difficult for governments to regulate them.

For example, if trade rules forbid requirements to store data locally, then national privacy laws and other consumer protections cannot be applied to data stored in other countries.

The recent Digital Platforms report of the Australian Consumer and Competition Commission recommended more, not less regulation of these corporations. That was in the face of scandals about violations of consumer privacy, misuse of data in elections and tax evasion.

Developing countries are also concerned rules favouring the global tech companies will lock in their market dominance at the expense of local IT industry development.

These conflicts between governments have been deepened by national pressures from civil society groups in RCEP countries including Australia. When RECP negotiations were held in Australia in July this year, 52 community organisations, including public health, union, church, environment and aid groups endorsed a letter to the trade minister Simon Birmingham. They asked him to oppose ISDS and longer medicine monopolies in the RCEP, and to release the text for independent evaluation before it is signed.

Show us the deal

Even without India in the deal, the Australian government says it will boost local jobs and exports.



Read more:
Myth busted: China’s status as a developing country gives it few benefits in the World Trade Organisation

But without India, claimed market access gains are marginal for Australia and must be evaluated against the costs of expanded corporate rights and restraints on future government regulation.

That’s why the text of the RCEP deal should be released before it is signed and there should be independent evaluation of its costs and benefits for both Australia and its trading partners.The Conversation

Pat Ranald, Research fellow, University of Sydney

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Don’t click that link! How criminals access your digital devices and what happens when they do

Posted on by


File 20190207 174851 1lwq94r.jpg?ixlib=rb 1.1
A link is a mechanism for data to be delivered to your device.
Unsplash/Marvin Tolentino

Richard Matthews, University of Adelaide and Kieren Niĉolas Lovell, Tallinn University of Technology

Every day, often multiple times a day, you are invited to click on links sent to you by brands, politicians, friends and strangers. You download apps on your devices. Maybe you use QR codes.

Most of these activities are secure because they come from sources that can be trusted. But sometimes criminals impersonate trustworthy sources to get you to click on a link (or download an app) that contains malware.

At its core, a link is just a mechanism for data to be delivered to your device. Code can be built into a website which redirects you to another site and downloads malware to your device en route to your actual destination.

When you click on unverified links or download suspicious apps you increase the risk of exposure to malware. Here’s what could happen if you do – and how you can minimise your risk.



Read more:
How suppliers of everyday devices make you vulnerable to cyber attack – and what to do about it

What is malware?

Malware is defined as malicious code that:

will have adverse impact on the confidentiality, integrity, or availability of an information system.

In the past, malware described malicious code that took the form of viruses, worms or Trojan horses.

Viruses embedded themselves in genuine programs and relied on these programs to propagate. Worms were generally stand alone programs that could install themselves using a network, USB or email program to infect other computers.

Trojan horses took their name from the gift to the Greeks during the Trojan war in Homer’s Odyssey. Much like the wooden horse, a Trojan Horse looks like a normal file until some predetermined action causes the code to execute.

Today’s generation of attacker tools are far more sophisticated, and are often a blend of these techniques.

These so-called “blended attacks” rely heavily on social engineering – the ability to manipulate someone to doing something they wouldn’t normally do – and are often categorised by what they ultimately will do to your systems.

What does malware do?

Today’s malware comes in easy to use, customised toolkits distributed on the dark web or by well meaning security researchers attempting to fix problems.

With a click of a button, attackers can use these toolkits to send phishing emails and spam SMS messages to eploy various types of malware. Here are some of them.

https://datawrapper.dwcdn.net/QDA3R/2/

  • a remote administration tool (RAT) can be used to access a computer’s camera, microphone and install other types of malware

  • keyloggers can be used to monitor for passwords, credit card details and email addresses

  • ransomware is used to encrypt private files and then demand payment in return for the password

  • botnets are used for distributed denial of service (DDoS) attacks and other illegal activities. DDoS attacks can flood a website with so much virtual traffic that it shuts down, much like a shop being filled with so many customers you are unable to move.

  • crytptominers will use your computer hardware to mine cryptocurrency, which will slow your computer down

  • hijacking or defacement attacks are used to deface a site or embarrass you by posting pornographic material to your social media

An example of a defacement attack on The Utah Office of Tourism Industry from 2017.
Wordfence



Read more:
Everyone falls for fake emails: lessons from cybersecurity summer school

How does malware end up on your device?

According to insurance claim data of businesses based in the UK, over 66% of cyber incidents are caused by employee error. Although the data attributes only 3% of these attacks to social engineering, our experience suggests the majority of these attacks would have started this way.

For example, by employees not following dedicated IT and information security policies, not being informed of how much of their digital footprint has been exposed online, or simply being taken advantage of. Merely posting what you are having for dinner on social media can open you up to attack from a well trained social engineer.

QR codes are equally as risky if users open the link the QR codes point to without first validating where it was heading, as indicated by this 2012 study.

Even opening an image in a web browser and running a mouse over it can lead to malware being installed. This is quite a useful delivery tool considering the advertising material you see on popular websites.

Fake apps have also been discovered on both the Apple and Google Play stores. Many of these attempt to steal login credentials by mimicking well known banking applications.

Sometimes malware is placed on your device by someone who wants to track you. In 2010, the Lower Merion School District settled two lawsuits brought against them for violating students’ privacy and secretly recording using the web camera of loaned school laptops.

What can you do to avoid it?

In the case of the the Lower Merion School District, students and teachers suspected they were being monitored because they “saw the green light next to the webcam on their laptops turn on momentarily.”

While this is a great indicator, many hacker tools will ensure webcam lights are turned off to avoid raising suspicion. On-screen cues can give you a false sense of security, especially if you don’t realise that the microphone is always being accessed for verbal cues or other forms of tracking.

Facebook CEO Mark Zuckerberg covers the webcam of his computer. It’s commonplace to see information security professionals do the same.
iphonedigital/flickr

Basic awareness of the risks in cyberspace will go a long the way to mitigating them. This is called cyber hygiene.

Using good, up to date virus and malware scanning software is crucial. However, the most important tip is to update your device to ensure it has the latest security updates.

Hover over links in an email to see where you are really going. Avoid shortened links, such as bit.ly and QR codes, unless you can check where the link is going by using a URL expander.

What to do if you already clicked?

If you suspect you have malware on your system, there are simple steps you can take.

Open your webcam application. If you can’t access the device because it is already in use this is a telltale sign that you might be infected. Higher than normal battery usage or a machine running hotter than usual are also good indicators that something isn’t quite right.

Make sure you have good anti-virus and anti-malware software installed. Estonian start-ups, such as Malware Bytes and Seguru, can be installed on your phone as well as your desktop to provide real time protection. If you are running a website, make sure you have good security installed. Wordfence works well for WordPress blogs.

More importantly though, make sure you know how much data about you has already been exposed. Google yourself – including a Google image search against your profile picture – to see what is online.

Check all your email addresses on the website haveibeenpwned.com to see whether your passwords have been exposed. Then make sure you never use any passwords again on other services. Basically, treat them as compromised.

Cyber security has technical aspects, but remember: any attack that doesn’t affect a person or an organisation is just a technical hitch. Cyber attacks are a human problem.

The more you know about your own digital presence, the better prepared you will be. All of our individual efforts better secure our organisations, our schools, and our family and friends.The Conversation

Richard Matthews, Lecturer Entrepreneurship, Commercialisation and Innovation Centre | PhD Candidate in Image Forensics and Cyber | Councillor, University of Adelaide and Kieren Niĉolas Lovell, Head of TalTech Computer Emergency Response Team, Tallinn University of Technology

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The devil is in the detail of government bill to enable access to communications data

Posted on by

Monique Mann, Queensland University of Technology

The Australian government has released a draft of its long awaited bill to provide law enforcement and security agencies with new powers to respond to the challenges posed by encryption.

According to the Department of Home Affairs, encryption already impacts 90% of Australian Security Intelligence Organisation’s (ASIO) priority cases, and 90% of data intercepted by the Australian Federal Police. The measures aim to counteract estimates that communications among terrorists and organised crime groups are expected to be entirely encrypted by 2020.

The Department of Home Affairs and ASIO can already access encrypted data with specialist decryption techniques – or at points where data are not encrypted. But this takes time. The new bill aims to speed up this process, but these broad and ill-defined new powers have significant scope for abuse.



Read more:
New data access bill shows we need to get serious about privacy with independent oversight of the law

The Department of Home Affairs argues this new framework will not compel communications providers to build systemic weaknesses or vulnerabilities into their systems. In other words, it is not a backdoor.

But it will require providers to offer up details about technical characteristics of their systems that could help agencies exploit weaknesses that have not been patched. It also includes installing software, and designing and building new systems.

Compelling assistance and access

The draft Assistance and Access Bill introduces three main reforms.

First, it increases the obligations of both domestic and offshore organisations to assist law enforcement and security agencies to access information. Second, it introduces new computer access warrants that enable law enforcement to covertly obtain evidence directly from a device (this occurs at the endpoints when information is not encrypted). Finally, it increases existing powers that law enforcement have to access data through search and seizure warrants.

The bill is modelled on the UK’s Investigatory Powers Act, which introduced mandatory decryption obligations. Under the UK Act, the UK government can order telecommunication providers to remove any form of electronic protection that is applied by, or on behalf of, an operator. Whether or not this is technically possible is another question.

Similar to the UK laws, the Australian bill puts the onus on telecommunication providers to give security agencies access to communications. That might mean providing access to information at points where it is not encrypted, but it’s not immediately clear what other requirements can or will be imposed.



Read more:
End-to-end encryption isn’t enough security for ‘real people’

For example, the bill allows the Director-General of Security or the chief officer of an interception agency to compel a provider to do an unlimited range of acts or things. That could mean anything from removing security measures to deleting messages or collecting extra data. Providers will also be required to conceal any action taken covertly by law enforcement.

Further, the Attorney-General may issue a “technical capability notice” directed towards ensuring that the provider is capable of giving certain types of help to ASIO or an interception agency.

This means providers will be required to develop new ways for law enforcement to collect information. As in the UK, it’s not clear whether a provider will be able to offer true end-to-end encryption and still be able to comply with the notices. Providers that breach the law risk facing $10 million fines.

Cause for concern

The bill puts few limits or constraints on the assistance that telecommunication providers may be ordered to offer. There are also concerns about transparency. The bill would make it an offence to disclose information about government agency activities without authorisation. Anyone leaking information about data collection by the government – as Edward Snowden did in the US – could go to jail for five years.

There are limited oversight and accountability structures and processes in place. The Director-General of Security, the chief officer of an interception agency and the Attorney-General can issue notices without judicial oversight. This differs from how it works in the UK, where a specific judicial oversight regime was established, in addition to the introduction of an Investigatory Powers Commissioner.

Notices can be issued to enforce domestic laws and assist the enforcement of the criminal laws of foreign countries. They can also be issued in the broader interests of national security, or to protect the public revenue. These are vague and unclear limits on these exceptional powers.



Read more:
Police want to read encrypted messages, but they already have significant power to access our data

The range of services providers is also extremely broad. It might include telecommunication companies, internet service providers, email providers, social media platforms and a range of other “over-the-top” services. It also covers those who develop, supply or update software, and manufacture, supply, install or maintain data processing devices.

The enforcement of criminal laws in other countries may mean international requests for data will be funnelled through Australia as the “weakest-link” of our Five Eyes allies. This is because Australia has no enforceable human rights protections at the federal level.

It’s not clear how the government would enforce these laws on transnational technology companies. For example, if Facebook was issued a fine under the laws, it could simply withdraw operations or refuse to pay. Also, $10 million is a drop in the ocean for companies such as Facebook whose total revenue last year exceeded US$40 billion.

Australia is a surveillance state

As I have argued elsewhere, the broad powers outlined in the bill are neither necessary nor proportionate. Police already have existing broad powers, which are further strengthened by this bill, such as their ability to covertly hack devices at the endpoints when information is not encrypted.

Australia has limited human rights and privacy protections. This has enabled a constant and steady expansion of the powers and capabilities of the surveillance state. If we want to protect the privacy of our communications we must demand it.

The ConversationThe Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Cth) is still in a draft stage and the Department of Home Affairs invites public comment up until 10th of September 2018. Submit any comments to assistancebill.consultation@homeaffairs.gov.au.

Monique Mann, Vice Chancellor’s Research Fellow in Regulation of Technology, Queensland University of Technology

This article was originally published on The Conversation. Read the original article.

New data access bill shows we need to get serious about privacy with independent oversight of the law

Posted on by


File 20180814 2921 15oljsx.jpg?ixlib=rb 1.1

MICK TSIKAS/AAP

Greg Austin, UNSW

The federal government today announced its proposed legislation to give law enforcement agencies yet more avenues to reach into our private lives through access to our personal communications and data. This never-ending story of parliamentary bills defies logic, and is not offering the necessary oversight and protections.

The trend has been led by Prime Minister Malcolm Turnbull, with help from an ever-growing number of security ministers and senior officials. Could it be that the proliferation of government security roles is a self-perpetuating industry leading to ever more government powers for privacy encroachment?

That definitely appears to be the case.

Striking the right balance between data access and privacy is a tricky problem, but the government’s current approach is doing little to solve it. We need better oversight of law enforcement access to our data to ensure it complies with privacy principles and actually results in convictions. That might require setting up an independent judicial review mechanism to report outcomes on an annual basis.



Read more:
Australia should strengthen its privacy laws and remove exemptions for politicians

Where is the accountability?

The succession of data access legislation in the Australian parliament is fast becoming a Mad Hatter’s tea party – a characterisation justified by the increasingly unproductive public conversations between the government on one hand, and legal specialists and rights advocates on the other.

If the government says it needs new laws to tackle “terrorism and paedophilia”, then the rule seems to be that other side will be criticised for bringing up “privacy protection”. The federal opposition has surrendered any meaningful resistance to this parade of legislation.

Rights advocates have been backed into a corner by being forced to repeat their concerns over each new piece of legislation while neither they nor the government, nor our Privacy Commissioner, and all the other “commissioners”, are called to account on fundamental matters of principle.

Speaking of the commissioner class, Australia just got a new one last week: the Data Commissioner. Strangely, the impetus for this appointment came from the Productivity Commission.

The post has three purposes:

  1. to promote greater use of data,
  2. to drive economic benefits and innovation from greater use of data, and
  3. to build trust with the Australian community about the government’s use of data.

The problem with this logic is that purposes one and two can only be distinguished by the seemingly catch-all character of the first: that if data exists it must be used.

Leaving aside that minor point, the notion that the government needs to build trust with the Australian community on data policy speaks for itself.

National Privacy Principles fall short

There is near universal agreement that the government is managing this issue badly, from the census data management issue to the “My Health Record” debacle. The growing commissioner class has not been much help.

Australia does have personal data protection principles, you may be surprised to learn. They are called “Privacy Principles”. You may be even more surprised to learn that the rights offered in these principles exist only up to the point where any enforcement arm of government wants the data.



Read more:
94% of Australians do not read all privacy policies that apply to them – and that’s rational behaviour

So it seems that Australians have to rely on the leadership of the Productivity Commission (for economic policy) to guarantee our rights in cyber space, at least when it comes to our personal data.

Better oversight is required

There is another approach to reconciling citizens’ interests in privacy protection with legitimate and important enforcement needs against terrorists and paedophiles: that is judicial review.

The government argues, unconvincingly according to police sources, that this process adequately protects citizens by requiring law enforcement to obtain court-ordered warrants to access information. The record in some other countries suggests otherwise, with judges almost always waving through any application from enforcement authorities, according to official US data.

There is a second level of judicial review open to the government. This is to set up an independent judicial review mechanism that is obliged to annually review all instances of government access to personal data under warrant, and to report on the virtues or shortcomings of that access against enforcement outcomes and privacy principles.

There are two essential features of this proposal. First, the reviewing officer is a judge and not a public servant (the “commissioner class”). Second, the scope of the function is review of the daily operation of the intrusive laws, not just the post-facto examination of notorious cases of data breaches.

It would take a lengthy academic volume to make the case for judicial review of this kind. But it can be defended simply on economic grounds: such a review process would shine light on the efficiency of police investigations.

According to data released by the UK government, the overwhelming share of arrests for terrorist offences in the UK (many based on court-approved warrants for access to private data) do not result in convictions. There were 37 convictions out of 441 arrests for terrorist-related offences in the 12 months up to March 2018.



Read more:
Explainer: what is differential privacy and how can it protect your data?

The Turnbull government deserves credit for its recognition of the values of legal review. Its continuing commitment to posts such as the National Security Legislation Monitor – and the appointment of a high-profile barrister to such a post – is evidence of that.

But somewhere along the way, the administration of data privacy is falling foul of a growing bureaucratic mess.

The ConversationThe only way to bring order to the chaos is through robust accountability; and the only people with the authority or legitimacy in our political system to do that are probably judges who are independent of the government.

Greg Austin, Professor UNSW Canberra Cyber, UNSW

This article was originally published on The Conversation. Read the original article.

Australia relies on data from Earth observation satellites, but our access is high risk

Posted on by


File 20170920 22691 bkgy2p
The NASA satellite Landsat-8 collects frequent global multispectral imagery of the Earth’s surface.
NASA

Stuart Phinn, The University of Queensland

This article is part of a series Australia’s place in space, where we’ll explore the strengths and weaknesses, along with the past, present and the future of Australia’s space presence and activities.

Rockets, astronomy and humans on Mars: there’s a lot of excited talk about space and what new discoveries might come if Australia’s federal government commits to expanding Australia’s space industry.

But one space industry is often left out of the conversation: Earth observation (EO).

Read more: Why it’s time for Australia to launch its own space agency

EO refers to the collection of information about Earth, and delivery of useful data for human activities. For Australia, the minimum economic impact of EO from space-borne sensors alone is approximately A$5.3 billion each year.

And yet the default position of our government seems to be that the provision of EO resources will come from other countries’ investments, or commercial partners.

This means the extensive Commonwealth-state-local government and industry reliance on access to EO services remains a high-risk.

What is EO (Earth observation)?

You’ve almost certainly relied on EO at some point already today.

The wide range of government, industry and societal uses of Earth observation in Australia.
Australian Earth Observation Community Coordination Plan 2026

EO describes the activities used to gather data about the Earth from satellites, aircraft, remotely piloted systems and other platforms. It delivers information for our daily weather and oceanographic forecasts, disaster management systems, water and power supply, infrastructure monitoring, mining, agricultural production, environmental monitoring and more.

Global positioning and navigation, communications and information derived from satellites looking at, and away from Earth are referred to as “downstream” space activities.

“Upstream” activities are the industries building infrastructure (satellites, sensors), launch vehicles and ground facilities for operating space-based equipment. In this arena, countries such as Russia focus on building, launching and operating satellites and space craft. Others (such as Canada, Italy, UK) target developing industries and government activities that use these services. The US and China maintain a balance.

Components of Australia’s Earth-observation space capabilities (click to zoom for a clearer view)
Australian Earth Observation Community Coordination Plan 2026, Author provided

Australia spends very little on space

Although we rely so heavily on downstream space activities in our economic and other operations, Australia invests very little in space: only 0.003% of GDP, according to 2014 figures.

https://datawrapper.dwcdn.net/7fXSG/2/

Other countries have taken very proactive roles in enabling these industries to develop. Most government space agencies around the world invest 11% to 51% of their funds for developing EO capacity. These investments allow industries and government to build downstream applications and services from secure 24/7 satellite data streams.

https://datawrapper.dwcdn.net/P3Fis/5/

Historically, Australia has invested heavily in research and research infrastructure to produce world leading capabilities in the science of astronomy, space-debris tracking and space exploration communications.

In EO there are no comparable national programs or infrastructure, nor have we contributed to international capability at the same levels as these areas. This seems strange given:

  • our world leading status in applied research and extensive government use of these data as fully operational essential and critical information streams
  • all of the reports requesting increases in government support and enabling for “space” industry cite our reliance on EO as essential, but then don’t present paths forward for it
  • there are now a number of well established and growing small companies focused on delivering essential environmental, agricultural, grazing, energy supply and infrastructure monitoring services using EO, and
  • we have a well organised EO community across research, industry and government, with a clearly articulated national strategic plan to 2026.
Example of an information delivery service built from Earth observation data streams to deliver property level information to graziers and others land-holders (click to zoom for a clearer view).
P Tickle, FarmMap4D, Author provided

Building Australia’s EO capacity

EO plays a vital role in many aspects of Australian life. Australia’s state and Commonwealth agencies, along with research institutions and industry have already built essential tools to routinely deliver satellite images in a form that can be developed further by private industry and delivered as services.

But our lack of a coordinating space agency adds a layer of fragility to vital EO operations as they currently stand.

Read more: The 50 year old space treaty needs adaptation

This places a very large amount of Commonwealth, state and local government activity, economic activity and essential infrastructure at risk, as multiple recent national reviews have noted.

Our federal government started to address the problem with its 2013 Satellites Utilisation Policy, and will hopefully build on this following the current rounds of extensive consultation for the Space Industry Capability Review.

Although our private EO upstream and downstream industry capabilities are currently small, they are world leading, and if they were enabled with government-industry support in a way that the Canadian Space Agency, the European Space Agency/European Commission and UK Space Agency do, we could build this sector.

If Australia is to realistically participate in the “Space 2.0” economy, we need to act now and set clear goals for the next five, ten and 20 years. EO can be a pillar for this activity, enabling significant expansion of our upstream and downstream industries. This generates jobs and growth and addresses national security concerns.

That should be a win for all sectors in Australia – and we can finally give back and participate globally in space.

The ConversationData sources for figure “Proportion of space budget spent on different capacities”: NASA; ESA – here and here; JAXA; PDF report on China.

Stuart Phinn, Professor of Geography, Director – Remote Sensing Research Centre, Chair – Australian Earth Observation Community Coordination Group, The University of Queensland

This article was originally published on The Conversation. Read the original article.

Posts for the Time Being

Posted on by

I thought I’d post a quick update on what is currently happening with me and posts to my Blog. It is a short story really. I live in a town which is a massive tourist destination during the holiday season – especially at this time of year. What this means for me – being reliant on wireless access to the Internet – is real difficulty gaining Internet access. There are so many people in the area, using so many gadgets and the like, that the Internet is locked into a constant traffic jam. It is practically impossible to get Internet access most of the time. You do get the odd time where you can get access, but it is so slow that it is pointless to try and use it. For example – it takes minutes and minutes just for one page of the Blog to load.

I’ll keep trying to access the Net every so often, but it is likely I’ll be unable to post much for the next couple of weeks. There is good news – the number of tourists in the shopping centre here have diminished, which probably means we are heading back to some form of normality.

Christians Decry Malaysia’s Detention of Bible Books

Posted on by

After stopping 5,100 Bibles in 2009, authorities withhold 30,000 Malay-language copies.

KUALA LUMPUR, Malaysia, March 14 (CDN) — The detaining of 30,000 copies of the New Testament, Psalms and Proverbs in the Malay language at Malaysia’s Kuching Port has “greatly disillusioned” the nation’s Christian community.

The books, imported from Indonesia by the local branch of Gideons International for distribution in schools, churches and longhouses in Betong, Saratok and other Christian areas in Sarawak state, have been detained at the Kuching Port since January.

Authorities told an unnamed officer of the importer on Jan. 12 that he could not distribute the books in Sarawak state, on the island of Borneo, since they “contained words which are also found in the Quran,” according to online news agency Malaysiakini. The officer was ordered to transport the books to the Home Ministry’s office for storage.

Last week, when the same officer enquired of the Home Ministry officials on the status of the Malay Bibles, authorities said they had yet to receive instructions on the matter.

This is not the first time government authorities have detained Malay-language Bibles, and Bishop Ng Moon Hing, chairman of Christian Federation of Malaysia, decried the action.

“The CFM is greatly disillusioned, fed-up and angered by the repeated detention of Bibles written in our national language,” Ng said. “It would appear as if the authorities are waging a continuous, surreptitious and systematic program against Christians in Malaysia to deny them access to the Bible in [Malay].”

An earlier consignment of 5,100 copies of the Good News Bible in Malay, imported by the Bible Society of Malaysia, was detained in Port Klang in March 2009. Together with this latest seizure, the total number of Bibles seized and remaining in possession of the Home Ministry amounts to 35,100 copies.

The CFM, representing a majority of Christians in Malaysia, released a statement on March 10 asserting, “All attempts to import the Bible in Bahasa Malaysia [Malay], i.e. the Alkitab, whether through Port Klang or the Port of Kuching, have been thwarted” since March 2009.

Prior to March 2009, there had been several such incidents, and “each time, tedious steps had to be taken to secure their release,” according to the CFM.

A significant 64 percent of Malaysian Christians are indigenous people from Sabah and Sarawak states who use the Malay language in their daily life. Christian leaders say having Bibles in the Malay language is crucial to the practice of their Christian faith.

Christians make up more than 9 percent of Malaysia’s nearly 28 million people, according to Operation World.

This latest Bible book seizure has irked Christians and drawn criticisms from politicians spanning both sides of the political divide.

The Sarawak Ministers Fellowship issued a statement registering its “strong protest,” describing the detention of the books as “unconstitutional” and in violation of the 18-point agreement for Sarawak in the formation of Malaysia.

Representing the opposition political party, People’s Justice Party (Sarawak Parti Keadilan Rakyat) Chief Baru Bian described the withholding as “religious harassment” and “a blatant disregard of our constitutional right as Christians in Malaysia.”

Chua Soi Lek, president of the Malaysian Chinese Association, a political party within the ruling coalition National Front, proposed that Malay Bibles be allowed to be printed locally. The deputy chief minister of Sarawak, Dr. George Chan, expressed the state government’s willingness to publish the Malay Bible locally.

Home Minister Hishammuddin Hussein was quoted in The Star newspaper today as saying, “The issue … is being resolved amicably with the parties concerned,” though how this was taking place was not apparent. The home minister has reportedly said the books had been withheld pending an appeal over the use of the word “Allah” in The Herald catholic newspaper.

Secretary-General of Malaysian Muslim Youth Movement Mohamad Raimi Abdul Rahim has called for the government to enforce the ban on use of the word “Allah” by non-Muslims nationwide, including in Sabah and Sarawak.

In a controversial court ruling on Dec. 31, 2009, Judge Lau Bee Lan had allowed The Herald to use the word “Allah” for God in the Malay section of its multilingual newspaper. The Home Ministry filed an appeal against the decision on Jan. 4, 2010, but to date there is no indication as to when the case will be heard.

Report from Compass Direct News