Turnbull and Shorten urge need to curb terrorists’ opportunities on the internet



File 20170612 10193 iopfr7
Both the government and the opposition will warn about terrorists exploiting cyberspace.
Mick Tsikas/AAP

Michelle Grattan, University of Canberra

Malcolm Turnbull and Bill Shorten will both home in on the importance of tackling cyber issues as part of the fight against terrorism, in parliamentary speeches on Tuesday.

In a security update on the threats facing Australia at home and abroad, Turnbull will say that an “online civil society is as achievable as an offline one”.

“The privacy and security of a terrorist can never be more important than public safety,” he says in notes released ahead of the address.

“The rights and protections of the vast overwhelming majority of Australians must outweigh the rights of those who will do them harm.

“That is truly what balancing the priority of community safety with individual liberties and our way of life is about.”

The government would not take an “if it ain’t broke we won’t fix it” mentality, Turnbull says – rather, Australia is at the forefront of efforts to address future threats.

Attorney-General George Brandis will visit Canada this month to meet his Five Eyes security counterparts – the others are from Britain, the US, New Zealand as well as Canada – and discuss what more can be done by likeminded nations and with the communications and technology industry “to ensure terrorists and organised criminals are not able to operate with impunity within ungoverned digital spaces online”.

Shorten, in his address (an extract of which has been released), will say: “We need to recognise this is a 21st-century conflict – being fought online as well as in the streets. Terrorists are using sophisticated online strategies as well as crude weapons of violence.”

He says this is where the private sector has a responsibility.

“For a long time Daesh has used the internet as an instrument of radicalisation. Through Twitter and Facebook they boast of a propaganda arm that can reach into every home in the world: spreading hate, recruiting followers and encouraging imitators.

“And with encryption technology like Whatsapp and Telegram they can securely communicate not just a message of violence – but instructions in how to carry it out.”

Shorten will acknowledge many internet providers and social media platforms such as Facebook work hard to detect and remove offensive content, namely child pornography and other forms of violent crime.

“But we need more – and these companies have the resources and the capacity to do more.

“As good corporate citizens and responsible members of democratic nations, I’m confident these tech companies will seek to do everything they can to assist the fight against terror.

“We must always be mindful of the rule of the law and the proper protections of our citizens – but we must be equally focused on adapting to new mediums and new technologies to detect and prevent new threats,” Shorten says.

The security focus in parliament comes after last week’s attack in Melbourne, events in Britain, and Friday’s decision by the Council of Australian Governments that there should be a presumption against parole and bail for people who have had any involvement with terrorism.

The ConversationThe government this week will introduce its tough new provisions governing visa and citizenship requirements. They include giving Immigration Minister Peter Dutton power to overrule Administrative Appeal Tribunal decisions on citizenship. Dutton said this would align citizenship provisions with the power he already has in relation to visas. There would still be the right to appeal to the Federal Court. Labor will announce its attitude when it sees the legislation.

https://www.podbean.com/media/player/icjdu-6b9a25?from=site&skin=1&share=1&fonts=Helvetica&auto=0&download=0

Michelle Grattan, Professorial Fellow, University of Canberra

This article was originally published on The Conversation. Read the original article.

Six things every consumer should know about the ‘Internet of Things’



File 20170606 16849 1uprbhi
What happens if your smart kettle is hacked?
Shutterstock

Kayleen Manwaring, UNSW

At least 40% of Australian households now have at least one home “Internet of Things” device. These are fridges, window blinds, locks and other devices that are connected to the internet.

While the Internet of Things (IoT) may lead to more efficiency in our daily lives, my research shows that consumers are exposed to many risks by the use of IoT devices, ranging from disclosure of private information, to physical injury and problems with the devices themselves.

Australia has no specific laws aimed at addressing IoT issues, and current laws intended to protect consumers have gaps and uncertainties when dealing with IoT devices.

1) Your devices can spy on you (and your kids)

Many IoT device manufacturers and suppliers show little regard for customers’ privacy. Some even make money from customer data.

Consumer electronics company Vizio recently agreed to pay US regulators US$2.2 million, after allegedly failing to get appropriate consent from users to track their TV viewing habits.

Late last year, the Norwegian Consumer Council found that a children’s doll recorded anything said to it by children and sent the recordings to a US company. The company reserved the right to share and use the data for a broad range of purposes.

2) Many IoT devices are vulnerable to hacking

The same doll was also found to have a security flaw that allowed strangers to talk and listen through the doll. Security vulnerabilities such as these can be exploited to cause damage in both the physical and virtual worlds.

IoT devices were recently involved in some of the largest “distributed-denial-of-service” attacks – flooding websites with traffic until they crash. The recent huge attacks on internet company Dyn and on the security researcher Brian Krebs were in large part fuelled by hacked IoT devices.

But hacked IoT devices can also be dangerous by themselves. In 2015 Fiat Chrysler recalled 1.4 million vehicles when security researchers proved they could break into smart cars’ systems remotely and control brakes, steering and transmission.

3) Your devices are never really yours, even after you pay for them

Most IoT devices come with some form of embedded software, and the devices won’t work properly – or sometimes at all – without it. This software is usually licensed, not sold, and the conditions imposed through licence agreements can hinder users’ repairing, modifying or reselling their devices.

This can be anti-competitive, as individual users are effectively “locked in” to one brand and one supplier.

For several years now, US farmers have been in a dispute with agricultural machinery manufacturers such as John Deere, over their rights to repair tractors that contain embedded software.

The farmers were granted a three-year exemption to certain copyright laws in 2015. However, John Deere is fighting back.

In October 2016, the company issued a new licence agreement which prohibits almost all software modification on its tractors. This action appears to be an attempt to ensure all repairs are done by John Deere contractors.

4) Your devices know your weaknesses

IoT devices have the potential to collect more intimate data about individuals than was possible with previous devices. This data can then be used to create profiles that give incredible insight into consumers, and can even predict their behaviour.

For a number of years now we’ve known that the embedded technology in smartphones can be used to detect users’ mood, stress levels, personality type etc.

But some IoT devices can collect even more intimate and personalised data. This was evident after a recent out-of-court settlement by a wireless vibrator manufacturer allegedly collecting data without consent.

The consumer profiles that can be built with all this data can then be used to sell us products at times when our willpower is lowest. Retailers are currently using technology to track consumers through stores and send customised messages to mobile phones. This may be linked to our purchase history and what is known about our mood.

5) It’s almost impossible to know what you’re getting yourself into, or how long it will last

Many IoT products are complex hybrids of software, hardware and services, often provided by more than one supplier. What your rights are when things go wrong, and who best to fix it for you, can be hard to figure out.

A recent investigation of the Nest thermostat system revealed that if consumers wanted to understand all of the rights and obligations of those in the supply chain, they needed to read a minimum of 13 different contractual documents.

Even if you know and trust your supplier, they may not be around forever. And when they go, services essential to their products working may disappear as well.

Revolv, a maker of home automation devices, was shut down after the company was acquired by Nest, which was itself acquired by Google. Nest refused to support Revolv’s products, and they stopped working less than two years after being released.

6) The law may not protect you

Many IoT devices put consumer privacy at risk, but the Privacy Act has significant limitations, as the definition of “personal information” is very narrow. The Act doesn’t even apply to many Australian companies, as they do not meet thresholds such as having A$3 million in annual turnover.

Consumers and regulators may attempt to pursue device suppliers under the consumer guarantees in the Australian Consumer Law. But there are grey areas here too. We don’t know what “acceptable quality” is when it comes to some of these devices, for instance. Is an internet-connected kettle that boils water perfectly well, but can be easily hacked, of acceptable quality?

Proceed with caution

Consumers are exposed to significant risks from IoT devices, from predatory use of data, to security flaws and devices no longer being supported. Meanwhile Australia has no specific laws aimed at addressing these IoT issues.

The most recent review of the Australian Consumer Law recommended investigating “emerging technologies” be made a priority. It is vital that a close examination of consumer protection relating to IoT devices be included front-and-centre in this project.

The ConversationIn the meantime, consumers should think long and hard about the risks they are taking on with IoT devices. Do you really need that internet-connected hairbrush?

Kayleen Manwaring, Lecturer, School of Taxation & Business Law, UNSW

This article was originally published on The Conversation. Read the original article.

The NBN: how a national infrastructure dream fell short


Tooran Alizadeh, University of Sydney

Eight years into the Australian government’s National Broadband Network (NBN) project, the nation has an average internet speed50th in the global rankings – that lags well behind many advanced economy countries.

Ongoing secrecy around the NBN, a project that’s likely to cost more than A$50 billion, makes it impossible for the public in most cases to know when and what quality service they will receive. Further, new research shows the NBN rollout was politically motivated and socioeconomically biased from the beginning.

It is perhaps time to remind ourselves of the ups and downs of the project that was once announced as a dream national infrastructure project for the 21st century. This requires a ten-year journey back in time, before we can figure out what needs to be done next.

The ups

In November 2007, after 11 years of Coalition government, Labor was elected on a policy platform that promised a national broadband network.

The NBN company was announced in April 2009 to provide terrestrial fibre network coverage for 93% of Australian premises by the end of 2020. Fixed wireless and satellite coverage would serve the remaining 7%.

Looking back, it’s hard to deny the influence the NBN has had on Australian politics. Perhaps the peak influence was when three independent MPs cited the NBN as one of the key reasons why they supported a Labor government over the Coalition when the 2010 federal election produced a hung parliament.

The final 60 early NBN rollout locations were then announced. The plan was for the first stage of the large-scale rollout to follow, connecting 3.5 million premises in 1,500 communities by mid-2015.

The downs

The early NBN rollout experienced significant delays. This attracted a great deal of “overwhelmingly negative” media coverage. Public opinion polls reflected growing dissatisfaction with the national project.

This dissatisfaction and the September 2013 federal election result changed the fate of the NBN. In 2013, the new Coalition government suspended the first stage of the large-scale fibre-to-premises NBN rollout to reassess the scale of the project.

In 2014, the government announced that the NBN rollout would change from a primarily fibre-to-premises model to a multi-technology-mix model. The technology to be used would be determined on an area-by-area basis.

This change of direction resulted in a prolonged state of uncertainty at the local government level. As it was rolled out, the NBN was widely criticised for being slow, expensive and obsolete.

Current state of play

Delays continue in the construction of the Coalition’s NBN. What can only be described as a downgrade of the original national project is now seriously over budget.

In September 2016, a joint standing committee of parliament was established to inquire into the NBN rollout. The inquiry is continuing.

The bleak status quo only gets worse when the on-the-ground reality of the NBN rollout is considered. While fibre-to-premises rollout is supposed to be limited in the Coalition’s NBN, disturbing examples of misconduct in the NBN installations are highly concerning.

The image below shows one example of many in which heritage-listed buildings (in this case also public housing) are disrespected to the point that suggests an absolute lack of communication between NBN contractors, local government, or heritage agencies.

One heritage-listed house with two NBN installations (Judge Street, Woolloomooloo, NSW).
Author

Who misses out?

In the Coalition’s NBN, the provision of universal high-speed capacity – as envisioned in the original NBN – has been transformed into a patchwork of final speeds and different quality of service. This leads to an important question about equity. It also puts the 60 early rollout locations in the spotlight as these could potentially be the only ones across the nation that enjoy fibre-to-premises NBN.

My new research points to the political motivations in the selection of these lucky 60 sites. Voting patterns in these locations were compared with all electorates in the federal elections from 2007 to 2013. The analysis shows the selections were skewed for potential political gain.

ALP-held seats were the main beneficiaries of the early NBN rollout; safe Coalition-held seats were the least likely to receive the infrastructure.

Tony Windsor, one of the three influential independent MPs in 2010, famously said of the NBN:

Do it once, do it right, and do it with fibre.

He secured priority access for his regional electorate to the early NBN.

Tony Windsor: ‘Do it once, do it right and do it with fibre.’

However, most regional localities were not that lucky. Indeed, research on the sociospatial distribution of the early NBN rollout shows the limited share of regional Australia.

What to do?

It is convenient to blame one political party for the state of chaos that the NBN is in right now. However, politicisation of the project has been part of the problem since day one.

Instead, we call for telecommunication infrastructure to be considered for what it really is: the backbone of the fast-growing digital economy; the foundation for innovation in the age of smart cities and big data; and a key pillar of social equity and spatial justice.

In reality, however, in the age of big data and open data, the lack of transparency around the NBN is shocking. In evidence to the parliamentary committee inquiry in March 2017, the Australian Competition and Consumer Commission expressed concern about the lack of transparency on NBN performance.

The ConversationPolicing the leaks of NBN data is not going to clean up the mess. Quite the opposite: the Australian government needs to share the NBN data, so the exact nature and scale of the problems can be determined. Only then can we talk about finding a way forward in this long journey.

Tooran Alizadeh, Senior Lecturer, Director of Urban Design, University of Sydney

This article was originally published on The Conversation. Read the original article.

Massive global ransomware attack highlights faults and the need to be better prepared



File 20170513 3668 xajz7t
Wana Decrypt0r 2.0 Ransomware Screen.
Avast

David Glance, University of Western Australia

A massive malware attack was launched on Friday, affecting at least 75,000 computers in 99 countries. Computers running Microsoft Windows were infected with “WanaCrypt0r 2.0 or WannaCry” ransomware. Once infected, all of the files on the computer are encrypted by the malware, which then displays a ransom demand of between US $300 and $600 in bitcoin that needs to be paid before the files can be decrypted. The Conversation

The WannaCry ransomware is being spread through a weakness in Microsoft Windows that was originally exploited by the US National Security Agency (NSA) as part of their arsenal of cyberweapons in a tool called “Eternal Blue”. Unfortunately, this tool, along with many others, was stolen by hackers and leaked to the world in April 2017 by a hacker group calling themselves the “Shadow Brokers”.

Microsoft had already released a fix for the Eternal Blue vulnerability in March, but the extent of the WannaCrypt attack has highlighted how many organisations have failed to apply the fix, or are running copies of Windows that are so old that there wasn’t a fix for them.

Russia, Ukraine and Taiwan have been the countries most affected by the attack. In the UK however, the attack hit the National Health Service badly enough that services to patients were disrupted.

At the time or writing, one of the bitcoin addresses used by the malware showed that only a few people had paid the ransomware so far but the number has been slowly ticking up.

The spread of the first wave of WannaCry ransomware may have been halted by a cybersecurity researcher who, by registering a domain with a particular name, effectively activated a “kill switch” in the malware software that stops it from spreading further.

Ransomware has become the biggest threat to organisations and governments trying to protect critical infrastructure. According to a study by IBM ransomware attacks increased by 6,000% in 2016 and at least 40% of spam emails now carry ransomware. The study also found that 70% of businesses infected with ransomware would pay the ransom. In many cases, this is because they either did not have backups, or they believed it was a faster way of getting their business back up and running.

The NHS has come in for particular criticism about the consequences of the attack because they knew about the risks and had been warned repeatedly to take steps to protect their networks and computers.

Finding out who was behind the malware is going to be very difficult. The malware communicates using the anonymising Tor network and demands payments in the equally anonymous currency, bitcoin, making tracing those behind the attack more complicated.

The NSA has also been held partly to blame for the attack because it had not alerted Microsoft about the weakness in its system until the NSA’s software that exploited it had been stolen and leaked to the public. Had the NSA told Microsoft when it discovered the weakness, the patch to fix the vulnerability would have been available in enough time for even the slowest of organisations to have patched their computers.

Ironically, large scale attacks such as these do have the effect of highlighting the threat of malware attacks and cybersecurity in general. This is true at the national level as well as amongst businesses. The frequency and scale of attacks also gives us a measure of how effectively companies and countries are prepared for cybersecurity attacks of any kind. Governments can act to enforce cybersecurity protective measures on companies, especially those that provide critical services or infrastructure. They can also act to direct their security services to disclose weaknesses in software systems, rather than keeping them secret in order to exploit them themselves against some future enemy.

Companies and their employees can help protect themselves from future attacks of ransomware by taking the following steps:

  1. Back up computers. This doesn’t stop a computer from being attack but effectively renders it ineffective because it is easy to re-install the system from a backup should it become locked by ransomware.
  2. Don’t click on links in emails unless you are expecting the email to contain a link. If you don’t know, double check with the sender. Equally, if you open a document and it asks to run macros, just say no. Avoid putting people into this situation in the first place by not sending links unless you have agreed prior to sending the email.
  3. Always update systems and software with the latest security updates. Better still, set the system to automatically do this on your behalf.
  4. Use antivirus software to protect systems.
  5. If infected, disconnect the computer from the network so that other computers are not infected.

David Glance, Director of UWA Centre for Software Practice, University of Western Australia

This article was originally published on The Conversation. Read the original article.

Three charts on Australia’s growing appetite for fast broadband


David Glance, University of Western Australia

This piece is part of our new Three Charts series, in which we aim to highlight interesting trends in three simple charts. The Conversation

The Australian Bureau of Statistics’ latest figures on internet activity in Australia show a huge jump in the number of people with advertised speeds of greater than 24 Mbps (that’s megabits per second, a measure of data transfer speed).

That trend is significant because it suggests that Australia’s appetite for faster broadband is growing apace, and that the NBN may be helping to drive adoption of higher speed internet.

Starting from Dec 2014, the number of subscribers in Australia with internet advertised as being capable of 24 Mbps or greater rose from 2.3 million to 7.8 million. Or, expressed another way, from 19% of all internet subscribers to 58% of all subscribers.

(It’s worth noting that the growth is in people who have signed up to packages that advertised internet speeds capable of reaching 24 Mbps. That’s not to say that speed is actually delivered all of the time; there is variation and one doesn’t always get the advertised speeds.)

https://datawrapper.dwcdn.net/XPR45/4/

This increase is due, in part, to the roll-out of the national broadband network (NBN) and access to broadband at higher speeds – but that’s not the whole story.

True, the number of NBN subscribers over the same period rose rapidly from 322,000 to 1.7 million but that doesn’t explain the other 5.5 million subscribers who moved to faster broadband in that time.

Looking at the types of connection, there was an increase in the number of subscribers using internet delivered by fibre and fixed wireless. This tallies with what NBN data show.

https://datawrapper.dwcdn.net/dEIOw/6/

It’s likely that with the advent of the NBN and its standardised speed tiers, internet service providers started offering services that were on a par or better than those being offered on the NBN. Competition may be at work, and the technology itself is improving.

However, data reported by cloud computing services firm Akamai in their State of the Internet reports – frequently cited by the press – showed Australia’s broadband to be woefully behind most other developed countries.

Indeed, in the same time that Australia saw a huge increase in subscribers on internet speeds of 24 Mbps and above, Akamai was reporting that average internet download speeds had increased by a mere 27%, an increase to an underwhelming 10.1 Mbps. That puts Australia down the list in terms of average speeds.

With ABS data showing that 58% of the population is now on plans capable of delivering speeds of 24 Mbps and above, such a paltry rise in the average internet speed is somewhat surprising.

https://datawrapper.dwcdn.net/Lziw4/4/

It is, of course, possible that the advertised speeds of Australian internet plans are, too often, misrepresenting the true speeds available.

The way that Akamai calculates its figures is not spelled out in its report – it says that it “includes data gathered from across the Akamai Intelligent Platform”. So perhaps it would be wise to take claims about Australia’s rank in the world on internet speeds with a hefty grain of salt. Things may be better than we are being told.

More data is needed to make sense of the impact of the shift of subscribers to higher speed internet. Projects like the Australian Competition and Consumer Commission’s plan to “test and report on the typical speed and performance of broadband plans provided over the NBN” will help build a more accurate picture.

David Glance, Director of UWA Centre for Software Practice, University of Western Australia

This article was originally published on The Conversation. Read the original article.

Australians could get faster broadband with more kerbside NBN connections



Image 20170315 11529 1gs44bl
The National Broadband Network comes to Hobart.
STRINGER Image/Shutterstock

Rod Tucker, University of Melbourne

The latest complaints about the National Broadband Network (NBN), including concerns about slow download speeds and frequent dropouts, show that all is not well with the NBN. The Conversation

A recent report by the Organisation for Economic Co-operation and Development (OECD) also flags Australia’s broadband speeds as among the worst in the OECD, beating only Mexico, Chile and Greece in terms of internet speed and penetration.

This raises questions on NBN’s continued use of fibre to the node (FTTN) over a large proportion of the total NBN footprint.

When the coalition government came to power in 2013, it instructed a new NBN management team to stop rolling out fibre to the premises (FTTP) and instead build a multi-technology-mix (MTM) version of the NBN.

But, as predicted, it is becoming clear that the FTTN component of the network is inadequate for Australia’s future needs.

Who’s to blame?

NBN chief executive Bill Morrow has deflected some of the blame for low speeds away from NBN and onto retailers, suggesting that their networks might not be up to the task.

He has correctly pointed that part of the problem is that many customers are opting for cheaper, slower services rather than the more costly faster ones.

In defence of its network, NBN points out that existing slow-speed ADSL services dominate the speed data quoted in the OECD report. It suggests that rolling out the NBN out across the entire country will help to improve Australia’s broadband ranking.

But this argument ignores any future developments in other OECD countries. There are numerous broadband initiatives in the OECD, and many of these initiatives use FTTP networks, which offer much higher speeds than FTTN.

Faster speeds overseas

Worldwide, the proportion of fixed broadband services using FTTP has increased by 77% in the past year and those using copper, such as FTTN, have decreased by 11.6%.

While the OECD and the rest of the world are moving forward with ramped-up FTTP deployments, Australia is moving backwards with its continuing rollout of FTTN.

New Zealand, for example, currently sits three places ahead of Australia in the OECD report. But in New Zealand, the telco and internet provider Chorus is installing FTTP around the country.

It announced in September last year gigabit-per-second services across its fibre footprint, starting at a wholesale price of NZ$60 (A$55) per month. This follows the announcement of gigabit services in Dunedin in 2015.

In Spain, more than one-third of customers have access to FTTP and this fraction is growing. A similar surge in FTTP connections is taking place in France.

In the United States, fibre rollouts are expanding, and countries such as Sweden and Finland already have a large penetration of fibre in their networks. Many countries in Southeast Asia either have rolled out, or are rolling out, high-speed FTTP networks.

One of the reasons why FTTP deployments are expanding worldwide is that newer construction techniques and cabling technologies are driving down the cost of FTTP.

Enter Fibre to the Curb (FTTC)

NBN Co announced last September that it will roll out Fibre to the Curb (FTTC) to around 700,000 premises originally slated to use an upgraded version of the Optus HFC network.

FTTC is a relatively new technology in which fibres link the local telephone exchange to small existing pits in the street, outside a home or business. FTTC potentially provides speeds in excess of 500 Megabits per second.

Up to the pit, FTTC is essentially the same as a FTTP. The key difference is that in FTTC, a small waterproof electronic box in the pit connects the fibre to the existing copper wires that run into the home.

But FTTC is largely untested in large deployments such as Australia’s NBN. So a rollout of FTTC will carry a degree of technological risk.

NBN says it will cost about A$2,800 to roll out FTTC to each premises, which is only $630 more than FTTN. Like FTTP, the cost of rolling out FTTC will decrease over time using newer construction techniques. FTTC and FTTP are both becoming more cost competitive.

With speeds as much as ten times higher than FTTN, FTTC has the potential to improve Australia’s rankings in broadband speeds and accelerate Australia’s transition into the digital economy. These were the original objectives of the NBN.

In a blog post, NBN’s chief network engineering officer, Peter Ryan, says that FTTC and FTTN are closely related, and uses this premise to paint a picture of how easy it will be to upgrade from FTTN to FTTC.

But FTTC has a natural relationship to FTTP and not to FTTN. In FTTN, fibres feed a cabinet on the side of a road that is connected to nearby 240-volt power lines. The power supplies backup batteries and banks of electronics that connect to the premises via the existing copper wires.

In FTTC (and FTTP, for that matter) the expensive powered node is not needed, meaning that the cabinets in the street could have to be trashed when FTTN is upgraded.

In an attempt to bolster its arguments for FTTN, NBN has asserted that those cabinets are “an extremely valuable asset … which can be used for a range of purposes”. But it is very hard to imagine what these purposes could be.

Taking stock

Despite the excitement over FTTC, it’s getting harder to cancel contracts for FTTN and move to a more sensible strategy.

Ryan points out it’s not possible to “tear up 18 months” of FTTN planning as that would only delay some connections for two to three years.

The NBN network is like an enormously long train; you can’t just bring things to a complete stop and change direction, it just doesn’t work that way and never will.

Rod Tucker, Laureate Emeritus Professor, University of Melbourne

This article was originally published on The Conversation. Read the original article.