The Weekly Cybers #10
ACCC looks into search engines and AI, cops have trouble complying with surveillance laws, and the eSafety Commissioner continues her Whac-A-Mole game.
Welcome
A busy week. The ACCC is looking at search engines’ use of AI. The Commonwealth Ombudsman has been looking at how cops oversee their surveillance powers, and they’re not entirely happy with what they found. And the eSafety Commissioner keeps hammering away at Bad Things on the internet.
Naughty internet.
And yes we’re a day late, sorry. Friday kind of ran away from me.
ACCC launches inquiry into search engines
The Australian Competition and Consumer Commission (ACCC) has launched an inquiry into internet search with a particular interest in the role of artificial intelligence (AI).
This move comes as part of the ACCC’s five-year digital platform services inquiry, which is scrutinising the rapidly evolving digital landscape and its implications for market competition and search service quality.
This news comes against the backdrop of significant changes since the ACCC’s last examination of search services in 2021, including the introduction of laws overseas targeting gatekeeper search engines and the advent of generative AI.
The ACCC has released an issues paper. Submissions close 17 April.
Cops ‘lax’ with surveillance compliance: Ombudsman
The Commonwealth Ombudsman has seen “a decrease in concerning behaviours” when it comes to police and their covert surveillance powers. But despite this, inspections revealed “several common issues across all regimes that we consider pose the greatest risk” to an agency’s compliance with the relevant laws.
The details are in Ombudsman Oversight of Covert Electronic Surveillance 2022 to 2023 (PDF) released this week.
The relevant laws are the Telecommunications (Interception and Access) Act 1979 and the Telecommunications Act 1997.
The 81-page report details the specific problems at each law enforcement agency, but the Key Findings section conveys the flavour.
- inadequate, insufficient or inconsistent guidance material provided to staff on the legislative requirements or their obligations
- lack of robust record-keeping practices or inability to demonstrate considerations when making authorisations or decisions
- insufficient training or support for staff in agencies with a high usage of powers, contributing to inadequate compliance with the legislative requirements or inappropriate use of the powers
- compliance staff turnover leading to inconsistency in quality assurance practices and implementation of remedial actions to address our previous findings
- limitations in case management systems to restrict access to data or information obtained using the powers contributing to the risk of inappropriate use or disclosure, and
- despite some agencies having good frameworks, continuing instances of staff not adhering to these frameworks or demonstrating a lax approach to use of the powers and complying with the legislative requirements.
For those of you not familiar with bureaucrat-speak, this is a solid bollocking. Yes, things are getting better, but only slowly.
It’s worth thinking about this in the context of the report two weeks ago that agencies are steadily increasing their use of these powers. It seems their compliance systems are not as effective as they should be.
The Ombudsman’s report isn’t totally negative.
All agencies were receptive to our findings. In some instances, agencies took immediate remedial actions during our inspection to address identified issues. We were encouraged that many agencies proactively identified and disclosed compliance issues prior to, or at the beginning of, our inspections...
Our Office encourages agencies to consider feedback we provide and implement measures to address identified issues in a timely manner, which can prevent repeated findings over sequential inspections.
Administrative Review Tribunal still being debated
I did say last week that I’d write about the new Administrative Review Tribunal (ART), which will replace the current Administrative Appeals Tribunal (AAT).
Well, the legislation is still being debated, and time has gotten away from me, so I’ll leave that until next time.
If you want a brief introduction, you might like the Attorney-General Department’s explanation in A new system of federal administrative review, and the AAT’s version with more detail on the mechanics for the transition, A new federal administrative review body.
As I’ve said before, though, one hidden reason is that the AAT has been stacked with former Coalition MPs with little administrative law expertise, and there’s an enormous backlog of cases.
Needless that say that first problem isn’t seen as such by the Coalition, and they’ve been trying to slow down debate. Stay tuned.
eSafety Commissioner continues the ol’ Whac-A-Mole
Australia’s eSafety commissioner Julie Inman Grant has put tech companies on notice over reports that terrorism-related content is still being shared on their platforms.
She still receives reports that video and other perpetrator-produced material from terror attacks are being shared on mainstream platforms, although there were now slightly less on mainstream platforms such as X and Facebook.
Inman Grant continues to be worried about X, and not just because they’re refusing to pay the fines she’s issued against them.
There would also be questions focused on X’s new “anti-woke” generative AI, Grok.
“We’re going to ask X questions about Grok, which had has been defined in their own marketing materials as being spicy and rebellious and I am not sure what the technical meaning of that is,” she said.
Chill out, Julie. Literally no one knows what it means.
Why not forward this email to a friend?
Well, why not? The more people this reaches, the more inspired I am to keep doing it.
Also in the news
- “The Albanese government’s rush to implement new doxxing legislation was done without advice,” reports Crikey. The eSafety Commissioner was neither consulted nor forewarned. A FoI request for the legal advice supporting anti-doxxing laws was rejected “on the basis that the documents didn’t exist”.
- A big win for Freedom of Information enthusiasts. The long-standing convention is that documents of former ministers no longer fall under the FoI powers once they’ve moved on. The Federal Court has closed that loophole. “A spokesperson for the attorney-general said the federal government was considering the judgment,” reports the Guardian.
- “The Australian Signals Directorate has added Microsoft threat intelligence into its cyber threat intelligence sharing (CTIS) platform,” reports iTnews. I’m kinda surprised ASD wasn’t already using these commercial data feeds.
- Telstra and Optus may delay shutting down their 3G networks, reports iTnews. “At issue is an estimated 740,000 Australians with 4G handsets that are configured by the manufacturer to make all voice calls over 4G except for Triple Zero, which utilises 3G.”
- The Digital Transformation Agency (DTA) has opened applications for its Digital Marketplace 2.0, for “sellers who provide digital and ICT labour hire and professional and consulting services” to government. Check the tender documents but be gentle with them. There’s an industry briefing on 26 March. Applications close 11 April.
- The report from the Senate committee that looked at the Telecommunications Legislation Amendment (Enhancing Consumer Safeguards and Other Measures) Bill 2023 [Provisions] basically said “Yeah, pass it”.
- The Australian Communications and Media Authority (ACMA) is seeking information about current and future uses of spectrum, including “views on alternative uses, other licensing conditions, and resilience and temporary disaster responses”. Submissions close 15 May. Apparently some spectrum licenses are expiring, so the government is exploring options.
- An analysis of job market trends has shown that the most in-demand jobs in the Australian government sector are in “technology and data”, and in cybersecurity. Quite a broad category, that first one.
- The New York Times ran a provocative headline, Australia Wanted to Catch Chinese Spies. Is This Really Whom It Had in Mind?. “The first case tried under Australia’s foreign interference laws has raised tough questions about the breadth of the regulations,” they write.
Elsewhere
- Digital rights activist Samantha Floreani says Yes, TikTok sucks. But the rules for tech giants must be better than ‘it’s only bad if China does it’.
What’s next?
Parliament will return on Monday for three days of sittings, and then it won’t be back until Budget Night on Tuesday 14 May — unless of course something dramatic happens.
We already have the draft legislation program for the Senate. We can look forward to debate on the Broadcasting Services Amendment (Community Television) Bill 2024, the Digital ID Bill 2023, and its friend the Digital ID (Transitional and Consequential Amendments) Bill 2023.
And in the House of Reps we have the Communications Legislation Amendment (Prominence and Anti-siphoning) Bill about Smart TV menus and such
Next week’s The Weekly Cybers will appear on Thursday afternoon, before the Easter long weekend.
Any questions or comments? Just reply to this email. Cheers.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.