The Weekly Cybers #11
Digital ID bills become law but with amendments, Coalition invents a new online crime, problems predicted with anti-doxxing laws, and more.
Welcome
The Digital ID bills are now law, so we can expect to see the Australian Government Digital ID System (AGDIS) roll out from 1 July.
Meanwhile the Coalition has invented a new online crime, although my guess is it won’t go anywhere. And there’s going to be problems with the government’s idea of making doxxing a crime.
Welcome to an early Thursday edition of The Weekly Cybers before we all break for Easter.
The Digital ID bills are now law, but with amendments
The Digital ID Bill 2023, and its friend the Digital ID (Transitional and Consequential Amendments) Bill 2023 have been voted into law.
According to the much-bearded Julian Bajkowski at The Mandarin — and I’ll be citing quite a bit of his work here because he’s been following this closely — the government had to make a few concessions.
The government conceded to allowing banks and private businesses expedited supposedly faster access to the phased rollout of the Australian Government Digital ID System (AGDIS), down to two years from four. Still, it is clear the government intends to run the digital ID show.
Banks are keen as mustard to flip the current model of wholesale fees of around 70 cents per identity verification check flowing to the government under the Document Verification Service for gateway providers back to financial institutions so they can monetise the ID checks for regulated transactions.
In a separate article, Bajkowski lists the key amendments which enabled the bills to pass. They include transparency and reporting of law enforcement access to digital ID data, and tighter limits on data retention.
The government will also support amendments that confirm the voluntary use of digital ID and ensure that the alternative ways to verify ID to access services are easy to use and don’t disadvantage those who do not want a digital ID.
However the government “rejected outright a bid to include racial identifiers proposed by Australian Payments Plus (AP+), supposedly needed to verify the authenticity of First Nations people”.
As I mentioned a few weeks ago, it’s important to understand that the government is not creating a new “digital identity”. No, it’s about a system for exchanging and verifying a “digital ID”, which is simply a digital version of some identifier that already exists.
My client Steve Wilson explains why this subtle shift in terminology is important.
Digital ID is concrete, specific and familiar. But “digital identity” is abstract and open-ended. It means different things to different people. Invariably, digital identity is interpreted as a new universal means of proving who we are. But there is no such thing.
So instead of imposing new identification standards and novel “digital identity” on Australians, the Digital ID Bill simply creates a governance regime to improve the quality and reliability of existing IDs when converted to digital form.
Compare it with how your credit card information is stored in Apple Wallet or Google Wallet. You can securely present your payment information to pay for something, but the merchant doesn’t ever see your actual card number.
The digital wallet might also contain your concert tickets, airline boarding passes, and club membership cards, but nothing is being centralised — except your own data on your own smart device.
Or compare it with the Service NSW app, which can contain digital versions of your driver license, immunisation records, and other permits, or the Digital Driver License in Victoria. There’s no new ID, just a digital form of IDs you already use.
There’s also an excellent explainer from NAB. This bank’s understanding of digital ID is well advanced.
Finally, you may enjoy some of then loopier headlines about this issue.
- Time is running out to stop Labor’s plan to build a social credit dystopia From Sky News Australia Rocco Loiacono, who clearly doesn’t understand what is happening here.
- And from Pauline Hanson’s One Nation, it’s billed as a disgusting and shocking development in Labor’s outrageous push to control every aspect of our lives. While it isn’t labelled as such, this would be from Senator Malcolm Roberts. Again, his comment about “centralising and digitising personal information” means he doesn’t understand that this is literally the opposite of that.
The government had previously announced that the new digital ID system will be in place by 1 July this year. What I think this means is that with the laws in place they can now provide funding in the Budget on 14 May to set up the oversight bodies from 1 July, and then the work begins on setting up all the components.
Opposition bill targets yet another kind of Bad Thing on the Internet
A Liberal private member’s bill invents a new crime, the posting of “criminal activity material” to “increase notoriety”, punishable by up to two years in jail.
David Coleman’s Crimes and Online Safety Legislation Amendment (Combatting Online Notoriety) Bill 2024 “targets the use of digital media as an amplifier and driver of crime” — is that an actual thing with an actual real effect?
The “notoriety” here is supposedly “more than simply being widely known”. As the Explanatory Memorandum says, “it refers to a person’s reputation, influence or standing amongst their peers as a result of involvement in or association with anti-social or criminal activity”. That intent has to be proved beyond reasonable doubt.
Defences include where a person posts for “a genuine scientific, academic, educational, artistic, literary or satirical purpose”, or as an act of journalism or political commentary.
One aspect I find interesting is that the bill would “extend the powers of the eSafety Commissioner to include criminal activity material”, but the Explanatory Memorandum says “The Bill will have no financial impact”. So presumably the eSafety Commissioner’s office will have to stop chasing down some other Bad Things on the Internet to find time for this.
Another aspect is that this would be an offence of specific intent, which means prosecutors would have to prove that the posting of this “criminal activity material” was done with that intention in mind. That can be tricky.
Whether this bill goes anywhere remains to be seen. Personally I have my doubts.
Potential problems with anti-doxxing laws
Although we haven’t seen what the Attorney-General proposes to do about doxxing, Avinash Singh from Astor Legal has pointed out some problems.
And new criminal offence for doxxing would likely be an offence of specific intent. This means that the prosecution would have to prove that the accused not only doxxed another person but also had some intention to cause a degree of harm.
Yes, this is where I found the phrase “an offence of specific intent”.
Existing legislation already deals with cyberbullying such as stalking, intimidation and harassment. New legislation going further than this could have the unintended consequence of “opening the floodgates” and clogging up courts with matters that do not meet the criminal standard. For example, there will need to be consideration given to the definition of “personal information”. Adopting too wide a definition could criminalise conduct that is not cyberbullying or stalking.
And then there’s the age-old problem of exemptions for journalism. Who is a journalist and who isn’t? There is no clear definition in law. And isn’t it about whether an act of journalism is being performed, rather than who is doing it?
Journalism is not a profession where there is a professional body which maintains a register of those persons who are in the profession (such as the law or accountancy). This means that a person who runs a small blog website may be able to fall within this exception, even if they are in fact using their platform to dox another person.
Or vice versa.
I eagerly await the details, because as was revealed last week, the government’s rush to implement new doxxing legislation was done without advice.
Why not forward this email to a friend?
Well, why not? The more people this reaches, the more inspired I am to keep doing it.
Also in the news
- Australia’s major news producers are having a big ol’ sook. Or as the Guardian puts it, “Meta will either reduce the amount of news people see or block it entirely on Facebook and Instagram, experts and publishers warn, as the government faces pressure to require Meta to show news content and pay for it.” Seriously? If people want news they’ll go to the news mastheads directly. If people don’t want your news then maybe ask yourselves why.
- “Australia’s intelligence chiefs have asked the government for new laws to stop former spies marketing their skills abroad, fearing current provisions are allowing foreign adversaries to gain invaluable knowledge of Australian tradecraft,” reports the Guardian.
- Meanwhile, “Federal prosecutors are considering Australia’s first prosecution under broad-ranging general secrecy laws that can send someone revealing classified government information to jail for up to 10 years... The office of the Commonwealth Director of Public Prosecutions has revealed it has received seven agency referrals recommending prosecutions.”
- “Cyber security coordinator Michelle McGuinness wants to position Australia as a ‘more cyber-resilient nation’,” reports The Mandarin. This seems a not-unreasonable goal.
- Another AI inquiry! There will now be a Senate Select Committee on Adopting Artificial Intelligence (AI), with broad terms of reference. It’s due to report by 19 September.
- Thanks to concerns about shutting down the 3G network, we also have a Senate inquiry into the shutdown of the 3G mobile network, to report by 30 November. The submissions deadline has not yet been announced.
- Meanwhile there’s a House of Reps inquiry into the challenges and opportunities within the Australian live music industry. Submissions close 30 April. No reporting deadline has been set.
- The Australian Taxation Office has been given a good ol’ slap for resurrecting old debts worth billions and causing Australians distress in their so-called robotax campaign. The Commonwealth Ombudsman and the Taxation Ombudsman have even written them an instruction manual, How to tell people they owe the government money (PDF).
- The Australian Communications and Media Authority (ACMA) is getting another consultation under way. This time it’s their Draft Five-Year Spectrum Outlook 2024–29. “It enables transparency about our spectrum work program, helps inform future activities and provides predictability for spectrum users about our planning allocation and licensing regulatory activities.” Submissions close 22 May.
- Telstra explains why Triple Zero transfers failed. As usual with such things, it was a bunch of cascading failures.
- “The Albanese Government is making it mandatory for telcos to better support customers struggling to pay their phone and internet bills, with new industry rules coming into effect from Friday,” says communications minister Michelle Rowland. And here are those rules, the Telecommunications (Financial Hardship) Industry Standard 2024.
- Always check the bills with generic names! The Crimes and Other Legislation Amendment (Omnibus No. 1) Bill 2024 includes better-worded powers for seizing criminals’ digital assets and issue seizure orders to digital currency exchanges, and clarify the powers of the oversight agencies to review surveillance activities.
Elsewhere
What’s next?
Parliament is now on break until Budget Night on Tuesday 14 May, unless of course something dramatic happens.
However I’ll continue to post what’s been happening each Friday. Parliament may not be in session, but government continues.
Any questions or comments? Just reply to this email. Cheers.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.