The Weekly Cybers #13
Australian startups sook about proposed mergers regulation, a new way to measure the cyber threat, and are smartphones really bad for teenagers?
Welcome
It’s a day with a Y in it, so the Australian startup sector is whinging about the government failing to treat them like the special snowflakes they like to imagine they are.
Are smartphones really so bad for teens, or is it just another moral panic?
And cybersecurity, how do you measure it?
There’s also a tricky tax question and much more in The Weekly Cybers today. Thanks for joining me. Read on...
Finally, a proper way of measuring the cyber threat
One of the most frustrating aspects of reporting on cybersecurity is the tendency for vendors and politicians to talk up the threat by referring to millions or even billions of “attacks” per day when what they really mean is “individual bad data packets”.
Seriously, folks, a Bad Person™ guessing a password ten times is not ten attacks. It’s one attack. And someone scanning your network boundary for obvious vulnerabilities probably isn’t even an attack at all, but reconnaissance.
Finally, help is at hand.
As Julian Bajkowski writes at The Mandarin, academic institutions are “collecting empirical evidence to inform policy at arm’s length from industry”.
In the past three years, several universities with a cyber interest have come together to create a World Cybercrime Index (WCI). It maps the geography of protagonists as opposed to an attack launch or victim topology, which is a nice way of saying “whodunnit” and naming the states.
Unsurprisingly:
Russia, Ukraine and China are first, second and third, respectively, with the US in fourth, followed by Nigeria, Romania, North Korea, the UK, Brazil, and India rounding out the top 10.
You may like to read the more detailed description from Oxford University, or the full paper, Mapping the global geography of cybercrime with the World Cybercrime Index.
Treasurer announces merger reforms, “tech sector” whines
“The Albanese Government will reform Australia’s merger rules to boost competition and productivity in our economy,” said the Treasurer, Jim Chalmers, on Wednesday.
Economics is not my thing, so I won’t pretend to understand the report from Treasury’s inquiry. However there’s one bit which seems to have riled up the “technology sector” — which in contexts like this means just the venture capital fuelled startup industry.
The government’s plan is that mergers will now be considered within a wider context.
All ‘mergers’ within the previous three years by the merger parties may be considered as part of the review of the notifiable merger (and will be aggregated for the purpose of assessing whether a merger meets the notification thresholds).
This is a targeted measure to address concerns that some businesses are engaging in anti-competitive roll up strategies that increase prices and reduce quality and choice for consumers yet minimise unintended impacts on Australia’s vibrant start-up and small-and-medium enterprise sector.
Right on cue, the cuckoo-clock of the Australian “tech sector” whines that having to conform to new merger laws would be terrible and that they’re such special little snowflakes and so, so important and mewl mewl mewl.
As The Saturday Paper’s Post wrote:
Technology industry players say the laws would suffocate acquisitions of firms that fuel investments into new ventures, depending on where the threshold was set.
Even though:
The proposal brings Australian law into line with much of the developed world, requiring acquisitions above a certain threshold to be reported to the Australian Competition and Consumer Commission for review.
The reason the “tech sector” is whining is simple. The VC-funded startup model is structured to do exactly what the new law will be designed to prevent: investors hoping the new company can be sold on to a major player after a relatively short time at massive profit.
Or as recovering journalist AJ Sadauskas put it succinctly on Bluesky:
Translation: “WAIT! STOP! Our entire business model is hoovering up all the VC funding we can before selling to Google / Microsoft / Meta / Salesforce!
“These new laws will force us to pivot to actually building a viable business, instead of making unprofitable proof-of-concept enshittification systems!”
Indeed.
Still, there’s a long way to go yet. As the Treasurer said, “Subject to the passage of legislation [my emphasis], the reforms will commence on 1 January 2026.”
However, the next federal election is due around May 2025. Will any of this even happen? Place your bets, folks!
The taxing question of software
This one confuses me but it’s clearly important. As the Nine papers reported ($), “The Australian Taxation Office [ATO] is in a stand-off with the US trade agencies and tech giants over plans to tax billions of dollars’ worth of software transactions for the first time.”
From the summary at The Saturday Paper, the gist of it seems to be that some overseas vendors have been claiming that when Australians buy software online and download it, we’re not buying a license to use their intellectual property (IP) but buying a service.
These vendors don’t want it to be about IP because then they’d have to pay a so-called royalty withholding tax — something which they haven’t been doing.
If you’d like to dig further into this, there’s the ATO explainer on this tax, and the new draft ruling TR 2024/D1 Income tax: royalties – character of payments in respect of software and intellectual property rights. This was published in January and the comments deadline has already passed.
Social media may not be so bad for teens
Here’s a line from Jonathan Haidt, author of the best-selling The Anxious Generation:
[T]he new phone-based childhood that took shape roughly 12 years ago is making young people sick and blocking their progress to flourishing in adulthood.
Is this true? Maybe not.
As Zoë Schiffer writes at Platformer:
Since the book’s arrival, however, a growing chorus of researchers have loudly critiqued Haidt’s central thesis. On March 29, Candice L Odgers, a psychology professor at UC Irvine, published one such assessment in Nature. “[T]he book’s repeated suggestion that digital technologies are rewiring our children’s brains and causing an epidemic of mental illness is not supported by science,” she writes. “Worse, the bold proposal that social media is to blame might distract us from effectively responding to the real causes of the current mental-health crisis in young people.”
Later, she quotes a psychology professor:
Middle-aged white men are three to five times more likely to kill themselves than are teen girls. There’s just no evidence for the common but largely mythical idea that somehow young people are more vulnerable to media effects than are adults.
Schiffer presents a balanced discussion of the issue. It’s worth reading.
For mine, I think it’s important that policies are made on the basis of actual evidence that’s been properly weighed, not just on the latest moral panic. Hey, I can dream, can’t I?
In this context it’s hilarious to see that British government ministers are thinking about banning smartphone sales to under-16s. That’ll definitely work.
Why not forward this email to a friend?
Well, why not? The more people this reaches, the more inspired I am to keep doing it.
Also in the news
- “A government register introduced following one of Australia’s worst data breaches on record has blocked more than 300,000 fraudulent attempts to use stolen identity credentials legitimately in 18 months,” reports InnovationAus.
- I’m way late to this one, but Australian supercomputer ‘Taingiwilta’ comes online this year with [REDACTED] inside. It’s probably worth mentioning that such supercomputers are still way smaller than the massive data centres that the big online players use to service hundreds of millions of users globally. It’s a very different job.
- Services Australia has set up an interim AI policy, reports InnovationAus ($). The agency claims it’s using a “human-centred design approach”. We’ll find out what the final strategy looks like later this year.
- The Australian National Audit Office (ANAO) says it is also developing a policy for its staff using AI.
- CSIRO has dropped a new report, AI Trends for Healthcare.
- The report from the committee looking at the Communications Legislation Amendment (Prominence and Anti-siphoning) Bill 2023, which included the idea of ordering Smart TV makers to show free-to-air channels more prominently, basically says “Yeah, go for it”. There’s also a recommendation to “extend free-to-air codes of practice to online services”.
- Defence secretary Greg Moriarty says AUKUS is not an “alliance”. “It is a deep technology-sharing partnership between three countries who’ve got a history of intimacy when it comes to defence connections,” he said.
Inquiries of note
- The Parliamentary Joint Committee on Intelligence and Security is reviewing the Crimes and Other Legislation Amendment (Omnibus No. 1) Bill 2024, which among other things will clarify the intended operation of search warrants, seizure orders, and such in relation to digital currencies. Submissions close 9 May.
- The House Standing Committee on Employment, Education and Training has launched an inquiry into the digital transformation of workplaces. Submissions close 21 June.
Elsewhere
- Resources magnate Andrew Forrest has accused Facebook of “blatantly refusing” to take action against scam ads. “The Australian billionaire’s criminal case against Meta in WA was discontinued on Friday by the commonwealth prosecutor,” reports the Guardian. He still has a court case running in the US, though, so watch this space.
- The Consumers Health Forum has called on the government to address “significant safety concerns” about prescribing drugs without any conversation with the patient. Huh? Yes, doctors are using AI during telehealth sessions, and patients being issued with prescriptions without speaking with an actual doctor.
- This headline at Mumbrella amused me: ‘An integral part of the social fabric of Australia’: TikTok contributed over $1 billion to our GDP last year. Guess who commissioned this research? Yes, it was TikTok. In TikTok’s own blog post, there’s this astounding claim: “Nearly 40% of SMBs [small and medium businesses] say TikTok is critical to their businesses’ existence.” 40%? Critical? Sure, pull the other one. They only asked businesses who were already TikTok users.
- Internet customers using NBN HFC can expect a speed boost from 1 May.
- Nilay Patel, editor-in-chief of the Verge, has written a wonderfully amusing article titled Best printer 2024, best printer for home use, office use, printing labels, printer for school, homework printer you are a printer we are all printers. He makes some excellent points about the way AI is affecting both reporting and searching.
- NYC Chicken Shop Replaces Cashier With Woman in Philippines On Zoom. A whole new take on “working remotely”!
What’s next?
Parliament is currently on break until Budget Night on Tuesday 14 May, unless of course something dramatic happens.
Next Friday 19 April, ANAO and Home Affairs face a Senate committee hearing as part of the catchily named Inquiry into the failed visa privatisation process and the implementation of other public sector IT procurements and projects. More agencies will be giving evidence on Wednesday 24 April. It should be great viewing for fans of failed government IT projects.
Any questions or comments? Just reply to this email. Cheers.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.