The Weekly Cybers #18
It’s a Budget special! Also, Digital ID laws passed, eSafety injunction against X lapses, and much more.
Welcome
Happy Budget Week to all who celebrate! I hope you’ve all been having a lovely time.
It’s a big one this week, because the Budget which was released on Tuesday night rightly dominates the news. I’ve gone through Budget Paper No. 2 to find things relevant to this newsletter — but you may want to skim over that bit because it does go on a bit.
There’s also the new Digital ID laws, more action in eSafety Commissioner vs X Corp, an updated Cyber Security Sector Competitiveness Plan, and more than a dozen smaller items.
Digital ID laws passed, budget allocated
As expected, the extension of the Australian Government Digital ID System (AGDIS) to the whole economy will go ahead in the coming months.
This is not, as has been so commonly and incorrectly reported, a new “digital identity”. Rather, it is a system by which digital forms of existing ID documents — driver licenses, passports, birth certificates — can be stored on smart devices and presented more securely.
This means that organisations no longer need to keep copies of people’s identity documents, creating an attractive target for hackers, but merely record that their ID has been securely verified — all thanks to crypto magic.
This expansion means that more organisations will be able to use the system to hold their ID documents. And within two years, other organisations will be apply to become ID providers as well.
As InnovationAus noted, the Coalition opposed the laws, even though the scheme was first set up under their own PM Malcolm Turnbull:
The Coalition’s opposition to the bill is largely due to the phased approach of the rollout, which means the private sector won’t be able to offer identity services at the same time as the state and territory governments.
There’s certainly plenty of scope for expansion.
At present, only one identity credential – the Australian Taxation Office’s myGovID – is available for use with federal government digital services and Western Australia’s ServiceWA app.
Budget allocates extra $288.1 million for Digital ID
Since the AGDIS was created nearly a decade ago, the total spend has been around $1 billion. It has now been given an extra $288.1 million over the next four years.
The bulk of the cash will go to the Australian Taxation Office (ATO), which will be receiving $155.6 million over two years for its work on myGovID and the relationship authorisation management service.
Here’s the rest of the breakdown:
- $46.0 million to Services Australia to continue operating and improving the identity exchange, which enables transactions across AGDIS, and act as the system administrator.
- $35.2 million to the Finance for policy leadership and governance.
- $23.4 million to pilot the use of government digital wallets and verifiable credentials.
- $11.0 million to the Attorney-General’s Department to “further enhance the existing Credential Protection Register to support individuals to manage their digital credentials and protect against identity crime”.
- $7.8 million to Treasury for data standards functions.
- $5.6 million to the Office of the Australian Information Commissioner (OAIC) for privacy oversight.
- $3.5 million to ASIO for “security assessments of entities seeking accreditation or participation” in AGDIS.
What are the new digital ID laws, exactly?
For those playing along at home, the Digital ID Bill 2024 and Digital ID (Transitional and Consequential Provisions) Bill 2023 were both passed, with some amendments.
According to the Department of Finance, the new laws are expected to commence by November 2024.
Also in the Budget
These highlights are all from Budget Paper No. 2, but in some cases I’ve linked to news stories with more detail.
- Services Australis will get $630 million over four years to sustain and enhance MyGov, plus $145 million per year to “improve security and fraud prevention, and better communication systems”.
- In the wake of the robotax controversy, the ATO will be given discretion to not use a taxpayer’s refund to offset old tax debts which had put on hold before 2017.
- $161.3 million over four years from 2024–25 to develop and implement a National Firearms Register.
- $39.9 million over five years for “the development of policies and capability to support the adoption and use of artificial intelligence (AI) technology in a safe and responsible manner”.
- $67.5 million over four years (and $8.6 million per year ongoing) to “continue to combat scams and online fraud through the introduction of mandatory industry codes to be established under a Scams Code Framework and increased use of the secure eInvoicing network”.
- $206.4 million over four years (and $7.2 million per year ongoing) to “improve the data capability and cyber security of the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC)”.
- The Digital Transformation Agency (DTA) gets $6.7 million to provide “assurance, monitoring and remediation advice for the Government’s major digital and ICT investments”.
- The pilot of “age assurance technologies to protect children from harmful online content” gets $6.5 million.
- $68.0 million over four years to support First Nations digital inclusion, including wi-fi for remote communities, and a First Nations Digital Support Hub and a network of digital mentors. However the funding comes from cutting other programs.
- $57.4 million to continue initiatives under the Health Delivery Modernisation Program and to update My Health Record.
- $267.4 million over six years (and $3.8 million per year ongoing from 2029–30) to the Australian Bureau of Statistics (ABS) “to support delivery of the 2026 Census, modernisation of ABS operations, and to further invest in data capabilities”.
- $4.8 million to establish two new Austrade Landing Pads in Jakarta and Ho Chi Minh City (Saigon) to support technology exports and startups.
Federal Court injunction against X lapses
On Monday, Federal Court judge Geoffrey Kennett rejected the eSafety Commissioner’s application to extend the injunction on X.
This temporary injunction had been issued to force the social media platform to remove 65 posts which contained the video of last month’s Wakeley church stabbing.
While X had geoblocked these posts for IP addresses in Australia, the eSafety Commissioner had demanded their removal globally — because otherwise they’d still be accessible by Australians using a VPN. Apparently about a quarter of us use one.
In his written reasons for the judgment, Justice Kennett ruled that the global removal of these posts — which would then prevent users in other countries from accessing them — went beyond the “reasonable steps” required by a removal notice under section 109 of the Online Safety Act 2021.
I won’t repeat all the background from last week. However I will note that at the Guardian, Josh Taylor has detailed the arguments put by X’s lawyers, Bret Walker SC.
The timeline ordered on Monday lists the main hearing itself for 24–25 July.
Cyber Security Sector Competitiveness Plan
AustCyber has released a new edition of Australia’s Cyber Security Sector Competitiveness Plan, tagged “2023” because it’s based on data from last year.
It’s not really a plan as such, because it doesn’t list specific actions to achieve defined measurable goals, but it does contain words arranged under subject headings.
To be honest I’ve just skimmed it. But if you want to know more, they’re running a webinar next Tuesday.
Are you finding this newsletter useful?
Please do forward it to a friend or otherwise spread the word. Seeing the subscriber numbers steadily increasing is good for my self-esteem.
You might also, should you wish, throw a few bucks into the tip jar.
Also in the news
- The legislative green light was given to replacing the Administrative Appeals Tribunal (AAT) with a new Administrative Review Tribunal (ART). The relevant laws are the Administrative Review Tribunal Bill 2024 and the two Consequential and Transitional Provisions bills, 1 and 2.
- The Parliamentary Expense Management System (PEMS) which is late and over-budget, blowing some $74 million, means that some public servants now see “agile and iterative” as code for “incomplete and underdone”. Oh, and it scored another $9.8 million in the Budget.
- Long-time transparency advocate Elizabeth Tydd will lead the OAIC.
- The ATO will soon be forced to pay a new tax to help collect around $50 billion in outstanding post-COVID tax debts, as well as regular receivables, “where commercial recovery agents are used to expedite collection.” Ah, the irony!
- The Telecommunications Legislation Amendment (Enhancing Consumer Safeguards and Other Measures) Bill 2023 was passed.
- The NSW Department of Communities and Justice is now an enforcement agency under the Telecommunications (Interception and Access) Act 1979, which means what you probably suspect it to mean.
Inquiries of note
- Joint Select Committee on Social Media and Australian Society foreshadowed last week has been set up formally and given its terms of reference. Its interim report is due by 15 August, and its final report by 18 November. The deadline for public submissions has not yet been set.
Elsewhere
- Australia e-prescription provider MediSecure is the victim of a “large-scale” ransomware data break incident. Home affairs minister Clare O’Neil says, in defiance of normal language use, “the government convened a National Coordination Mechanism”. One doesn’t convene a mechanism. Apparently no current prescriptions are affected, although the government is still “working to build a picture of the size and nature of the data that has been impacted”.
- The South Australian government is looking into banning children younger than 14 from using social media, and requiring parental consent for 14 and 15-year-olds. They’ve appointed former High Court chief justice Robert French to see how that might be done under law. Needless to say, various experts are already saying this is the wrong approach.
- A so-called tech entrepreneur says border force made him hand over his phone passcode by threatening to keep the device indefinitely.
- Australia’s foreign affairs department is refusing to approve an official history of Timor-Leste military operations “until references are removed that could embarrass officials and diplomats”.
- Telstra is shutting down Telstra TV Box Office, telling customers they have to move to another service to access the films and TV programs they’ve already paid for.
- Researchers build AI-driven sarcasm detector. Yeah I’m sure they did.
What’s next?
Parliament takes a break next week. The House of Representatives will return on Tuesday 28 May, when Senate Estimates hearings also kick off.
The Select Committee on Adopting AI is holding hearings in Canberra and Sydney on Monday 20 and Tuesday 21 May respectively.
The inquiry into the capability of law enforcement to respond to cybercrime is holding a hearing in Sydney on Thursday 23 May.
Any questions or comments? Just reply to this email. Cheers.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.