The Weekly Cybers #19
MediSecure data posted for sale, News Corp signs content deal with OpenAI, age assurance tech hits The Discourse, IPA lashes the eSafety Commissioner, and much more.
Welcome
With parliament currently relaxing with a post-Budget cigarette, there’s been time for the outrage machine to chug into action.
The IPA is lashing out at the eSafety Commissioner, who in their eyes is a global threat to freedom of speech. Meanwhile politicians are lining up to support social media bans for young people. Swings and roundabouts.
AI also gets a look-in, with News Corp singing a content deal with OpenAI, and the AEC warning of the risks of deepfakes and such in election campaigns.
Of course there’s much more, so read on...
Stolen MediSecure data posted for sale, maybe
Australian e-prescription service provider MediSecure’s stolen data is allegedly up for sale via a Russian hacking forum, reports Cyber Daily.
A forum user claims to have 6.5 terabytes of data, or some 50 million rows, including prescription details, full names and addresses, and much more. They say the data is available as a single lot for $50,000.
At the time of writing, the data has not yet been verified as genuine, and there is not yet a comment from either MediSecure nor the National Cyber Security Coordinator. Watch this space.
Update Sat 25 May: MediSecure has issued a statement:
MediSecure is aware that a data set containing the personal information and limited health information of our customers has been made available on a dark web forum. We urge Australians to not go looking for this data. Accessing stolen sensitive or personal information on the dark web only promotes future cyber criminal activities against Australian businesses.
While MediSecure is urgently working towards notifying the impacted individuals, we wish to reiterate and reassure the Australian community that this cyber security incident does not impact any ongoing access to medication.
We encourage anyone concerned about their information to visit the OAIC website for data breach support and resources link. For further information about this cyber security incident please refer to the dedicated Home Affairs webpage link.
News Corp signs $250M deal with OpenAI
OpenAI will ingest news content from News Corp in a multi-year deal announced on Wednesday.
Through this partnership, OpenAI has permission to display content from News Corp mastheads in response to user questions and to enhance its products, with the ultimate objective of providing people the ability to make informed choices based on reliable information and news sources.
The deal includes current and archived content from major news and information publications, including The Wall Street Journal, Barron’s, MarketWatch, Investor’s Business Daily, FN, and New York Post in the US; The Times, The Sunday Times and The Sun in the UK; and The Australian, news.com.au, The Daily Telegraph, The Courier Mail, The Advertiser, and Herald Sun in Australia; and others.
According to Engadget, the terms of the deal have not been released, but The Wall Street Journal reckons it’s worth $250 million over five years in cash and credits.
I find it interesting that here we have OpenAI paying for better inputs than just randomly scraping the internet. I wonder whether in the future this industry will be about data sources paying OpenAI to highlight their content.
Anyway I’m sure this will fix AI’s bias problems.
Age assurance, you say? Did you ask parents?
The government has launched a pilot of age verification technology, as reported three weeks ago, but it seems they haven’t bothered to ask those it actually affects: young people and parents.
Well, some researchers at the University of Sydney have asked.
Our findings suggest age verification is generally supported, but participants think it likely would not work. Instead, they said more safety education, face-to-face dialogue, and accountability from social media companies would be better approaches to keeping young people safe online.
It’s worth reading the quotes from actual parents and young people, but the researchers’ conclusion is clear.
Ultimately, if we want young people to thrive in online environments, we need to involve them in the decisions that will directly affect them.
Hear hear!
While we’re on the topic, digital rights activist Samantha Floreani writes at the Guardian:
Too often online safety policy has been about political point scoring rather than actual harm reduction. We need leaders who are thinking meaningfully about addressing pressing digital issues and listening to those they seek to protect.
When the current debate is “too focused on adult fears rather than children’s lived experience,” what we’re seeing is called a moral panic.
Also at the Guardian, an explainer: “‘No country in the world has solved this problem’: can Australia make age verification work for social media?”
Previously unreported documents suggest age assurance technology has not been successfully implemented anywhere in the world.
Meanwhile, PM Anthony Albanese is supporting the social media ban for under-16s. Because of course he has.
eSafety Commissioner a “global threat”: IPA
The Institute of Public Affairs (IPA), a right-wing propaganda machine which styles itself as “the voice of freedom”, has called for the Online Safety Act to be “abolished and re-drafted”.
It has also labelled eSafety Commissioner Julie Inman Grant a “global threat to free speech”.
In a letter to federal MPs the IPA, the self-appointed “voice of freedom”, regurgitated its usual warnings against censorship.
The actions of the eSafety Commissioner and the proposed misinformation and disinformation laws go well beyond child protection and law enforcement matters. They will usher in a new era of internet censorship, where the opinions of mainstream Australians will be silenced by unelected, unaccountable bureaucrats pursuing an ideological agenda.
And in a piece originally published in right-wing magazine The Spectator Australia, the IPA says cancel culture is now Labor policy.
While this newsletter prefers to concentrate on government rather than politics, it’s worth remembering that Inman Grant was appointed in 2017 under Malcolm Turnbull’s Coalition government, and the position of eSafety Commissioner itself was created under Tony Abbott via the Enhancing Online Safety for Children Act 2015.
Are you finding this newsletter useful?
Please do forward it to a friend or otherwise spread the word. Seeing the subscriber numbers steadily increasing is good for my self-esteem.
You might also, should you wish, throw a few bucks into the tip jar. I’m not being paid for this, y’see.
Also in the news
- X has lost a key court case over whether it’s legally responsible for its activities in Australia. As ABC News reports, “The Queensland Civil and Administrative Tribunal has decided that the company can be held liable for hate speech published on its platform,” in this case material related to the Christchurch mosque shootings of 2019.
- East coast energy provider Ausgrid says a cyber attack could cost $2.9 billion per day, or so they reckon in their submission (PDF) to the 2023–30 Australian Cyber Security Strategy: Legislative Reforms Consultation Paper.
- The government is being urged to ban AI-generated election material. On Monday the Australian Electoral Commission (AEC) said it had it has limited scope to protect voters from deepfake videos and phone calls imitating politicians.
- ASIO is recommending that the government scrap its powers to question 14 to 17-year olds under warrant because they’re no longer needed and anyway they’ve never even been used. Conversely, “ASIO has requested its other questioning powers be broadened.”
- ASIC says its trial of AI summaries of submissions produced “bland” results. “It wasn’t misleading but … it really didn’t capture what the submissions were saying, while the humans were able to extract the nuances,” ASIC chairman Joe Longo told a Senate committee on Tuesday.
- And finally Miski Omar has a modest suggestion: “Banning kids from social media isn’t the way — it’s the over-60s who need to get off the internet.”
Inquiries of note
Nothing new this week, Expect a few next week.
Elsewhere
- The Australian Communications and Media Authority (ACMA) is suing Singtel-owned Optus over the 2022 data breach. “Optus said it intends to defend itself,” reports Mothership. “According to a press release by Optus, ACMA alleged that Optus failed to protect the confidentiality (PDF) of ‘personally identifiable information’ of its customers from unauthorised interference or access.”
- “Nissan Oceania has revealed the call centre it set up to handle customer inquiries after a cyber incident late last year has itself been breached.” Tl;dr: It was OracleCMS.
- The Australian National Audit Office (ANAO) released its audit Award of Funding under the Mobile Black Spot Program. I haven’t read it, but the government reckons it proves they weren’t pork-barrelling.
- According to the Pew Research Center, 38% of webpages that existed in 2013 are no longer accessible a decade later. I loathe it when organisations rebuild their websites and break all of the previous version’s inbound links. It’s trivial to build in automatic redirections from old URLs to equivalent new ones. Not doing so is just lazy. And as for conferences and festivals and other annual events, please plan from the start to keep previous versions online.
From the archive
This may or may not be something I do every week, but I’ve always been fascinated by the way history rhymes.
- Calls to ID social media users is just another Morrison government rush job (11 October 2021). “The government has escalated its war of words against the social media giants, demanding ID for all users. But it’s a strategy that we already know won’t solve the problem.”
What’s next?
The House of Representatives returns this Tuesday 28 May. Senate Estimates hearings also kick off, and here’s the program.
Any questions or comments? Just reply to this email. Cheers.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.