The Weekly Cybers #34
Government proposes “mandatory guardrails” for high-risk AI, ASIO hints at using the big stick on encrypted chats, and much more.
Welcome
The big one today is a major consultation on “mandatory guardrails” for artificial intelligence (AI). That, and a voluntary AI safety code, were announced by the government this week.
Meanwhile, ASIO chief Mike Burgess expressed his frustration with not being able to access encrypted communications, suggesting that he might finally use the big stick of his coercion powers on certain unnamed platforms.
And you can now book an appointment with Centrelink rather than wait on the phone forever. Or so they say. Do let me know how they go.
Government considers AI act, releases proposals
The Australian government has released a discussion paper on “mandatory guardrails” for AI, which could well come in the form of Australian legislation along the lines of the EU’s AI Act passed on 13 June.
As Guardian Australia reports:
“Under the 10 guardrails, organisations developing or deploying high-risk AI would need to establish risk management processes; test AI and monitor once deployed; enable human control or intervention to achieve meaningful human oversight; inform end-users of AI decisions, interactions and content; and establish processes for people affected by AI systems to challenge use or outcomes.”
Organisations would also need to keep records to allow third-party compliance assessments.
In his press conference, industry and science minister Ed Husic was keen to stress that human oversight would be a key component.
“Even some of the biggest companies in the world recognise that there are quality issues with their AI. It’s always going to involve us being able to run an eye over that work to make sure that it’s fit for purpose. That philosophy or mentality of a human being involved is embedded in some of the guardrails we’ve put forward.”
Or as The Mandarin phrased it, there would be a “kill switch” to stop AI running amok.
Submissions on the discussion paper close 4 October.
While that consultation is under way, organisations can already start to implement the Voluntary AI Safety Standard that the government released this week.
It too has guardrails. Ten of them, the language of which aligns with international standards.
There’s a range of expert reactions to the proposals at Scimex.
PERSONAL WHINGE: I loathe the term “guardrails” which has started to become a regular part of discussions about technology. A guardrail isn’t your initial set of guidelines. It’s your tool of last resort. On the road, you only hit the guardrail if there’s already been failures in road design, driver training and alertness, vehicle handling, the brakes, whatever. When I hear people talk about “guardrails” I regard them as a parrot.
ASIO may soon start using decryption powers
In an interview with ABC TV’s 7.30 this week, ASIO director-general Mike Burgess said the agency may soon force technology companies to unlock encrypted chats in national security investigations.
Law enforcement and intelligence agencies were given broad powers to gain access to encrypted communications in the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, usually referred to the TOLA Act.
Burgess repeated his view that ASIO is not looking for mass surveillance.
“If you actually break the law or you’re a threat to security, you lose your right to privacy, and what I’ve been asking for those companies that build messaging apps (is to) respond to the lawful requests. So when I have a warrant you give me access to that communication.”
It is perhaps worth pointing out that “you lose your right to privacy” is an assertion, and even if it’s a valid one, one might ask whether the loss of privacy extends to those who are merely suspected of breaking the law. The question of proportionality is always an interesting one.
Burgess says he has been meeting with the tech companies:
I’ve had a few companies come and talk to me since that time [when the decryption laws were passed]. Which is good. I’ll leave those conversations in private. Some of them are good. I might be about to have a difficult conversation, but we’ll do that in private as well.
The agency “might ask for more resources”, but only in private with government — and ultimately it’s up to parliament, he said.
BONUS LINK: Last week the Risky Business podcast ran a feature interview with ASIO chief Mike Burgess which also covered these issues, and more.
FINDING THIS NEWSLETTER USEFUL? It’s currently unfunded, so do please consider throwing in a tip.
Also in the news
- Home Affairs minister Tony Burke has been given draft new cybersecurity legislation ($), reportedly “requiring businesses to report the payment of ransoms and giving the government more powers to take over the networks of critical infrastructure”. We were expecting to see these in parliament before the end of 2024, so I guess we’re on schedule?
- Meta, which owns Facebook and Instagram and Threads, wants Apple and Google to force parents to approve the apps their kids download, but the University of Melbourne’s Professor Toby Murray reckons the social platforms should work together.
- Meta also says blocking news content is still on the table if the government does try and force it to negotiate deals with publishers.
NEW PODCAST: The 9pm War on Social Media with Professor Axel Bruns, in which we discuss the News Media Bargaining Code and Meta refusing to pay for news content, age restrictions for social media, the arrest of Telegram’s CEO Pavel Durov, and more. Look for The 9pm Edict in your podcast app of choice.
- The Bureau of Meteorology’s technology upgrade program, ROBUST, didn’t really cost a billion dollars. Whew! It cost a mere $866 million. Here’s their statement.
- The latest innovation at Services Australia is that you can book an appointment with Centrelink.
- A trial by the Australian Securities and Investments Commission (ASIC) found that AI is worse than humans in every way at summarising information. Here’s the final report (PDF) as tabled in parliament.
- The Australian Competition and Consumer Commission (ACCC) will not oppose Optus and TPG sharing their mobile networks and spectrum in regional areas. Optus says this Multi Operator Core Network (MOCN) arrangement will run for 11 years and start operating in early 2025, subject to regulatory approvals.
- ASIO’s Mike Burgess has clarified that liking a tweet supporting Hamas could mean failing a visa security test because it’s a designated terrorist organisation, whereas there’s no problem with supporting Palestine. This does assume that “liking” means supporting what a social media post says, rather than just bookmarking it for later.
- The Australian Federal Police (AFP) says it’s shut down more than 1,800 bank accounts linked to organised sextortion scams, and has warned of some extortionists trying to convince young people to commit “live online ”.
Elsewhere
- The new CEO of NBN Co is Ellie Sweeney, previously of fibre and network solutions provider Vocus Group and Telstra.
- Some clinicians are already using AI to write health records, so what do you need to know?
Inquiries of note
There’s just the AI proposals detailed above, but I reckon we’ll see some more announced next week.
What’s next?
Parliament returns this Monday 9 September for one week, with the Senate only to continue the following week.
At this stage the draft legislation program for neither the Senate nor the House of Reps include debates of relevance to this newsletter, but this may change.
The Select Committee on Adopting Artificial Intelligence (AI) has a public hearing in Canberra on Wednesday 11 September.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.