September 27, 2024

The Weekly Cybers #37

A Federal Court win for FoI, a rebranding for Australia’s digital ID, Optus outage leads to various changes, yet more on social media age restrictions, and much more.

The Weekly Cybers #37 | 27 September 2024

Welcome

Good news for freedom of information fans this week. The full Federal Court has upheld a ruling that ministerial documents don’t become exempt just because a different human is in the chair.

A rebranding of the myGovID digital ID app to myID should help prevent confusion with the myGov services app.

Following last November’s Optus network outage a few changes have been recommended — including cooperation between telcos on large-scale network roaming during outages.

And the debate about age restrictions for social media continues.

Court rejects appeal to keep documents secret

The full bench of the Federal Court has rejected the government’s appeal in their attempt to keep ministerial documents secret once a different human becomes minister.

Until now, freedom of information (FoI) requests have been routinely rejected once a minister’s tenure ends, because they were no longer in “possession” of the documents.

The judges’ ruling on Wednesday confirms ministers can no longer assume their documents are automatically protected from FOI access after a ministerial reshuffle or change of government, in a case in which the originating judge had decried the practice of ministers shredding documents upon leaving office.

The attorney-general had already spent $298,299.89 on the original case, a figure which doesn’t include the cost of the unsuccessful appeal.

Here’s the full judgment. We don’t yet know whether the government will appeal this decision to the High Court.

Confirmed: myGovID to become myID

The Australian government’s digital ID app myGovID, run by the Australian Taxation Office (ATO), will rebrand as myID in November.

The rebranding comes ahead of the new billion-dollar Australian Government Digital ID System (AGDIS). It’s intended to help avoid confusion with myGov, the Services Australia app. You know, the shit one.

We’ve known since April of the ATO’s registered trademark, and here’s a picture.

As I said back then, aren’t we all glad they remembered Tasmania?

Anyway, there’s no need to do anything. Some time in November the app will just magically change its name.

FINDING THIS NEWSLETTER USEFUL? It’s currently an unfunded time-consuming side project, so do please consider throwing in a tip. Thanks heaps to those who’ve contributed in recent weeks. It really makes a difference.

Debate continues over online age restrictions

This week’s Essential polling shows a curious inconsistency in people’s views on banning children from social media.

Some 67% of respondents support the government’s proposed social media ban — roughly the same proportion as in July — but at the same time 60% of people think that parents bear the primary responsibility for keeping children safe online — followed by the platforms themselves and then the government.

Only 12% of respondents think that a social media ban will be effecting, in that “most children will be stopped from using social media”. The majority, 52%, think only some children will be stopped, “however others will find loopholes to use it”. And 36% think it won’t be effecting, “most children will find loopholes to use social media”.

Essential had further questions, as well as the usual breakdowns by age, gender binaries, and voting intention. something that’s interesting to look at. However the message I take away is that people have somewhat confused views on the issue.

As for the preferred age for such bans, another Essential question revealed an average response of 15.4 years, and for being held criminally responsible for a crime 14.4 years.

While it’s outside the direct remit of this newsletter, it’s worth nothing that this is way out of line with the Northern Territory’s Country Liberal Party proposal to lower the age of criminal responsibility to 10.

This contradiction is explored further in a recent essay at The Strategist, the newsletter of the Australian Strategic Policy Institute.

While we’re on the subject of age restrictions:

• Australia’s leading mental health organisations have criticised the social media ban for young people, saying it will cause them harm.

• Instagram’s new under-18 rules are being met with skepticism by actual teenagers.

• California has passed a law banning providing an “addictive feed” to a minor without parental consent. Their definition is — deep breath! — an internet website, online service, online application or mobile application in which multiple pieces of media generated or shared by users are recommended, selected, or prioritized for display to a user based on information provided by the user, or otherwise associated with the user or the user’s device, as specified, unless any of certain conditions are met.”

• Al Jazeera asks an obvious question: “Multiple countries have tried but failed to effectively curb social media access. Will Australia’s attempt be different?”

• The gambling lobby wants the government to consider age verification for online betting apps rather than banning gambling ads outright.

Changes recommended after Optus outage

The Senate committee looking at the Optus network outage tabled its final report on Friday afternoon.

It makes seven recommendations, which I’ll paraphrase. None of them seem particularly controversial.

1. That the Australian Communications Media Authority (ACMA) prioritise the development of an enforceable communications standard for outages. (This is already happening.)

2. ACMA should publish the findings of its review of Optus’s obligations for emergency calls and to legislated customer service standards.

3. ACMA should review the remedial action taken by Optus, as well as their new process and procedures, appointing an independent reviewer if needed.

4. The government and industry should “examine large-scale network roaming and mutual assistance arrangements for major outages”.

5. Amend the Security of Critical Infrastructure Act 2018 (SOCI Act) “to clarify that telecommunications carriers are included as critical infrastructure providers”.

6. The Telecommunications Industry Ombudsman (TIO) should develop a “tailored dispute resolution mechanism” for compensating customers following outages.

7. Review the telecommunications Consumer Service Guarantee, maybe with an updated standard, which should also apply to fixed broadband and mobile services.

Currently the definition in the SOCI Act of what is and isn’t “critical” is a bit hand-wavy. The Secretary for Home Affairs maintains a register of critical infrastructure assets, which is not public for obvious security reasons, but I suppose there’s nothing wrong with writing it into the Act itself.

The report also includes a handy timeline of events, something I’ll be referring to in the future. There’s also a lengthy and clearly politically motivated whinge by Coalition senators about the minister’s performance during the outage.

Also in the news

• The Inspector of the National Anti-Corruption Commission (INACC) has upgraded their probe of the NACC’s decision not to further investigate robodebt from an inquiry to a formal investigation.

• Meanwhile the class action by victims of robodebt will appeal against the initial settlement now that evidence has emerged of “misfeasance in public office”.

• The Bureau of Meteorology has apologised for issuing a tsunami warning as a test without labelling it as a test.

• One-third of GPs have rarely or never used My Health Record. The president the Royal Australian College of General Practitioners (RACGP) Dr Nicole Higgins now wants the government to “improve its usability for Australians, GPs and other health professionals”. Given that less than 2% of documents are seen by GPs, one might ask why we need it at all.

• The National Disability Insurance Agency (NDIA) says minors were caught in last year’s data breach and now they can’t contact them.

• We have the government response to the committee report on the * Criminal Code Amendment (Deepfake Sexual Material) Bill 2024*. It’s basically “Go for it, urgently” with a few minor procedural recommendations.

• Something I missed last week because I don’t pay much attention to gaming news. Starting this week with newly-classified games, simulated gambling in video games will now earn them an R18+ classification. Also, in-game purchases with a chance element scores an M rating (recommended 15+).

• It may have happened earlier this month, but the Australian Signals Directorate (ASD) has updated the Information Security Manual (ISM).

Elsewhere

• The Australian Cyber Collaboration Centre (Aus3C) has released the annual Annual Cybersecurity Attitudes and Behaviors Report 2024-2025, titled Oh, Behave!. There’s a lot of data covering the US, India, Germany UK, Canada, New Zealand, Australia. Here’s just two factoids: “38% admitted to sharing sensitive work information with AI without their employer’s knowledge,” while an increasing number think there’s no point trying to protect yourself online because the data is already out there.

• Victoria’s child protection agency has been ordered to ban staff from using generative AI after one staffer used ChatGPT data reports. Person information has been entered into the public version of the tool, and the resulting report significantly misstated the facts.

• An Australian woman is alleged to have acted as a stand-in in a $700,000 romance scam, according to Ghana's Economic and Organized Crime Office.

• This piece from The Conversation has been widely syndicated already, but it is very good: How did they get my data? I uncovered the hidden web of networks behind telemarketers.

• New from the Australian Strategic Policy Institute (ASPI): Connecting the Indo-Pacific: The future of subsea cables and opportunities for Australia.

Inquiries of note

Nothing new this week.

What’s next?

Parliament is currently on a break until Tuesday week, 8 October.

On Monday 30 September and Tuesday 1 October there are public hearings in Canberra for the Joint Select Committee on Social Media and Australian Society.

---

The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).

If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.

If you find this newsletter useful, please consider throwing a tip into the tip jar.

This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.