The Weekly Cybers #41
Parliamentary inquiry recommends a digital affairs ministry, internet industry proposes a code for adult content, and more.
Welcome
Well then, after a slow week we suddenly have proposals for a digital affairs ministry and a whole new bureaucracy to go with it, and the online industry’s draft of a code of practice to protect the kiddies from porn and “other harmful material” — because porn by definition is harmful, right?
A digital affairs ministry for Australia?
The government’s social media inquiry reckons Australia needs a new digital affairs ministry for the “coordination of regulation to address the challenges and risks presented by digital platforms”.
“The Ministry could also play a role in coordinating monitoring and research activities to assess the ongoing impact of digital platforms on Australian society, as well as the effectiveness of existing and future regulation. Because matters relating to the regulation of social media are broad, the new Digital Affairs Ministry should be given an equally broad remit so that it can regulate matters such as, but not limited to, privacy and consumer protection, competition, online safety, and scams.”
So basically a “Department of Everything Government, but on the Internet”.
That’s the first of 11 recommendations in the Second interim report: digital platforms and the traditional news media from the Joint Select Committee on Social Media and Australian Society.
There’s a strong focus on getting the major online platforms to pay for news production, mainly as a result of “the decision of Meta to abandon deals under the [News Media Bargaining] Code and the important role of Australian journalism, news and public interest media on a healthy democracy in countering mis- and disinformation”.
Indeed, three of the recommendations are about funding news production and the Code itself, and supporting the “sustainability of small, independent and digital only publishers, as well as those operating in underserved communities and rural, regional and remote areas”.
Labor is particularly concerned that Meta may “sidestep its obligations to pay for news”, which they’re doing by saying they don’t want to carry news anyway.
The Conversation has a good backgrounder on this and where it might go next — especially the report’s proposal of a special levy on the platforms to fund journalism.
Or, to put it another way, to take money from successful online businesses and give it to online businesses which aren’t doing as well.
The committee also recommends:
- creating a Digital Media Competency Fund to focus on “the digital media literacy of young Australians”, as well as “other groups at risk of being taken in by mis- and disinformation, including older Australians and those in regional areas”.
- adopting transparency requirements for algorithms, similar to the EU’s Digital Services Act.
- examining “options to respond to the use of algorithms and recommender systems to deprecate news by digital platforms with significant power”.
The committee’s final report, due 18 November, is expected to cover online safety, how algorithms influence social media feeds, the mental health of social media users — isn’t that pretty much everyone? — and that old chestnut age verification.
Industry releases draft adult content codes
A consortium of industry groups has released draft codes of practice to “protect children from exposure to online pornography and other harmful content”.
As always there's a catchy title, the Consolidated Industry Codes of Practice for the Online Industry (Class 1C and Class 2 Material) under the Online Safety Act 2021.
The classes of material are defined in the Online Safety Act 2021 sections 106 and 107. They are, respectively, material which has been Refused Classification (RC) by the Classification Board, and material which has been classified X18+ or R18+, or might be.
(It’s actually way more complicated than that. In fact it’s a mess. But we don’t have time to go into that today.)
The Guardian lede explains the concept:
“Sites hosting adult content could be removed from search results and blocked from linking on social media in Australia unless they verify the ages of users trying to access them.”
The code would also apply to sites which have end users in Australia — and we’ve seen how successful that’s been in the eSafety Commissioner’s battle with Elon Musk’s X.
I think it’s important to note the definition of age assurance in this context:
“age assurance is an umbrella term for a range of methods for assessing a user’s age, including both age verification solutions (being solutions that aim to verify the exact age or age range of a given user) and age estimation solutions (being solutions that aim to estimate the exact age or age range of a given user).”
In other words, the code accepts that biometric guessing is close enough for the purposes. As Biometric Update notes, “Porn, social media platforms will need to use protection; vendors say come get some.”
While some might question whether that’s good enough — assuming the purposes are right to begin with — there are some positive notes for digital rights enthusiasts.
The code does not require any industry participation to “implement or build a systematic weakness, or a systematic vulnerability, into a form of encrypted service or other information security measure”, “implement or build a new decryption capability”, “render methods of encryption less effective”, or “undertake monitoring of private communications between end-users”.
If you’ve been following this topic for some time you’ll notice the echoes of the language in Australia’s anti-encryption laws.
Although it doesn’t say they can’t. It just says the code doesn’t require it.
The codes and schedules add up to 146 pages, and I haven’t had time to read them all, so I may have more analysis next week.
And as Andrew Black, managing director of ConnectID at Australian Payment Plus, notes: Social media age limits won’t work without a focus on privacy.
Submissions close 22 November.
The members of this consortium of online industry lobby groups are: BSA | the Software Alliance (BSA), the Australian Mobile Telecommunications Association (AMTA), the Communications Alliance, the Consumer Electronics Suppliers Association (CESA), the Digital Industry Group Inc (DIGI), and the Interactive Games and Entertainment Association (IGEA).
And if you’re thinking this all sounds familiar...
“For anyone who has been online in Australia longer than a decade or so, the discussion around current proposals to set a minimum age for social media use might trigger a touch of déjà vu,” writes Rebecca Houlihan at The Conversation.
Her account of what happened last time Australia tried to make a “clean” internet does indeed trigger nostalgia for your writer, who wrote a lot about it at the time — and who had at least one stand-up argument with then communications minister Senator Stephen Conroy.
It’s also amusing that this is now being written about by historians.
Also in the news
- Encrypted communications app Session has decided to leave Australia and switch to a foundation model based in Switzerland after the Australian Federal Police (AFP) visited an employee’s home and asked about the app and a particular user. Given the arrests related to the Ghost app, who can blame them.
- The Digital Transformation Authority (DTA) has released its Evaluation of whole-of-government trial into generative AI, which made Microsoft 365 Copilot available to more than 7,600 staff across 60+ agencies. It’s either a wonderful success saving people an hour a day, or high expectations largely going “unmet”, depending which bits you emphasise.
- The government launched its new Small Business Cyber Resilience Service, free for businesses with 19 or fewer employees. So that’s that sorted.
- The Office of the Australian Information Commissioner (OAIC) released Guidance on privacy and developing and training generative AI models. iTnews has a quick overview.
- The Department of Home Affairs admitted to a data breach, exposing data on users of its Free Translating Service (FTS) run by an external contractor.
- The Australian Competition and Consumer Commission (ACCC) is ramping up its cybersecurity capabilities, in part because it’s becoming the regulator of the new Australian Government Digital ID System (AGDIS).
- Rick Morton’s book on the robodebt saga is out, Mean Streak.
IF YOU FIND THIS NEWSLETTER HELPFUL, PLEASE SUPPORT IT: The Weekly Cybers is currently unfunded, so it’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip.
Elsewhere
- “Apple has deployed a new safety feature that enables Australian children to flag unwanted nude images directly with the tech giant for referral to the police, pre-empting requirements of proposed online safety codes recently released for consultation,” reports InnovationAus. Or as any teenager I’ve ever known might shout, “Hey mate, NUDES!”
- From Seriously Risky Business, “The EU and US are taking very different approaches to the introduction of liability for software products. While the US kicks the can down the road, the EU is rolling a hand grenade down it to see what happens.”
- Apparently the Tasmanian government bypassed Clarence City Council’s approval processes to greenlight the luxury Kangaroo Bay Hotel development by using AI to write the business case.
DOES SOMETHING IN THE EMAIL LOOK WRONG? If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.
Inquiries of note
Nothing relevant to us except the draft adult content codes detailed above.
What’s next?
Parliament is now on a break until 4 November, when the House of Representatives kicks off its next session and the Senate holds its Supplementary Budget Estimates hearings.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.