The Weekly Cybers #45
Government rushes to pass social media bans for under-16s, ASD issues new threat report, and a whole lot more.
Welcome
It’s crunch time for the Australian government’s social media age restrictions, with legislation on the table and an intention to rush it through parliament in mere days.
As you’ll read, there’s still a lot of open questions.
While that dominates the news, there’s also a new threat report from the ASD, laws to make the AFP’s evidence gathered from AN0M legal, and much much more.
Social media age restriction laws please no one
On Thursday we finally saw the Online Safety Amendment (Social Media Minimum Age) Bill 2024 and it’a fair to say that no one is thrilled with it except the government itself.
If you don’t want to read the legislation then the summary at the Guardian is as good as any.
But if you do, you’ll soon find that it’s a strange add-on to the Online Safety Act that defines a whole new thing, an age-restricted social media platform in a new section 63C, which is completely separate from the term social media service used elsewhere in the Act and defined in section 13.
Indeed, as Note 2 says, “An age-restricted social media platform may be, but is not necessarily, a social media service under section 13”.
So what is an age-restricted social media platform?
Despite criteria being set out...
(i) the sole purpose, or a significant purpose, of the service is to enable online social interaction between 2 or more end-users; (ii) the service allows end-users to link to, or interact with, some or all of the other end-users; (iii) the service allows end-users to post material on the service; (iv) such other conditions (if any) as are set out in the legislative rules...
... as well as various exclusions, the communications minister can simply declare something to be such a platform, or not such a platform, “if the Minister is satisfied that it is reasonably necessary to do so in order to minimise harm to age-restricted users”.
In other words, an age-restricted social media platform is whatever the minister thinks it is.
The minister can also just decide what is and isn’t a social media service, of course. This new category exists solely to the age ban can be applied independently of whether the rest of the online safety regime applies.
eSafety Commission to decide “reasonable steps”
Similarly, the eSafety Commissioner is empowered to “formulate, in writing, guidelines for the taking of reasonable steps to prevent age-restricted users having accounts with age-restricted social media platforms”.
This is similar to how the Basic Online Safety Expectations for esafety were created, except that for some reason these will not be “legislative instruments”, purportedly to allow them to evolve more quickly.
The explanatory memorandum (PDF) explains:
“Whether an age assurance methodology meets the ‘reasonable steps’ test is to be determined objectively, having regard to the suite of methods available, their relative efficacy, costs associated with their implementation, and data and privacy implications on users, amongst other things. The outcomes of the Australian Government’s age assurance trial, are likely to be instructive for regulated entities, and will form the basis of regulatory guidance issued by the Commissioner, in the first instance.”
As we learned late last Friday, the tech trial results are still six months away, with the tender to run them only just having been awarded.
Hurry up and wait
The age restrictions will not come into force until at least 12 months after the bill is passed and obtains Royal Assent, yet the government is extremely keen to get it passed next week.
The bill was introduced Thursday. which was yesterday. Public submissions to a Senate committee inquiry closed today, Friday, so in about an hour as this is emailed. A public hearing is being held on Monday, and the committee reports back to the Senate on Tuesday.
In this context it’s worth noting that the next federal election must be held on or before 17 May 2025. You do the maths.
Even more social media commentary and curiosities
- Crikey discovered an email trail which revealed that Labor ran last month’s SA-NSW Social Media Summit with the specific intent of building momentum for a social media ban (archive). Keynote speakers were international experts in favour of a ban, and they were livestreamed. Australian experts, many of whom did not support the ban, were on breakout panels which were not livestreamed.
- Also from Crikey, how the government misrepresented research on teen social media use (archive).
- Meta, of Facebook and Instagram face, says the bill is “rushed” and “out of step with research”.
- The Australian Human Rights Commission says the ban could significantly interfere with the rights of children and young people, although they also note that “the details have not been finalised”.
- The final report of the Joint Select Committee on Social Media and Australian Society did not recommend age restrictions, though it made a bunch of other recommendations.
- At Cyber Daily, David Hollingworth says “an age-based social media ban will be a costly mistake —– and it’s children who will pay”.
- From Nathan Jolly at Mumbrella, Blocking YouTube would be a disaster for Aussie kids
- Digital Industry Group Inc (DIGI) has called for more consultation.
AN0M data was obtained legally ’cos we say so
A global sting operation called Operation Ironside involved law enforcement officials including the Australian Federal Police (AFP) taking over the encrypted communications platform AN0M, resulting in the arrest of around 800 organised crime figures.
It was hailed as a triumph by the cops, but was it legal? There’s been a number of courtroom challenges.
This week the attorney-general introduced laws designed to head off any further challenges, the Surveillance Legislation (Confirmation of Application) Bill 2024.
It’s a brief document. It lists the 11 specific warrants issued in relation to Operation Ironside, and says that information obtained was “not to have been, and always not to have been” obtained by interception, and that anything done was “valid and lawful and to have always been valid and lawful” even if “[it] would have been wholly, or partly, invalid or unlawful” except for us just saying it’s all fine.
This information was always lawfully obtained under the warrants, so there.
It remains to be seen whether parliament passes this curious piece of legislation, but yeah it will. No one wants to look soft on crime.
Farewell to cheques, but cash must remain
This week the treasurer and his assistant ministers said that Australians can continue to pay with cash for essential items.
“Mandating cash for essential purchases, such as groceries and fuel, means those who rely on cash will not be left behind... Cash also provides an easily accessible back‑up to digital payments in times of natural disaster or digital outage.”
Treasury will issue a consultation paper before the end of the year, looking at which businesses supplying essential goods and services should be covered, and developing “appropriate exemptions for small businesses” for some reason.
Treasury also released the Cheques Transition Plan. Cheques will stop being issues by 30 June 2028, and will stop being accepted on 30 September 2029.
TALKING TECH ON THE RADIO: On Thursday I did the ABC RN Drive Big Tech spot, Is your medical data safe with X and could Google be broken up?. The stories we spoke about were people uploading their health data to feed X’s Grok (gift link), the US Department of Justice wanting Google to spin of the Chrome web browser, and FTX co-founder Gary Wang avoiding a prison sentence for that their US$11 billion crypto fraud.
Also in the news
- It seems strange to have this so far down the list, but the Australian Signals Directorate (ASD) released its Annual Cyber Threat Report 2023-2024. Of note are fake QR codes, which became popular during the Quarantimes but which have also been warned about by cybersecurity experts ever since they were invented. Also, private schools are a target, as is critical infrastructure.
- Legislation has been introduced to ban deepfakes in political advertising. But the key elements of the Electoral Legislation Amendment (Electoral Communications) Bill 2024 won’t come into effect until 2026, well after the next election.
- Privacy commissioner Carly Kind has found that Bunnings’ facial recognition breached privacy of “likely hundreds of thousands of individuals” across 63 stores in Victoria and NSW. Bunnings reckons customer privacy wasn’t at risk. The Privacy Commissioner thinks otherwise.
- One for telco nerds, according to Communications Day managing editor Rohan Pearce: an intriguing first use of a national security power “to direct a carrier or carriage service provider to cease operations or supply services in Australia”. I wonder who it was.
- We have the committee report on the Cyber Security Legislative Package, which includes laws relating to ransomware notifications. iTnews has a quick summary.
- A bunch of rules relating to the Australian Government Digital ID System (AGDIS) aka myID were tabled on Monday, including the data standards. Find them in the tabled documents database by searching for “Digital ID”.
- “Defence has automated the removal of IT systems access for exiting employees and contractors amid an inquiry into IT governance within federal government,” reports iTnews. This seems like a good idea.
- The Crimes and Online Safety Legislation Amendment (Combatting Online Notoriety) Bill 2024 has been dumped.
IF YOU FIND THIS NEWSLETTER HELPFUL, PLEASE SUPPORT IT: The Weekly Cybers is currently unfunded, so it’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip. Or just forward this email to others who might like it.
Elsewhere
- A study has found that internet use for adults 50 or older can improve mental wellbeing, though that’s for the internet as a whole rather than just social media.
- From The Conversation, “Australian police are trialling AI to analyse body-worn camera footage, despite overseas failures and expert criticism.”
- Google’s AI chatbot Gemini told a user “Human... please die”.
- Here’s the working paper which showed that Elon Musk’s platform X changed it’s algorithm to bias election commentary towards Donald Trump, coinciding exactly with Musk’s endorsement of Trump.
- The Chief Justice of NSW has issued a practice note banning generative AI (PDF) for various court documents, to come into force on 3 February 2025.
Inquiries of note
Apart from the inquiry into the social media age ban that ends Tuesday, there’s quite a lot.
- The Senate Standing Committee on Environment and Communications is also looking at the NBN public ownership bill. Submissions close 16 December.
- There’s a committee inquiry into the * Scams Prevention Framework Bill 2024*. Submissions close 9 January 2025.
- The Attorney-General’s Department has issued a consultation paper on automated decision-making (ADM) in the delivery of government services. Submissions close 15 January 2025.
- Treasury is running an inquiry into the Crypto Asset Reporting Framework and related amendments. Submissions close 24 January 2025.
- Submissions to the inquiry into the catchily named Oversight Legislation Amendment (Robodebt Royal Commission Response and Other Measures) Bill 2024 close 30 January 2025.
What’s next?
Parliament continues this week for what is currently scheduled to be the final sitting for 2024 — although with so many loose ends I wouldn’t be surprised if it’s extended for another week.
The public hearing for the inquiry into the social media age ban is in Canberra this Monday 25 November, and the committee is required to table its report the following day.
DOES SOMETHING IN THE EMAIL LOOK WRONG? If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.