The Weekly Cybers #5
A rush to criminalise doxxing, progress on government AI, a $4.7 billion GST fraud, and more.
Welcome
Australia’s announcement that it will criminalise doxxing received global attention this week, and in the background governments around Australia have been trying to coordinate their efforts to adopt AI.
I suspect that the word “cybers” in the title of this newsletter may have led some people to think it’s all about cybersecurity, because I’ve written quite a bit about that in recent years. Sure, but it’s not just that.
The tag line I’m currently using is “a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me”.
So yes, the focus is very much on government and policy. At least for now.
Australia rushes to criminalise doxxing
Nothing gets a government moving faster than a prominent lobby group with a very public problem.
The review of Australia’s Privacy Act 1988 has been proceeding at a snail’s pace for years now. The original issues paper came out in October 2020. Skipping ahead, the Privacy Act Review Report was published in February 2023, and the government response came in October of the same year.
But rather than working steadily within this established framework of review, the government has rushed through legislative amendments piecemeal in response to the perceived needs of the daily news cycle.
In the wake of the massive Optus data breach of September 2022, for example, the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 increased penalties and provided for greater information sharing to enable the victims to be warned.
This week we heard how the government will move quickly to criminalise doxxing, the malicious publication of people’s personal information.
Why?
Well, in the information battles over the war in Gaza, someone published the contents of “a private WhatsApp group involving Jewish Australians largely working in creative industries”, including their physical and email address, and phone numbers. Some 600-odd people were affected.
Needless to say, threats and harassment soon followed.
This is obviously a Bad Thing for anyone to endure. But with a war going on and accusations of antisemitism being attached to almost anything critical of Israel, the government was under extra pressure to be seen to be doing something about this blatant attack.
What form this rushed legislation takes remains to be seen. However it’s worth noting that harassment and making threats is already a crime. Will making an earlier step in the process a crime as well make any difference?
Meanwhile as the Law Society Journal notes, doxxing is already illegal in several nations, including Singapore, South Korea, and the Netherlands. Australia doing the same is not unreasonable. But some communities have been calling for such laws for years now.
In Australia, LGBTQIA+ and anti-racism organisations have been addressing the issue and pushing for comprehensive legislation. Back in 2019, far-right activist Avi Yemeni posted on social media the personal phone number of journalist Osman Faruqi, leading to the Pakistani-born Australian receiving thousands of racist and abusive text messages, calls, and voicemails.
In January, a pro-Israel Facebook group shared the address of a Sydney man who raised a Palestinian flag outside his home, leading to a fake explosive device with a threatening message being left close to his property.
I guess it takes a community with connections to one of our geopolitical allies to finally encourage some action, rather than just the queers and the browns.
In any event, the world is watching. Do a Google News search for “doxxing Australia” and you’ll see reports in major news mastheads in many, many countries. Stay tuned.
Canberra hammers the AI drum
OK, that’s a mixed metaphor, but there’s a lot of news about AI policy from Canberra this week. Apparently governments are nearing consensus on “core areas of consistency” for how they approach generative AI, reports iTnews in a lengthy analysis.
Those “core areas of consistency” — what a term! — are likely to be accountability, governance, decision-making, and procurement.
“More than 7400 public servants across more than 50 government agencies are participating in the [Microsoft 365] Copilot trial,” wrote iTnews.
This week the Minister for Industry and Science Ed Husic announced a new Artificial Intelligence Expert Group. There’s quite some names on the list. Apparently they met for the first time on 2 February and while their term only runs to the end of June, further funding is expected in the Budget in May. Check out their terms of reference.
Meanwhile, the Australian Human Rights Commission and National Australia Bank have developed a human rights impact assessment tool for AI-informed decision-making systems in banking. The Mandarin has some background.
Want a massive tax refund? Just ask for it!
Some 150 staff of the Australian Taxation Office (ATO) were investigated as part of a massive GST fraud case involving a $4.6 billion scheme promoted via TikTok, reported SmartCompany.
The scam itself involved people acquiring an Australian Business Number (ABN) for a sham business and utilising MyGov to submit falsified business activity statements to receive GST refunds.
Yes, around $2 billion in fraudulent claims were paid, and another $2.6 million or so was stopped before the payments were fully processed. All up some 57,000 people had a go at this, including those 150 ATO staff.
Some sackings and criminal proceedings ensued, although we don’t know how many.
The Australian National Audit Office’s full report on the ATO’s anti-fraud systems made this observation:
The ATO has identified there is a lack of clarity regarding accountability for GST fraud control and after two years of committee discussions this issue remains unresolved.
Well, one doesn’t want to rush these things.
Also in the news
- We have the terms of reference for the scheduled statutory review of the Online Safety Act 2021. An issues paper is due to be published in the first half of this year, but for now you can gauge the vibe in the minister’s press release. Yes, end-to-end encryption is a harm-facilitating technology.
- “The Australian Signals Directorate has lamented a decline in the ‘frequency and richness” of cyber incident data shared with it by the private sector,” reports iTnews.
- Australia could soon be selling the Ghost Bat autonomous fighter jet and combat drone internationally as part of the AUKUS technology-sharing agreement.
- Services Australia is suffering from a shortage Java and Angular developers.
- Ed Husic has released the final report of the Pathway to Diversity in STEM Review. If you’re in a hurry and just want the promo blurb, read the minister’s press release instead.
- Independent MP Kate Chaney has introduced the catchily titled Criminal Code Amendment (Telecommunications Offences for Suicide Related Material—Exception for Lawful Voluntary Assisted Dying) Bill 2024. Under current law, “a person commits an offence if they access or transmit suicide-related material through a carriage service that directly or indirectly counsels or incites committing or attempting to commit suicide”. This bill provides an exception for communications relating to voluntary assisted dying (VAD), which is now legal in all Australian states.
- Finally submissions continue to be published for the inquiry into the Digital ID Bill 2023 and the Digital ID (Transitional and Consequential Provisions) Bill 2023. There’s now 201 of them.
Elsewhere
- Commonwealth Bank says it has created more than 50 use-cases for generative AI and “upskilled over 500 staff on AI tools to democratise the responsible use of AI”.
What’s next?
Parliament is now taking a short break and will return on Monday 26 February.
However on Friday 23 there's a public hearing in the inquiry into the Communications Legislation Amendment (Prominence and Anti-siphoning) Bill 2023 [Provisions], that legislation about the menus on Smart TVs and such featuring the free-to-air channels, with a second hearing to come on 5 March.
Also on Friday, submissions close for the inquiry into Supporting the development of sovereign capability in the Australian tech sector.
Any questions or comments? Just reply to this email. Cheers.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.