The Weekly Cybers #60
Australian intelligence review released, news of encrypted messaging apps, new Treasury rules for cryptocurrency, and more.
The Weekly Cybers #60 | 21 March 2025
Welcome
It’s all about surveillance this week, with the release of a review of Australia’s spook agencies, Israeli spyware breaking open encrypted comms, and messaging apps destroying democracy.
There’s also new Treasury rules governing cryptocurrency exchanges, a bunch of stories about AI (of course), and more.
As always, remember to click through to read the original news stories, because there’s always a lot more.
Finally, the review of intelligence agencies
On Friday the government published the (unclassified version of the) report of the 2024 Independent Intelligence Review.
The 129-page report makes 67 recommendations, so I can’t list them all here. Obviously I haven’t had time to read the whole report. But at the time of writing there’s some initial analysis at ABC News.
To quote from that analysis, the report “doesn’t recommend any sweeping changes ... unlike the 2017 review, which triggered a significant restructure”.
“[The report] still made dozens of recommendations to improve operations, saying there needs to be ‘stronger and deeper integration’ between agencies, ‘stronger central coordination of national security policy matters’, and that the Office of National Intelligence [ONI] should bolster its analytic capabilities.”
Agencies should submit at least two major national assessments every year.
In this context it’s worth noting that the Australian Signals Directorate (ASD) and ASIO both now present an annual threat assessment — and in both cases these initiatives were created when Mike Burgess was director general of each agency.
The report also recommends that intelligence agencies hold “regular exercises ... to test and improve preparedness for regional crises or conflicts”.
Something your writer finds interesting is a series of recommendations designed to enhance economic intelligence, including better coordination with Treasury.
There’s also a call to develop TOP SECRET could transition strategies, and artificial intelligence governance frameworks.
Finally, there’s a bunch of recommendations about reviewing legislation “urgently” to align all the different agencies’ enabling acts — something which was already on the government’s agenda but which seems to be taking forever.
The government says it will commit another $44.6 million over four years to implement the key recommendations.
I guess we can expect more detailed coverage in the media over the weekend.
BONUS LINK: A Chronology of Australia’s national intelligence community from the [Comprehensive review of the legal framework of the National Intelligence Community](https://www.ag.gov.au/national-security/consultations/comprehensive-review-legal-framework-governing-national-intelligence-community of 2021) which was finally published in late 2020. Maybe I should update this? Any sponsors?
Messaging apps a risk to democracy?
“Messaging apps raise novel considerations for key pillars of our democratic system of government, including transparency and accountability,” says the Australian Information Commissioner, Elizabeth Tydd.
Government agencies need to improve their information governance, she said on Wednesday, coinciding with the release of a report produced with the National Archives of Australia, Messaging apps: a report on Australian Government agency practices and policies.
In this context, “messaging apps” means “mobile-based messaging apps, such as WhatsApp, Signal, Facebook Messenger, and Telegram. A common function of these messaging apps is the ability to send messages that disappear after a specified period”.
Of the 16 government agencies that permit messaging apps, only eight have written policies.
Seven of the agencies provided copies of their policies. Six of those didn’t address essential archive requirements, five didn’t address freedom of information search requirements, and five “did not require the use of official accounts or devices when using messaging apps for work purposes”.
Needless to say, the report recommends that agencies sort out their policies, governance, and due diligence. Yeah, I’m for that too.
Sending politicians down the memory hole
Independent senator David Pocock is not impressed, saying that politicians using these messaging platforms to avoid scrutiny is “deeply concerning” and that it’s damaging Australian democracy.
The Guardian cites examples where messages have disappeared down the memory hole. They include communications between the then foreign affairs minister Marise Payne and her Indonesian counterpart, and lobbying by Kevin Rudd to the then prime minister Malcolm Turnbull over Rudd’s desire to become secretary general of the United Nations.
The key question, one which commissioner Tydd acknowledges, is what is and isn’t a public record.
As your writer has said in the past, in many cases messaging now replaces telephone calls and in-person conversations, and those were never routinely recorded for posterity. So where do apps stand?
Does Australia use Israeli spyware Paragon?
Australian government agencies might well be customers of Paragon Solutions, an Israeli spyware company whose products provide full access to encrypted messaging apps.
While the Guardian reports that the Department of Home Affairs and the Australian Signals Directorate “have no links to Paragon Solutions”, that still leaves quite a few agencies to choose from.
Back in January, Meta’s WhatsApp said it had disrupted a spyware campaign aimed at reporters and civil society in European nations including Italy.
Since then, a report from The Citizen Lab at the University of Toronto claimed that Paragon had links to six more nations: Australia, Canada, Cyprus, Denmark, Israel, and Singapore.
As the Guardian notes, “If the Australian government is a customer there is no suggestion by [The] Citizen Lab in their report that they have misused it or violated Paragon’s terms of service”.
Indeed, cracking open communications is something a number of government agencies are empowered to do when granted a warrant. That they might use tools bought off the shelf is not in itself unusual.
IF YOU’VE FOUND THIS NEWSLETTER HELPFUL, PLEASE SUPPORT IT: The Weekly Cybers is currently unfunded. It’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip.
Crypto exchanges are like banks not markets
“Cryptocurrency exchanges and fintechs holding digital assets for consumers will have to meet the same basic governance requirements as banks and other financial services companies,” reports the AFR ($).
That includes “providing services honestly, fairly and efficiently, and avoiding conflicts of interest”.
Which means that the regulations are more like those applying to banks rather than markets such as the ASX.
Your writer is by no means an expert in nor even a fan of cryptocurrency — to put it mildly — so I’ll leave you to read Treasury’s statement on developing an innovative Australian digital asset industry and the government response to the Board of Taxation’s review of the tax treatment of digital assets and transactions.
Also in the news
“Big tech giants Apple, Meta, Google, Amazon, and Elon Musk’s X have lodged a formal complaint urging the Trump administration to target ’coercive and discriminatory’ Australian media laws.”
“The ACCC will not oppose Vocus Group Limited’s proposed acquisition of TPG Telecom Limited’s (ASX: TPG) fixed line business, enterprise, government, and wholesale customer base as well as its fibre and transmission networks.”
The ACCC has already noted that Australians on NBN Co’s Fixed Wireless Plus plan have experienced further improvements to their broadband speeds.
From Mumbrella, “New research on teenagers ... backs the Albanese government’s decision to exempt Youtube from the looming social media ban for all Australians under 16”.
The new head of the National AI Centre is Lee Hickin, formerly chief technology officer of Microsoft Australia. The centre is also “reshaped” following a $21.6 million budget increase.
Elsewhere
“Following China’s unannounced naval exercises off the coast of Australia late last month, there has been a noticeable increase in Chinese social media content promoting the invasion (or ‘nabbing/seizing‘) of Australia. There has also been pushback.”
AI search engines used for news are wrong 60% of the time, according to a study from the Columbia Journalism Review’s Tow Center for Digital Journalism.
OpenAI’s AI tool ChatGPT shows signs of anxiety when its users share “traumatic narratives”, meaning that if it’s used for therapy it needs to chill out with some mindfulness exercises. Assuming you want to use human language for a word-guessing machine. And assuming you want to take these claims on face value.
Inquiries of note
Nothing new for us this week. The decks are being kept clear for the election.
What’s next?
Parliament returns this Tuesday 25 March for three days of sittings including Budget Night. The schedule says that the House of Reps then returns for two weeks starting Monday 7 April — but it’s likely that the election will be called before then.
The election must be held by Saturday 17 May, and the campaign period must run for a minimum of 33 days.
Anyway, the Senate draft legislation program includes debate on the National Broadband Network Companies Amendment (Commitment to Public Ownership) Bill.
In the House of Reps, there’s the Telecommunications Amendment (Enhancing Consumer Safeguards) Bill.
And of course there’s whatever legislation the government tries to ram through before the election. Stay tuned.
DOES SOMETHING IN THE EMAIL LOOK WRONG? If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber security newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.