The Weekly Cybers #61
Little digital thrill in the Budget, slow progress in the age assurance tech trial, the US can’t handle its military secrets, and more.
The Weekly Cybers #61 | 28 March 2025
Welcome
So much of this week’s news was about Tuesday night’s Budget, which for the focus of this humble newsletter turned out to be of little interest, and then the election being called. Still, there’s a brief Budget story here.
The world’s biggest digital-adjacent story was from the US, however where senior defence officials managed to send classified information to a journalist after they included him in their Signal group chat.
That story is being covered extensively elsewhere, and indeed it’s still unfolding as the culprits try to get their stories straight and escape the consequences, so I’ll just run a quick summary.
Which all means I’ve got a relatively small collection of links this week, and have resorted to reading the Telecommunications Numbering Plan 2025 and even the Torres Strait Fisheries (Quotas for Tropical Rock Lobster (Kaiar)) (Total Allowable Catch) Amendment Determination 2025.
The total allowable tropical rock lobster catch is up from 200,000 kg unprocessed weight to 464,400 kg, by the way.
The digital Budget keeps just chuggin’ along
From a digital policy perspective there was little new in Tuesday night’s Budget, a disappointment for some industry lobbyists who wanted more.
iTnews has saved us work by publishing a full list of IT projects in the 2025-26 federal budget. It includes “scant funding for technology projects compared to previous years, with the health portfolio one of few winners”.
The biggest chunk is $228.7 million in the coming financial year for modernising My Health Record and such, but that had already been announced — as had pretty much everything else.
IF YOU’VE FOUND THIS NEWSLETTER HELPFUL, PLEASE SUPPORT IT: The Weekly Cybers is currently unfunded. It’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip.
Age assurance tech trial keeps just chuggin’ along
According to the latest newsletter from Australia’s Age Assurance Technology Trial, some 51 vendors have signed on and have started completing their practice statements — so we’re still some way from trials actually starting.
The trials will include testing some of the methods in schools across Australia. “Our aim is to make this an educational experience for the pupils involved,” they write.
They’ve also appointed Scout Insights to facilitate usability testing of “certain solutions” with a “nationally representative sample of Australians”.
This will involve around 1,000 children and young people, as well as “a sample from older generation who we recognise will also need to use age assurance technologies”.
The trial report will be published “in the summer”, so that’s at least seven months away.
US defence officials send military plans to a random journalist, hilarity ensues
“President Trump and other officials have given shifting, varied, implausible and sometimes conflicting explanations for how highly sensitive military information was shared in a group chat,” reports the New York Times (gift link).
In the hours leading up to a US military strike on Yemen, senior defence officials were chatting about it on encrypted messaging app Signal — and in that group chat was Jeffrey Goldberg, editor in chief of The Atlantic.
Shortly afterwards, Goldberg started receiving classified documents ($) relating to the attack (archived copy).
There’s a fantastic summary over at Seriously Risky Business by Tom Uren, who in a previous life worked for the Australian Signals Directorate so he knows how this stuff is meant to work.
The key issue is that these guys — I assume they’re all men because it’s the Trump administration — should probably have been using the secure defence communications network, which is separate from the internet.
Indeed, they should probably have been in a SCIF, a sensitive compartmented information facility, where their personal devices wouldn’t even be allowed entry.
Signal’s messages are encrypted and unlikely to be intercepted, but it’s a third-party app outside US control, and it was running on their personal devices.
As Uren writes, “Signal messages can be accessed by adversaries by compromising the computer or phone the app is running on. Worse, anyone on the internet can phish you if you are on Signal”.
Cybersecurity company Mandiant has even explained how Russian spooks do this.
All this very funny, of course, but it’s also concerning. It shows that top US officials can’t be bothered following the most fundamental communications security protocols, even when discussing a live military operation.
On a related not, how’s Australia doing?
“The department of home affairs secretary, Stephanie Foster, has admitted to using disappearing messages on Signal, but says she complies with record-keeping obligations,” reports the Guardian.
So I guess it’s possible to square that circle? As Greens senator David Shoebridge said, home affairs “doesn’t do war plans on Yemen”.
Also at the Guardian, an explainer on the use of Signal and other encrypted chat messaging systems in government.
NEW PODCAST: The 9pm Dreams of American Empire with Associate Professor David Smith from the US Studies Centre. In this episode we talk about the powers of POTUS and his Yalta 2.0 imperialist desires to annex Canada. And Greenland. And Mexico. We discuss how the new Trumpian America might affect Australia’s favourite government program, AUKUS. And inevitably, we talk about Trump’s weird relationship with Elon Musk. Look for “The 9pm Edict” in your podcast app of choice.
Also in the news
- At least one government agency has been found to still be using Kaspersky products despite being told not to, reports InnovationAus ($). We don’t know which one.
- The ABC’s BTN High has a guide on how to spot artificial intelligence on social media ahead of federal election.
- Australian authors are “livid” that Meta may have used their books to train its AI. As is everyone else.
Elsewhere
- FS-ICAC, the Financial Services Information Sharing and Analysis Center, has released a bunch of business guidance on AI risks, although it’s hidden behind one of those annoying regwalls that asks for your contact details. Folks, if it’s so goddam important, and it’s free anyway, why aren’t you just giving it to people?
- Papua New Guinea disables Facebook to curb disinformation, misinformation, hate speech, and porn.
Inquiries of note
None, and we won’t see any until after the election.
What’s next?
On Friday the election was called for Saturday 3 May, so Parliament won’t be sitting and the public service is now in caretaker mode. The next few weeks are likely to be dominated by election pitches rather than actual facts.
But who knows? This might even give me time to write about some other things in more detail.
DOES SOMETHING IN THE EMAIL LOOK WRONG? If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber security newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.