The Weekly Cybers #75
ART overturns eSafety takedown notice, Services Australia moves to Finance, Qantas suffers a data breach, and AI video fakes get harder to spot.
4 July 2025
Welcome, and Happy (Financial) New Year
Welcome to a new financial year of digital policy action. With the social media age restrictions coming into force in November, Australia’s never-ending battle against The Evil Internet, and all the AI dramas, there’s bound to be plenty to write about.
This week the Australian Review Tribunal slapped down an eSafety Commissioner takedown notice, Services Australia moved to Finance, and there was yet another major data breach — and this time it was Qantas.
Sometimes I wonder whether it’s worth reporting on data breaches because it’s much the same every time. The security of your personal information is our top priority, the attack was “sophisticated”, the CEO apologises, and you need to take all the precautions we tell you about every time. Should I bother?
Anyway, we also have a little quiz via the New York Times: Can you spot the AI-generated fakes in a selection of online videos?
Merely being offensive isn’t abuse: eSafety loses takedown order in ART judgement
“An eSafety Commission takedown order has been overturned in the first case of its kind before the Administrative Review Tribunal [ART],” reports The Mandarin.
The 208-paragraph ruling notes that the Online Safety Act 2021 is clear that material must be both offensive and intended to cause harm to quality as cyber abuse.
The post by anti-trans activist Christopher Elston, which I won’t repeat here, was indeed offensive and named a specific person.
“The post, although phrased offensively, is consistent with views Mr Elston has expressed elsewhere in circumstances where the expression of the view had no malicious intent,” the ruling said.
“To the extent that there was any ‘pile-on’, and I would not classify what occurred as one, it was initiated by the Daily Mail and not by Mr Elston.”
Services Australia moves to Finance portfolio
The paperwork was signed last week, and reported by InnovationAus this Friday. From 1 July, the Department of Finance has taken control of Services Australia ($), which includes Centrelink and Medicare.
According to the Administrative Arrangements Orders (PDF), finance is now in control of “delivery of services and payments relating to social security, child support, students, families, aged care and health programmes”.
“The government has been upfront that in this second term improving the delivery of frontline services is a priority — making them easier, safer, and more accessible,” a government spokesperson told InnovationAus.
“This administrative change will help this process, by setting Services Australia up to take better advantage of the new opportunities in data, digital and AI being developed through Finance, the Australian Public Service Commission and the DTA [Digital Transformation Agency].”
eSafety refuses to release YouTube research
eSafety Commissioner Julie Inman Grant called for YouTube to be included in the social media age restrictions last week, but she hasn’t released the research she was citing.
“Ms Inman Grant and her office have also refused to send the research to YouTube, leaving the streaming platform unable to fact-check or dispute claims which have been sent to the minister,” reports Sky News Australia, who have never been a fan of internet content regulation.
According to an eSafety spokesperson, “eSafety is publishing the results of this research in stages as part of its Keeping Kids Safe Online series.”
IF YOU’VE FOUND THIS NEWSLETTER HELPFUL, PLEASE SUPPORT IT: The Weekly Cybers is currently unfunded. It’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip.
Qantas suffers major data breach
As you’ve doubtless heard by now, Qantas lost six million data records from a third-party system used by an external call centre.
The data stolen appears to comprise customer names, dates of birth, and email addresses, but not supposedly more sensitive information such as credit card details, personal financial information, or passport details — although we won’t know until next week.
The attack was “sophisticated”, of course. They always are when organisations are making excuses.
Qantas notified affected customers on Wednesday.
On Friday the airline said it didn’t receive a ransom request. CEO Vanessa Hudson has apologised.
John Pane, chair of digital rights organisation Electronic Frontiers Australia (EFA), called on the government to pass “the necessary and long-overdue reforms to Australia’s Privacy Act.”
“Once again, a ‘trusted’ Australian company suffers another massive data breach in the hands of a ‘trusted’ third-party service provider. Enough is enough!” he said in an emailed statement.
Also in the news
- “The Australian Digital Health Agency (ADHA) is moving closer to opening its $788 million digital infrastructure arrangement to competitive tender within weeks, the first time since awarding it to Accenture over a decade ago,” reports iTnews. Meanwhile, Defence commits to five more years of Microsoft Azure costing $495 million.
- Australia and India will be working together on undersea surveillance.
- Monash University research says cities are unprepared for the social and economic impact of robots.
- Working off ABS figures, “Australia’s technology sector contracted by 2.6% (updated link) in the 2023–2024 financial year while the rest of the professional services sector grew 2.5%,” according to AirTeam. This marks the first decline in the tech industry value in 17 years, and that’s actual percent not percentage points. Total tech contribution is now 1.7% of GDP.
- The Australian Communications and Media Authority (ACMA) warned TPG for failing to comply with Triple Zero emergency call reporting rules.
- “NBN Co to ‘rationalise’ some access technologies entirely,” reports iTnews, which is an interesting new euphemism for “kill off”.
Elsewhere
- “Artificial intelligence tools have taken another leap forward. A new wave of generators can create lifelike video along with realistic audio, including dialogue,” reports New York Times. Can you tell these fakes from reality? (gift link). They show the prompts that were used to generate the fakes. I scored 7/10, more by luck than skill.
- A new AI textbook from Springer Nature, Mastering Machine Learning: From Basics to Advanced priced at $219, was written with a chatbot.
- According to McKinsey research, AI will generate more than US$17 trillion in annual productivity gains. The Lowy Institute’s The Interpreter has some analysis.
- Meanwhile OpenAI, which makes AI, says AI “could” boost Australia’s economy by $115 billion. I suspect “could” is doing most of the heavy lifting here. It’s all in AI in Australia—OpenAI’s Economic Blueprint.
- The Carnegie Endowment for International Peace has published another paper in their digital warfare series, War and Law in a Digital World.
Inquiries of note
Nothing new yet.
What’s next?
Parliament is scheduled to return on Tuesday 22 July, which is two and a half weeks away.
DOES SOMETHING IN THE EMAIL LOOK WRONG? If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber security newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.