August 29, 2025

The Weekly Cybers #83

Employees surveilled at home claim unfair dismissal, Senate to investigate search engine safety, telco intercept laws to be tweaked, and much more.

29 August 2025

Welcome

The news has been dominated by the expulsion of the Iranian ambassador and a gunman on the loose in Victoria — not to mention Taylor Swift’s engagement — so it’s easy to forget that the machinery of government grinds on.

And there’s a lot of action in the digital and adjacent realms this week.

A bunch of new legislation includes tweaks to communications interception powers, and there’s an inquiry into each engine safety.

You’ll also be shocked to hear that there’s some stories about AI.

Can employers surveil you in your own home?

Two employees of compliance training company Safetrac are claiming unfair dismissal after the company turned their laptops into listening devices as they worked from home.

As Information Age wrote, “Safetrac has said this surveillance was done with a ‘legitimate business purpose’ and that all its employees consented to it when they signed a new surveillance policy”.

But simply telling employees you’re doing something doesn’t necessarily make it legal. Watch this space.

Senate kicks off inquiry into search engine safety

The focus has been on social media age restrictions, but Australia has a whole bunch of online safety codes that the industry is meant to follow, overseen of course by the eSafety Commissioner.

Two of these codes relate to search engines, and the Senate has launched an inquiry into these, partly in relation to “the under-16 social media ban”. Their words, although as we said last week the eSafety Commissioner rejects the word “ban”.

The two codes relate to class 1a and class 1b material (PDF) which includes child abuse material, terrorism-related content, and various other crime-related content, and class 1c and class 2 material (PDF), which is a pair of catch-all categories for everything from sexually-explicit material to simulated gambling.

Check the FAQs for the details of what’s included in those content classes.

Submissions close 22 September.

Tweaking the telco interception legislation

The government is amending the digital surveillance laws to “ensure key provisions operate as intended, and to support the proper administration of government, law enforcement, national security and criminal justice processes”. And who could argue with that?

The Telecommunications and Other Legislation Amendment Bill 2025 does seem to be routine — although I am not a lawyer. It mostly just addresses gaps that had already been identified.

The key part is that it says explicitly that, yes, information gathered using these laws can be admitted as evidence in court.

This was triggered by the AN0M case, or Operation Trojan Shield, when the Australian Federal Police (AFP) joined the FBI in running a sting operation by taking over an encrypted messaging system. Multiple court cases here in Australia have challenged the legality of this operation.

The controversial aspect to this new bill is that it’s retrospective, asserting that everything that was done in the past was legal.

That said, late last year the government rushed through the Surveillance Legislation (Confirmation of Application) Act 2024, which declared legal the 11 warrants which had been issued in the AN0M operation. Now they’re just tidying up all the others.

The rest of this new bill seems straightforward. Yes, testing an interception capability is legal. And yes, it’s OK to communicate the SEKRIT intelligence to a defendant’s lawyer and to relevant authorities managing a prosecution.

But as I say, I am not a lawyer.

Hey maybe we need a list of all the telcos? And bigger fines?

The first part of the new Telecommunications Amendment (Enhancing Consumer Safeguards) Bill 2025 makes me chuckle. Why? Because it turns out that the Australian Communications and Media Authority (ACMA) doesn't actually have a list of all the carriage service providers (CSPs) it’s meant to be regulating.

That’s going to be fixed with a new CSP registration scheme.

Among other things, the bill also increases the maximum general civil penalty for breaches of telco industry codes and industry standards from $250,000 to 30,300 penalty units, which is currently $9.999 million.

The Australian Communications Consumer Action Network (ACCAN), the peak communications consumer organisation, has welcomed the bill.

IF YOU’VE FOUND THIS NEWSLETTER HELPFUL, PLEASE SUPPORT IT: The Weekly Cybers is currently unfunded. It’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip.

Also in the news

• China-backed hackers Salt Typhoon have targeted telcos in 80+ nations, with more than 600 hit, according to the FBI. Here, the Australian Cyber Security Centre (ACSC) echoed the multi-national advisory.

• Renown sociologist Patricia Edgar, best known for founding the Australian Children’s Television Foundation, says we need media literacy programs for children, not a ban on social media.

• There have been calls to protect Indigenous intellectual property from AI “cultural theft”.

• Consulting firm Deloitte Australia was paid $439,000 by the government to write a report on the legality of using AI-based automated welfare system penalties. They used AI to write the report, which made shit up.

• Exetel has been hit with a $694,860 penalty for failing to implement measures against mobile number fraud.

• Western Sydney University has listed what was stolen in its massive data breaches, and it’s a lot. They’re issued takedown notices to the file-sharing suites hosting the stolen data, so yeah good luck with that.

• Telstra has won a $33.2 million contract to implement a new data architecture for My Health Record.

• Around three million Australians who’d been hit with unlawful Centrelink debt calculations will be eligible for up to $600 compensation.

• In response to continuing robodebt-related problems, independent MP Andrew Wilkie has introduced the Social Security and Other Legislation Amendment (Responding to Robodebt) Bill 2025, which I have not yet had time to read. Greens senator Penny Allman-Payne introduced an identical bill in the Senate.

• Kick, an Australian competitor to livestreaming platform Twitch, broadcast a man’s death, and now France is suing.

• Senator David Shoebridge introduced the Right to Protest Bill 2025, which is about what it says on the tin.

• The Senate has resurrected the Digital ID Repeal Bill 2024, which would repeal the Digital ID Act 2024 and Digital ID (Transitional and Consequential Provisions) Act 2024. This bill is sponsored by senators Alex Antic, Ralph Babet, Matthew Canavan, Pauline Hanson, Gerard Rennick, and Malcolm Roberts.

• Qantas is building a group-wide AI capability, for some reason.

• After a viral TikTok video caused a run on cottage cheese, Coles is hoping AI can predict the next trend.

• OpenAI, the creator of ChatGPT, will open an office in Sydney before the end of the year.

• Australian AI data centres could be using 25% of Sydney’s drinking water by 2035 — although they don’t need to be using potable water, do they?

Elsewhere

• Microsoft reckons their obligations under US law take precedence over Canadian data sovereignty. Expect to see many more arguments along these lines in the near future.

• ChatGPT has been in the news at length after the chatbot allegedly encouraged a teen to kill himself after “months of encouragement”.

• WIRED has explained how they were fooled into running an AI-generated story back in May. I admire their honesty in fessing up.

• From The Register, news that you can make large language models misbehave by using bad grammar and run-on sentences.

• Popular free virtual private network FreeVPN.One has been caught spying on users, because of course it has.

Inquiries of note

Apart from the search engine safety inquiry mentioned earlier:

• The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has launched inquiries into the listing of Terrorgram as a terrorist organisation (submissions close 10 September), the Strengthening Oversight of the National Intelligence Community Bill 2025 (25 September), and the Australian Security Intelligence Organisation Amendment Bill (No. 2) 2025 (9 October).

What’s next?

Parliament is sitting again Monday to Thursday this coming week, 1–4 September.

The Senate draft legislation program shows debate on the Treasury Laws Amendment (Payments System Modernisation) Bill 2025, the Home Affairs Legislation Amendment (2025 Measures No. 1) Bill 2025, and the Australian Security Intelligence Organisation Amendment Bill (No. 1) 2025. Of course new things are often added on the day, and doubtless will be.

At the time of posting the House of Reps program had not yet been posted.

DOES SOMETHING IN THE EMAIL LOOK WRONG? Let me know. If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.

---

The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).

If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.

If you find this newsletter useful, please consider throwing a tip into the tip jar.

This is not specifically a cyber security newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.