-----
This weekly blog is to explore the larger issues around Digital Health, data security, data privacy and related matters.
I will also try to highlight ADHA Propaganda when I come upon it.
Just so we keep count, the latest Notes from the ADHA Board are dated 6 December, 2018! Secrecy unconstrained! This is really the behavior of a federal public agency gone rogue – and it just goes on! When you read this is will be 9 months + of radio silence. I wonder how far the ANAO report is away?
Note: Appearance here is not to suggest I see any credibility or value in what follows. I will leave it to the reader to decide what is worthwhile and what is not! The point is to let people know what is being said / published that I have come upon.
-----
Australia inches closer to compelling access to US data under CLOUD Act
If finalised, the agreement will mean service providers in the United States can respond directly to electronic data requests issued by Australian enforcement agencies for data critical for the 'prevention, detection, investigation, and prosecution of serious crime'.
The United States and Australia have entered into formal negotiations for a bilateral agreement under the U.S. Clarifying Lawful Overseas Use of Data Act (the CLOUD Act), with US Attorney General William Barr and Minister for Home Affairs Peter Dutton calling the move the first step towards "significantly boosting law enforcement cooperation", with "strong protections for rule of law, privacy, and civil liberties".
The
CLOUD Act creates a legal framework regulating how law enforcement can access data across borders.
If the agreement is finalised and approved, service providers in Australia and the US will be able to respond to lawful orders from the other country for access to "electronic evidence".
-----
Government interference in Australia's premier cybersecurity conference is a worry
Two 'incongruent' speakers were dumped from Australia's CyberCon. And bizarrely, the media was barred from covering a session explaining a public consultation process.
It seemed like a
good idea at the time. Roll the government's Australian Cyber Security Centre (ACSC) conference into the professional Australian Information Security Association (AISA) conference to create a great, big, mega cyber-conference.
But from day one, it's looked like this might not have been such a good idea after all.
Succumbing to what this writer understands to have been very heavy pressure from a "partner" -- the ACSC of course -- AISA
dumped two speakers from the program with only a week's notice.
The speakers were told they were "incongruent" with the content of CyberCon, officially known as the Australian Cybersecurity Conference, which kicked off in Melbourne on Tuesday. No further information has been given.
------
Author's Opinion
The views in this column are those of the author and do not necessarily reflect the views of iTWire.
Friday, 11 October 2019 12:01
Windows ransomware: when will people in charge ever learn?
Nine days ago, the Victorian Government
announced that it would be providing $200,000 for a program to help Microsoft train more people in the use of its software. It came, ironically, just a day after regional Victorian hospitals were hit by ransomware – something that, by far, only attacks Microsoft's Windows operating system.
Exactly why people in power continue to advance the use of mediocre software, which leads to increasing insecurity, not to mention the loss of vital data and the endangering of lives, is beyond me. When hospitals are attacked, then lives are indeed in danger.
Before I continue let me say that one can write ransomware for other operating systems too – macOS, Linux, Android, iOS and the BSDs. But they are of no use to an attacker unless one can gain administrator status on a machine.
In the case of Windows, there are numerous components, which are part of the operating system and which cannot be removed, that are vulnerable. It is probably the main reason why nobody in authority at Microsoft ever mentions the word Windows these days.
-----
Friday, 11 October 2019 12:03
Internet Australia lambasts Australian Government over Facebook encryption letter
Lobby group Internet Australia has told the Australian Government it is “deeply concerned” over its request to Facebook to halt plans to introduce strong end-to-end encryption in its messaging systems.
And the not-for-profit group that claims to represent Internet users in the country, says the Government's “Facebook encryption letter” even contradicts the Government’s own advice for Staying Smart Online Week.
Criticising the action by the Government expressed in an open letter to Facebook signed by the Minister for Home Affairs, Peter Dutton - along with his counterparts from the US and the UK - Internet Australia (IA) said: “It is ironic that this entreaty for Facebook to NOT improve the security and confidentiality of its online messaging platform is made in StaySmartOnline Week, on the same day the government’s own cyber security centre revealed Australians are reporting cyber crimes every 10 minutes."
-----
Australia’s 2020 Cyber Security Strategy
What is it & why should I be interested?
Three ideas raised in the paper will be of critical interest to businesses and individuals engaged in the digital economy:
- Risk allocation - Industry may be held responsible for a greater portion of cyber risk.
- Regulatory change - The strategy could see businesses in the digital economy subject to new regulations covering consumer protection and cyber security standards.
- Cost burden - Industry may be required to contribute to the cost of Government improving its cyber security capacity.
Who will be affected?
The issues canvassed in the Government’s paper are wide-ranging and hold the potential for significant change affecting the Information and Communications Technology (ICT) sector, including Internet Service Providers (ISPs) and operators of data centres, social media and online market places.
-----
Social media companies thwarted spread of latest terror livestream
October 10, 2019 — 5.20pm
The eSafety Commissioner has praised social media companies for thwarting the spread of a terror attack livestream, the first such incident since Australia introduced stringent new livestreaming laws following the Christchurch terrorist attack.
Two people were killed in a shooting in the eastern German city of Halle. Police said they were looking for suspects who fled the scene.
In the 35-minute video the alleged gunman said he was a Holocaust denier and blamed feminism for declining birth rates and immigration.
-----
A particular responsibility
Health service providers have consistently been among the top three sources of privacy complaints over the last three years
The Office of the Australian Information Commissioner (OAIC) has just launched a new, comprehensive guide to health privacy in the interest of safeguarding patients’ personal information.
As well as being among the top three sources of complaints, health providers have also been the leading source of notifiable data breaches since mandatory notification started in February 2018, the office warned.
Australian Information Commissioner and Privacy Commissioner Angelene Falk said the guide brings together a wide range of OAIC advice for all health service providers covered by the Privacy Act 1988.
“I expect health service providers to be familiar with their privacy obligations and to take all reasonable steps to protect the personal information they are entrusted with,” Commissioner Falk said.
-----
Author's Opinion
The views in this column are those of the author and do not necessarily reflect the views of iTWire.
Thursday, 10 October 2019 12:00
Industry appears to think encryption law review is an eyewash
It's beginning to look like the tech industry has finally cottoned on to the fact that the Federal Government's repeated reviews of the encryption laws that were rushed through Parliament last year are just an eyewash.
That probably accounts for the fact that the ongoing inquiry into the legislation by the Independent National Security Legislation Monitor Dr James Renwick has received just 15 submissions.
Dr Renwick issued
a media release last week, extending the date for submissions to 1 November and stressing that though there had been numerous submissions to the Parliamentary Joint Committee on Intelligence and Security, he could not treat those as submissions to his inquiry unless they were submitted to him.
The law, officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, was
passed on 6 December 2018, without any amendments with the Labor Party supporting its passage.
-----
2.5 million Aussies have anxiety but they haven’t been part of the mental health conversation
Michelle Janseen always struggled to relax, but when thoughts of catastrophe began popping into her head regularly, it exposed a much bigger problem.
In her teenage years, Michelle Janssen was regarded as a perfectionist who overthought things and probably just needed to relax.
By the time she reached early adulthood, things were rapidly unravelling and she was forced to schedule regular “cry breaks” at work in order to get through a day.
The now 31-year-old was eventually diagnosed with generalised anxiety disorder, one of the most common mental illnesses in Australia, but followed the same path as millions of others.
“It took me so long to access help, like a couple of years, because I didn’t understand what was happening to me,” Ms Janssen told news.com.au.
-----
Better to improve body armour than wear the cyber bullets
Michael Connory
· 12:00AM October 8, 2019
Had Ned Kelly, the most iconic of our bushrangers, been alive today, he would have been confounded by corporate Australia’s view of its own invincibility.
Kelly’s trademark armour, meticulously put together over months, baffled the lawmen and won praise across the globe. The bullets did indeed bounce off the metal plates and, while it may not have turned the tables at Glenrowan, Kelly’s diligence shows he understood the threat he needed to counter.
He had a plan and he stuck to it until the bitter end.
It’s in stark contrast to how unprepared Australian organisations seem in the face of cybersecurity threats. With every business, irrespective of size, in the crosshair, why are decision-makers failing to guard their enterprises against cybercrime?
It’s a question that is confounding cybersecurity experts as 2019 shapes up as another year littered with major breaches and sensitive data exposed to prying eyes.
-----
Consumers at risk as businesses reuse obvious passwords
October 9, 2019 — 12.00am
Australian businesses are now juggling as many as 85 different passwords and experts warn a poor approach to managing these is putting consumers at risk.
Password manager Lastpass crunched data from more than 47,000 organisations worldwide and found the average Australian has 14 passwords that have been reused across multiple services.
Around 14 of the many passwords used in an Australian business are likely to be the same, according to numbers from Lastpass.
The data showed small businesses with between 1 and 25 employees typically had three times the number of login credentials of bigger companies. Businesses with more than 1,000 staff tended to have around 25 passwords for their operations, while the nation's smallest companies had 85.
-----
Telcos decry lack of consultation on new snoop powers
Australia’s telcos and tech industry lobby groups say they are unpleasantly surprised by a new government plan to allow US authorities to access data held by Australian IT services companies.
News of the plan arrived yesterday, Monday, 7 October a day more than half of Australia took as a public holiday
*. But that didn’t stop the Federal Government from using the day to issue a
joint announcement revealing that Australia is in talks with the US on a bilateral agreement that “would enable Australian law enforcement to serve domestic orders for communications data needed to combat serious crime directly on US-based companies, and vice versa.”
That idea is not seen as outrageous, because the USA has already legislated to let other countries access data held by US companies. The US Department of Justice explains (
pdf) that the relevant law – the “CLOUD Act” – is necessary because requests for access to data stored by US companies were growing and legal action was getting fierce.
-----
Tuesday, 08 October 2019 11:37
Top speakers disinvited from Melbourne security conference
Two prominent speakers have had their talks cancelled at the ongoing CyberCon conference in Melbourne, which is organised by the Australian Information Security Association and is the largest cyber security event in the country.
Thomas Drake, a well-known whistleblower from the US and a former employee of the NSA, and Melbourne University Professor Dr Suelette Dreyfus, both had their talks cancelled after having been listed on the program as long as 11 months ago.
The Australian Signals Directorate, the local equivalent of America's NSA, and the Australian Cyber Security Centre are both partners of the organiser, the website
CSO Online reported.
-----
Bureaucrats bungling push to digital delivery
· 11:00PM October 7, 2019
Canberra’s digital push is putting the cart before the horse, with technology aspirations of the agencies often overlooking the fundamentals of digital service delivery, according to Boston Consulting Group public sector digital specialist Mike Bracken.
During a recent visit to Australia, Mr Bracken told The Australian that public sector agencies were readily seduced by the promise of new technology trends, like artificial intelligence and blockchain, instead of thinking about the end outcomes.
“There has always been a high level of ambition and the focus is starting to shift towards service delivery, so things are moving in the right direction,” he said
However, news of successful projects are drowned out by the high-profile failures, like the Census 2016 and the controversial robodebt scheme, and Mr Bracken said the virulent public backlash against poorly designed digital services was perfectly understandable.
-----
'Greater access and opportunity': initiative for free birth certificates for vulnerable Australians
October 7, 2019 — 4.48pm
In numbers
- 857 - New Lambton Heights
- 802 - Kingswood
- 756 - Westmead
- 640 - Liverpool
- 562 - Gosford
The number of free birth certificates being issued to Indigenous and vulnerable Australians has increased ten-fold in the past two years.
A birth certificate - often required for essential services such as bank accounts, driver's licences and school enrolments - usually costs $60.
However in NSW the fee can be waived for Indigenous Australians and people deemed vulnerable, such as those who are homeless, children under 18 who are not at school, victims of domestic family violence and people in incarceration.
In the past two years the number of free birth certificates provided by the NSW Registry of Births Deaths and Marriages has increased from 80 to 953.
-----
Artificial intelligence on Google’s list
· 11:00PM October 6, 2019
It’s known as “Project Euphonia”, named after a group of neotropical birds in the finch family.
“The name was the code name for the project and our publicity people usually change the name when a project goes public, but we liked it so much, we kept it,’’ Julie Cattiau said of the project she is running at Google’s global headquarters outside San Francisco, building technologies that can help people with speech impairments communicate more easily.
The Google artificial intelligence product manager is also working on a project that takes underwater data from whale species and works with shipping companies to try to avoid collisions with marine life such as humpback whales. Both projects are part of Google’s “AI for Social Good” program, which is tackling issues in areas such as healthcare, environmental conservation, agriculture and accessibility.
The global search giant is stepping up its work in the booming social impact sector in a move that could also have massive implications in the future for employment and productivity.
-----
'People are frustrated': Turf war brewing over how to regulate tech titans
October 7, 2019 — 12.00am
A turf war is brewing over which government agency will provide oversight of internet giants such as Facebook and Google, as the Federal government finalises plans to regulate the digital behemoths.
The Australian Competition and Consumer Commission, Telecommunications Industry Ombudsman and Australian Communications and Media Authority are all vying for key roles in a new regulatory regime designed to curb the tech titans' dominance.
The ACCC suggested after an 18 month investigation that a new ombudsman be established to handle complaints over the use of consumer data and to better deal with online scams.
The competition regulator suggested that the Telecommunications Industry Ombudsman "may be" the appropriate body to handle the scheme. Alternatively, it said a standalone ombudsman could be created, with the Australian Communications and Media Authority asked explore the idea.
-----
Volume 211, Issue 7 - 7 October 2019
MJA Podcasts 2019 Episode 43: Digital technologies for mental health care delivery, with Prof Ian Hickie
Vol 211, Issue 7: 7 October 2019. Professor Ian Hickie is the Co-Director, Health and Policy, of the Brain and Mind Centre at the University of Sydney. He discusses Project Synergy, a mental health care delivery system using digital technologies. With MJA news and online editor, Cate Swannell. 24 mins, 33 secs.
-----
Digital tech: making mental health care fit for purpose
Authored by Cate Swannell
EXISTING mental health care services in Australia are “not going to cut it in the 21st century” but health information technologies offer a way forward that’s fit for purpose, according to one of the co-designers of an innovative new online platform.
“We are still using 20th century approaches to a 21st century problem,” Professor Hickie said.
“We’re still trying to build clinics and offices and services through GPs, through psychologists, through psychiatrists, through peer workers, through lay workers to try and meet this tremendous unmet need for services — quality service, not just any service.
-----
Comments more than welcome!
David.