Significant data breach from Ambulance Tasmania through interception of its paging service with data of patients who contact ambulances published on line

Ambulance Tasmania has suffered a massive data breach. According to the ABC, personal information of every Tasmanian who called the Tasmanian Ambulance Service since November 2020 has been accessed and posted on line by a third party. The specific nature of the breach is unknown but it was to the paging system. What makes this breach so damaging is that the data accessed is sensitive information, relating to a person’s health status as well as that person/s age, gender and address.

What is both surprising and disturbing is that the data hacked from Ambulance Tasmania has been publicly visible since November last year. Read More

Regulatory arbitrage and transnational surveillance: Australia’s extraterritorial assistance to access encrypted communications

This article examines developments regarding encryption law and policy within ‘Five Eyes’ (FVEY) countries by focussing on the recently enacted Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) in Australia. The legislation is significant both domestically and internationally because of its extraterritorial reach, allowing the development of new ways for Australian law enforcement and security agencies to access encrypted telecommunications via transnational designated communications providers, and allowing for Australian authorities to assist foreign counterparts in both enforcing and potentially circumventing their domestic laws. We argue that Australia is the ‘weak link’ in the FVEY alliance as – unlike other FVEY members – has no comprehensive enforceable human rights protections. Given this, there is a possibility for regulatory arbitrage in exploiting these new surveillance powers to undermine encryption via Australia. Read More

Google knows your every move even with ‘location history’ off – Android users are being misled over Google’s incognito privacy feature.

Android handsets are tracking where users are, and sending that information to Google, even if ­location history settings are turned off and the incognito privacy feature is turned on.

Tests conducted by The Australian in Sydney — in which information being sent to Google was duplicated and analysed — show the technology giant tracks the phone’s movement even when those settings, ostensibly meant to protect the privacy of users, are ­activated.

Read More

Cyber attack at BlueScope Steel and MyBudget highlights a chronic problem facing businesses, particularly those with poor privacy protocols

This year has seen some major cyber attacks which have crippled businesses. The malware attacks affecting Toll Transport, Bluescope Steel and MyBudget were probably all preventable. It is highly likely that human error was responsible for each attack. That bespeaks a failure in training and operations. An investigation of a data breach often reveals significant problems with compliance with the Australian Privacy Principles and problems with either the quality or the ongoing nature of training. Read More

Australian Information Commission v Facebook Inc [2020] FCA 531 (22 April 2020): application for service outside of Australia, the Commissioner’s prima facie case. The opening round in the first civil proceeding for breach of the Privacy Act by the Commissioner

On 23 April 2020 in Australian Information Commission v Facebook Inc the Australian Information Commissioner successfully obtained interim suppression and non publication orders and orders to serve outside Australia and substituted service against Facebook Inc.

This is the first of what is likely to be a number of interlocutory judgments as the civil penalty proceedings slowly move towards a hearing. Read More

Attorney General George Brandis declared “Villain” by Access Now for comments undermining encryption

Today, Access Now recognizes Attorney General George Brandis as a Villain among the annual Heroes and Villains Award recipients for his comments in opposition to strong digital security tools like encryption. As a leading official representing Australia in the notorious “Five Eyes” partnership, Attorney General Brandis has pushed publicly for requirements for companies to implement measures to allow law enforcement to bypass encryption protections for exceptional access to digital content. This type of access has been repeatedly demonstrated to undermine digital security globally, including and especially for the users in marginalized communities. Read More

Cross-border access to data – EDRi delivers international NGO position to Council of Europe

Earlier this week, a global coalition of civil society organisations, including the Australian Privacy Foundation, submitted to the Council of Europe its comments on how to protect human rights when developing new rules on cross-border access to electronic evidence (“e-evidence”). The Council of Europe is currently preparing an additional protocol to the Cybercrime Convention. European Digital Rights (EDRi)’s Executive Director Joe McNamee handed the comments over to Mr. Alexander Seger, the Executive Secretary of the Cybercrime Convention Committee (T-CY) of the Council of Europe. Read More