Government reveals censorship overhaul, stiff privacy penalties for Digital Platforms | eSafety Commissioner granted new plug-pulling and search de-listing powers.

Government reveals censorship overhaul, stiff privacy penalties for Digital Platforms

Government reveals censorship overhaul, stiff privacy penalties for Digital Platforms

Government reveals censorship overhaul, stiff privacy penalties for Digital Platforms

Government reveals censorship overhaul, stiff privacy penalties for Digital Platforms

Government reveals censorship overhaul, stiff privacy penalties for Digital Platforms

Government reveals censorship overhaul, stiff privacy penalties for Digital Platforms
Government reveals censorship overhaul, stiff privacy penalties for Digital Platforms
  • By:
  • Views 12,659

A radical overhaul of Australia’s analogue era censorship and classification laws alongside reforms to the Privacy Act to “capture technical data and other online identifiers” under the umbrella of “personal information” have emerged as key themes from the government’s highly anticipated response to the ACCC’s Digital Platforms Inquiry.

In dual policy drops on Wednesday and Thursday, Communications Minister Paul Fletcher confirmed Australia’s arcane system of reviewers sitting in a dark room stamping classification labels onto content before it can be pulled offline are numbered.

Instead, a heavily boosted eSafety Commissioner will be handed much of the job for faster response times, and a decent sized stick to whack recidivists with.

The moves are a significant loss for the US social media lobby and, if enforced, could see them regularly fronting court.

Censorship is the new black

The head and shoulders of the new regime, according to the government is “developing a uniform classification framework across all media platforms” that would replace the inconsistent mishmash of official ratings (eg Refused Classification, X, R, MA15 etc) and various voluntary and self-regulatory codes.

At the moment, pay and subscription television, terrestrial TV, Netflix and other on demand services ranging from Apple to Google all have different ways of grading content, with the government having essentially opted for a self-regulatory approach due to lack of resources.

And while there’s no major immediate rub for the tech industry in shifting to “a platform-neutral regulatory framework covering both online and offline delivery”, what is moving very quickly is the regime for take-downs, complaints and pulling the plug on digital nasties.

It takes a little unpacking, especially as there are overlapping areas, especially after the fast introduction of the Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019 in the wake of the Christchurch Mosque attacks and Facebook’s feeble response.

ISP’s firmly roped-in “among others”.

The targets of the new codes, the government says are “social media services (such as Facebook, Instagram and Twitter), instant messaging services (such as Facebook Messenger, WhatsApp and Viber), interactive online games, websites, and apps, and Internet Service Providers, among others.”

The “amongst others” is a biggy in the new code, especially after the early 2019 introduction of the Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019, which compelled ISPs, “content service providers” and “hosting service providers” to block such content if called upon to do so by the Australian Federal Police.

iTnews understands that the big three cloud operators – Microsoft, Google and Amazon Web Services – felt that they were covered by the term “hosting services providers”, and attempted to have the Amendment recognise that it is not reasonable to have them held responsible for customers’ use of their servers.

The big three were also concerned that the broad wording of the Amendment would also impact smaller Australian cloud operators and hosting companies.

Those arguments fell on deaf ears and industry has criticised the Amendment’s unusually-brief path through Parliament, as it consumed fewer than 24 hours from its introduction to passage.

Whether the new codes make things better or worse remains to be seen.

So what’s moving?          

While the Digital Platforms Inquiry response confirms the big censorship overhaul, the real regulatory real teeth will now essentially vest with the eSafety Commissioner and a swag of new powers to swat nasties that will flow from the Classification Board taking a step back.

Put simply, for “harmful online content” – and it’s a broad definition – the eSafety Commissioner takes over as both the umpire and enforcer with a range of boosted powers we’ll get to shortly.

“The current online content scheme is not suited to the contemporary online environment and the technologies and services used by Australians every day.

“It is limited in its ability to deal with harmful content hosted overseas, the services to which it applies are out-dated, and the reliance on the assessment and classification of online content by the Classification Board imposes unreasonable delays in dealing with harmful online content,” the government said in fact sheet issued with its eSafety policy drop on Wednesday.

Blurry lines

A key problem to date has been people haven’t been sure who they can complain to and who enforces action, especially under the existing system, where bad stuff had to be stamped with a classification.

The line between industrial grade nasties – think ISIS promos, child exploitation and hidden cameras and user generated material – explicit revenge videos, non-consenting activity, bullying and bashings – can be blurry.

So the government has gone for the effect of the content rather than its origin, in terms of take downs and delisting.

“Seriously harmful content will be able to be reported directly the eSafety Commissioner. The Commissioner will investigate the content and will be able to issue a takedown notice for seriously harmful content, regardless of where it is hosted, and refer it to law enforcement and international networks if it is sufficiently serious,” the government’s fact sheet says.

“Where takedown notices are not effective, the ancillary service provider notice scheme will be able to be used request the delisting or de-ranking of material or services.”

Two tracks

The government will now put content into two categories, Class 1 and Class 2.

Their definitions are:

  • Class 1 or seriously harmful content will include content that is illegal under the Commonwealth Criminal Code, such as child sexual abuse material, abhorrent violent material, and content that promotes, incites or instructs in serious crime.

  • Class 2 content will be defined as content that would otherwise be classified as RC, X18+, R18+ and MA15+ under the National Classification Code. This includes high impact material like sexually explicit, high impact, realistically stimulated violent content, through to content that is unlikely to disturb most adults but is still not suitable for children, like coarse language, or less explicit violence. The most appropriate response to this kind of content will depend on its nature.

In broad terms, the worst material will sit with the eSafety Commissioner who will also get powers to have content taken down or de-listed by search engines sped up. This essentially moves from a 48 hour period to 24 hours.

“If the industry member does not comply, the Commissioner would have a range of enforcement powers at their disposal, including civil penalties for non-compliance,” the government fact sheet says.

“For harmful material that is sufficiently serious, the eSafety Commissioner would refer matters to the Australian Federal Police and state and territory law enforcement, or international networks like INTERPOL and INHOPE, as appropriate.”

Just plain offensive

For all the other stuff – that runs the non-criminal gamut from Passolini’s Salo to Rodney Rude’s displeasure with Santa Claus – which can also be covered by other codes, eSafety also gets to stick its nose in.

“eSafety would have graduated sanctions available to address breaches of industry codes under the online content scheme, including warnings, notices, undertakings, remedial directions and civil penalties,” the government fact sheet says.

Also in the mix are penalties and a takedown regime for cyber bullying directed at Australian adults, with the Office of the eSafety Commissioner saying it gets more than 40 queries per month “from adults experiencing cyber abuse”.

Reports of abuse could also trigger 24hr takedown notices, and would presumably extend to trolling, with the worst cases also referred to police.

It should be a very interesting 2020 Budget.

North Korean hackers are working with Eastern European cybercriminals: report

North Korean hackers are working with Eastern European cybercriminals: report

North Korean state-backed hackers appear to be cooperating with Eastern European cybercriminals, a report said on Wednesday, a finding that suggests digital gangsters and state-backed spies are finding common ground online.

Mountain View, California-based SentinelOne says that the Lazarus Group - which American prosecutors accuse of organizing the leak of emails from Sony Pictures and stealing millions of dollars from the Central Bank of Bangladesh - is getting access to some of its victims through a cybercrime gang dubbed "TrickBot."

"For me it's the biggest crimeware story since I don't-know-when," said Vitali Kremez of SentinelOne. "The Lazarus group has a relationship with the most sophisticated, most resourceful Russian botnet operation on the landscape."

Hints that Lazarus and TrickBot operators are cooperating had surfaced previously. In April, a BAE researcher said she and others were weighing the theory that the cybercriminals were selling access to compromised organizations to Lazarus, a bit like a fence selling stolen doorkeys to a burglar.

In July, the cybersecurity arm of Japanese telecommunications company NTT speculated that North Korea might be collaborating with Lazarus and TrickBot's operators.

Kremez said he found evidence. TrickBot communicated with a Lazarus-controlled server just a couple of hours before that same server was used to help break into the Chilean interbank network earlier this year, he said. American officials have also blamed the multimillion dollar heist on North Korea.

"That's the strongest possible evidence linking to a celebrated case of Lazarus intrusion," said Kremez.

Kremez said that the TrickBot operators were likely renting out its services to the North Koreans, or perhaps working on a commission basis.

The judgment was seconded by Assaf Dahan of Boston-based Cybereason, which is publishing its own, separate report on Trickbot's operations Wednesday. He reviewed SentinelOne's research and said its conclusions were credible, adding that he was certain that the cybercriminals knew that they were dealing with the North Korean government.

"Whether they care or not is a different thing," he said.

Iran says it foiled "very big" foreign cyber attack

Iran says it foiled "very big" foreign cyber attack

Iran has foiled a major cyber attack on its infrastructure that was launched by a foreign government, the Iranian telecoms minister said on Wednesday, two months after reports of a US cyber operation against the country.

US officials told Reuters in October that the United States had carried out a secret cyber strike on Iran after the Sept. 14 attacks on Saudi oil facilities, which Washington and Riyadh blamed on Tehran. Iran denied involvement in the attacks, which were claimed by Yemen's Iran-aligned Houthi movement.

"We recently faced a highly organised and state-sponsored attack on our e-government infrastructure which was...repelled by the country's security shield," Mohammad Javad Azari-Jahromi, Iran's minister for communications and information technology, was quoted by the semi-official Mehr news agency as saying.

"It was a very big attack," Azari-Jahromi said, adding that details would be revealed later.

It was not clear whether Azari-Jahromi was referring to the US cyber attack, which US officials said took place in late September and targeted Tehran’s ability to spread "propaganda".

Asked about Reuters' October report of a cyber attack, Azari-Jahromi said then: "They must have dreamt it."

In late September, Iran reviewed security measures at its key Gulf oil and gas facilities, including preparedness for cyber attacks, following media reports of Washington weighing possible cyber attacks on Tehran.

The reported US cyber strike highlighted how President Donald Trump’s administration has been trying to counter what it sees as Iranian aggression while avoiding an outright military conflict.

Iran has long been on alert over the threat of cyber attacks from abroad. The United States and Israel covertly sabotaged Iran’s disputed nuclear programme in 2009 and 2010 with the Stuxnet computer virus, which destroyed a number of Iranian centrifuges that were enriching uranium.

Tensions in the Gulf have escalated sharply since Trump last year withdrew from Iran's 2015 nuclear deal with world powers and reimposed trade and financial sanctions on Tehran.

Mastercard joins with Australia Post on digital identity, but who's using what is deeply unclear

Mastercard joins with Australia Post on digital identity, but who's using what is deeply unclear

Mastercard has announced a surprise digital identity partnership with Australia Post that will see the post office’s slow-moving Digital iD product somehow integrated into Mastercard’s, as the global credit card giant faces intense local regulatory pressure over soaring online fraud rates.

In an announcement that comes just two days after the Reserve Bank of Australia again put the boot into local retail banks and card schemes over Australia’s messy digital identity landscape, Mastercard said it had now entered digital identity trials with both Australia Post and Deakin University.

Details around the mechanics of Mastercard’s latest digital identity plays — described as an “in market pilot” — are sorely lacking, with apparently two concurrent virtue-signalling efforts underway at once.

The biggest question is whether Mastercard is locally signing onto Post’s Digital iD service, or Australia Post is adopting a Mastercard product for established Digital iD.

Adding Mastercard to Australia Post’s customer brag book for digital identity would be a coup for the government-owned enterprise, which has found it next to impossible to sell Digital iD into retail banks who are under siege on multiple fronts from regulators.

But just what is on offer isn’t really clear, even with Australia Post’s taciturn general manager of digital identity products and services, Regis Bauchiere, providing a thoroughly workshopped insight in Mastercard’s announcement.

"Australia Post is delighted to participate in this pilot, which will help raise awareness about digital identity in Australia and provide our Digital iD users access to a larger variety of uses,” Bauchiere said.

“Complementing our participation in the Trusted Digital Identity Framework, it also positions Digital iD as the only identity provider offering our communities access to both government and private sector services.”

But how it does any of that that has been left hanging.

Conspicuously, Mastercard’s biggest issuer, the Commonwealth Bank of Australia, is not mentioned in the announcement, nor what impact the new Mastercard or Australia Post trials could have on its customers.

On Tuesday, Reserve Bank of Australia Governor of the Reserve Bank of Australia, Philip Lowe, singled out the CBA for a public lashing, sharply criticising Australia’s largest institution for stalling the uptake of the New Payments Platform, the creation of which was fiercely opposed by Mastercard and Visa.

In the same speech, Dr Lowe also put the boot into slow and confused progress on the digital identity front.

“Today, our digital identity system is fragmented and siloed, which has resulted in a proliferation of identity credentials and passwords. This gives rise to security vulnerabilities and creates significant inconvenience and inefficiencies, which can undermine development of the digital economy,” Dr Lowe told the AusPayNet Summit this week.

“These generate compliance risks and other costs for financial institutions, so it is strongly in their interests to make progress here.

"It is fair to say that a number of other countries are well ahead of us in this area.”

Dr Lowe also called out the twin-headed nature of the digital ID frameworks, namely financial sector’s digital ID sandpit, dubbed the ‘TrustID’ framework, developed by the Australian Payments Council; and the federal government-led Trusted Digital Identity Framework, that ropes in the Digital Transformation Office, Centrelink, Tax and myGov transactions.

Where the government’s long-suffering digital ID project is headed is a little opaque at the moment.

Last week Prime Minister Scott Morrison not only removed the head of the department formerly known as Human Services (now Service Australia) but then merged the entire agency into the Department of Social Security, with the DTA coming along for the roller coaster ride.

What is known is that a lot more will be known after the Thodey Review into the public service is released, with the PM previously saying it would ship this week after he necked five senior mandarins and four departments.

There is at least a little more detail on the Mastercard digital identity “pilot” with Deakin University.

According to Mastercard, the “initial phase…featured student volunteers testing an identity verification process for student registration and digital exams at the Burwood and Geelong campuses in Victoria.”

How they actually did that isn’t revealed. But there is a full quota of buzzwords, resplendent in their lack of firm commitment and detail.

“We’re delighted to partner with Mastercard in this first trial to test concepts that can one day deliver intelligent, future-focused solutions ready to respond to a digital world's needs,” said William Confalonieri, Deakin’s chief digital officer.

“The pilot aligns with our institution’s digital-first strategy to improve the user experience and we look forward to the concept moving into other trial environments.”

Mastercard’s militaresque sounding ‘president of cyber and intelligence’, Ajay Bhalla, reckons the whole thing is a bit of a challenge.

“Our increasingly digital life – the way we transact and interact – has challenged our traditional notions of identity, trust and privacy. We need a new model,” Bhalla said.

 “We believe that this starts with a commitment to the responsible handling of personal information, giving consumers control over which data is used and how it is used to verify their identity.”

Or perhaps it starts with addressing Australia’s monstrous online card fraud losses that are now more than $470 million a year for card-not-present, with Mastercard and Visa obscuring the split between credit and debit losses.

Neither Mastercard or its issuing banks wear those losses, instead passing through the vast bulk of them to merchants who pay handsomely to use their payment systems, who then have to pass though those costs to consumers in prices.

Perhaps if the liability for those online losses changed, there’d be more appetite and speed in adopting digital identities.


Easy Branches Global Network allows You to share Your post within our Network in any Continent or Country on the Global

Your Post