Category Archives: GOVERNMENT POLITICS

ASIO restructuring strategy and resources in the face of cyber threat

The country’s intelligence agency has aligned its resources to focus on the growing threat of cyber espionage targeting ‘a range’ of Australian interests.

In the wake of accusations from United States intelligence agencies that Russia hacked into Democratic Party emails, thus helping Donald Trump to election victory last year, a report from Australia’s intelligence agency said the country’s national security resources are focused on preventing foreign threat actors from “targeting a range of Australian interests”.

In its 2016-17 Annual Report [PDF], the Australian Security Intelligence Organisation (ASIO) explained that Australia continued to be a target of espionage and foreign interference, noting in particular that foreign intelligence services sought access to privileged and/or classified information on Australia’s alliances and partnerships; the country’s position on international diplomatic, economic, and military issues; as well as energy and mineral resources, and innovations in science and technology-related fields.

ASIO called the threat from espionage and foreign interference to Australian interests “extensive, unrelenting, and increasingly sophisticated”.

“Foreign intelligence services are targeting a range of Australian interests, including clandestine acquisition of intellectual property, science and technology, and commercially sensitive information,” the report explains.

“Foreign intelligence services are also using a wider range of techniques to obtain intelligence and clandestinely interfere in Australia’s affairs, notably including covert influence operations in addition to the tried and tested human-enabled collection, technical collection, and exploitation of the internet and information technology.”

During the reported period, ASIO said it identified foreign powers clandestinely seeking to shape the opinions of members of the Australian public, media organisations, and government officials, motivated by the appeal of “advancing their country’s own political objectives”.

As highlighted by ASIO, rapid technological change continued to provide people who are engaging in activities that threaten Australia’s security with new tools to conceal their activities from security and law enforcement agencies. In particular, ASIO said the use of encrypted communications by security intelligence targets was — and still is — an area of particular concern.

“Australia continues to be a target of espionage through cyber means; the cyber threat is persistent, sophisticated, and not limited by geography,” ASIO warned.

“Increasingly, foreign states have acquired, or are in the process of acquiring, cyber espionage capabilities designed to satisfy strategic, operational, and commercial intelligence requirements.”

Watching carefully the area of investment flows, ASIO said that while Australia’s open and transparent economy, which invites foreign investment, is a welcome and important contributor to Australia’s national wealth, it is not without national security risks.

“For example, foreign intelligence services are interested in accessing bulk data sets and privileged public or private sector information, including Australian intellectual property. Developing and implementing effective mitigation strategies for these issues is critical to reducing the threat to an acceptable level,” the report says.

Another emerging issue of potential national security concern to ASIO is the lack of diversity of ownership within certain infrastructure sectors.

The agency also said that the number of cybersecurity incidents either detected or reported within Australia represents a fraction of the total threat the country legitimately faces.

While technology provided security and law enforcement agencies with new opportunities to identify activities of security concern, ASIO said building and maintaining technical collection capabilities to stay ahead of the threats proved to be resource intensive.

“Transforming existing agency information and communications technology infrastructure to effectively exploit new capabilities, manage the large volume and variety of data available, and to be adapted easily to new technologies is a major challenge, and one that will require significant, ongoing investment,” the agency wrote.

“In addition to technological challenges in the operating environment, we faced heightened threats to our staff, facilities, and information.”

ASIO said such challenges required the diversion of resources to “ensure the security and effectiveness” of the agency’s operations.

Throughout the period, ASIO said it worked closely with Australia’s national security partner agencies, which included work to progress shared national security objectives through joint agency bodies such as the federal, state, and territory Joint Counter Terrorism Teams (JCTT), the National Threat Assessment Centre (NTAC), the Jihadist Network Mapping and Targeting Unit, and the Australian Cyber Security Centre (ACSC).

Similarly, work with international peers was maintained with over 350 partner agencies in 130 countries, ASIO explained.

The intelligence agency specifically worked with counter-terrorism prosecution in New South Wales, Victoria, and Queensland, providing assistance and evidence on telecommunications intercepts, physical surveillance, listening, and tracking devices.

“In 2016-17, we continued to work closely with telecommunications companies regarding the security risks associated with the use of certain companies in their supply chains and risks arising from foreign ownership arrangements,” the report says.

“We provided sensitive briefings to the Australian government and the telecommunications sector to outline the threat and, where possible, recommended appropriate mitigation measures.”

ASIO said that through its work with ACSC, it regularly observed cyber espionage activity targeting Australia.

“Foreign state-sponsored adversaries targeted the networks of the Australian government, industry, and individuals to gain access to information and progress other intelligence objectives,” the agency wrote.

“ASIO provided support to the ACSC’s investigations of these harmful activities as well as the centre’s work to remediate compromised systems. The number of countries pursuing cyber espionage programs is expected to increase … as technology evolves, there will be an increase in the sophistication and complexity of attacks.”

It isn’t just foreign threats on ASIO’s radar, with the agency noting it remained alert to, and investigated threats from, malicious insiders.

“Those trusted employees and contractors who deliberately breach their duty to maintain the security of privileged information,” ASIO explained. “These investigations continued to be complex, resource-intensive, and highly sensitive.”

In-house, ASIO said it also worked to build an enterprise technology program to enable the agency to “excel in using technology and data” to achieve its purpose.

“Given the increasing opportunities and challenges brought about by rapid advances in technology, it is imperative that ASIO is a ‘data-enabled organisation’, connected to its partners, accountable to the people, innovative in its approach, and sustainable for the long term,” the report says.

From July 2018, Australia’s new Home Affairs ministry will be responsible for ASIO, Australian Federal Police, Border Force, Australian Criminal Intelligence Commission, Austrac, and the office of transport security. It will see Attorney-General George Brandis hand over some national security responsibility to Minister for Immigration and Border Protection Peter Dutton.

Of the ministerial changes and the recommendations of the 2017 Independent Intelligence Review, ASIO Director-General of Security Duncan Lewis said he believes the new measures will play an important role in strengthening the agency’s strategic direction, effectiveness, and coordination of Australia’s national security and intelligence efforts, at a time when “the nation is facing complex, long-term threats” to its security.

Henry Sapiecha

State-sponsored hackers turn on each other

State-funded hackers are not only stealing from you but also fighting amongst themselves

Researchers have revealed that nation-state hacking groups are not only dedicated to striking targets issued to them, but also to fighting each other.

On Wednesday, Kaspersky Labs researchers presented their findings at the Virus Bulletin conference in Woburn, MA, claiming that sophisticated threat actors are proactively targeting other groups in a land-grab for victim data, as well as a means to copy each others’ tools and probe each other’s infrastructure.

Also known as SIGINT, or the “fourth-party collection practice of spying on a spy spying on someone else,” according to the Global Research & Analysis Team (GReAT), such attacks are most likely to be launched by nation-state sponsored groups in order to target less sophisticated groups and foreign rivals.

There are two main approaches to this internal warfare that groups tend to take. The first, a “passive” model, involves intercepting each others’ data and communication — for example, when commands are issued to a slave system via a command-and-control (C&C) server. Kaspersky says that such attacks, when conducted properly, can be “almost impossible to detect.”

The “active” approach, however, involves infiltrating a hacking group’s infrastructure. While more likely to be detected, these attacks can result in the theft of victim information, tools, and a deep insight into how other threat actors operate.

A common tactic used by state-sponsored groups against each other is the installation of backdoors into C&C infrastructure, which creates persistence. Kaspersky discovered two such examples in wild, one of which in the NetTraveler malicious server, used to target activists in Asia by a Chinese group.

The second was found in the C&C infrastructure employed by Crouching Yeti also known as Energetic Bear, a Russian-speaking threat group which has been linked to attacks against the industrial industry.

However, the team was not able to trace the groups that engineered the backdoors.

Another tactic employed is the surveillance of malicious websites. In 2016, a Korean-speaking state-sponsored group dubbed DarkHotel hosted malicious scripts for another group called ScarCruft, which targeted Russian, Chinese, and South Korean victims.

“The DarkHotel operation dates from April 2016, while the ScarCruft attacks were implemented a month later, suggesting that ScarCruft may have observed the DarkHotel attacks before launching its own,” the team says.

Sometimes, however, threat groups decide to play nice and share, rather than steal.

Kaspersky found that a server belonging to the Magnet of Threats, a group from the Middle East, also hosted implants and malicious tools used by hacking groups Regin, Equation Group, Turla, ItaDuke, Animal Farm, and Careto — English, Russian, French and Spanish-speaking communities, respectively.

Sharing sophisticated tools and data does have a downside — as it was this server which led to the discovery of the Equation Group, later revealed to be linked to the US National Security Agency (NSA).

The constant theft, copying, and internal battles between state-sponsored groups are making the role of security researcher more difficult as time goes on. Without clear “signatures” of each group, tracking who is responsible for what can be very difficult, and without being cautious, could attribute attacks from different countries and groups incorrectly.

“Attribution is hard at the best of times as clues are rare and easily manipulated, and now we also have to factor in the impact of threat actors hacking each other,” said Juan Andres Guerrero-Saade, Principal Security Researcher at Kaspersky. “As more groups leverage each other’s toolkits, victims, and infrastructure, insert their own implants or adopt the identity of their victim to mount further attacks, where will that leave threat hunters trying to build a clear, accurate picture?”

Henry Sapiecha

Oversight of Australia’s intelligence agencies

The Parliamentary Joint Committee on Intelligence and Security has today fulfilled one of its key statutory oversight responsibilities with the tabling of its review into the administration and expenditure of the Australian intelligence agencies for the 2015–16 financial year.

The Committee concluded that the six agencies making up the Australian Intelligence Community are overseeing their administration and expenditure appropriately.

On presenting the report to the Parliament, the Committee Chair, Mr Andrew Hastie MP, highlighted the changing security environment in which the agencies work. This includes ongoing challenges in relation to terrorism, communal violence, border integrity, espionage and foreign interference.

“Agencies have continued to respond to the changing security environment”, Mr Hastie said. “The Committee has previously noted its concerns about the constant resourcing pressure on agencies as they carry out their work to secure the Australian people and our interests.”

He added, “During the period, agencies benefited from additional funding under a range of new funding measures. As the Committee notes in its report, both ASIO and ASIS were provided with additional funding by the Government to support their operations and strengthen their capacity to meet strategic priorities. These measures are welcomed by the Committee as they will offset some of the resourcing pressures on the agencies. The Committee will continue to monitor the resourcing of both agencies in future reviews.”

The six agencies of the Australian Intelligence Community are the Australian Security Intelligence Organisation (ASIO), the Australian Secret Intelligence Service (ASIS), the Office of National Assessments (ONA), the Australian Signals Directorate (ASD), the Australian Geospatial-Intelligence Organisation (AGO), and the Defence Intelligence Organisation (DIO).

Through its review, the Committee received comprehensive submissions and conducted private hearings with each of the agencies. The Committee also took evidence from the Australian National Audit Office and the Inspector-General of Intelligence and Security.

Further information about the inquiry, including the Committee’s report, can be accessed via the Committee’s website at http://www.aph.gov.au/pjcis.

www.ozrural.com.au

Henry Sapiecha

Committee recommends budget relief for Australian intelligence agencies

oz-fed-gov-logo image www.australianmortgageloans.com

The Parliamentary Joint Committee on Intelligence and Security has today fulfilled one of its key statutory oversight responsibilities with the tabling of its review into the administration and expenditure of the Australian intelligence agencies for the 2014–2015 financial year.

The Committee concluded that the six agencies comprising the Australian Intelligence Community are overseeing their administration and expenditure appropriately. Matters addressed by the Committee included agencies’ strategic planning, staffing, security, budget and financial performance.

In relation to expenditure, the report recommends that the efficiency dividend be removed from all Australian Security Intelligence Organisation (ASIO), Australian Secret Intelligence Service (ASIS) and Australian Federal Police (AFP) operations.

Committee Chair, Mr Andrew Hastie MP, commented that “while the funding pressures faced by agencies were reduced somewhat during 2014–15 by the additional funding to support counter-terrorism capabilities and other initiatives, ASIO and ASIS continued to face pressure in other areas”.

“Our intelligence and security agencies need sufficient base funding to meet all of their obligations. This means that funding is required to not only to deal with the increased threat to the community from terrorism, but also other significant external threats such as foreign espionage and cyber-attacks.”

“We need to make sure our agencies are resourced adequately as they seek to detect, disrupt and defeat threats to the Australian people.”

During its review, the Committee received comprehensive submissions and conducted private hearings with each intelligence agency and the Inspector-General of Intelligence and Security. The Committee’s final hearing was conducted on 2 May 2016, shortly before prorogation of the 44th Parliament. The review lapsed on prorogation and was resumed early in the 45th Parliament.

Further information about the inquiry, including the Committee’s report, can be accessed via the Committee’s website at http://www.aph.gov.au/pjcis.

CLUB LIBIDO BANNER BRUNETTE I LOVE YOU SIGN

www.crimefiles.net

Henry Sapiecha

 

Roundtable discussions on Australia’s Indian Ocean Territories

oz-fed-gov-logo image www.australianmortgageloans.com

The Parliament’s External Territories Committee will host a roundtable discussion tomorrow from 9 am to 12:30 pm on the enduring strategic importance of the Indian Ocean Territories.

Committee Chair, Mr Ben Morton MP, said he is looking forward to holding our first hearing for the inquiry and gathering together departmental officials, subject area experts and academics.

“Christmas Island and the Cocos (Keeling) Islands may be small dots in the Indian Ocean, but the territories’ proximity to Asia and major shipping lines means they remain vital to Australia’s defence, trade and security interests,” Mr Morton said.

The Committee will examine different angles including maritime surveillance, military contingencies and regional cooperation, investment in government infrastructure, and implications for the territories’ residents.

Further information about the inquiry, including the submissions received and the hearing program can be accessed via the Committee’s inquiry website.

Media enquiries:
Please contact the Committee Chair, Mr Ben Morton MP on 08 9354 9633

For background:
Please contact the committee secretariat on (02) 6277 4355 or email jscncet@aph.gov.au

Interested members of the public may wish to track the committee via the website. Click on the blue ‘Track Committee’ button in the bottom right hand corner and use the forms to login to My Parliament or to register for a My Parliament account.

CLUB LIBIDO BANNER JEWELLED FACE WOMAN

Henry Sapiecha

Trump concedes Russia likely hacked DNC, attacks USA intelligence agencies over leaks

US President-elect Donald Trump acknowledged for the first time Wednesday that he believes Russian operatives hacked the Democratic Party during the election, but he continued to dispute intelligence reports that Moscow acted to help him win.

During an at times rancorous press conference, he angrily denounced the publishing of claims he had been caught in a compromising position in Russia and attacked news organisations for publishing the claims, while also lashing US intelligence agencies over the leak of an explosive but unverified dossier.

“I think it was Russia,” Mr Trump conceded at the press conference in New York when asked who was responsible for the leaks of Democratic emails during the campaign.

But Mr Trump said he believes Russia would have released damaging information about him had they obtained such information.

Mr Trump also addressed questions about his relationship with Russian President Vladi­mir Putin, saying “If Putin likes Donald Trump, guess what folks, that’s an asset not a liability. I don’t know if I’ll get along with Vladi­mir Putin. . .but even if I don’t does anyone in this room think Hillary Clinton will be tougher on Putin than me? Give me a break.”

Mr Trump made his remarks in his first news conference as President-elect, ending a period of 167 days since he has fielded questions from the full media contingent. Past winners of the presidency have traditionally faced the press far earlier.

ooo

On Wednesday morning the president-elect angrily denounced news reports about a dossier of potentially compromising information Russia has allegedly gathered about him, citing denials from the Kremlin that it has any such intelligence.

The president-elect also charged via Twitter that his “crooked opponents” are trying to undermine his electoral victory. He accused the intelligence community of leaking the information to get in “one last shot at me,” saying, “Are we living in Nazi Germany?”

President-elect Donald Trump listens to a question during a news conference in the lobby of Trump Tower in New York image www.intelagencies.com

At the news conference on Wednesday he attacked US intelligence agencies over the leak of the dossier, which was published in full by the news and entertainment website Buzzfeed on Tuesday.

“I think it was disgraceful, disgraceful that the intelligence agencies allowed any information that turned out to be so false and fake out there,” Mr Trump told the news conference. He called the dossier that makes salacious claims about him “fake news” and “phony stuff.”

Mr Trump acknowledged Russia was likely behind the hack of the DNC image www.intelagencies.com

“I think it’s a disgrace … That’s something that Nazi Germany would have done,” the Republican said days ahead of his inauguration.

Mr Trump’s comments follow the revelation Tuesday night that a classified report delivered to Mr Trump and President Obama last week, according to US officials, included a section summarising allegations that Russian intelligence services have compromising information about Mr Trump’s personal life and finances.

The officials said that US intelligence agencies have not corroborated those allegations but believed the sources involved in the reporting were credible enough to warrant inclusion of their claims in the highly classified report on Russian interference in the presidential campaign.

Earlier Wednesday, a spokesman for Russian President Vladimir Putin called the allegations that Russia has collected compromising information about Trump an “absolute fantasy.”

Soon after, Mr Trump tweeted: “Russia just said the unverified report paid for by political opponents is ‘A COMPLETE AND TOTAL FABRICATION, UTTER NONSENSE.’ Very unfair!”

Most media organisations reported only on the existence of the report and that intelligence officials had included a summary of it in their briefings with Mr Trump and Mr Obama on Russia’s attempts to sway the election. But BuzzFeed News published a document supposedly created by a former British intelligence official. The information it contains has not been verified.

Mr Trump and other officials appeared to focus on BuzzFeed’s publication of the report, denying that the document possesses any truth.

Mr Trump said Wednesday morning that he had no relationship with Russia that could compromise him.

“Russia has never tried to use leverage over me,” he said. “I HAVE NOTHING TO DO WITH RUSSIA — NO DEALS, NO LOANS, NO NOTHING!”

The Washington Post with Reuters

High Risk Terrorist Offenders Bill under scrutiny

aust gov logo white on black

The Parliamentary Joint Committee on Intelligence and Security has reconvened for the 45th Parliament, electing Mr Michael Sukkar MP as Chair and the Hon Anthony Byrne MP as Deputy Chair and commencing work on a number of inquiries.

Criminal Code Amendment (High Risk Terrorist Offenders) Bill 2016

The Committee has commenced an inquiry into Criminal Code Amendment (High Risk Terrorist Offenders) Bill 2016, which was introduced into the Parliament on 15 September 2016.

The bill establishes a scheme for the continuing detention of high risk terrorist offenders at the conclusion of their custodial sentence. Measures in the bill include:

  • the Attorney-General can apply to the Supreme Court of a State or Territory for a continuing detention order during the last six months of the sentence of a ‘terrorist offender’,
  • a ‘terrorist offender’ is a person convicted of certain terrorist offences against the Criminal Code and serving a sentence of imprisonment for the offence,
  • the Supreme Court may make an order if satisfied to a high degree of probability that the offender poses an unacceptable risk of committing a ‘serious Part 5.3 offence’ [terrorist offence] if released,
  • under a continuing detention order a ‘terrorist offender’ is committed to detention in a prison for the period the order is in force, which can be up to three years,
  • a continuing detention order must be reviewed by the Court at least annually,
  • the continuing detention of minors is not permitted, and
  • an interim detention order of up to 28 days may be made by the Court in circumstances where an offender will be released before the application for a continuing detention order has been determined, and consecutive interim orders may be granted for up to three months.

The Committee invites submissions to the inquiry. Please email the Secretariat at pjcis@aph.gov.au by Friday 23 September 2016 if you intend to make a submission. Submissions are requested no later than Wednesday, 12 October 2016.

A public hearing will be held on Friday, 14 October 2016. The Committee has been asked to report by 4 November 2016.

Further information about the inquiry can be accessed via the Committee’s website at http://www.aph.gov.au/pjcis. The Bill and Explanatory Memorandum can be accessed via http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation.

Declaration of Islamic State as a declared terrorist organisation under the Citizenship Act

The Committee has commenced a review of the declaration of Islamic State as a ‘declared terrorist organisation’ under section 35 of the Australian Citizenship Act 2007. This is the first time an organisation has been declared under the Act.

Section 35 of the Australian Citizenship Act 2007 provides that dual citizens aged over 14 years lose their Australian citizenship if they fight for, or are in the service of, a ‘declared terrorist organisation’ overseas.

Under section 35AA of the Citizenship Act, the Parliamentary Joint Committee on Intelligence and Security may review a declaration made by the Minister and report the Committee’s findings within the 15 sitting day parliamentary disallowance period.

Members of the public are welcome to make submissions to this review, which should be received no later than Friday, 7 October 2016.

The Minister’s declaration and supporting documentation are available on the Committee’s website.

Re-listing of six terrorist organisations under the Criminal Code

In its third inquiry, the Committee has commenced a review of the re-listing of Abu Sayyaf Group,
al-Qa’ida, al-Qa’ida in the Lands of the Islamic Maghreb, Jabhat al-Nusra, Jamiat ul-Ansar, and Jemaah Islamiyah.

Under section 102.1A of the Criminal Code, the Parliamentary Joint Committee on Intelligence and Security may review listings of terrorist organisations and report on the Committee’s findings within the 15 sitting day parliamentary disallowance period.

Members of the public are welcome to make submissions to this review. Submissions should be received no later than Friday, 7 October 2016.

Further information about these listings can be obtained from the Committee’s website.

Media enquiries: Chair, Mr Michael Sukkar MP (Deakin, Vic) on (03) 9874 1711 (Electorate office) or (02) 6277 4847 (Parliament House)

7987hj9788

Henry Sapiecha

Census: The ABS has been quietly holding on to our names for years

The Bureau of Statistics has been quietly hanging on to the names it collects with the census to conduct studies, despite a public commitment to destroy them.

Census changes

Find out why no one will be knocking at your door with census forms this year.

Australian statistician David Kalisch told Fairfax Media the Bureau had been keeping the names it collected for up to 18 months.

“They’ve done it under the guise of: ‘this is while we are processing the data’,” he said.

Australian statistician David Kalisch image www.intelagencies.com

David Kalisch says: ‘We are now being more transparent about it’. Photo: Rohan Thomson

“They’ve done linkages, they’ve done other things. What’s happening now is we are being more transparent about it.”

The studies have been conducted despite a commitment on the ABS website that “name and address information will be destroyed once statistical processing has been completed“.

They used the names and addresses on census forms to link the census answers to department of immigration records, to school enrolment records and to the Australian Early Development Index.

The names were destroyed only after the records were linked.

Separately, and without asking for consent, the Bureau has been tracking five per cent of the population (more than one million people) through what it calls the Australian Census Longitudinal Dataset.

It has been using the names on the forms to create “linkage keys”, which enable it to follow respondents over time. Each census, the same name produces the same linkage key, enabling movements to be tracked. Once each key has been created, the name itself has been destroyed. It is impossible to reverse-engineer a key to derive the name.

“In 2016, I have decided to keep names and addresses for longer,” Mr Kalisch writes in today’s Sydney Morning Herald and Age. “This will enable the ABS to produce statistics on important economic and social areas such as educational outcomes, and measuring outcomes for migrants.”

Labelled by former Australian Statistician Bill McLennan “the most significant invasion of privacy ever perpetrated on Australians by the ABS,” the decision will formalise what was happening informally before Mr Kalisch joined the ABS in 2014. It will extend the period for research using names from 18 months to four years. All names collected will be deleted by August 2020 or when studies have been completed, whichever is the soonest.

What’s happening now is we are being more transparent about it.

Australian Statistician David Kalisch

The decision is a retreat on a announcement in December that names and addresses on census forms would be retained indefinitely.

“There are extremely robust safeguards in place to protect the privacy and confidentiality of the information collected in the census, including names and addresses,” Mr Kalisch writes in today’s Fairfax Media publications. “The ABS never has and never will release identifiable census data.”

Kat Lane, vice-chair of the Australian Privacy Foundation, said the real issue wasn’t the ABS security system. It was that there was no justification for tracking or personally identifying Australians.

1dft

Henry Sapiecha

IBM to set up cyber centre in Canberra

Led by a former federal police assistant commissioner, the new centre is intended to bring together business and government to tackle security issues.

IBM-Logo-in-blue image www.intelagencies.com

IBM has announced that it will create a National Cyber Security Centre (NCSC) in Canberra, to be headed by Kevin Zuccato, a former Australian Federal Police assistant commissioner and head of the Australian High Tech Crime Centre.

The company said the NCSC would allow access to IBM’s threat-sharing platform used by more than 2,000 businesses around the world, provide emergency response teams for security incidents, and would be partnering with its Australian Security Development Lab on the Gold Coast.

“With the establishment of the IBM National Cyber Security Centre in Canberra, we will provide a destination for government and organisations to proactively collaborate on strategy and policy,” said Kerry Purcell, IBM ANZ managing director. “The NCSC will drive a culture of innovation and openness, essential if we are to tackle this growing issue for every organisation.”

IBM did not specify the timing of the centre’s opening, nor the number of employees it would have.

The new centre will align with the federal government’s cyber strategy, IBM said, and will look to support both government and business in improving information security capabilities.

Announced in April, the AU$240 million Cyber Security Strategy had as its centrepiece the sharing of threat information between business and government, using the existing Australian Cyber Security Centre (ACSC) and new portals in capital cities.

As part of the package, the government said it would create two new roles: Minister assisting the prime minister on cyber security, and special adviser on cyber security within the Department of Prime Minister and Cabinet — the latter of which was filled by former e-safety commissioner Alastair MacGibbon.

In its Defence White Paper, launched in February, the Australian government said it would spend between AU$300 million and AU$400 million over the decade to the 2025-26 financial year on its Cyber Security Capability Improvement program

SPP

Henry Sapiecha

 

Dozens of government agencies request access to citizen metadata without warrants

man peeps behind blind image www.intelagencies.com

Nearly all the agencies which accessed citizens’ private information in the past have applied for continued access. Photo: Louise Kennerley

Nearly all of the government agencies which last year snooped on citizens’ phone and internet records without warrants have reapplied to access the data following the introduction of legislation which was meant to reduce the scope of access.

Sixty-one non-law enforcement federal and state agencies, including organisations such as Australia Post and Sydney’s Bankstown City Council, have applied to access citizens’ metadata for pursuing criminal activity or protecting public revenue.

The telecommunications data may include information such as phone numbers and addresses of people who called each other, or email addresses and the times messages were sent.

Attorney-General George Brandis image www.intelagencies.com

Attorney-General George Brandis has yet to decide which agencies may have access to telecommunications metadata.

By comparison, the latest official government report on metadata access, covering a period before new mandatory data retention legislation came into effect in October last year, showed 69 agencies accessed metadata. At that time they were automatically authorised to access this data, however following the legislation, non-law enforcement agencies must now apply directly to federal Attorney-General George Brandis for temporary approval to access metadata for up to 40 parliamentary sitting days.

No warrant is required to access the data.

A spokesperson for the Attorney-General’s department said Mr Brandis had not temporarily approved metadata access to any agencies who requested access.

The list of agencies was revealed in a Freedom of Information request filed by former Electronic Frontiers Australia vice chair Geordie Guy, and released to the public on Monday.

More agencies may have requested metadata access since Mr Guy’s FOI request was filed in November last year.

Digital rights group Electronic Frontiers Australia has called on Mr Brandis to reject most of the agencies’ applications.

EFA executive director Jon Lawrence said “only two or three” agencies would have legitimate reasons to access the private information.

“If the Attorney-General is serious about the integrity of his legislation and about protecting the civil liberties of all Australians, then he must act swiftly to reject the majority of these applications,” Mr Lawrence said.

In previous years local city councils have come under fire for using information gleaned from residents’ metadata to chase small-time infringers and recoup fines.

Melbourne’s Knox City Council last year accessed call charge records, and name and address details, to prosecute people who damaged property or were guilty of cruelty against animals or illegal signage, a council spokesperson said.

Bankstown City Council in Sydney appears to be the only council so far to have reapplied for access under the new regime.

A Bankstown spokesperson previously told Fairfax media the council used data to catch residents who dumped waste illegally. The agency made 13 information requests in the year to June 2015.

EFA’s Mr Lawrence said such matters were “hardly a national security issue” which might have justified its access to private information.

Other government agencies which have reapplied to access private communication records include Australia Post — which made 625 information requests last year — state racing bodies, the RSPCA and the Tax Office.

Australia Post has previously said that it requests phone records from telecommunication companies so it can chase people who steal phones or SIM cards from its stores, or pursue people who make “serious threats” to staff or engage in corruption and fraud.

The frequency of metadata requests from non-law enforcement agencies grew 9 per cent last year.

Below is the full list of agencies that applied for access to the data, except for four that were redacted in the FOI documents as their disclosure would be “contrary to the public interest”.

1. Australian Financial Security Authority, Commonwealth
2. Australian Health Practitioner Regulation Agency (AHPRA), Commonwealth
3. Australian Postal Corporation, Commonwealth
4. Australian Taxation Office, Commonwealth
5. Australian Transaction Reports and Analysis Centre, Commonwealth
6. Civil Aviation, Safety Authority (CASA), Commonwealth
7. Clean Energy Regulator, Commonwealth
8. Department of Agriculture, Commonwealth
9. Department of Defence (ADFIS and IGD), Commonwealth
10. Department of the Environment, Commonwealth
11. Department of Foreign Affairs and Trade, Commonwealth
12. Department of Health, Commonwealth
13. Department of Human Services, Commonwealth
14. Department of Social Services, Commonwealth
15. Fair Work Building and Construction, Commonwealth
16. National Measurement Institute, Commonwealth
17. ACT Revenue Office, ACT
18. Access Canberra (Department of Treasury and Economic Development), ACT
19. Bankstown City Council, NSW
20. Consumer Affairs, VIC
21. Consumer, Building and Occupational Services (Consumer Affairs and Fair Trading – Department of Justice), TAS
22. Consumer and Business Services, SA
23. Department of Agriculture, Fisheries and Forestry, QLD
24. Department of Commerce, WA
25. Department of Corrective Services, WA
26. Department of Environment and Heritage Protection, QLD
27. Department of Economic Development, Jobs, Transport & Resources (Fisheries), VIC
28. Department of Environment, Land, Water and Planning, VIC
29. Department of Environment Regulation, WA
30. Department of Fisheries, WA
31. Department of Justice and Regulation (Consumer Affairs), VIC
32. Department of Justice and Regulation (Sheriff of Victoria), VIC
33. Department of Mines and Petroleum, WA
34. Department of Primary Industries (Fisheries), NSW
35. Environment Protection Authority, SA
36. Greyhound Racing Victoria, VIC
37. Harness Racing New South Wales, NSW
38. Health Care Complaints Commission, NSW
39. Legal Services Board, VIC
40. NSW Environment Protection Authority, NSW
41. NSW Fair Trading, NSW
42. Office of Environment & Heritage, NSW
43. Office of Fair Trading (Department of Justice And Attorney-General Office of the Director General), QLD
44. Office of State Revenue, NSW
45. Office of State Revenue, QLD
46. Office of the Racing Integrity Commissioner, VIC
47. Primary Industries and Regions South Australia (PIRSA), SA
48. Queensland Building and Construction Commission, QLD
49. Racing and Wagering Western Australia, WA
50. Racing NSW, NSW
51. Racing Queensland, QLD
52. Roads and Maritime Services NSW, NSW
53. Royal Society for the Prevention of Cruelty to Animals (RSPCA), VIC
54. State Revenue Office, VIC
55. Taxi Services Commission, VIC
56. RevenueSA, SA
57. Victorian WorkSafe Authority, VIC

ooo

Henry Sapiecha