You wouldn’t think it, but when it comes to IT, security and safety aren’t always synonymous. Sometimes, the measures that increase technical security also remove the ability to provide safeguards for users. Firefox started rolling out DNS-over-HTTPS to users in the US recently. This is largely seen as an improvement in security, preventing alteration or observation of a user’s DNS queries by their ISP, which in the US no longer have limitations on selling this data. Governments can also use it to spy on their citizens, and ISPs (including in Australia and the UK) are often forced by law to alter DNS responses to block websites.
Hi all, and welcome to 2019! For many of us a new year is an opportunity to start afresh — to set goals, and set ourselves on a plan to achieving them. For others, it’s a continuation of the year before — following up on items that weren’t able, for whatever reason, to be finalised in the previous year. For ITPA this year, it’s a bit of both.
Thursday 15 November was meant to be the last day that Australians had to opt out of My Health Record, a national online database of patient health information with serious flaws. (Check our previous article for what was wrong with it.) The flaws within My Health Record were so bad that last week it emerged that the Privacy Commissioner for the Australian Digital Health Agency (which is responsible for My Health Record) quit last month, apparently leaving the organisation out of frustration that privacy and security concerns she had raised were being ignored by senior management.
I’m sorry if this is starting to sound repetitive, but there’s still a determined attack by our federal government on online security, and it’s important that we don’t let the fight drop off as we tire of it. Since I last wrote on the topic, the first public hearing has been held by the PJCIS. Of the eleven members of the committee, four were in attendance — two from each major party. A number of people presented to the committee — you can see the full transcript in the Hansard record.
Barely a week after the Department of Home Affairs consultation period closed, Minister Dutton has pushed into parliament a version of the Assistance and Access Bill 2018 with only minor changes. This was then referred to the Parliamentary Joint Committee on Intelligence and Security (PJCIS), which is now running its own consultation period, closing on 12 October 2018. You can see the details here. It seems odd to us (and many other groups with expertise in this area) that all of the submissions to the original consultation could have been appropriately considered within the incredibly short time frame between the consultation closing and the bill being introduced to Parliament. Certainly, the level of changes (removing protecting government revenue as a reason for action under the bill) indicate that the vast majority of the feedback (our submission is here; a list …
A few weeks ago, the federal government’s Department of Home Affairs requested comments from the public on a draft of ‘The Assistance and Access Bill 2018’ — a bill designed to allow law enforcement agencies to gain access to communications and information previously not available to them due to encryption technology. As we noted, we intended to make a submission to the government on this bill. You can read the details of our submission below. In summary though, the bill, in its current form, will have a dire impact on internet privacy and potentially even e-commerce, all without actually achieving its stated goals — because criminals will simply move to using software not subject to this law.