The whole Guy Fawkes story and its consequences is so compelling that it often inspires me to break policy and write on a non legal subject.

For starters there is the wonderful ditty/ poem or piece of doggerel:

Remember, remember!
The fifth of November,
The Gunpowder treason and plot;
I know of no reason
Why the Gunpowder treason
Should ever be forgot!
Guy Fawkes and his companions
Did the scheme contrive,
To blow the King and Parliament
All up alive.
Threescore barrels, laid below,
To prove old England’s overthrow.
But, by God’s providence, him they catch,
With a dark lantern, lighting a match!
A stick and a stake
For King James’s sake!
If you won’t give me one,
I’ll take two,
The better for me,
And the worse for you.
A rope, a rope, to hang the Pope,
A penn’orth of cheese to choke him,
A pint of beer to wash it down,
And a jolly good fire to burn him.
Holloa, boys! holloa, boys! make the bells ring!
Holloa, boys! holloa boys! God save the King!
Hip, hip, hooor-r-r-ray! Read the rest of this entry »

Austel, one of Australia’s main defence contractors has suffered a data breach.  It notified the Australian Securities Exchange last Thursday night.  The notice to the ASX is found here.  Unlike US notices it’s focus is on being vague on critical details and expansive on the impact, it says not much, and what it is doing in response, it says plenty.

The Notice states:

The statement, anodyne as any I have seen, confirms that the hacker attempted an extortion attempt.  What the report does not state but the Australian does is that the attack took place two weeks ago and involved the loss of 100 gigabytes of data. There is another report that the material was accessed over a month ago.  The Australian’s reports that Read the rest of this entry »

The Victorian Supreme Court in Re Ad Astra Institute Pty Ltd [2018] VSC 563 considered an application to set aside a statutory demand.  In dismissing the application the court undertook a useful analysis of both genuine dispute but more particularly the approach to be taken in preparing an offsetting claim.

FACTS

The defendant was engaged to develop QMS and other documentation (‘Training Documentation’) to meet the requirements of being a Registered Training Organisation (‘RTO’) and on the Commonwealth Register of Institutions and Courses for Overseas Students (‘CRICOS’) [4].

In July of 2016, the plaintiff offered the defendant a contract for services, [4], with consultancy fees at:

• • an hourly rate (minimum of 3 hours) $575 per hour + GST

• daily rate (maximum of 8 hours) $2,800 per day + GST [5].

The note at the bottom of the consultancy fees provides:

Please note:The terms of all invoices are 14 days and all invoices will be charged according to the hourly rate plus GST (Goods and Services Tax). These rates are reviewed from time to time and may change. We will tell you of any changes as soon as practicable after a change occurs [6].

with a further stipulation :

As negotiated:It is agreed that IRM [the Defendant] will cap its fees payable for initial registration and CRICOS registration at AUD$100,000 inclusive of required ASQA fees.

The Agreement was set out to have been made on 25 July 2016 and executed by James Sackl on behalf of the plaintiff. At all material times Read the rest of this entry »

There is no dilema or delay in the technical development of drones, the common term for remotely piloted aircraft systems or unmanned aerial vehicles (UAVs).  There is however huge delays and significant dilemas by legislatures on how to respond to the legal challenges with the misuse of drones and what regulation is required.  In October 2016 the Senate’s Rural and Regional Affairs Transport References Committee conducted an enquiry on Regulatory requirements that impact on the safe use of Remotely Piloted Aircraft Systems, Unmanned Aerial Systems and associated systems.  The Committee tabled its report on 31 July 2018 with almost no fanfare.  And deservedly so.  It is a narrowly focused, quite technical and limited report focused on the use of drones and rather than the broader issues which affect not only the use of the drones but the impact they have on others.

In New Zealand there is a report of a drone being used to interfere with a persons’ privacy and as a means to scope out a home before burglaring it.  Coincidentally the New Zealand government is Read the rest of this entry »

Certain industries attract hackers because their businesses are data troves of the best sort of personal information; names, dates of birth, banking and credit card information.  Banks, insurance companies, law firms, hospitals and other health providers are top of the list.  And airlines.  It is therefore hardly surprising that Cathay Pacific has been the subject of a successful data hack resulting in the records of 9.4 million passengers being compromised.  That includes 860,000 passport numbers being compromised.  The media coverage has been universally negative (here, here and here for example).  Particularly so given Cathay was aware of suspicious activity in March and Read the rest of this entry »

There are behmoths in each of the cyber platforms; Google for search engines, Facebook for social media and Apple for music and mp3 players.  There are others in each sphere but those three companies dominate their particular areas.  Of the two Apple has been more consistent in protecting privacy and maintaining data security than Google and Facebook.  Google is the least interested.

Apple has been a long standing dispute with the FBI over its refusal to help the FBI to access data on iphones.

It is relevant then to read Tim Cook raise the alarm about the danger of personal information being “weaponised” through better and better alogorithms and ubiquitous data collection.  At a privacy conference organised by the European Union he endorsed a comprehensive privacy law Read the rest of this entry »

The Age reports on yet another depressing and altogether avoidable data breach.  The accessing of medical conditions, photographs, names and identifying data of year 7 – 12 students at Manor Lakes P -12 College in Wyndham Vale in Melbourne.

The Education Department has adopted a standard straight bat response of “human error” and not due to a vulnerability in the school and IT systems. The excuse is, it could be a lot worse (as in a systemic fault involving a costly fix).  What is not, and won’t be, disclosed as to how the breach occurred, what remedial action is taken and what punishment is administered.  Without consequences, there is little incentive to take real and decisive steps to minimise poor data practices. Unfortunately the regulators at both the state and Federal level Read the rest of this entry »

Senator Fifield in his capacity as Minister for Communications finds himself in the middle of one of the most exciting, dynamic, disruptive, confounding yet critical areas of public policy in Australia, or any other advanced economy; what to do with the internet if anything.  He recently gave a speech at the Sydney Institute titled The Internet – not an ungoverned space.  It is a broad ranging fly over of the issues associated with the internet; privacy, cyber bullying, copyright infringements (ie piracy), illegal wagering, fake news and the dominant role of the the big players on the digital platforms (Google, Facebook, Apple and Twitter in no particular order).  It hints at the likelihood of government involving itself in regulation of the internet, or at least its activities.  It is a speech written from within the bowels of the Department; safe, few rhetorical flourishes, quoting facts at a reasonable clip without being too dense, informative but not inspirational and hinting at but not committing to further action.  And it has plenty of wriggle room in the event that action is not taken.  It is useful as Read the rest of this entry »

Alphabet attracts an enormous amount of  suspicion by civil society groups, commentators and an increasing number of governments; it is too big, it stifles development by swallowing up nascent competitors, its algorithms discriminate against some businesses and people, it is too willing to compromise its stated principles with dictatorships, to wit China, and it is secretive.   There is a reasonable amount of truth to all of that.  What Google does try to convince users that it is security conscious.  That claim has taken a massive hit with reports that it has been subject to a data breach courtesy of a bug which exposed personal information of hundreds of thousands of users.  Worse, Google didn’t disclose this breach after discovering the problem.  Why, because it didn’t want the regulators to review its activities and the ask the difficult questions.  Also it didn’t want the reputational hit.  That is a common reaction by organisations who have inadequate data protection and poor privacy culture.  It is all too common a response in Australia.

As result of this data breach Google is shutting down Google+.  This of course will not end Googles woes.  It is just the start.

This sad and sorry saga is Read the rest of this entry »

Commonly a data breach affecting an organisation attracts the attention of multiple authorities in the United States and the United Kingdom.  A data breach in the United States can attract investigation from the Federal Trade Commission, for misleading representations as to privacy, and the Securities Exchange Commission, for breach of fiduciary duty.  And as Tesco Bank well truly understands poor data security can result in an investigation and fine from the Financial Conduct Authority (“FCA”) as well as an investigation by the Information Commissioner.  Tesco has been fined £16.4 million by the FCA for failing to exercise due care and diligence in protecting its personal current account holders accounts.  A cyber attack resulted in the theft of £2.2 million, which has been refunded. Such a fine is well in excess of what the ICO could impose at the time of the breach.  In addition to the swingeing fine the reputational damage to Tesco is significant as regulators are not wont to keep a low profile when they collect a big scalp.  And the FCA didn’t keep things quiet here, with Read the rest of this entry »