The National Institute of Standards and Technology (“NIST”) releases excellent guides in relation to all manner of technology.  It is particularly helpful in providing processes to improve cyber security and deal with data breaches.

Last week the NIST through its  National Cybersecurity Center of Excellence (NCCoE) released

• Special Publication (SP) 800-40 Revision 4, Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology and
• SP 1800-31, Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways.

The focus of both guides highlights the importance of timely and appropriate patching so as to enable  organisations to have an adequate cybersecurity system.

Patching is a form of preventive maintenance of computing technologies.  It helps prevent compromises, data breaches, operational disruptions, and criminal acts.

SP 800 – 40

SP 800-40 Revision 4 recommends that leadership at all levels of an organization, along with business/mission owners and security/technology management teams, should jointly create an enterprise strategy that simplifies and sets up processes for patching.

Enterprise patch management is the process of identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout an organization.

The publication refers to Read the rest of this entry »

On 31 March 2022 the Federal Parliament passed the Data Availability and Transparency Bill 2022.  It became law on 1 April 2022.  It’s genesis is traced back to reforms proposed by the Productivity Commission’s  Inquiry Report into Data Availability and Use (2017).

The Minister’s Second Reading Speech provides:

I am pleased to introduce this bill which will create the Data Availability and Transparency Act, appropriately abbreviated to DATA.

This bill establishes a new data sharing scheme for federal government data, underpinned by strong safeguards to mitigate risks and simplified processes to make it easier to manage data sharing requests.

2020 has shown us how critical this piece of legislation is.

We started the year in the middle of one of the most disastrous bushfire seasons in recent memory, with thousands of Australians needing access to government services to support them through this difficult time.

Australians continue to face the onslaught of the COVID-19 pandemic, which has cost them their jobs and their livelihoods, and they are turning to their government for help.

Government data and digital services have been fundamental to the government’s response to these events.

Data allowed Australians to receive timely and reliable services in a time of need.

Data allowed Australians to access government services online instead of queuing at Centrelink shopfronts.

It was data that informed the development of essential programs like the JobKeeper payment, so that we could provide relief to Australians who have lost their jobs during this pandemic.

The government’s vision is that Australians experience the same seamless approach to government services every day, not just in times of crisis. Read the rest of this entry »

In a 5 – 0 decision the High Court allowed an appeal from the Victorian Supreme Court in Stubbings v Jams 2 Pty Ltd [2022] HCA 6 and the operation of certificates of independent advice and unconscionable conduct.  The lead judgment is that of Kiefel CJ, Keane and Gleeson with separate opinions by Gordon and Steward.

FACTS

The facts

The appellant owned two houses in Narre Warren, both mortgaged to Commonwealth Bank with weekley repayments of between $260 and $280 per week. The appellant did not live in either house.  He lived at rental premises at Boneo, where he worked repairing boats for the owner of the property [7].

The Appellant fell out with the owner,  ceased work and, needing to move house, sought to purchase another property on the Mornington Peninsua [7].

At the relevant time the appellant:

• was unemployed
• had no regular income
• had not filed tax returns in several years and
• was in arrears on rates payments in respect of the two Narre Warren properties [8]

After a home loan application to ANZ was rejected for lack of financial records, the appellant was introduced to Mr Zourkas [8] who described himself as a “consultant”, in the business of introducing potential borrowers to Ajzensztat Jeruzalski & Co (“AJ Lawyers”) [9]. The service AJ Lawyers provided to clients was to facilitate the making of secured loans by those clients [9].

The primary judge found that Zourkas played an “important and essential” role in these transactions, in that his involvement ensured that AJ Lawyers never dealt directly with the borrower or guarantor, such as the appellant [9]

When the appellant and Zourkas met on a number of occasions in 2015:

• at the first meeting, the appellant said that he “wanted to buy a little house” to live in, to which Mr Zourkas responded that “there would not be a problem going bigger and getting something with land”  O which resulted in the appellant finding a five?acre property with two houses on it in Fingal, available for $900,000.
• at another meeting, Zourkas told the appellant that he could borrow a sum sufficient to pay out the existing mortgages over the Narre Warren properties, purchase the Fingal property, and have approximately $53,000 remaining to go towards the first three months’ interest on the loan [10] .
•  Zourkas advised the appellant that he could then sell the Narre Warren properties, reducing the loan to approximately $400,000, which the appellant could then refinance with a bank at a lower interest rate [10]

The calculation was that:

• two Narre Warren properties and the Fingal property would secure the appellant’s obligations as guarantor
• the existing debt to Commonwealth Bank secured on the Narre Warren properties totalled approximately $240,000.
• on the basis that the two properties had a market value of $770,000, the appellant’s equity was thus worth about $530,000 [11].

On 30 June 2015, the appellant signed a contract to Read the rest of this entry »

After a false start the ABC is installing mandatory iview login requirements for its television services.  This has raised the hackles of privacy advocates.  In February the Conversation fired up with Mandatory logins for ABC iview could open an intimate window onto your life.   Most recently, as in earlier this week Malcolm Crompton, a former privacy commissioner, has claimed that this will stymie debate and free expression of ideas.  It has also attracted the ire in itwire with ABC appears to be hell-bent on compulsory iview logins and ABC is urged to ditch hated feature on its streaming platform iview – but the public broadcaster is adamant it WILL roll out this week.   Vanessa Teague has produced a very effective youtube video setting out the problems with data sharing (https://www.youtube.com/watch?v=20bqzIoB-Fw).   The problem is that while Vanessa’s post is very thoughtful and persuasive it has been read by 491 views as of today’s date.  It has been the subject of chatter amongst privacy advocates but not much more than that.  That makes it completely ineffective.  Innovation Australia in Last ditch call to stop ABC mandatory login highlights the problem, that a last ditch effort is usually a forlorn hope.  It provides:

Privacy and security experts have called on the ABC to halt its switch to mandatory user accounts at the eleventh hour, warning that the public broadcaster has failed to justify the increased risks of tracking users and sharing data with US tech giants.

Letters to ABC management from the Australian Privacy Foundation and a former privacy commissioner released this week call for the ABC to reconsider the decision, saying the purported benefits are not proportional to the risks they introduce, while a leading cybersecurity expert warned data is still being collected even though users opt-out of tracking.

The ABC intends to make the switch to mandatory user accounts for its iview video-on-demand service on Tuesday, claiming it will allow more personalisation features that it says users want, and that tracking audiences and their viewing habits is now commonplace. Read the rest of this entry »

The postscript to Re Slodyczka & Farren Pty Ltd [2022] VSC 102 is a decision by Associate Justice Hetyey regarding costs of the application. 

FACTS

in the substantive judgment  the plaintiff’s application to wind up the defendant in insolvency was dismissed.

The relevant facts for the purpose of considering a costs order were:

• whilst the matter was commenced by originating process filed on 11 April 2021, there were delays and adjournments [2] resulted in two previous costs orders being made being:
  • on 7 July 2021, consent orders were made which, among other things, required the plaintiff to pay the defendant’s costs thrown away by reason of an adjournment of the hearing originally scheduled that day (‘the first costs order’).
  • at the next hearing date, on 27 July 2021, it was adjourned at the request of the defendant to enable it to put on supplementary material on the question of solvency, including audited accounts for the 2019/2020 and 2020/2021 financial years. The plaintiff’s costs of the hearing be reserved (‘the second costs order’).

The defendant opposed the winding up application on the following alternative bases [4]:

(a) service of the plaintiff’s statutory demand dated 3 February 2021 (‘the statutory demand’ or ‘the demand’) was defective;

(b) the defendant was solvent and could displace the statutory presumption of insolvency;

(c) the defendant should be given leave pursuant to s 459S of the Corporations Act2001 (Cth) (‘theCorporations Act’) to oppose the winding up application on a ground or grounds it could have relied on for the purpose of an application to set the demand aside. The grounds sought to be raised were: (i) there was a genuine dispute about the amount of the debt claimed in the statutory demand in accordance with s 459H(1)(a); (ii) the defendant had an offsetting claim for the purpose of s 459H(1)(b) of the Corporations Act; and (iii) the demand was defective and a substantial injustice would be caused to the defendant if the demand was not set aside pursuant to s 459J(1)(a) of the Corporations Act; and

(d) pursuant to s 467(1)(a) of the Corporations Act, the Court should dismiss the plaintiff’s application as a matter of discretion.

In the substantive judgment the court held that, [5]:

• the defendant failed to rebut the presumption of service of the statutory demand under s 29(1) of the Acts Interpretation Act 1901 (Cth).
• the defendant succeeded in displacing the statutory presumption of insolvency on the basis that it was cash flow positive and balance sheet solvent. The proceeding was dismissed on this basis.
• the defendant’s application under s 459S of the Corporations Act was not granted because the grounds sought to be raised in respect of the plaintiff’s debt were not material to proving solvency however  had the defendant failed to establish solvency the corut would haveultimately have granted it leave
• the defendant could not to pursue its argument that the Court should dismiss the plaintiff’s application in accordance with the Court’s discretion under s 467(1)(a) of the Corporations Act because of a lack of proper notice to the plaintiff Read the rest of this entry »

Associate Justice Heytey has had a busy start to the year with 2 decisions regarding applications under the Corporations Act 2001; Re Slodyczka & Farren Pty Ltd [2022] VSC 19 and Re Amville Constructions Pty Ltd [2022] VSC 65.  Associate Justice Gardiner considered an application to set aside a statutory demand in Re Wynyard Victoria Pty Ltd [2022] VSC 81.

Re Slodyczka & Farren Pty Ltd [2022] VSC 19

The key issue in this application was whether there was proper service of a statutory demand and whether the presumption of insolvency was rebutted. 

FACTS

Slodyczka & Farren Pty Ltd (‘the defendant’) was first registered on 14 December 2015. In response to the COVID-19 pandemic, it commenced a business in March 2020 for the manufacture and sale of face masks.  Between April 2020 and August 2020, Lion & Horn Pty Ltd (‘the plaintiff’) providing it with marketing services to sell of its masks [1].

In early February 2021, the plaintiff purportedly served the defendant with a statutory demand dated 3 February 2021, which claimed the sum of $36,091.77 in relation to an outstanding invoice dated 28 August 2020 for its marketing services . The defendant did not comply with the demand within the 21-day statutory period.

By originating process filed on 11 April 2021, the plaintiff sought to wind up of the defendant pursuant to ss 459A and 459P of the Corporations Act 2001 (Cth) relying upon the statutory presumption of insolvency contained within s 459C(2)(a) of the Corporations Act.

The Court framed the questions for consideration as being, at [9]:

(a) was service of the statutory demand effective?

(b) is the defendant solvent?

(c) should the Court grant the defendant leave pursuant to s 459S(2) of the Corporations Act to oppose the winding up application on one or more grounds that the defendant could have relied upon in seeking to set aside the demand, but did not so rely? Further, is such a ground material to proving the Company is solvent?; and

(d) should the Court dismiss the plaintiff’s application under s 467(1)(a) of the Corporations Act as a matter of discretion?

DECISION

Service

In reviewing the legislation and legal principles the court Read the rest of this entry »

As is tradition I wish all a very Merry Christmas.  Probably a celebration more keenly appreciated and felt this year than most.  This second year of COVID has been a grind and more difficult than 2020 when we first exerienced the effect of restrictions. 

As is my practice I republish one of the most heartfelt and brilliantly written paean to the Christmas celebration and optimism and being unafraid to reject cynicism of our current age; Yes, Virginia: There is a Santa Claus.  It is as apt today as it was in 1897. More so.  The prose is wonderful and little wonder it is history’s most reprinted newspaper editorial.

The article provides:

DEAR EDITOR: I am 8 years old.
Some of my little friends say there is no Santa Claus.
Papa says, ‘If you see it in THE SUN it’s so.’
Please tell me the truth; is there a Santa Claus?

VIRGINIA O’HANLON.
115 WEST NINETY-FIFTH STREET.

VIRGINIA, your little friends are wrong. They have been affected by the skepticism of a skeptical age. They do not believe except they see. They think that nothing can be which is not comprehensible by their little minds. All minds, Virginia, whether they be men’s or children’s, are little. In this great universe of ours man is a mere insect, an ant, in his intellect, as compared with the boundless world about him, as measured by the intelligence capable of grasping the whole of truth and knowledge.

Yes, VIRGINIA, there is a Santa Claus. He exists as certainly as love and generosity and devotion exist, and you know that they abound and give to your life its highest beauty and joy. Alas! how dreary would be the world if there were no Santa Claus. It would be as dreary as if there were no VIRGINIAS. There would be no childlike faith then, no poetry, no romance to make tolerable this existence. We should have no enjoyment, except in sense and sight. The eternal light with which childhood fills the world would be extinguished.

Not believe in Santa Claus! You might as well not believe in fairies! You might get your papa to hire men to watch in all the chimneys on Christmas Eve to catch Santa Claus, but even if they did not see Santa Claus coming down, what would that prove? Nobody sees Santa Claus, but that is no sign that there is no Santa Claus. The most real things in the world are those that neither children nor men can see. Did you ever see fairies dancing on the lawn? Of course not, but that’s no proof that they are not there. Nobody can conceive or imagine all the wonders there are unseen and unseeable in the world.

You may tear apart the baby’s rattle and see what makes the noise inside, but there is a veil covering the unseen world which not the strongest man, nor even the united strength of all the strongest men that ever lived, could tear apart. Only faith, fancy, poetry, love, romance, can push aside that curtain and view and picture the supernal beauty and glory beyond. Is it all real? Ah, VIRGINIA, in all this world there is nothing else real and abiding.

No Santa Claus! Thank God! he lives, and he lives forever. A thousand years from now, Virginia, nay, ten times ten thousand years from now, he will continue to make glad the heart of childhood.

The ubiquitous use of some software coupled with their vulnerabilities makes for a massive cyber security headache as the Australian’s article Millions face cyber attack via compromised Log4j Java-based software makes clear.  Log4j Java is installed on more than 100,000 devices, apps etc..  In cybersecurity terms it is a story that has been around for a while.  On 11 December Kaspersky reported on the vulnerability.  The Google Security blog put out a post, Understanding the Impact of Apache Log4j Vulnerability on 17 December. 

The Australian article Read the rest of this entry »

The Court of Appeal upheld the summary judgment decision of Warby J in HRH The Duchess of Sussex v Associated Newspapers Limited [2021] EWCA Civ 1810 which found that Associated Newspapers Limited had breached the Duchess’ reasonable expectation of privacy with the publication of a letter from her to her father Thomas Markle.

FACTS

The court summarised the facts as:

• Mr Markle did not attend the wedding of the Duke and the Duchess on 19 May 2018 [14].
• He was admitted to hospital days beforehand for emergency heart surgery.
• Text messages from the Duchess  made it plain that  before the wedding Mr Markle behaved in ways which caused her

“concern because of the publicity they were likely to and did cause, and the impact on her, [the Duke], and [Mr Markle]”.[14]

• • Mr Markle:
    • engaging with the media (e.g. a front-page Mail on Sunday report on 13 May 2018 was headed “Meghan’s Dad staged photos with the paparazzi”, and reported that Mr Markle was “colluding with the paparazzi to stage a series of lucrative photo opportunities”, for which he apologised by text to the Duchess on 14 May 2018).[15]
    • being well aware that the Duke and Duchess wanted him to avoid engaging with the media, and that all their correspondence was personal and private in character [16].
    • continuing, thereafter, to have dealings with the media which resulted in press articles. The Articles themselves referred to “a series of damaging interviews” given by Mr Markle [16].
  • The Duke texting Mr Markle on 17 May 2018 asking him to “stop talking to the press for your sake and hers”, and expressing concern that Mr Markle had not “returned any of our 20+ calls since we all spoke on Saturday morning” [15]. the run-up to the wedding was fractious, revealing substantial differences of approach to dealing with the media.

The letter

• The Letter was sent on 27 August 2018 with bold text identifying words published in the Articles, and italicised text being the judge’s interpolations [18]:

Read the rest of this entry »

Another sign, if more more were needed, that data breaches are a chronic and increasingly damaging phenomana when the US Federal Trade Commission (the “FTC”) has issued amendments to the Standards for Safeguarding Customer Information. 

The Final Rule is a very substantial document. It is a useful document for those interested in privacy and cybersecurity generally. Given the dearth of clear and precise definitions, practices and protocols in Australia it is quite useful in Australia.  Like NIST publications it is a much more substantial and useful documents than the vague and opaque guidelines issued by regulators in Australia.

Those who are responsible for maintaining cyber security and establishes procedures and protocols to protect personal information could do worse than read these rules.  It is only a matter of time before the Information Commissioner prepares detailed guidelines which are more consistent with the voluminous GDPR documents or the direct and also comprehensive FTC rules Read the rest of this entry »