Peter A Clarke

The Online Safety Bill 2021, was introduced into Parliament on 24 February 2021. The Minister’s Second Reading Speech is found here.  It will, if passed, replace the Enhancing Online Safety Act 2015 through the enactment of the Online Safety (Transitional Provisions and Consequential Amendments) Bill 2021.

It is legislation that is relevant who practice defamation and privacy law.

The Bill with the explanatory memorandum are extensive documents. There are 240 clauses.    Zdnet in Bill establishing cyber abuse takedown scheme for adults enters Parliament provides quite a good overview of the proposed legislation providing:

A new Online Safety Bill that extends the cyber takedown function to adults and cuts takedown response times in half has made its way into Australian Parliament. Read the rest of this entry »

As is my tradition on this site at Christmas I reprint one of the most affecting Christmas stories and a brilliant piece of journalistic prose the quality of which is not seen in the current mainstream media.  It is the Sun’s peice from 1897, Yes Virginia there is a Santa Claus.  From the very first time I read this wonderful editorial I was impressed by its clear and precise language.  Virginia O’Hanlon, all of 8 year old, wrote a sweet and touching query about Santa Claus’s existence to The New York Sun.  It wasn’t trashed, ignored or even turned into a joke.  Instead it evoked a response that was both honest and written to and for a young child but dealt with bigger issues of belief, philosophy and the evils of sneering skeptisism which afflicts us today more than it did over 120 years ago. 

It is deservedly one of the great editorials of journalism.  It holds up as well today as it did in that Gilded Age.  One can only hope to hold onto and embrace the optimism and enthusiasm for life and its wonders that the author, Francis Pharcellus Church, so marvelously described in what has become history’s most reprinted newspaper editorials. It was reprinted by the New York Daily News yesterday.

The letter from Virginia was:

DEAR EDITOR: I am 8 years old.
Some of my little friends say there is no Santa Claus.
Papa says, ‘If you see it in THE SUN it’s so.’
Please tell me the truth; is there a Santa Claus?

VIRGINIA O’HANLON.
115 WEST NINETY-FIFTH STREET.

The responding Editorial was:

VIRGINIA, your little friends are wrong. They have been affected by the skepticism of a skeptical age. They do not believe except they see. They think that nothing can be which is not comprehensible by their little minds. All minds, Virginia, whether they be men’s or children’s, are little. In this great universe of ours man is a mere insect, an ant, in his intellect, as compared with the boundless world about him, as measured by the intelligence capable of grasping the whole of truth and knowledge.

Yes, VIRGINIA, there is a Santa Claus. He exists as certainly as love and generosity and devotion exist, and you know that they abound and give to your life its highest beauty and joy. Alas! how dreary would be the world if there were no Santa Claus. It would be as dreary as if there were no VIRGINIAS. There would be no childlike faith then, no poetry, no romance to make tolerable this existence. We should have no enjoyment, except in sense and sight. The eternal light with which childhood fills the world would be extinguished.

Not believe in Santa Claus! You might as well not believe in fairies! You might get your papa to hire men to watch in all the chimneys on Christmas Eve to catch Santa Claus, but even if they did not see Santa Claus coming down, what would that prove? Nobody sees Santa Claus, but that is no sign that there is no Santa Claus. The most real things in the world are those that neither children nor men can see. Did you ever see fairies dancing on the lawn? Of course not, but that’s no proof that they are not there. Nobody can conceive or imagine all the wonders there are unseen and unseeable in the world.

You may tear apart the baby’s rattle and see what makes the noise inside, but there is a veil covering the unseen world which not the strongest man, nor even the united strength of all the strongest men that ever lived, could tear apart. Only faith, fancy, poetry, love, romance, can push aside that curtain and view and picture the supernal beauty and glory beyond. Is it all real? Ah, VIRGINIA, in all this world there is nothing else real and abiding.

No Santa Claus! Thank God! he lives, and he lives forever. A thousand years from now, Virginia, nay, ten times ten thousand years from now, he will continue to make glad the heart of childhood.

In 1997 the New York Times did a wonderful piece setting out the history and analysis of the Yes Virginia editorial and its impact.  

I wish you one and all a wonderful Christmas and a prosperous 2021. 

Zoom is now a verb.  The impact of video conferencing platform has made it ubiquitous and necessary to work from home and keep in touch with others during long weeks of shut downs. And it deserves its reputation as the go to platform; it is easy to use, it is free (for 40 minutes at a time), it allows for up to 100 people to join a meeting and it has many cool features such as separate rooms and messaging services.

It has also suffered from the growing pains that afflict technology that appear from nowhere and become massively popular overnight.  That included critical flaws in software for windows that allowed hackers to take over computers and flaws that lets an attacker to use a GIF to hack software and install malware and until recently not having end to end encryption. The list of flaws identified and fixed are set out in Zoom security issues: Here’s everything that’s gone wrong (so far).

As a result of the persistent flaws and inadequate privacy practices, now fixed, Zoom entered into a agreement with the New York Attorney General, on 7 May 2020, whereby Zoom would put into place and support new security measures and enhance privacy controls.

It was only a matter of time before Zoom’s privacy and security problems came to the attention of the US Federal Trade Commission.  It was investigated and earlier this month came to a settlement, again requiring it to provide better information security systems.  The jurisdictional basis for FTC bringing an action is that Zoom engaged in deceptive and unfair practices about it’s level of security, including representations about end to end encryption and the level of encryption.  The period of compliance with the Decision is 20 years.

The FTC issued a complaint  alleging that the misleading practices dated back to 2016.  The complaint highlights Read the rest of this entry »

I have long posted on law firms being in the sights of cyber criminals.  I raised this as an increasing threat in September last year and attacks on Queensland law firms in 2017 and European law firms in 2016.

The Australian Financial Review reports, in Hackers threaten to publish data from attack on legal services firm, report on a cyber attack on 22 November 2020 by hacker legal services firm Law In Order suffering a Ransomware attack with the hackers threatening to publish data unless a payment is made. The story is also covered by itwire, insurance business mag, and itnews.  That list will grow.

Law In Order issued statements of what happens.  It is far from a best practice response.  General waffle.  Full candour is not always possible because investigations take time.  But that does not mean that writing excessive meaningless verbiage is the answer. That is particularly so when the Australian Financial Review has key information about the attack, for example that it was undertaken by Netwalker and is a ransomware attack.  That makes the statement look even sillier than Read the rest of this entry »

Universities are prime targets for cyber attack as well as just poor data handling.  In the former category the Australian National University suffered a massive and prolonged data breach over 2018/2019 caused by overseas actors, probably Chinese (my post here) while more recently the University of Tasmania had a significant data breach involving over 19,000 names through incompetent data protection (my post here).

Today the Victorian Privacy and Data Protection Deputy Commissioner commences an examination of how Victorian universities protect personal information.  The press release Read the rest of this entry »

The US National Security Agency prefers staying in the shadows. It is therefore notable that it has issued a very public cybersecurity advisory highlighting vulnerabilities Chinese hackers are using as part of their cyber attacks.

The advisory Read the rest of this entry »

Governments love data. All governments and for as long as there have been governments.  The Assyrian empire as long ago as 2025BC developed a buerocracy and kept records about their subjects. The Romans took it to a new level with the census.  And with every new age and development the collection has become more sophisticated.  But there were always costs and inefficiencies in collecting, managing and using data. The East German authorities essentially drowned under the flood of information from informants and the obsessive surveillance of the Stasi.  In the digital age collection, aggregation and use of masses of data has been simplified.  And data can be used more effectively with enhanced computer power and algorithms. And the temptation to interfere with privacy while using data is a constant one for government agencies, especially those chasing revenue. As can be seen in the report  The IRS Is Being Investigated for Using Location Data Without a Warrant which reports Read the rest of this entry »

The United States does not have a comprehensive Data Privacy Legislation.  Most states in the United States have some form of data protection legislation, including mandatory data breach notification laws.  At the Federal level business, in particular those engaged in collecting and selling data, have resisted any attempt to provide some form of regulation on the collection, storage and use of personal information.  The dynamics have changed somewhat in the last two years with the outrageous abuse of personal information by Facebook with Cambridge Analytica, Google’s continuous data avarice and significant data breaches involving millions of individuals personal information.

The US Senate Committee on Commerce, Science, and Transportation held hearings on 23 September 2020 in Washington DC.   The hearing was titled Revisiting the Need for Federal Data Privacy Legislation.  The purpose was described as Read the rest of this entry »

After the major data breach at the Australian National University which was probably caused by interference by a state actors one would have thought universities in Australia would review their data security practices, do some stress testing and monitor access points to their databases.  Maybe some did, but it is certain that the University of Tasmania didn’t.  Or didn’t worth a damn.  The Australian, in Serious data breach hits 20,000 Uni of Tasmania students, prompting credit, privacy concerns, reports on a very serious data breach where the personal information of, 19,900, students including their ethnicity, any disabilities and results.  The information was available for accessing by other students between 27 February and 11 August, 2020.  Unlike the data breach at the Australian National University, (see my post here) which involved a sophisticated cyber attack by a foreign player, the source of the data breach was incorrect configuration of settings for the Sharepoint database.

It is interesting, and begs more than a few questions, as to why the University would wait from 11 August, when the data breach was discovered, until 21 September when it was made public and students were notified.  It is longer than the Read the rest of this entry »

The collection and analysis of vast amounts of personal information is the hugely valuable for business, politics and public administration. It has been described as the twenty first century equivalent of what oil was to the twentieth century. It has revolutionised the way business is done and services are provided, for profit and otherwise.  The use of personal information has more dystopian uses, such as  surveillance by states as well as being able to used as part of a cyber campaign.

China is at the forefront of the cyber triaphilia; a keeness bordering on obsession with surveillance, a proficiency in cyber attacking and, finally a willingness and often desire to interfere with other states activities or at least individuals in those states.

Zhenhua Data is a company whose main clients are the Chinese Communist Party and the Peoples Liberation Army.  That is neither here nor there except that the ABC reports in Chinese database collects information on thousands of Australians, from PMs to pop stars it had built up a data base of 35,000 Australians according to a leak of 2.4 million entries in data leaked from Zhenhua Data.  The data base seems to have been built up with information publicly available but also sources which would normally keep that information private.

There has been much hand wringing as to why  a Chinese data firm collect information about a disparate group of people who seemingly have little to do with each other beyond them being public figures to a greater or lesser degree. The answer is quite straightforward.  Most governments Read the rest of this entry »