North Coast Voices: Big Brother

Showing posts with label Big Brother. Show all posts

Thursday 1 March 2018

No need to worry about the possibility that a Liberal-Nationals Federal Government will impose censorship on the free press in Australia

The time to fret over the possibility of government censorship of the media is over because in February 2018 it ceased being a distant possibility and became fact.

This is what the Australian Press Council stated about the News Corp online article….

Australian Press Council (APC):

Adjudication 1732: Complainant/news.com.au (February 2018)

The Press Council has considered whether its Standards of Practice were breached by an article published in news.com.au on 31 May 2017, headed “Islamic State [IS] terror guide encourages luring victims via Gumtree, eBay”.

The opening paragraph read: “ISLAMIC State has released a step-by-step guide on how to murder nonbelievers, which includes how to lure targets via fake ads on Gumtree and eBay”. The article proceeded to relay in detail how an article in “[t]he latest edition of the terror group’s English-language propaganda magazine … encourages would-be terrorists to advertise products on second-hand selling sites … to lure victims and assassinate them”. The article mostly comprised extracts from the source material describing the steps necessary to perform such acts.

The Council considered that the article did publish much of the source material from IS verbatim, with limited accompanying analysis or context, such as comments from experts and websites such as Gumtree. The Council accepted there was no intention to encourage or support terrorism, but considered that republishing content from terrorist entities in this manner can perpetuate the purpose of such propaganda and give publicity to its ideas and practices.

However, the Council accepted the public interest in alerting readers to potential risks to their safety. It considered that on balance, the public interest in alerting readers to the dangerous content of the terrorist propaganda and its instructional detail was greater than the risk to their safety posed by the effective republication of terrorist propaganda content. Given this, the Council concluded that the public interest justified publication of the article. Accordingly, the publication did not breach General Principle 6.

The Council noted that great care needs to be exercised by publications when reporting on terrorist propaganda to ensure that public safety is not compromised. In particular, effectively republishing source material comprising instructional detail in how to carry out particular terrorist acts could pose a risk to public safety, and reasonable steps should be taken to prevent such an outcome.

This is what the Turnbull Government did…….

News.com.au, 28 February 2018:

…the article titled “Islamic State terror guide encourages luring victims via Gumtree, eBay” no longer exists.

A week after it was published on May 31, 2017, the Attorney-General’s office contacted news.com.au to demand it be taken down, saying the Classification Board had ruled it should be refused classification as it “directly or indirectly” advocated terrorist acts.

It appears to be the first time section 9A of the Classification (Publications, Films and Computer Games) Act 1995 has been used to censor a news report, since it was first added in 2007.

The action has alarmed the publisher of news.com.au as Australian media in general were not informed the Classification Board had the power to ban news stories or that the eSafety Commissioner had the power to instigate investigations into news articles.

“The first news.com.au knew of this matter was when contacted by the Attorney-General’s Department and advised of the Classification Board decision,” news.com.au argued as part of a separate Press Council investigation into the article.

“The department, board and the eSafety Commissioner did not contact news.com.au beforehand to advise of the investigation. Consequently, news.com.au was not given the right to make submissions or a defence in regard to the article.”

News.com.au removed the article as it was facing legal penalties from the Australian Communications and Media Authority (ACMA) if it refused, including fines or even civil or criminal legal action.

In justifying its decision, the Classification Board noted the article contained “detailed references and lengthy quotations from Rumiyah (Islamic State’s propaganda magazine)” with limited author text to provide context.

News.com.au asked the board why there was no opportunity for news organisations to defend the article based on public interest grounds but a response provided by a spokesman for the eSafety Commissioner did not directly address this.

The spokesman said the board did consider whether the material could “reasonably be considered to be done merely as part of public discussion or debate, or as entertainment or satire” before making its decision.

He also acknowledged this may have been the first time a news article had been censored using this section.

However, as a government which to a man fails to grasp how the Internet works their well-laid plans seldom go off without a hitch and, the article that Turnbull & Co wish to erase from memory remains on national and international news sites as I write.

Monday 12 February 2018

AUSTRALIA CARD MARK II: no national digital ID number will mean no access to any Australian federal government services

“When signing up to the platform for the first time, users will be asked to provide their name, email address, and phone number, and verify their details via email or SMS. They will then be asked to provide information from three identity documents, which goes through the exchange to the identity provider for verification. The exchange receives encrypted details back which it passes on to the government service the user wants to reach, which then grants the user access.” [IT News, 20 March 2015]

IT News, 8 February 2018:

The Department of Human Services looks set to become the federal government's exclusive manager of digital identities after being selected to build the identity provider solution that will be used for the Govpass platform.

The Govpass framework is a decentralised identity model that allows individuals to choose their identity provider - an organisation that issues identity documents, like Australia Post or the ATO - and access a range of public and private sector services through a single digital identity credential.

There is no limit on the number of identity providers outside of the Commonwealth that can be accredited for Govpass; Australia Post has already indicated it will seek to become the first non-government identity provider, using its Digital iD platform.

Several state and territory government agencies and private sector entities are also expected to become identity providers over time.

However, the federal government last year made the decision that only one identity provider would operate for the entire Commonwealth.

The Digital Transformation Agency revealed the decision following meetings with existing Commonwealth identity service providers, DHS and the ATO. Its rationale for the move was to focus security efforts in one place and avoid complex administrative structures.

iTnews revealed in October that the DTA was yet to make up its mind up on which of the two agencies would serve as the federal government’s sole identity provider for GovPass, even as testing of the new platform was taking place with the ATO’s new online tax file number application service.

Instead the DTA said it was working closely with the ATO and DHS on the “next steps” for the platform.

But in response to questions on notice from recent estimates hearings, DHS revealed it had been instructed to develop the federal government’s single identity provider platform, to be known as myGov IdP.

“The department was commissioned by the DTA to build the identity provider (IdP) for the whole-of-government,” it said.

“The myGov IdP will enable citizens to verify their identity online and use it to apply for government services.”

iTnews has made several attempts to clarify the statements with the DTA and DHS, but both refused to comment on the build and DHS’ apparent position as the single government identity provider.

The ATO similarly redirected questions about its involvement with Govpass, including whether it had also been asked by the DTA to build an identity provider solution, to the DTA.

Selecting DHS as the sole government identity provider would be an obvious choice for the DTA - the agency is the government’s current defacto whole-of-gov identity provider through the myGov digital services platform.

A private beta release of myGov IdP is currently planned for later this month.

Identity providers on Govpass will use the DTA-built identity exchange – and in turn the document verification service (DVS) and facial verification service (FVS) – to verify an individual’s credentials without revealing their identity to service providers.

[my yellow bolding]

Note: The Face Identification Service (FIS) is a one-to-many, image-based identification service that can match a photo of an unknown person against multiple government records to help establish their identity. FIS is also available to police, security services, Dept. of Immigration and Dept. of Foreign Affairs. [Australian Attorney-General's Department, October 2017]

Saturday 14 October 2017

Political Tweets of the Week

Hey @bobjcarr Welcome to Stasi Australia (metadata, no-charge detention, facial recognition CCTV). You still opposed to a Bill of Rights?
— Quentin Dempster (@QuentinDempster) October 8, 2017

Yesterday over 16,000 people turned out around Aus with a simple message: #StopAdani! Australia, you are awe-inspiring and can do anything! pic.twitter.com/HDaTodY74c
— Stop Adani (@stopadani) October 8, 2017

Tuesday 10 October 2017

National ID Database: so you think if you do nothing wrong you'll have nothing to fear?

“There is also a tendency for technologies to converge, allowing for the creation of devices with increased surveillance capabilities. CCTV, for example, may be combined with facial recognition technology….to identify individuals from their images. Another example is modern mobile phones, which combine telephonic services with GPS tracking software, digital visual and sound recording capabilities, and connection to the internet. A consequence of the convergence of surveillance technologies is the greater ability of surveillance users to compile detailed pictures of members of the public, making it increasingly difficult for individuals to maintain their privacy and anonymity.” [Victorian Law Reform Commission – Surveillance in Public Places: Final Report 18, 2010]

This month the Turnbull Government, state and territory governments have agreed to add the photo IDs of all registered drivers to the Facial Biometric Matching Capability (FBMC) database (est. 16 November 2016) which already has access to passport photographs, visa application photos, airport surveillance images and arrest ID images from the criminal justice system.

Additional images will probably be harvested from social media and added to this database which is to be used with CCTV footage of the general population going about their daily lives when considered necessary by police and security services. The biometric 'map' of an individual's face created by FBMC being easily applied to searches of video footage from public venue, shopping centre, street and road cameras as CCTV technology is now capable of recognising faces of people, vehicles, animals and bags automatically.

FBMC will involve using a Face Verification Service , Face Identification Service, One Person One Licence Service and Facial Recognition Analysis Utility Service in identity matching, along with a the Document Verification Service, Identity Data Sharing Service and/or any other government identity matching or data sharing service and, of course one of the areas it will be used is in so-called crime prevention.

Use of this facial recognition database will also be available to authorised private sector agencies and, like many new tools it is likely there will be function creep so that photo IDs will be required by more government agencies and private businesses when interacting with individuals in the future.

The Facial Biometric Matching Capability database will function alongside the Biometric Identification Services (BIS) which features national identification capability using fingerprints, palm prints, foot prints and facial recognition, person identity and evidence image case management, image enhancement tools and record auditing, matching services of one to one, one to few, one to many, and many to many, as well as photobook, photo line-up and witness viewing services.

But what’s the worry? After all if you are an ordinary person not committing a crime you have nothing to fear. Right?

Well there is this on the horizon…………..

Monash University, Research Spotlight: Crime, Risk and Security:

Criminologists at Monash undertake cutting edge research in the areas of risk and security that is theoretically sophisticated, innovative and highly relevant to areas of pressing national and international concern. The discipline hosts two recipients of the Australian government’s prestigious Future Fellowship Award, Professor Sharon Pickering and Associate Professor Weber, both undertaking programs of research on border policing. Their jointly authored book Globalization and Borders: Death at the Global Frontier was awarded Australia’s most significant criminology publication award in 2013. The Border Crossing Observatory is the online repository of all border-related research undertaken by Monash Criminology and our national and international partners. Criminologists at Monash have received multiple highly competitive Australian Research Council grants to investigate a host of risk and security related topics, amongst them, counter terrorism laws and policing, immigration and exploitive labour practices, deportation, regional security, and the gendered nature of border crossing and transnational law enforcement. Our risk and security research expertise includes the interrelated topics of borders, counter terrorism, state crime, transnational crime, irregular migration, human trafficking, risk and disability, and pre-crime. [my yellow bolding]

What is “pre-crime”?

Put simply, “pre-crime” activity is a crime not yet committed – it is the suspicion that an individual might be capable of breaking an unidentified law at some unspecified time in the future.

Such suspicion does not mean there is a need to charge, prosecute or convict for a specific crime. Intervention at “pre-crime” stage is supposedly risk containment.

You don’t have to be researching bomb-building or Googling how to buy a weapon online to commit a “pre-crime” activity - it can be your thoughts and political opinions spoken aloud or written down, as well as your actions at a public meeting or protest rally.

It can even be allegedly ‘guilty knowledge’ in that you knew the time and place a small environmental activist group was going to confront their local MP or you saw a person painting an anti-government picket sign ahead of a planned street march.

Going to the media – social or mainstream – with a genuine complaint against a government department might be considered a “pre-crime” if you visibly persist in seeking answers, redress or apology. You could easily be labelled "fixated" by police if a government minister takes offence and decides to complain.

If you make a small donation to a group the police or government consider problematic, troublesome or obstructive of the aims of government or big business you may at some time in the future be considered politically partisan and displaying “pre-crime” tendencies.

These are just some of the groups that are already complained about by big business and politicians: Environment Victoria, Wilderness Society (Australia, Victoria & Queensland), Friends of the Earth, Victorian National Parks Association, Australian Conservation Foundation, Lock the Gate Alliance, 350.org Australia, the Nature Conservation Council of NSW, the Australian Youth Climate Coalition, the Australian Marine Conservation Society, Australian Marine Conservation Society, Friends of the Earth Australia, Politics in the Pub and GetUp! as well as Greenpeace and Sea Shepherd.

Just belonging to a group or community association which speaks up on matters of social, economic, environmental or political concern could see you being eyed off as part of a potential conspiracy in the making.

In at least one Western country pre-crime can also manifest itself as a suspicion that you have come into a city centre with the intention of having a drink or two and you will be given a 48 hour direction-to-leave order.

With the notion of “pre-crime” there is no presumption of innocence and little more than lip service to due process if any arm of state or federal government decides you are a person of interest.

So how will pre-crime activity be monitored by police and security services? Well one of the methods used will be surveillance and this surveillance may involve use of the Facial Biometric Matching Capability database created by the Turnbull Government.

Surely this couldn’t possibly happen in Australia? you say. Think again.

We already keep individuals in gaol long after their court-imposed sentence has been fully completed under continuing detention legislation, have preventative detention without charge and control orders which can be applied to both minors and adults, police are known to use spyware to enter, monitor and control home computers and, in certain circumstances your home can be entered and searched without your knowledge by police and security services.

And here in Australia we have a history of unwarranted surveillance based on an individual's political association (1950s Cold War era) and political dissent (1960s & early 1970s Viet Nam War era) as well as virtually unchallenged unlawful use of coercive powers (Border Force 2014 to 2017).

Police and security agencies are constantly pushing for more legislation which would allow amongst other matters the creation of a raft of pre-emptive, punitive measures based solely on suspicion and an individual’s “pre-crime” tendencies.

Right now in Australia governments are all about political and physical control of the population - they are not about human rights, 'civil liberties' or a free, open and democratic society.

As a society Australia has been sliding down that slippery slope towards an authoritarian destination for years now and in 2017 we appear to have reached the bottom of the slope.

COAG, INTERGOVERNMENTAL AGREEMENT ON IDENTITY MATCHING SERVICES, 5 October 2017.

Barrister @BarnsGreg says the public shouldn't accept claims by politicians that #terrorlaws take precedent over #civilliberties | #COAG pic.twitter.com/rUXFY5Vn3b
— ABC News (@abcnews) October 5, 2017

“For years, there’s been ample evidence that authoritarian governments around the world are relying on technology produced by American, Canadian, and European companies to facilitate human rights abuses. From software that enables the filtering and blocking of online content to tools that help governments spy on their citizens, many such companies are actively serving autocratic governments as "repression’s little helper."

The reach of these technologies is astonishingly broad: governments can listen in on cell phone calls, use voice recognition to scan mobile networks, read emails and text messages, censor web pages, track a citizen’s every movement using GPS, and can even change email contents while en route to a recipient. Some tools are installed using the same type of malicious malware and spyware used by online criminals to steal credit card and banking information. They can secretly turn on webcams built into personal laptops and microphones in cell phones not being used. And all of this information is filtered and organized on such a massive scale that it can be used to spy on every person in an entire country.” [Electronic Frontiers Foundation, accessed 7 October 2017]

“Australia’s leading privacy and civil liberties organisations condemn the decision by the Council of Australian Governments (COAG) to provide all images from state and territory driver’s licence databases to the federal National Facial Biometric Matching Capability.

These organisations are the Australian Privacy Foundation, Digital Rights Watch, Queensland Council for Civil Liberties, NSW Council for Civil Liberties, Liberty Victoria, South Australian Council for Civil Liberties and Electronic Frontiers Australia.

The creation of such a comprehensive national facial database is an unnecessary and disproportionate invasion of the privacy rights of all Australians, is the foundation for suspicionless, warrantless mass surveillance and is fundamentally incompatible with a free and open society.

David Vaile, Chair of the Australian Privacy Foundation said, “This government has proven it is blind and deaf to privacy and personal information security threats. Make no mistake – this database will affect all Australians, even the most conscientious and law-abiding. It will likely generate massive ‘false positive’ lists that will flood our very effective police and security services with useless distractions. We’ve already seen calls for ‘scope creep’ to cover welfare enforcement, and there’s every reason to expect this capability will come to be used to identify people with unpaid fines and other minor issues that have nothing whatsoever to do with terrorism.” [Electronic Frontiers Australia, 6 October 2017]

“Every single portion of human rights activism overlaps, manifests or is exercised with the use of technology. That alone caused attackers and adversaries to recognize that technology itself is a good vehicle to get to these people and interfere with them or cause them harm.” [Claudio Guarnieri of Amnesty International quoted in Threat Post at Kapersky Lab, 4 October 2017]

Thursday 20 July 2017

A new Australian Federal Government super ministry capable of deploying armed soldiers on our streets

“The first question to ask yourself is this: does handing Dutton that power sound like a good idea?” [journalist Katherine Murphy, The Guardian, 18 July 2017]

A new Australian Federal Government super agency capable of deploying armed soldiers on our streets? With a former Queensland police officer of no particular merit as its head?

What could possibly go wrong with a rigid, far-right, professed ‘Christian’ property millionaire having oversight of a super portfolio which would reportedly bring together the Australian Security Intelligence Organisation (ASIO), the Australian Federal Police (AFP) Australian Border Force, Australian Criminal Intelligence Commission and AUSTRAC along with a database on ordinary citizens, ‘intellectuals’ and perfectly legal organisations, going back literally generations?

How long will it take before any industrial action or protest event would be quickly labelled as terrafret and armed soldiers sent to disperse people exercising their democratic right?

Australia’s been down that painful path before during the last 229 years and been the worse for it.

Turnbull at Holsworthy Barracks, Forbes Advocate,17 July 2017

“The measures I am announcing today will ensure that the ADF is more readily available to respond to terrorism incidents, providing state and territory police with the extra support to call on when they need it.”

[Prime Minster Malcolm Turnbull, media release, Holsworthy NSW,17 July 2017]

The Sydney Morning Herald, 18 July 2017:

Malcolm Turnbull has confirmed a dramatic shake-up of Australia's security, police and intelligence agencies that will put Immigration Minister, Peter Dutton, in charge of a sprawling new Home Affairs security portfolio.

The department of Home Affairs will bring together domestic spy agency ASIO, the Australian Federal Police, the Australian Border Force, the Australian Criminal Intelligence Commission, AUSTRAC and the office of transport security and will be put together over the next year.

And Mr Turnbull has also announced the government would, in response to the

L'Estrange review of Australia's intelligence agencies, establish an Office of National Intelligence and that the Australian Signals Directorate will also be established as an independent statutory authority.

The new Office of National Intelligence will co-ordinate intelligence policy and is in line with agencies in Australia's "Five Eyes" intelligence partners in the US, Britain, Canada and New Zealand…..

The changes are to be finalised by June 30, 2018 - subject to approval of the National Security Committee of Cabinet - with Mr Dutton to work with Senator Brandis in bedding down the changes.

Senator Brandis will lose responsibility for ASIO under the changes but, crucially, retain sign-off power on warrants for intelligence agency.

Mr Turnbull said the Attorney-General's oversight of Australia's domestic security and law enforcement agencies would be strengthened, with the Inspector-General of Intelligence and Security and the independent national security legislation monitor moving into his portfolio.

The Prime Minister said Australia needed these reforms "not because the system is broken, but because our security environment is evolving quickly…..

The Sydney Morning Herald, 17 July 2017:

However that L'Estrange review – part of a routine reassessment of national security arrangements – is understood not to specifically recommend such a super-portfolio.

Mr Turnbull has been dropping strong hints lately that he is inclined to make a significant change, rejecting what he's branded a "set and forget" policy on national security and warning that Australia must keep up with an evolving set of threats from terrorism to foreign political influence.

Security and intelligence agencies themselves are also believed to have concerns about such a change, while some former intelligence heads have publicly said they do not see any need for change.

However, a well-placed source in the intelligence community said a Home Affairs office - as opposed to a US-style Department of Homeland Security - was the preferred options for police and intelligence agencies.

That was because a Home Affairs department would potentially be broader, including agencies such as the Computer Emergency Response Team, the Australian Cyber Security Centre, Crimtrac, the Australian Criminal Intelligence Commission and the new Critical Infrastructure Centre, rather than just police and intelligence agencies.

The Guardian, 18 July 2017:

Peter Jennings, the executive director of the Australian Strategic Policy Institute, put it well on Tuesday when he said any “grit” in the Dutton/Brandis relationship could be problematic for intelligence operations, which is obviously problematic for all of us, given we rely on the efficiency of the counter-terrorism framework to keep us safe.

So we’d better hope for the best, to put it mildly.

We’d also better hope it’s a good use of the time of our intelligence services and public servants to nut out how the Big Idea is going to work in practice, which will be a reasonably complex task, at a time when these folks already have a serious day job.

Recapping that specific day job again: trying to disrupt national security threats, in a complex environment. Pretty busy and important day job, that one.

It’s cartoonish to say this is all about the prime minister rewarding old mate Dutton, on the basis you keep your friends close, and your (potential) enemies closer.

Nothing is ever that simple outside a House of Cards storyboard– although it remains an irrefutable fact that Dutton wanted this to happen, and if Dutton really wanted it to happen, it would have been difficult for Turnbull, in his current position, to say no.

The Australian, 19 July 2017:

The pressure points lie in the risk calculations that link intelligence to response. In a liberal democracy, we rightly demand high certainty of the intention to carry out an act of violence before we are comfortable with our security services pre-emptively taking someone off the streets. Usually when an attack happens, here or in the US or Europe, it’s because the calibration of risk hasn’t worked. It’s not because security services weren’t concerned about an individual’s beliefs and actions or couldn’t find him.

For those of us without access to national security data, the evidence suggests that Australia does these important risk calculations relatively well. Our list of foiled terrorist attacks is quite a bit longer than the list of attacks. The reason for this is the national security structures we have evolved: the combination of separate national security agencies, each with highly developed specialist capabilities and slightly different cultures and perspectives, working in close, 24/7 collaboration.

When calculating risk, separation and diversity are a strength because they build contestation, careful deliberation and stress testing into the system. Britain, the US, France and Belgium have chosen more centralised structures, and the evidence is that their systems do not work as well as ours. Bringing our highly effective agencies into a super-department cannot help but disrupt their inner structures and cultures. Such enterprises inevitably lose sight of the goal — keeping Australians safe — as they become driven by the desire for efficiencies and cultural homogenisation, and the urge for bureaucratic tidiness. Look no further than the creation of the Department of Immigration and Border Protection, a process that has consumed enormous amounts of resources in reconciling two incompatible cultures, with no apparent benefits and a list of embarrassing blunders.

Creating one security super-department places a major imperative on the government to get everything right, first time. Separate but closely collaborating security agencies create a powerful check against underperformance: a struggling agency or a leader who’s not up to it are spotted and called out quickly. But underperformance in a federation-style conglomerate is not so easy to see and to call out. And in the meantime, it’s the safety of Australians that will be the price for underperformance.

If the Turnbull government were serious about national security, it would not engage in evidence-free experimentation with our national security. It should instead be building on what’s working well and making it even stronger. We need better co-ordination and cross agency connectivity, not big-bang organisational redesign.

We should be getting these sorts of issues right in a system that is working, rather than indulging in the risk-riddled gesture politics of a grand restructure.

Michael Wesley is professor of international affairs and dean of the College of Asia and the Pacific at the Australian National University.

Wednesday 5 July 2017

Would you trust these men with your personal health information?

The darknet vendor says they are “exploiting a vulnerability which has a much more solid foundation which means not only will it be a lot faster and easier for myself, but it will be here to stay. I hope, lol.” [The Guardian, 4 July 2017]

Left to Right: Minister for Human Services and Liberal MP for Aston, Alan Tudge

& Minister for Health and Liberal MP for Flinders, Greg Hunt

These two federal politicians have portfolio responsibility for some of the largest government databases in Australia.

One has portfolio responsibility for those sensitive e-health records which are due to be rolled out nationally on an opt-out basis by 2020.

This is how secure your personal information is on their watch…….

The Sydney Morning Herald, 4 July 2017:

The Australian Federal Police is investigating reports Australians' personal Medicare details are being accessed and sold on the dark web, an apparent breach that has been labelled an "internet catastrophe".

According to a Guardian Australia report, an online vendor can pull up the full Medicare card details of any Australian on request — and is selling them for around $30 each — indicating a security hole somewhere in the health system.

Human Services Minister Alan Tudge said the government was taking the matter seriously.

The sales are reportedly listed on an undisclosed dark web marketplace, in which the vendor claims to be "exploiting a vulnerability" in order to run software that pulls the data. The vendor calls it "the Medicare Machine".

"Leave the first and last name, and DOB of any Australian citizen, and you will receive their Medicare patient details in full", the listing says, adding that the nature of the security hole being utilised means the vendor will be "here to stay".

In a statement, Mr Tudge said any authorised access to Medicare card numbers was "of great concern" and his department was also conducting its own investigation.

Medicare's database was always a honeypot waiting to be exploited once governments embraced data matching, data retention and data sharing with much enthusiasm but little understanding.

Once someone decides they want your Medicare details ID theft is now just 0.0089 bitcoin away - as is your abusive former spouse/partner or that anonymous stalker or Internet troll that has been making your life a misery.

UPDATE

Anthony Baxter, 4 July 2017:

You supply the person with name, date of birth and gender and around $30 of Bitcoin they'll give you the person's Medicare number. This is pretty bad, as it allows idemtity thieves to forge them - a Medicare card is usually worth 25 points on the standard 100 point ID check here. The AU govt had no idea this was happening until the journo from The Guardian let them know.

It turns out there's a portal that any health care provider can use to look up Medicare numbers this way. In case you've lost your card or whatever. Likely it's someone who works for one of them selling access, or someone's popped a PC there (more on that to come).

When asked, the relevant government minister (the same guy who presided over the Census fuckup last year (update: I misremembered, that was a different clown), the accidental publishing of PBS data that was poorly deidentified and the ongoing Centrelink robodebt nightmare) claimed it's OK because you can't get access to someone's medical records through the shiny new online electronic health records system with just a Medicare number. Aside from ignoring the ID theft issue there's a liiiiiittle bit of an issue here.

Guess what information you need along with the Medicare number to pull someone's medical records? Did you guess "name, date of birth and gender"? Collect your prize.

According to https://www.itnews.com.au/news/govt-blames-medicare-card-breach-on-traditional-crims-467502 the folks who did the Privacy Impact Assessment on the electronic health records system were told it would be secure because you needed Medicare number as well as name/DOB/gender and weren't told you could use the latter to look up the former.

It Gets Worse.

In theory you can only look up this stuff from a secure endpoint, with a client side certificate installed. Which in practice means maybe 20K PCs scattered across every doctors office in the country. Worse still, many of these client certs were originally sent out via unencrypted email, and a nontrivial number were "lost". And you reckon all or even a significant fraction of these 20K boxes are running modern Windows with up to date patches? Me neither. I can't count the number of times I've been left alone in a room with an unlocked doctor's PC while he went to check something.

It (Incredibly) Gets Even Worse.

They have a Two Factor Auth system which doctors are supposed to use. One of the ways to get the 2FA key is, and I wish I was joking here, email.

So get access to a box running some XP/Win7 version that's ludicrously unpatched that's also logged into the doctors email, collect health care records. Australian government cannot computer.

At the moment the electronic health records thing is opt-in, at some point next year they'll be moving to an opt-out scheme with a window to opt-out. There's an email form here https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/content/home where you can sign up to be notified when the window to opt the hell out is opened and I urge everyone to do so ASAP.

UPDATE

The Sydney Morning Herald, 5 July 2017:

The federal government was warned more than three years ago of security deficiencies surrounding personal Medicare data, with the Department of Human Services told it was not fully complying with spy agency rules.

Questioning the department's ability to keep the data safe from "security threats from external and internal sources", the government auditor made a series of recommendations in April 2014 but it is unclear if they were fully implemented.

Friday 9 June 2017

The American Resistance has many faces and here are just seventeen of them (8)

According to the American Civil Liberties Union (ACLU):

In April 2017…. President Trump signed a law overturning strong, commonsense privacy rules that gave consumers control over what internet service providers (ISPs) could do with their data. The rules that were overturned would have prevented ISPs from sharing our browsing history with advertisers, forced ISPs to be clear about what information they’re collecting, and required ISPs to take reasonable steps to protect our data from hackers.

The response from many states was almost instantaneous. State legislators around the nation are now considering laws to restore the privacy protections that Congress and President Trump eviscerated……..

ALASKA