Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts

Sunday, 15 July 2018

"Bad actor" Facebook Inc given £500,000 maximum fine - any future breach may cost up to £1.4bn


The Guardian, 11 July 20018:

Facebook is to be fined £500,000, the maximum amount possible, for its part in the Cambridge Analytica scandal, the information commissioner has announced.

The fine is for two breaches of the Data Protection Act. The Information Commissioner’s Office (ICO) concluded that Facebook failed to safeguard its users’ information and that it failed to be transparent about how that data was harvested by others.

 “Facebook has failed to provide the kind of protections they are required to under the Data Protection Act,” said Elizabeth Denham, the information commissioner. “Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system.”

In the first quarter of 2018, Facebook took £500,000 in revenue every five and a half minutes. Because of the timing of the breaches, the ICO said it was unable to levy the penalties introduced by the European General Data Protection (GDPR), which caps fines at the higher level of €20m (£17m) or 4% of global turnover – in Facebook’s case, $1.9bn (£1.4bn). The £500,000 cap was set by the Data Protection Act 1998.

As one of the IT whistleblowers described the situation...

Thursday, 5 July 2018

Turnbull and Keenan botching digital transformation policy


The Australian Minister for Human Services, Minister Assisting the Prime Minister for Digital Transformation and Liberal MP for Stirling, 46 year-old Michael Fayat Keenan, is all gung-ho for digital transformation.

The problem is that he is just not good at being transformative – rather like his prime minister.

One could almost see the trainwreck coming down the line from the moment of then Communications Minister Turnbull's initial joint announcement with then Prime Minister Tony Abbott in 2015.

Despite the obvious problems Michael Keenan will be commencing pre-rollout trials of a facial recognition program this year,

Yahoo News, 1 July 20118:

Welfare recipients will soon be asked to have their faces scanned before they can claim their benefits.

It is part of a new trial of biometric security measures the government will begin within months.

Similar to how SmartGates work at airports to check passports, government services will ask recipients to take a photo on a computer or phone to create a MyGov ID.
The photo will then be checked against passports and driver’s licences.
But there are questions as to whether this information could be misused.

Australian Privacy Foundation’s Bernard Robertson-Dunn said people needed to be assured “it works properly” and the government “doesn’t use the technology to do things it didn’t say it was going to do”.

Human Services Minister Michael Keenan said on May 1 the misuse of data which could be used to “impinge on people’s privacy” was “clearly” a concern for many Australians.

The 2016 Census is an example of a recent government technology fail….

Uses for the MyGov ID will trial from October – with an all-online way to get a tax file number.

Next year Centrelink services, including Newstart and Youth Allowance, will also be trialled.

Here is the organisational and technological mess that Keenan helped create…..

The Canberra Times, 29 June 2018, p.14:

The agency charged with guiding IT projects has been sidelined from major policies and is removed from the Coalition's thinking about digital reform, an inquiry into the government's $10 billion tech spend has found.

A report released on Wednesday has called for a central vision to guide the government in its IT reform and found changes to the Digital Transformation Agency had left it watching on as major tech projects hit disaster.

The inquiry found the DTA did not have the Australian Criminal Intelligence Commission's botched project to adopt biometric technology on its watchlist and that it had failed to involve itself in determining why the Education Department's Australian Apprenticeship Management System project was called off.

It was sidelined as the Department of Home Affairs took charge of cyber policy, the Prime Minister's department assumed control of data policy and the newly created Office of the Information Commissioner was created separate from the DTA, the report said.

"The evidence heard by this committee revealed an organisation that was not at the centre of government thinking about digital transformation, or responsible for the creation and enactment of a broader vision of what that transformation would look like," it said.

News.com.au, 12 June 2018:

Australians will be able to access government services with a single log-in under a plan to create a "single digital identity" by 2025.

Michael Keenan, the federal minister in charge of digital services, said face-to-face interactions with government services would be greatly reduced.

"Think of it as a 100-point digital ID check that will unlock access to almost any government agency through a single portal such as a myGov account," Mr Keenan said.

The minister wants Australia to be a world leader in digital government, with almost all services to be available online by 2025.

Mr Keenan said having 30 different log-ins for government services is not good enough.

"The old ways of doing things, like forcing our customers to do business with us over the counter, must be re-imagined and refined," he said.

People will need to establish their digital identity once before being able to use it across services.

The first of several pilot programs using a "beta" version of what will be known as myGovID will begin in October.

The initial pilot will enable 100,000 participants to apply for a tax file number online, which Mr Keenan says will reduce processing time to a day from up to a month currently.

In a pilot starting from March next year, services including student identification and Centrelink will be connected to the digital identity.

Also from March 2019, 100,000 people will be able to use their digital identity to create their My Health Record online.

Mr Keenan says one face-to-face or over-the-counter transaction costs on average about $17 to process, while an online transaction can cost less than 40 cents.

The Human Services department will operate as the gateway between service providers and people.

"This is key to protecting privacy, as the exchange will act as a double-blind - service providers will not see any of the user's ID information and identity providers will not know what services each user is accessing," Mr Keenan said.

Labor digital economy spokesman Ed Husic said the Turnbull government was responsible for a "dirty dozen" of failed digital transformation failures, including the census and tax office website crashes.

"The biggest challenge confronting the Turnbull government is to quit its addiction to glitzy digital announcements and get stuck into properly delivering these multimillion-dollar projects," Mr Husic said.

The Australian Crime Intelligence Commission has suspended the contract for its beleaguered biometric identification services project in order to renegotiate it after the contractor failed to meet the deadline for completion and the cost ran $40 million over budget.

It follows a recommendation from a scathing independent review late last year that the contract be overhauled, the project be simplified and the timeline for delivery changed.

In 2016 ACIC (then CrimTrac) contracted NEC Australia to deliver a program that would replace the national automated fingerprint identification system, adding in facial recognition, palm prints and foot prints and would be available for use by police forces around the country.

Industry news website InnovationAus reported on Wednesday that NEC contractors had been marched from ACIC's premises on Monday June 4, after being told that the project had been suspended at the start of June.
It is believed the project has been suspended until Friday, while the negotiations over the contract take place.

A PricewaterhouseCoopers report last November seen by Fairfax Media said "a chain of decisions involving all levels and stakeholders" had led to the project running behind schedule and over budget.

It recommended that the scope of the project be simplified and standardised, and called it "highly challenged" and presenting a "high risk" to the commission.
"There is low confidence in likelihood of delivery which requires focus to achieve turnaround."

Poor communication, operational silos, limited collaboration and a failure to estimate the project's complexity had blown it off-track, the report said.

The report also recommended that the existing fingerprint database contract with Morpho be extended for 12 months after its expiry last month. It is not clear whether this contract was extended as recommended……

NEC Australia was also the contractor for the failed Australian apprentice management system, which was dumped by the Department of Education and Training last month due to critical defects, also found by a report by PwC.

InnovationAus, 12 June 2018:

NEC Australia won a $52 million tender for the Biometric Identification Services project in early 2016. The project involved replacing the ACIC’s National Automated Fingerprint Identification System with a “multi-modal biometric identification” service, incorporating fingerprints, footprints and facial recognition.

But the project is running behind schedule and is understood to be returning a high amount of false positives.

ABC News, 28 May 2018:

A massive case of mistaken identity in the UK is prompting calls for a rethink on plans to use facial recognition technology to track down terrorists and traffic offenders.

"If you have technology that is not up to scratch and it is bringing back high returns of false positives then you really need to go back to the drawing board," president-elect of the Law Council of Australia Arthur Moses told AM.

The comments follow revelations a London police trial of facial recognition technology generated 104 "alerts", of which 102 were false.

The technology scanned CCTV footage from the Notting Hill Carnival and Six Nations Rugby matches in London in search of wanted criminals.

Sunday, 1 July 2018

Oi! Malcolm Bligh Turnbull and every dumb-witted member of his federal government as well as every premier and member of a state or territory government – when are you all going to wake up to the fact that digital is bloody dangerous?


For literally hundreds of years now, first in colonial, then in dominion and later in federation periods, Australia has relied on a 'paper and ink' processes to decide major political votes by its eligible citizens.

By and large this system has produced reliable results with regards to the people's will.

However, in the 21st Century government's blind infatuation with digital 'innovation' is now dangerously out-of-control.

This is evidence of just the latest red flag that Australian governments have ignored ……

The Mercury online, 30 June 2018:

The personal information of about 4000 Tasmanian voters has been leaked after a data breach on a third-party website linked to express votes, the state’s Electoral Commission has revealed.

Tasmanian Electoral Commissioner Andrew Hawkey said hackers had access to the names, dates of birth, emails and postal addresses of those who applied for an express vote at the recent state and Legislative Council elections.

“Early today, the Tasmanian Electoral Commission was informed by the Barcelona-based company Typeform, that an unknown third party had gained access to one of their servers and downloaded certain information,” he said.

“Typeform online forms have been used on the TEC website since 2015 for some of its election services. The breach involved an unknown attacker downloading a backup file.

“Typeform’s full investigation of the breach identified that data collected through five forms on the TEC website had been stolen.”


The breach was identified by Typeform on June 27 and shut down within half an hour of detection, Mr Hawkey said.

“The Electoral Commission will be contacting electors that used these services in the coming days to inform them of the breach,” Mr Hawkey said.

“The Electoral Commission apologises for the breach and will re-evaluate its collection procedures and internal security elements around its storage of electoral information for future events. The breach has no connection to the national or state electoral roll.”

Mr Hawkey said some of the stolen information had previously been made public, such as candidate statements for local government by-elections.

Typeform said it had responded immediately and had fixed the source of the breach to prevent further hacks.

“We have since been performing a full forensic investigation of the incident to be certain that this cannot happen again,” a statement on the Typeform website read.

“The results that were accessed are from a partial backup dated May 3, 2018. Results collected since May 3 are therefore safe and not compromised.’

Typeform reportedly provides services for some pretty big names, including Apple, Uber, Airbnb and Forbes.

The hack comes after up to 120,000 Tasmanian job seekers may have had their personal information compromised following a data breach reported by human resources company PageUp in early June.

That site was linked to the Tasmanian Government and the University of Tasmania.
The State Government is still waiting for a further response from PageUp but it is believed the breach was limited to names, addresses, emails and phone numbers.

Thursday, 7 June 2018

Only 39 days to go until concerned Australian citizens can opt out of the Turnbull Government's collection of personal health information for its national database


Apparently this email is currently being sent out to registered Australian citizens.

Australian Digital Health Agency, email, 5 June 2018:

Hello,

You are receiving this email because you registered your email address at myhealthrecord.gov.au to find out more information about how to opt-out of the My Health Record system.

If you do not want a My Health Record, you must register your choice between 16 July and 15 October 2018 during the opt-out period. It is not possible to opt-out of having a record before the opt-out period starts.

The opt-out period will not apply to individuals who have previously chosen to have a My Health Record, or were included in the Nepean Blue Mountains or North Queensland opt-out trials in 2016. Individuals who have an existing My Health Record can cancel their record at any time. Instructions on cancelling a record can be found on the My Health Record website.

Once the opt-out period starts you will receive another email letting you know that the opt-out period has started and what to do if you still want to opt-out.

A My Health Record is a secure online summary of an individual’s key health information. 1 in 5 Australians already have one. It’s an individual’s choice who sees their My Health Record, what’s in it and who it is shared with. My Health Record has safeguards in place to protect an individuals’ information including encryption, firewalls and secure login.

For further information about the My Health Record, please visit the My Health Record website.

Thank you,

The My Health Record System Operator
www.digitalhealth.gov.au

[my yellow highlighting]

Wednesday, 16 May 2018

An insider has finally admitted what any digital native would be well aware of - your personal health information entered into a national database will be no safer that having it up on Facebook


Remembering that a federal government national screening program, working with with a private entity, has already accessed personal information from Medicare without consent of registered individuals and entered these persons into a research program - again without consent - and these individuals apparently could not easily opt out of being listed as a research subject but were often only verbally offered  the option of declining to take part in testing, which presumably meant that health data from other sources was still capable of being collected about them by the program. One has to wonder what the Turnbull Government and medical establishment actually consider patient rights to be in practice when it comes to "My Health Record".

Healthcare IT News, 4 May 2018:

Weeks before the anticipated announcement of the My Health Record opt out period, an insider’s leak has claimed the Australian Digital Health Agency has decided associated risks for consumers “will not be explicitly discussed on the website”.

As the ADHA heads towards the imminent announcement of the three-month window in which Australians will be able to opt out of My Health Record before being signed up to the online health information repository, the agency was caught by surprise today when details emerged in a blog post by GP and member of the steering group for the national expansion of MHR, Dr Edwin Kruys.

Kruys wrote that MHR offers “clear benefits” to healthcare through providing clinicians with greater access to discharge summaries, pathology and diagnostic reports, prescription records and more, but said “every digital solution has its pros and cons” and behind-the-scenes risk mitigation has been one of the priorities of the ADHA. However, he claimed Australians may not be made aware of the risks involved in allowing their private medical information to be shared via the Federal Government’s system.

“It has been decided that the risks associated with the MyHR will not be explicitly discussed on the website,” Kruys wrote.

“This obviously includes the risk of cyber attacks and public confidence in the security of the data.”

The most contentious contribution in the post related to the secondary use of Australians’ health information, the framework of which has yet to be announced by Health Minister Greg Hunt.

Contacted by HITNA, the agency moved swiftly to have Kruys delete the paragraph relating to secondary use.

In the comment that has since been removed, Kruys wrote, “Many consumers and clinicians regard secondary use of the MyHR data as a risk. The MyHR will contain a ‘toggle’, giving consumers the option to switch secondary use of their own data on or off.”

Under the My Health Records Act 2012, health information in MHR may be collected, used and disclosed “for any purpose” with the consent of the healthcare recipient. One of the functions of the system operator is “to prepare and provide de-identified data for research and public health purposes”. 

Before these provisions of the act will be implemented, a framework for secondary use of MHR systems data must be established. 

HealthConsult was engaged to assist the Federal Government in developing a draft framework and implementation plan for the process and within its public consultation process in 2017 received supportive submissions from the Australasian College of Health Informatics, the Australian Bureau of Statistics and numerous research institutes, universities, and clinicians’ groups.

Computerworld, 14 May 2018:

Use of both de-identified data and, in some circumstances, identifiable data will be permitted under a new government framework for so-called “secondary use” of data derived from the national eHealth record system. Linking data from the My Health Record system to other datasets is also allowed under some circumstances.

The Department of Health last year commissioned the development of the framework for using My Health Record data for purposes other than its primary purpose of providing healthcare to an individual.

Secondary use can include research, policy analysis and work on improving health services.

Under the new framework, individuals who don’t want their data used for secondary purposes will be required to opt-out. The opt-out process is separate from the procedure necessary for individuals who don’t want an eHealth record automatically created for them (the government last year decided to shift to an opt-out approach for My Health Record)……

Access to the data will be overseen by an MHR Secondary Use of Data Governance Board, which will approve applications to access the system.

Any Australian-based entity with the exception of insurance agencies will be permitted to apply for access the MHR data. Overseas-based applicants “must be working in collaboration with an Australian applicant” for a project and will not have direct access to MHR data.

The data drawn from the records may not leave Australia, but under the framework there is scope for data analyses and reports produced using the data to be shared internationally……

The Department of Health came under fire in 2016 after it released for download supposedly anonymised health data. Melbourne University researchers were able to successfully re-identify a range of data.

Last month the Office of the Australian Information Commissioner revealed that health service providers accounted for almost a quarter of the breaches reported in the first six weeks of operation of the Notifiable Data Breach (NDB) scheme.


Australians who don't want a personal electronic health record will have from July 16 to October 15 to opt-out of the national scheme the federal government announced on Monday.

Every Australian will have a My Health Record unless they choose to opt-out during the three-month period, according to the Australian Digital Health Agency.

The announcement follows the release of the government’s secondary use of data rules earlier this month that inflamed concerns of patient privacy and data use.


Under the framework, medical information would be made available to third parties from 2020 - including some identifying data for public health and research purposes - unless individuals opted out.

In other news....... 


A cyber attack on Family Planning NSW's website has exposed the personal information of up to 8000 clients, including women who have booked appointments or sought advice about abortion, contraception and other services.

Clients received an email from FPNSW on Monday alerting them that their website had been hacked on Anzac Day.

The compromised data contained information from roughly 8000 clients who had contacted FPNSW via its website in the past 2½ years to make appointments or give feedback.

It included the personal details clients entered via an online form, including names, contact details, dates of birth and the reason for their enquiries….

The website was secured by 10am on April 26, 2018 and all web database information has been secure since that time

SBS News, 14 May 2018:

Clients were told Family Planning NSW was one of several agencies targeted by cybercriminals who requested a bitcoin ransom on April 25…..
The not-for-profit has five clinics in NSW, with more than 28,000 people visiting every year.

The most recent Digital Rights Watch State of Digital Rights (May 2018) report can be found here.

The report’s 8 recommendations include:

Repeal of the mandatory metadata retention scheme

Introduction of a Commonwealth statutory civil cause of action for serious invasions of privacy

A complete cessation of commercial espionage conducted by the Australian Signals Directorate

Changes to copyright laws so they are flexible, transparent and provide due process to users

Support for nation states to uphold the United Nations Convention on the Rights of the Child in the digital age

Expand the definition of sensitive information under the Privacy Act to specifically include behavioural biometrics

Increase measures to educate private businesses and other entities of their responsibilities under the Privacy Act regarding behavioural biometrics, and the right to pseudonymity

Introduce a compulsory register of entities that collect static and behavioural biometric data, to provide the public with information about the entities that are collecting biometric data and for what purpose

The loopholes opened with the 2011 reform of the FOI laws should be closed by returning ASD, ASIO, ASIS and other intelligence agencies to the ambit of the FOI Act, with the interpretation of national security as a ground for refusal of FOI requests being reviewed and narrowed

Telecommunications providers and internet platforms must develop processes to increase transparency in content moderation and, make known what content was removed or triggered an account suspension.

Friday, 11 May 2018

File this under "Yet Another National Database" cross referenced wih "What Could Possibly Go Wrong?"




A massive breach of Commonweath Bank data exposed last week has raised security fears around a new national database of Australian bank customers, as Labor pushes for a delay to part of the scheme's scheduled introduction in less than two months.
The database - set to go live on July 1 - will include the details of every person who has taken out a loan or a credit card, along with their repayment history.

The Mandatory Comprehensive Credit Reporting scheme was a recommendation of the 2014 financial system inquiry and is designed to give lenders access to a deeper, richer set of data to ensure loans are only being approved for people who can afford to repay them.

The new requirements will first apply to the Commonwealth Bank, ANZ Bank, Westpac and National Australia Bank, given they account for up to 80 per cent of lending to households.

But the collection of sensitive data by private companies has raised concerns in the wake of several high-profile data breaches, including the disappearance of 20 million customers records from the Commonwealth Bank.

The Financial Rights Legal Centre and the Consumer Action Law Centre claim the financial details of millions of Australians will be vulnerable under the new scheme - which includes positive and negative credit histories.

Financial Rights Legal Centre policy officer Julia Davis said the development "was a major intrusion into our financial privacy".

"I don’t think Australians realise this is about to happen," she said.

The legislation states all credit reporting bodies must store the information on a cloud service that has been assessed by the Australian Signals Directorate. It also contains a provision allowing banks to stop supplying customer data to credit providers should there be a major security breach.

Ms Davis said the oversight was welcome but the internal systems of credit reporting bodies remained "completely opaque."

"Once that data goes live in the one place you can't put the toothpaste back in the tube," she said.

Equifax, one of the companies which will have access to the data, had its systems in the US hacked last year, exposing the personal information of 143 million Americans and triggering to the resignation of its chief executive.

It is also being sued by consumer watchdog the Australian Competition and Consumer Commission over allegations it misrepresented its product to consumers by asking them to pay for their own credit histories which are usually available online for free.

The company's general manager of external relations, Matthew Strassberg, said Equifax had "only been a marquee above the door for six months," after the US giant took over the Australian operation formerly known as Veda.

He said the credit reporting business would provide "a 360 degree picture."
"A bank will have a very deep insight into what they know of you," he told Fairfax Media.

Mr Strassberg said he recognised that Australians were concerned about data security…..

Wednesday, 9 May 2018

Is Telstra selling customer location data? Did it ever specifically request permission from account holders?





Telstra is making money by on-selling location data from its customers' mobile phones in similar deals to a partnership with the Bureau of Statistics that caused a public backlash last week.

The Australian Bureau of Statistics came under fire for partnering with the telco for a study in 2016, which used mobile phone data showing how many people were in particular suburbs hour by hour.

Similar data is now available for a fee, after the Location Insights program was quietly launched by the telco in July 2016. The Australian Bureau of Statistics was the first licensee under the program, but has not used Telstra's Location Insights since then.
Data available to Telstra's clients can be broken down into 15 minute increments, and demographics broken down by age groups and gender. The smallest geographic areas available for analysis are the same as the Australian Bureau of Statistics' smallest statistical area, which have an average population of 400 people and could have as few as 200 people.

In a video used to spruik the service by Telstra, potential customers are listed as local governments and transport companies. It’s not clear how many organisations have used the service, or what the price tag is for such information.

“Imagine if you could know what is happening in your community, region, or city hub, every 15 minutes,” a voiceover in the Youtube video promoting the program said.
“Telstra Location Insights builds industry-specific metrics where data sets are used for modelling purposes and then extrapolated to estimate for the entire population,” a Telstra spokesman said.

“These metrics are aggregated spatially and temporally before differential privacy and k-anonymisation are both applied to completely anonymise the data.”

This explanation is not accepted by senior lecturer at the University of Melbourne Vanessa Teague.

“In order to know whether those things actually work, we need to see what the parameters are and how they're applied to the data in order to be assured that they’re applied correctly and they work,” Dr Teague said.

Dr Teague is chair of the Cybersecurity and Democracy Network and was part of a team of researchers who re-identified patient health records from Pharmaceutical Benefits Scheme data that was released by the government.

“It's possible that [anonymising the data] has been done correctly, it's also possible that they think it’s been done correctly but they’re wrong. And really the only way to assess that is to get a clear and detailed technical description of what they've done,” Dr Teague said.

“If they've done it right then there's no reason to be secretive about the details of what they’ve done, if they’ve done it wrong then they are better off getting a genuine open assessment of it so they can find out sooner rather than later.”

Telstra said the use of the information was in line with its privacy statement, which states that customers’ information could be shared with “our dealers, our related entities or our business or commercial partners and other businesses we work with”.


Dr Teague is sceptical about that explanation. “Just because a company holds highly sensitive information about you doesn’t mean that that data is their property that they should then be able to turnaround and sell without asking you,” she said.


Now when I read Telstra's privacy statement I do not recall that it mentioned that it would be selling mobile phone location information in SA1 statistical level data bundles captured at 15 minute intervals (as mentioned in the news article) and, that those bundles could be used to create data sets which track an individual's movements over time in relatively fine detail.

Yamba in the Clarence Valley NSW is a quiet little town with a population of approx. 6,076 persons living in 3,820 dwellings spread across est. 16 SLA1 statistical levels and in over 100 even smaller statistical Mesh Blocks.




I suspect that many Yamba residents will not be happy with the idea that Telstra Corporation Limited will alllow their movements to be tracked and their daily habits predicted if an individual, private company, government agency or political party pays them for the town's mobile phone location data.

Wednesday, 2 May 2018

The man who would be prime minister


“In terms of ministerial oversight, the portfolio has the following ministers: the Minister for Home Affairs, who sits in the cabinet and who is also separately sworn as the Minister for Immigration and Border Protection; the Minister for Citizenship and Multicultural Affairs; the Minister for Law Enforcement and Cybersecurity; and the Assistant Minister for Home Affairs. The core functions of the department are policy, strategy, planning and coordination in relation to the domestic security and law enforcement functions of the Commonwealth as well as managed migration and the movement of goods across our borders…..four portfolio agencies that sit alongside the department, which are statutorily independent, but they are within the portfolio. They all, like me, report to the cabinet minister. The Australian Federal Police, ACIC, AUSTRAC and Australian Border Force. That is four. Then, with the passage of relevant legislation that is currently before the parliament, ASIO will move across soon.  [Secretary Dept. of Home Affairs Michael Pezullo at Senate Estimates Hearing, Legal and Constitutional Affairs Legislation Committee, 26 February 2018]

The worry about concentration of political power per se and that power in inappropriate hands…….

The Saturday Paper, 28 April 2018:

Peter Dutton is arguably the most powerful person in the country. In his new ministry he has oversight for national security, for the Federal Police, Border Force and ASIO, for the law enforcement and emergency management functions of the Attorney-General’s Department, the transport security functions of the Department of Infrastructure, Regional Development and Cities, the counterterrorism and cybersecurity functions of the Department of Prime Minister and Cabinet, the multicultural affairs functions of the Department of Social Services, and the entire Department of Immigration and Border Protection.

It is hard to imagine any member of federal parliament less suited to exercise the sort of powers now held by Dutton. It is easy to argue that no minister should be entrusted with such vast powers. But the fact that those powers are in Dutton’s hands is seriously alarming.

Ministerial powers are subject to limits. The rule of law means that the limits are subject to supervision by the judicial system. Most ministers understand that. Dutton apparently does not…..

On April 7, 2018, Dutton called for “like-minded” countries to come together and review the relevance of the 1951 Refugee Convention.

So, here it is: Australia’s most powerful minister is wilfully mistreating innocent people at vast public expense. He is waging a propaganda war against refugees and against the people who try to help them. And he is trying to persuade other countries to back away from international human rights protection.

He tries to make it seem tolerable by hiding it all away in other countries, so that we can’t see the facts for ourselves. [my yellow highlighting]

Evidence that the community concern is justified…….

MSM News, 29 April 2018:

Ministers are planning to make it easier for the government to spy on its own citizens, a leaked document has revealed.

As it stands, the Australian Federal Police and Australian Security Intelligence Organisation need a warrant from The Attorney-General to access Australians' emails, bank records and text messages.

But ministers are reportedly planning to amend the Intelligence Services Act of 2001 to allow Home Affairs Minister Peter Dutton and Defence Minister Marise Payne to give the orders without the country's top lawyer knowing

The intelligence - which could include financial transactions, health data and phone records - would be collected by a government spy agency called the Australian Signals Directorate. 

The plan was revealed by a leaked letter from Home Affairs Secretary Mike Pezzullo to Defence Secretary Greg Moriarty.

The top secret letter, written in February and seen by The Sunday Telegraph, details a plan to 'hack into critical infrastructure' to 'proactively disrupt and covertly remove' cyber-enabled criminals including child exploitation and terror networks. 
In March, the plan was outlined in a ministerial submission signed by Mike Burgess, the chief of the Australian Signals Directorate.

It states: 'The Department of Home Affairs advises that it is briefing the Minister for Home Affairs to write to you (Ms Payne) seeking your support for a further tranche of legislative reform to enable ASD to better support a range of Home Affairs priorities.'
But a proposal to change the law has not yet been made.

A spokesman for the Defence Minister Ms Payne said: 'There has been no request to the Minister for Defence to allow ASD to counter or disrupt cyber-­enabled criminals onshore.' 
      
An intelligence source told The Sunday Telegraph that the proposals could spell danger for Australians.

'It would give the most powerful cyber spies the power to turn on their own citizens,' the source said.

The letter also outlines 'step-in' powers which could force companies to hand over citizens' data, the source added.

The submission says the powers would help keep Australian businesses and individuals safe. [my yellow highlighting]

The inherent dishonesty of the Dept. of Home Affairs…..

Secretary of Department of Home Affairs Michael Pezullo, Senate Estimates, Legal and Constitutional Affairs Legislation Committee, 26 February 2018, denying the possibility of by-passing the judiciary and “the country's top lawyer”:

As I said at the last estimates meeting of this committee, all executive power is subject to the sovereignty of this parliament and to the supremacy of the law. In bringing the security powers, capabilities and capacities of the Commonwealth together into a single portfolio, these fundamentals will remain in place. All of them are crucial attributes of liberty. I repeat what I said last year to this committee: any contrary suggestion that the establishment of Home Affairs will somehow create an extra judicial apparatus of power bears no relationship to the facts or to how our system of government works, and any suggestion that we in the portfolio are somehow embarked on the secret deconstruction of the supervisory controls which envelop and check executive power are nothing more than flights of conspiratorial fancy that read into all relevant utterances the master blueprint of a new ideology of undemocratic surveillance and social control. [my yellow highting]

Ministerial denial - of sorts....

When confronted by the mainstream media Dutton supported government spying on its citizens, saying he believes there is a case to be made for giving the Australian Signals Directorate more powers to investigate domestic cyber threats, with appropriate safeguards in place and "If we were to make any changes ... I would want to see judicial oversight or the first law officer (attorney-general) with the power to sign off on those warrants".

Hands up everyone in Australia who will sleep well knowing that the tsar has spoken. *crickets*