radiofree.asia

Category: tim wilson

  • ‘Extraordinary’ hacking powers pass Parliament

    Legislation handing “extraordinary” new hacking powers to Australian authorities has sailed through Parliament with support from the Opposition, despite the government not implementing some of the recommendations from the national security committee.

    The Australian Federal Police (AFP) and Australian Criminal Intelligence Commission (ACIC) will now be able to access the computers and networks of those suspected of conducting criminal activity online, and even take over their online accounts covertly, under the Identify and Disrupt bill, which was passed by the Senate on Wednesday.

    AFP Australian Federal Police
    Hackers?: The Australian Federal Police are in line for sweeping new powers to hack.

    Three new warrants will be introduced under the legislation, allowing authorities to “disrupt” the data of suspected offenders, access their devices and networks to identify them and take over their accounts.

    “Under our changes the AFP will have more tools to pursue organised crime gangs to keep drugs off our street and out of our community, and those who commit the most heinous crimes against children,” Home Affairs Minister Karen Andrews said.

    The government moved 60 amendments to the legislation in the lower house in response to the Parliamentary Joint Committee on Intelligence and Security’s (PJCIS) report from earlier this month.

    The amendments included enhanced oversight powers, reviews in several years time by the Independent National Security Legislation Monitor and the PJCIS, the sunsetting of the powers after five years, and strengthened protections for third parties and journalists.

    The amendments meet 23 of the PJCIS’s 33 recommendations, while the government has agreed to implement several others through a broader reform of intelligence surveillance powers.

    But it rejected the national security committee’s call for a higher threshold in the issuing of warrants in terms of the crimes they can be applied for, and for warrants to only be approved by a judge, rather than a member of the Administrative Appeals Tribunal.

    Several Labor members raised concerns with this and echoed others raised by members of the civil and digital rights sector, as did government members of the PJCIS, but all eventually voted to pass the legislation.

    The bill was rejected by the Greens, which said the legislation is another step on the “road to a surveillance state”.

    The PJCIS had recommended that the type of crimes the warrants could be issued for be narrowed to those relating to offences against the security of the Commonwealth, offences against humanity, serious drug, weapons and criminal association offences, and money laundering and cybercrime.

    Currently, the broad new powers can be granted to combat a swathe of crimes, far further than the terrorism and other offences the government has pointed to in order to justify the need for the legislation.

    But the government instead raised the threshold for issuing the warrants to them being “reasonably necessary and proportionate”, up from “justifiable and proportionate”.

    Labor had wanted this to go even further, calling on changes to require the warrants only be issued for “serious offences”.

    Shadow assistant minister for immigration Andrew Giles said the government is “mischaracterising the breadth of the new powers”.

    “It is obviously much easier to justify the introduction of such powers by focusing on the most serious types of crime. No-one would argue with that in respect of crimes like child abuse and exploitation, and terrorism,” Mr Giles said.

    “But it is important that we engage in the more difficult task of justifying the introduction of extraordinary powers by reference to how the powers could actually be used.”

    The amendments “go a long way” to ensuring the powers can only be used to combat serious crime, but don’t go far enough, multiple Labor MPs said.

    Shadow assistant minister for cybersecurity Tim Watts said the warrants should only apply to serious offences.

    “This would be an important constraint on the use of these new warrant powers and would limit their application to offences that carry at least a maximum of seven years’ jail and other specified offences,” Mr Watts said.

    “While these powers do have international precedent, they also carry inherent risks. As currently drafted, the substance of this bill does not match the government’s rhetoric.”

    Liberal MP Tim Wilson, a member of the PJCIS, broke ranks to criticise the government in not adopting all of the committee’s recommendations.

    “I’ll be frank…and say that my preference would be more consistent with that of the committee. That’s why we made those recommendations,” Mr Wilson said.

    “I will not die in a ditch over them, because the purpose of the legislation is more important than the threshold, but I think the threshold test around warrants and their application, particularly with the new powers, is something that we as a Parliament need to review.”

    Despite these concerns, Labor offered support for the legislation in both houses, ensuring its quick passage.

    Mr Giles said the new warrants give “extraordinary” powers to authorities, and appropriate safeguards need to be in place.

    “Labor supports this bill. It’s an important bill which addresses very significant and worrying gaps in the legislative framework so as to better enable the AFP and the [Australian Criminal Intelligence Commission] to collect intelligence, conduct investigations, and disrupt and prosecute the most serious of crimes in an evolving environment,” Mr Giles said.

    “The process of the Parliament here has produced a bill that meets the very serious challenges required to respond to, with appropriate safeguards in place, some of which will require all of us to maintain our attention on their operation and adequacy.”

    Mr Watts blasted the government’s handling of the legislation.

    “It’s indicative of this government’s record in this place to rush through legislation on national security matters with little regard for process, particularly with national security legislation or even with more technical legislation,” he said.

    “While we support the bill, Labor members of the PJCIS do think … safeguards in this bill could go further, particularly in relation to the offences this bill applies to.”

    The Greens voted against the legislation in both houses, with Senator Lidia Thorpe unsuccessfully moving a number of amendments.

    “Really disappointed to see Labor and Liberal both vote in favour to increase police powers of online surveillance. We tried to make this bill better and include human rights protections for innocent people, but the Greens were outvoted by the major parties,” Senator Thorpe tweeted.

    “New warrants allow police to monitor online activity without accusing us of a crime. Take over our accounts and edit our data…making the AFP judge, jury and executioner is not how we deliver justice in this country.”

    Crossbench senator Rex Patrick also attempted to amend the legislation, raising concerns that the bill had been “dropped on the Senate in the very last minutes”.

    The post ‘Extraordinary’ hacking powers pass Parliament appeared first on InnovationAus.

    This post was originally published on InnovationAus.

  • Govt considers banning ransomware insurance

    The federal government is considering banning insurance reimbursements for companies opting to make ransomware payments, as the Opposition pushes for a mandatory notification scheme around these attacks.

    A House Committee inquiry last week heard from a number of Australian insurance companies, with Chair and Liberal MP Tim Wilson investigating insurance reimbursements for ransomware attack payments and the potential to make this illegal.

    Several of the insurance companies confirmed they do offer some coverage for companies making a ransom payment following a cyber-attack, and that these attacks are occurring far more frequently recently.

    Following the hearing, Mr Wilson said he would back legislation outlawing insurers making payouts to companies subject to a ransomware payment.

    “It seems pretty clear to me that allowing insurance to reimburse for ransoms just incentivises criminal behaviours, while also increasing premiums for other cyber risks and should be outlawed,” Mr Wilson said.

    Tim Wilson: “pretty clear” ransomware insurance incentivises attacks

    Insurance Australia Group CEO Nick Hawkins told the committee that the company does offer coverage for cyber-attacks and ransomware payments currently.

    “If there is a cyberattack on a business…we would cover that claim to a certain extent. If part of the cost ends up being some sort of cost to the negotiation and consultants and even potentially a ransom, my understanding is that that is of the coverage,” Mr Hawkins said.

    “None of those payments can contravene any laws. So if there is any sort of suggestion that payments are money laundering or if there are any acts or laws in the country that don’t allow it or that you are contravening by making this sort of payment, then that is an exclusion and that payment is not allowed to be made.”

    Mr Hawkens said that the prospect floated by Mr Wilson of banning insurance payouts for ransomware payments “sort of sounds sensible”.

    “Anything to incentivise this topic would be better, so yes, I can’t see any reason why what you suggested wouldn’t sound like a good idea,” he said.

    Marsh managing director Craig Claughton also confirmed the company insurers against ransomware payments, and that these demands have increased “fairly significantly” in the last 18 months.

    “Most of our clients are terribly concerned about ransom demands being made upon them, so they’re looking for us to arrange cover if it’s available. Obviously, an insurance contract can’t do anything that’s against the law but, at the moment, provided it’s not in breach of any laws, insurers are willing to provide cover for ransom demands,” Mr Claughton said.

    There is a risk that this will incentivise ransomware attacks against Australian businesses, QBE Insurance Australia chief financial officer Chris Esson told the MPs.

    “We’re very conscious here of the risk that the availability of insurance for ransom might drive attacks. We do note that there’s a need to balance that against the fact that a ransom attack can be very possible for business, which is part of the market in which we operate,” Mr Esson said.

    “But we do suggest that these considerations need to be carefully balanced, and it would be an appropriate area to do more review.”

    Shadow assistant minister for cybersecurity Tim Watts criticised the fact the policy proposal was coming from Mr Wilson rather than the responsible ministers.

    “The leadership vacuum left by the Morrison government on ransomware is now being filled by its own backbenchers,” Mr Watts told InnovationAus.

    “The Morrison government missed every opportunity to act while ransomware escalated to a crisis point. It needs to show leadership now.”

    Mr Watts last week introduced a private members bill to the lower house which would launch a mandatory notification scheme for ransomware attacks, with companies subject to such an attack having to inform authorities about it before making a payment to the attackers.

    “Mandatory notification of ransomware payments is a sensible foundation for government action against ransomware. If the Morrison government wants to get serious about fighting ransomware it can support Labor’s private members bill introducing a mandatory payment notification scheme in the next sitting of Parliament,” Mr Watts said.

    Home Affairs minister Karen Andrews has said she is “open to exploring” the proposal, with the legislation set to be debated in August.

    The post Govt considers banning ransomware insurance appeared first on InnovationAus.

    This post was originally published on InnovationAus.