security – Cyber Law Watch

California Privacy Protection Agency Proposes Draft Rules for Automated Decision Making, Including Artificial Intelligence

Dec 07 2023

By Eric Vicente Flores and Michael Stortz

Executive Summary: The California Privacy Protection Agency has proposed a new set of draft regulations that aim to regulate the use of artificial intelligence and automated decision making technology. These regulations will be discussed alongside other draft regulations the agency has previously proposed regarding risk assessments and cybersecurity assessments. The three sets of draft regulations will be discussed at the agency’s meeting on 8 December.

California Proposes Cybersecurity Requirements for Businesses

Oct 11 2023

By: Eric Vicente Flores, Avril Love, and Whitney McCollum

In recognition of Cybersecurity Awareness Month in the US, we will be bringing awareness to relevant 2023 cybersecurity updates each week.

On 28 August, the California Privacy Protection Agency (CPPA) published draft regulations regarding risk assessments and cybersecurity audits for consideration at the Board’s September meeting. The draft regulations precede the formal rulemaking process, but provide insight into CPPA’s current priorities.

Dec 14 2022

By Cameron Abbott, Rob Pulham and Stephanie Mayhew

As of yesterday, the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 (Privacy Enforcement Act) is now in effect after receiving Royal Assent on 12 December 2022.

As we have previously shared, the Privacy Enforcement Act increases the maximum penalties for serious or repeated privacy breaches. For body corporates/organisations this increases the penalty from the current $2.22 million to whichever is the greater of:

New concerns over China’s ability to access user data on WeChat

Jun 21 2022

By Cameron Abbott and Hugo Chow

A recent report by cybersecurity firm, Internet 2.0, has raised concerns about the Chinese Communist Party’s ability to access the data of millions of users around the world of social media and payment application, WeChat.

WeChat is significant as it is the application that nearly all citizens in China use on a daily basis for communication, payments for services and as a way for citizens to connect through social media. Although the majority of WeChat’s more than 1 billion users are located in China, there are approximately 600,000 users in Australia, 1.3 million users in the UK, and 1.5 million users in the United States.

One of the concerns the report outlines is that although WeChat states that its servers are kept outside mainland China, all user data that WeChat logs and posts to its logging server goes directly to Hong Kong. And the report argues that under Hong Kong’s new National Security Legislation, there is little difference between Hong Kong resident servers and servers in mainland China.

As a result, due to China’s National Intelligence Law which requires organisations and citizens to “support, assist and cooperate with the state intelligence work”, there are concerns that the WeChat logging data that goes to servers in Hong Kong may be accessed by the Chinese Government upon request. The report states that the data that goes to Hong Kong is log data, which includes the user’s mobile network, device information, GPS information, phone ID, the version of the operating system of the device, but does not include information such as content of a conversation.

Another concern the report outlines is that although there was no evidence that chats were stored outside the user’s device, the report found that WeChat had the potential to access all the data in a user’s clipboard. This means that there is the potential for WeChat to access the data that is copied and pasted by users on WeChat, which is a risk to people using password managers that rely on the clipboard feature to copy and paste their passwords.

We expect to hear more about these sorts of concerns from a range of jurisdictions.

The AFP and FBI developed ANoM app secretly distributed among criminals used to make over 800 criminal arrests worldwide

Jun 10 2021

By Cameron Abbott, Warwick Andersen and Jacqueline Patishman

[Editor: It has been a busy week for all Cyberwatchers, and our blog has been running hot. This however is our favourite.]

For at least the last three years the Australian Federal Police and the United Stated Federal Bureau of Investigation have been working together to run ‘Operation Ironside’ using an app called ANoM. The app has allowed law enforcement to easily monitor criminal communications and to make over 800 criminal arrests so far.

$300 million of the Victorian Budget set aside to improve cyber security

May 27 2021

By Cameron Abbott and Jacqueline Patishman

The recently released Victorian budget shows that more than $300 million of the 2021-2022 state budget is to be used to improve the government’s ability to prevent, detect and control cyber risks. Well sort of… it also includes a range of more vanilla possible projects such as case administration systems at AAT, upgrading radio communication for Forest Fire Management Fire Victoria staff – so perhaps it is not as large a cybersecurity spend as it first looks.

Jul 07 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham and Rebecca Gill

In some positive news about the Federal Government’s COVIDSafe app, the University of Adelaide’s cybersecurity experts have assessed the Australian contact tracing app to be one of the best and safest among 34 apps used globally to track and trace COVID-19 cases.

A team from the University’s School of Computer Science made the judgment in a study which assessed Android versions of 34 of the world’s COVID-19 contact tracing apps for security and privacy vulnerabilities.

“This is a public health app, it’s not a surveillance app”: Review finds “nothing particularly disturbing” about the Federal Government’s coronavirus tracing app

Apr 23 2020

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

The Federal Government’s coronavirus tracing app has raised some privacy concerns amongst the Australian public. Even some of our government Ministers have ruled out downloading the app due to such concerns! However, the independent cyber security body tasked with reviewing the app has said that it has found no major concerns with it.

Mar 06 2020

By Cameron Abbott and Max Evans

Following Australia’s latest round of expanded 5G restrictions, the South Australian Government has made a decision to remove all close circuit surveillance cameras made by a Chinese surveillance giant from health department buildings, according to an article by the Sydney Morning Herald.

The article notes that the relevant cameras are made by the partially state-owned Chinese surveillance technology company Hikvision, which was blacklisted in October 2019 by the United States for their alleged role in human rights violations and in purporting to create a surveillance network amongst federal agencies. Issues with Hikvision in South Australia were first identified in the course of a Commonwealth-funded trial in which Hikvision cameras were to be used in the rooms of aged care residents as a means to improve overall safety.

Trending: Security as a service

Aug 07 2019

By Cameron Abbott and Karla Hodgson

Remember the time when you first heard about cloud computing and it took you a few moments of quiet contemplation before you wrapped your head around the concept of computing being situated “up there”? Of course today we aren’t surprised to learn that over 80% of enterprise workloads will be in the cloud by next year and that a new wave of cloud-based security as a service (SECaaS) solutions are rolling in to address the forecasted USD $5.2 trillion per year in cybercrime damage that is expected to impact within the next 5 years.

Based on the software as a service (SaaS) model, SECaaS is a cloud-based managed security service that removes the need for businesses to buy and continually upgrade on-premises hardware and software and keep staff upskilled in the ever-shifting world of cybersecurity risk and protection.

Tag:security

California Privacy Protection Agency Proposes Draft Rules for Automated Decision Making, Including Artificial Intelligence

California Proposes Cybersecurity Requirements for Businesses

New Privacy Enforcement Act commences in Australia

New concerns over China’s ability to access user data on WeChat

The AFP and FBI developed ANoM app secretly distributed among criminals used to make over 800 criminal arrests worldwide

$300 million of the Victorian Budget set aside to improve cyber security

“The best of its kind anywhere in the world today”: COVIDSafe among the safest tracing apps globally, study finds

“This is a public health app, it’s not a surveillance app”: Review finds “nothing particularly disturbing” about the Federal Government’s coronavirus tracing app

Watching Me, Watching You: Chinese Surveillance Cameras Banned in South Australia amidst Security Concerns