Is the Government's cybersecurity advice following Russian trolling activity sufficient or are deeper protections for data and privacy required? Media editor Dr Lee Duffield reports.
IT IS A QUESTION of chasing outlaws where there aren’t many laws or enforcing rules where there aren’t many of those either.
A joint statement on Monday by the American and British cybersecurity agencies about a burst of Russian trolling activity after the bombing has been matched up in state media work with information about similar activity during 2017.
IT’S THE ROUTERS – AND THE RUSSIANS
The two agencies said Russian state-sponsored actors were using compromised computer network equipment to attack companies and government departments in their respective countries.
They said the Russian activity had jumped 2000 per cent and routers were proving to be the vulnerable link – the devices used for sending data across networks.
Individuals and companies should ensure their router software was up-to-date and their passwords secure, they said.
Australia's Cyber Security Minister Angus Taylor has got himself over to the United States to talk with security agencies there and caught up with the story — bringing out information about 2017, which just happens to have become available at this time.
If you want to be seen to be on the ball, News Corp is as good an outlet as any and he did tell The Australian there had been a lot of the pirate activity here last year, while right now, just as the Americans and British say, routers would be the problem.
“Commercially available routers were used as a point of entry, demonstrating that every connected device is vulnerable to malicious activity”, he said.
FIGHTING ON YOUR OWN
For many consumers – and doubtless many commercial users as well – the cyber war raises the question of how isolated you are in dealing with potentially devastating intrusions, what standing you have, what protections and what rights.
In a neoliberal world where “small government” would not “meddle” and would avoid raising revenue for services, we would be left with the “right” to set up millions of private IT security departments — and the “market” might somehow come to our rescue.
It has not yet got that far in Australia where $10.7 million per year is being spent on setting up the Federal Cyber Security Advisory Office and estimates of the total security spend, public and private, to some degree driven by regulation, are running up to $40 billion.
REGULATING DODGE CITY
Where the wild west environment of digital growth has brought in these problems with hacking and trolls, there is a clear case to look at regulating it more, for example, to get mature protocols on cybersecurity for all to follow.
That would be a responsible project for democratic governments to take up, and a good step beyond the neo-liberal position, which says: the government tells the world they know what’s going on, but everybody should just look after themselves better.
NEW REFORM PROPOSAL BY MEAA
Leaving aside the specific question of technical security online, a fresh demand for content protection by regulatory means has come from the journalists’ organisation, the Media Entertainment Arts Alliance (MEAA), in their continuing war on propaganda and fake news.
The organisation said on Monday, that Facebook and Google should be regulated:
Digital giants like Google, Facebook, Twitter and YouTube should be regulated like other media companies and forced to contribute a percentage of their revenue towards public interest journalism.
In a submission to the ACCC’s digital platforms inquiry, MEAA says growing concerns about fake news and propaganda, the inappropriate leaking of individual consumers' data, and failure to curb online bullying and offensive content all lead to the conclusion that Facebook and Google should be regulated similarly to broadcasters by the Australian Communications and Media Authority.
MEAA functions as a union and professional association in the media field and has been pushing a chain of inquiries into cyber chaos and skulduggery to get governments to make a program for reforms — in this case, an inquiry by the Australian Competition and Consumer Commission (ACCC). (See another MEAA intervention in 'A Stand for Journalistic Freedom' on IA.)
SETTING OUT THE PLAN
The following is its summary of the submission to the ACCC, driven in part by the recent case of abuse of data from Facebook, where it recommends a move by the government to increase penalties for “mass” privacy/data breaches:
On April 10, 2018, MEAA provided this submission to the ACCC's digital platforms inquiry. In summary, MEAA believes that effective standards should be established for digital platforms, especially those of scale. We support the following seven measures:
1. that digital platforms of scale be classified as media companies for regulatory purposes
2. in the absence of Australian publishers and content creators being reasonably compensated for use of media content, an access-per-user fee or percentage of revenue charge be levied on digital platforms of scale, such funding to be retained for a contestable Public Interest Journalism Fund
3. that an effective ‘good faith’ requirement be included in collective bargaining authorisations under section 88 of the Competition and Consumer Act to enable Australian media companies to engage in mutually satisfactory commercial negotiations
4. inserting a mandatory ‘public interest’ test into section 50 of the Competition and Consumer Act – mergers and acquisitions
5. fast-tracking the Productivity Commission’s recommendations for a new Comprehensive Right for consumers to control their data and creation of a new Data Sharing and Release Act
6. that the Government consider increasing maximum penalties for ‘mass’ privacy/data breaches
7. that consumers be provided with plain language information about the extent of algorithm use and advised of safeguards
(See the full submission here.)
Media editor Dr Lee Duffield is a former ABC foreign correspondent, political journalist and academic.
Support independent journalism Subscribe to IA.