At a glance.
- Australian government expands cyber funding for law enforcement.
- Australian privacy bill faces pushback.
- EU spyware inquiry committee releases interim report.
Australian government expands cyber funding for law enforcement.
Australia’s Department of Home Affairs has decided to extend cybersecurity funding for law enforcement beyond the initially planned three years. As CRN Australia explains, the cyber capability fund (CFC), which was established last March, originally allocated $30.9 million in funding to be distributed over three years. A Home Affairs spokesperson says the program has now been budgeted to run for at least an additional two years, at around $11 million a year. $20.3 million has been allocated for the 2022-23 financial year, which includes committed funding of $10.3 million for twelve projects, “including specialist training activities, software procurement and technical capability development, operational collaboration on cybercrime, and enhanced victim support,” the spokesperson stated.
Australian privacy bill faces pushback.
The recent wave of data breaches in Australia has been at the top of the news, and in response, lawmakers have been working to pass legislation to crack down on such incidents. The Labor party has introduced a privacy bill that would increase penalties for companies that experience serious or repeated data breaches from $2.2 million to whatever is higher: $50 million; three times the value of any benefit obtained through the misuse of information; or 30% of a company’s adjusted turnover. The law would also extend the jurisdiction of the Privacy Act to foreign organizations that conduct business in Australia. As the Guardian notes, some foreign tech companies feel the bill is an overreach, as it would apply Australian privacy law to their international customers. IAPP reports that at a recent inquiry, Digital Industry Group Inc (Digi) – which represents Meta, Google and Twitter – along with the Business Council, and Tech Council of Australia, expressed their concerns about the bill.
Digi explained, “if an offshore corporation carries on business in Australia through providing services to Australian end users, then the Australian Privacy Act would also apply to that corporation’s handling of information about users in any other jurisdiction where its services are available…It is not clear why Australian laws seek to regulate the management of personal information that has no direct connection with Australia or with Australians.” In a submission to parliament about the bill, the Australian Information Industry Association (AIIA) has warned the Albanese administration against a “heavy-handed or exclusively punitive response” to the wave of breaches. As well, CRN Australia reports, some stakeholders are asking for additional consideration if the breached company can demonstrate they took reasonable steps to secure their data.
EU spyware inquiry committee releases interim report.
As cases of illicit use of spyware increase in the EU, the European Parliament’s investigation into Pegasus surveillance software continues, and the inquiry committee says that national governments are not fully grasping the threat such software poses. As the Guardian reports, the senior MEP leading the inquiry, Dutch liberal MEP Sophie in ‘t Veld, says some governments have made it too easy for surveillance to continue in their countries, and accused some officials of failing to cooperate with her investigation. In her interim report issued yesterday, ‘t Veld noted the committee is already working to fight threats from outside sources, referencing Elon Musk’s takeover of Twitter. “But…when the threat to democracy is not some far away stranger but the governments of EU member states, the commission suddenly considers that the defence of European democracy is no longer a European matter, but a matter for the member states. The commission shows muscle to Musk, but velvet gloves to member states using spyware on citizens,” ‘t Veld stated. As Times of Israel notes, the draft report added that the European Council and national governments “are practicing omertà,” and that the European Commission only shared “reluctantly and piecemeal” information concerning spyware attacks on its own members.