Posts

UNSW Allens Hub for Technology Law and Innovation

The UNSW Allens Hub for Technology, Law and Innovation (‘UNSW Allens Hub’) is an independent community of scholars based at UNSW Sydney.

During the inquiry into the government’s Digital Identity Bill, I asked representatives from the UNSW Allens Hub about their submission, which included data from India where digital identity was originally supposed to be voluntary but has become mandatory, and has resulted in restrictions on citizens despite government guarantees at the outset.

Their position is that legislative frameworks and protections should exist to prevent overreach from both government and non governmental authorities. Safeguards should be put in place to protect citizens who are being provided with essential services via digital identity to combat the power creep that we saw with the Director’s ID.

What is becoming clear, and the cautionary tale from India bears this out, both governments and private companies are embracing, with equal enthusiasm, the application of digital identity for all as the most convenient system for their purposes. Yet, what does this mean for Australians’ privacy and data given the cyber-security failures we have already seen from government and the private sector?

Human Technology Institute

At the Digital Identity inquiry I spoke with representatives of the Human Technology Institute, an industry body that promotes human rights in the development, use, regulation and oversight of new technology. Their comments make it clear that there needs to be strengthened legislation to improve privacy and other human rights protections with regards to the government’s Digital ID.

The government’s Digital ID Bill is part of the triad of tyranny, which is currently being whisked with indecent speed through what should have been a more careful scrutinising and debating process.

Surely privacy and human rights were not going to be left out of the new “trusted” digital identity that the Albanese government is keen for us all to embrace?

Australian Banking Association

At the Digital Identity Inquiry in Canberra, I questioned the Australian Banking Association about how Australians who don’t want a digital ID would lead a normal life without one.

I also asked how internet outages would impact on people’s lives when they rely on a digital identity to access their money.

Sensitive Defence information is still being held at data centers owned by Global Switch, a Chinese-owned multinational company, despite promises to have all government data migrated out by 2020. Regardless of the complexity of the move or data being “less sensitive”, this is an unacceptable situation. The Chinese Communist Party must be laughing at our Government.

Transcript

Okay, thank you. Getting onto storage of defence data, including critical secure data. In February, 2021, the Australian federal government renewed its contract with the firm Global Switch, despite serious security concerns. The company has hosted Australia’s sensitive and high security data for some time. Elegant Jubilee, a Chinese consortium, bought 49% of the parent British company Alders Gate Investments, causing an ownership change for Global Switch in 2016. Then treasurer Scott Morrison said in 2017 that the defence data would be shifted back to a government owned hub for security reasons. After he became prime minister, he later decided to extend their contracts with Global Switch. Does the firm Global Switch still host Australia’s sensitive and high security defence data?

Senator, Jeff Goedecke, First Assistant Secretary ICT Service Delivery and Reform. The Global Switch facility, which is completely controlled by the commonwealth, does hold some of the less sensitive data. There are as indicated in the release by secretary Moriarty in February last year, there are plans in place to migrate that data from Global Switch by 2025. This is in accordance with the whole of government hosting strategy.

So why was it decided to continue this arrangement, hosted ultimately with, with Chinese ownership?

It’s, it’s, it’s not Chinese ownership. As I said, the Commonwealth owns, has complete control of the facility, both from a physical perspective and from a, and a, a protection from a logical sense, from an ICT perspective and security perspective. The amount of equipment and data, and the complexity and interdependencies, necessitate a longer term to remove these things. There’s a, a great deal of reliance on defence business continuity, that requires a staged approach to remove this stuff. It basically, the complexity and size of the footprint, the payload inside the data centre, means it was impossible to, to move that over a very short period of time.

So when was the decision last made to, to leave it there, and eventually you take it off by 2025?

So, just bear with me, Senator

And Senator, Greg Moriarty, Secretary of the Department. All of, all of the highly sensitive information is, is long gone. So what, so-

What sort of information is there?

Well, this-

So we, so what happened was the government approved, back 2018 for defence to be funded to move what was sensitive data from the data centre out. That occurred by June, 2020. So that was all removed. Because of the size of the footprint of the remaining data, which is less sensitive data, again, still protected from a government perspective and government controlled. There was a, there is a process in place now where we are, have an evolution to move that data out. And that ties in with the additional lease, which expires in 2025.

So what is that less sensitive data?

It, it’s for a range, range of things. It could be administrative related. It could be some sort of logistic, but we wouldn’t normally discuss exactly what type of data we hold in what locations.

So there’s no risk whatsoever of the Chinese accessing it, ’cause they’re pretty good hackers.

There, there is no risk.

What, what, why can you be sure of that?

It’s, it’s based on the, the the facility itself has physical controls in place. That’s everything from, from it being a fully manned facility, it has all of the CCTV capabilities. It has, you know, alarms, it’s fully accredited. And in fact, the facility is accredited to look after more sensitive data. That hasn’t changed. So there’s a higher level of security than would normally be afforded that level of data, which is an important factor as well. In addition to that, we have ICT securities. So cybersecurity controls where we, we monitor that we have a, the defence security operations centre monitors cyber activity. And that includes that within the footprint as well. Gateway, secure gateways also assure the information. So from a defence perspective there aren’t risks related to that, Senator.

Has it been tested at all? ‘Cause the Chinese, some Chinese are very good hackers. I’m sure you know that.

Absolutely. So there are, defence has no indications at all that there’s been any compromise at all related to data held in that facility.

So it’s not a case then of the, the Fox looking after the hen house?

Not at all.

Okay.

No, but, and, and just to make sure that, I mean, that, that is why the government has, has directed defence to move all of the data by a particular point in time. Senator, we believe that the mitigation strategy that we have in place is very robust for the, for that level in, in fact, as Mr. Goedecke said, it’s, it’s much more significant wraparound than what normal data of that level would be. But we are moving out. We are, we are gonna remove absolutely any risk by, by removing ourselves from that, from that data centre. And the government has, has agreed the timeline.

Thank you. And thank you, too.

Additional Information

https://www.itnews.com.au/news/defence-delays-global-switch-data-centre-exit-by-up-to-five-years-560042

https://www.afr.com/companies/telecommunications/federal-bodies-struggle-to-exit-chinese-owned-data-centre-20200304-p546p5