Cyber Law Watch

Insight on how cyber risk is being mitigated and managed across the globe.

1
It’s Trace Time! The COVIDSafe App is open for business – Part I
2
“This is a public health app, it’s not a surveillance app”: Review finds “nothing particularly disturbing” about the Federal Government’s coronavirus tracing app
3
Let’s Track This Through: Tracking Data at the Epicentre of Efforts to Stop COVID Outbreak as Federal Government Considers Implementing Opt-In Mobile Application
4
A phishing pandemic (and offensive): Part III
5
“Major systemic failure”: The Federal Court of Australia published full names of asylum seekers on the Commonwealth Courts Portal
6
A phishing pandemic – Part II
7
Zooming In: “Zoom’s” Significant Privacy and Data Security Risks brought to Light Again (and Again)
8
Forgotten Issues: What Business Continuity Planning in the COVID-19 Era Isn’t Contemplating
9
Not So Zoomy: Use of Videoconferencing Technology “Zoom” on the Rise, but Privacy and Data Security Inadequacies suggest Users should Tread Carefully
10
A phishing pandemic – Part I

It’s Trace Time! The COVIDSafe App is open for business – Part I

By Cameron Abbott, Warwick Andersen, Rob Pulham and Michelle Aggromito

The Commonwealth Government released its COVIDSafe App for download at 6.00pm AEST on Sunday 26 April, and it surpassed 1.13 million downloads within the first 12 hours. This was far greater than expectations, with Health Minister Greg Hunt commenting that, at best, the hope was that “we might get to 1 million in five days.”

Read More

“This is a public health app, it’s not a surveillance app”: Review finds “nothing particularly disturbing” about the Federal Government’s coronavirus tracing app

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

The Federal Government’s coronavirus tracing app has raised some privacy concerns amongst the Australian public. Even some of our government Ministers have ruled out downloading the app due to such concerns! However, the independent cyber security body tasked with reviewing the app has said that it has found no major concerns with it.

Read More

Let’s Track This Through: Tracking Data at the Epicentre of Efforts to Stop COVID Outbreak as Federal Government Considers Implementing Opt-In Mobile Application

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

We previously blogged about the plethora of Asian countries who are using telecommunications networks, smart phone applications and messaging services to inform, track and monitor individuals who may have contracted COVID-19. It appears that Australia’s eyes are on similar technology opportunities, as according to an article from the SMH, the Federal Government will ask Australians “within weeks” to opt in and sign up for a mobile application that uses tracking data to alert individuals as to their risks of contracting COVID-19.

According to the article, the relevant application will monitor the movements of participants to inform individuals whether they have been close to someone already infected with COVID-19. The application also has the functionality to enable someone who has contracted the virus to notify health authorities and ensure that an alert is sent to anyone he or she has been in contact with over the previous 24 hours. Both of these processes are part of what is known as “contact tracing”.

Read More

A phishing pandemic (and offensive): Part III

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

As noted in part I of this blog, various reports have highlighted the significant increase in phishing scams in light of the global COVID-19 pandemic. In particular, there has been an increase in coronavirus-related emails and SMS messages that are embedded with malicious links or documents, created for the purposes of stealing personal information (among other things), usually for financial gain. In order to stop the spread (pardon the pun) of such virus-inspired phishing scams, the Australian Signals Directorate (ASD) has confirmed that it has launched an offensive against malicious attackers located offshore.

Read More

“Major systemic failure”: The Federal Court of Australia published full names of asylum seekers on the Commonwealth Courts Portal

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

The Federal Court of Australia has suffered a catastrophic data breach in which the names of individuals seeking protection visas in Australia have been published on the publicly available Commonwealth Courts Portal database for years.

Ordinarily, the files of such applicants are listed by pseudonyms which are a collection of numbers and letters.

Read More

A phishing pandemic – Part II

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

In part 1 of this blog, we highlighted the increase in phishing scams in light of the global COVID-19 pandemic. In this part 2, we discuss some practical tips that organisations can implement to mitigate the heightened risks of falling prey to such scams.

So, where to begin? You may have seen a recently published alert on the K&L Gates Hub: Responding to COVID-19 series, which provides high level ideas and tips for organisations when implementing remote working procedures for their employees. In particular, organisations should consider implementing:

Read More

Zooming In: “Zoom’s” Significant Privacy and Data Security Risks brought to Light Again (and Again)

By Cameron Abbott, Warwick Andersen, Rob Pulham, Allison Wallace and Max Evans

It hasn’t even been 10 days since our previous Blog on Zoom, which highlighted a number of privacy and data security issues prevalent in the use of the popular telecommunications software, and already further privacy issues have been alleged. Let’s put these allegations under the magnifying glass:

Disclosure to Facebook: Even If You don’t have an Account

Firstly, Vice reports that the iOS version of the Zoom app transfers analytics data to Facebook, even if Zoom users don’t have a Facebook account, without disclosing as such in its Privacy Policy.

Read More

Forgotten Issues: What Business Continuity Planning in the COVID-19 Era Isn’t Contemplating

By Cameron Abbott, Warwick Andersen, and Max Evans

As the world grinds to a halt following the dispersion of COVID-19 and businesses around the globe experience a significant downturn, more and more businesses are turning towards their Business Continuity Plan (BCP) in order to mitigate the potential impacts of this worldwide emergency on business sustainability. However, a key aspect of BCP’s is that they encapsulate the full scale of collateral issues that may arise from such an emergency.

From a technology perspective, BCP’s need to consider access. This issue is twofold: being access to premises in which businesses operate in order to correct system defects and system outages, as well as access to external premises that provide technology services such as data storage or data security services.

Read More

Not So Zoomy: Use of Videoconferencing Technology “Zoom” on the Rise, but Privacy and Data Security Inadequacies suggest Users should Tread Carefully

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

As the world grinds to a halt following the perpetuation of COVID-19, more and more businesses have turned to remote work arrangements. This has led to a sharp rise in the use of videoconferencing technology Zoom. However, as the Australian Financial Review notes, flawed data security and privacy practices mean that the use of Zoom could be disastrous for corporate and personal privacy.

Concerns surrounding the use of Zoom arose earlier this year, with critical security vulnerabilities enabling hackers to predict Meeting ID’s and therefore join active meetings, and also allowing any website to forcibly join a user to a Zoom call with their video camera activated and without the user’s permission. Whilst a number of these errors were patched up, as the article notes, Zoom refused to disable the ability for hackers to forcibly join to a call anyone visiting a malicious site, raising security red flags and undermining public confidence in Zoom’s attitude towards data security. A strange response given that part of its attraction had been a perceived stronger approach to security.

Read More

A phishing pandemic – Part I

By Cameron Abbott, Michelle Aggromito and Rebecca Gill

It’s upsetting to report, but should come as no surprise, that scammers are seeking to take advantage of organisations during the COVID-19 pandemic.

The Australian Competition and Consumer Commission’s Scamwatch website reports that phishing attacks are on the rise, with scammers impersonating the World Health Organisation and other agencies. Scams include anything from offering victims a vaccine for COVID-19 to investment opportunities created by the pandemic.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.