ATO casts loving eyes over cybercrime intercept powers

I want what she’s having…


Hot on the heels of the passage of Australia’s Cybercrime Amendment Bill – which expands Australia’s interception regime in an effort to bring it into line with European practices – the Australian Taxation Office is reportedly looking for more interception powers as well.

If this report in The Australian is accurate, it appears the ATO is looking over the new cybercrime laws with longing eyes and, like a fashionista at a Prada store, murmuring greedily “I want one just like that”.

The Cybercrime Amendment Act, which passed the Senate last night with support from both major parties, is notable for two things: introducing a regime by which authorities can ask carriers to start intercepting and recording traffic in advance of a warrant; and allowing other countries to request that intercepts be set up.

In domestic cases, the new bill allows agencies to request communications be stored, either covering a single stipulated day or for a 30-day period, for later access if a warrant is granted. The same requests can be made in response to an international request made via the AFP (if it agrees that the request is required).

According to The Australian, the ATO covets similar capabilities, asking for the ability to access information captured in “real time” in tax investigations that don’t meet the bar set for a criminal investigation.

If, of course, the matter raised by the ATO were relating to crimes, it could have the storage request made by the AFP rather than doing so on its own behalf – so it appears that what the taxman wants is similar standing under the legislation to that held by the law enforcement agencies.

The Register notes that the Cybercrime Amendment Bill is not a universal data retention regime. That legislation has been delayed at least until after the next election. ®


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • World Economic Forum wants a global map of online crime
    Will cyber crimes shrug off Atlas Initiative? Objectively, yes

    RSA Conference An ambitious project spearheaded by the World Economic Forum (WEF) is working to develop a map of the cybercrime ecosystem using open source information.

    The Atlas initiative, whose contributors include Fortinet and Microsoft and other private-sector firms, involves mapping the relationships between criminal groups and their infrastructure with the end goal of helping both industry and the public sector — law enforcement and government agencies — disrupt these nefarious ecosystems.  

    This kind of visibility into the connections between the gang members can help security researchers identify vulnerabilities in the criminals' supply chain to develop better mitigation strategies and security controls for their customers. 

    Continue reading
  • Never fear, the White House is here to tackle web trolls
    'No one should have to endure abuse just because they are attempting to participate in society'

    A US task force aims to prevent online harassment and abuse, with a specific focus on protecting women, girls and LGBTQI+ individuals.

    In the next 180 days, the White House Task Force to Address Online Harassment and Abuse will, among other things, draft a blueprint on a "whole-of-government approach" to stopping "technology-facilitated, gender-based violence." 

    A year after submitting the blueprint, the group will provide additional recommendations that federal and state agencies, service providers, technology companies, schools and other organisations should take to prevent online harassment, which VP Kamala Harris noted often spills over into physical violence, including self-harm and suicide for victims of cyberstalking as well mass shootings.

    Continue reading

Biting the hand that feeds IT © 1998–2022