The Coalition needs to act on data breach laws

Recent events in Queensland and Indonesia are a timely reminder that the new Government will be faced with a tough decision when the 44th Parliament opens on 12 November 2013.

Will the Coalition government become the champion of privacy and security for all Australians in the digital world or will it succumb to lobbying by business advocates for the Privacy Alerts Bill 2013 to be consigned to history. 

The government must choose wisely because the wrong choice will make it the pin-up for organised crime and the hackers they employ.

The former liberal Prime Minister John Howard acted wisely and quickly after the Port Arthur massacre to put the safety of Australians before the interests of the powerful gun lobby when his government banned a range of high powered semi-automatic and automatic weapons. The Howard government benefited by a huge bounce at the polls and he will be remembered for his strength and courage at a time of national disaster.

Australians value governments that put their safety and protection first and there can be no doubt that ordinary Australians are under attack. But what does it take before politicians become interested in online privacy and security? The threat of an attack on a politician of course!

Last week a video that was incorrectly associated with the hacktivist group Anonymous was believed to contain a threat to the Queensland Premier Campbell Newman. Outrage followed.  Why?

Because Anonymous have been linked, often by their own admission, to hacking attacks on government, defence, security organisations and corporations. The thought of what Anonymous might do if they turned their attention on Newman was seen to be an attack on democracy and Newman’s right to security and privacy online.

But what about the rest of us? Australians are attacked every minute online, bank accounts are broken into and emptied, personal details stolen, lives ruined.

Where is the outrage from the Queensland Police Minister Jack Dempsey about the constant online attacks by organised crime on the lives of ordinary Australians?

Does it take the actions of one misguided young man in Queensland to get politicians to realise there is a problem facing Australian families every minute of every day?

Anonymous was in the news again this week when Anonymous Indonesia reacted to the news that Australia is alleged to have spied on Indonesia at the behest of the US government and National Security Agency (NSA). Anonymous Indonesia hacked into more than 100 Australian websites belonging to small business and government organisations, defaced many of the websites and tweeted the list of victims with the message “Stop spying on Indonesia!”

The actions of Anonymous Indonesia were illegal and should be condemned.

To make matters worse the apparent ease with which they were able to hack into so many websites demonstrates the lack of security applied by business and government organisations to their online presence.

Anonymous Indonesia could have done more than defacing websites. They could have hacked into websites, stolen credit card or bank details or other personal information and posted it online.

But why do this when the loss of personal data, bank or credit card details has become commonplace in Australia?

In October 2013 Symantec estimated the cost of cybercrime affecting Australians to be about $1 billion per annum. That means the average cost per victim was about $200.

The European Union (EU) requirement for data breach reporting came into force on 25 August 2013. In the EU telecommunication, Internet Service Providers (ISP) and organisations conducting business online have 24 hours to report data breaches to authorities from the moment the data breach was discovered.

The argument by business lobbyists that the cost to business will be high and data breach reporting to the Australian Privacy Commissioner would be an unnecessary burden to place on struggling Australian businesses just does not carry any weight. The ease at which Anonymous Indonesia was able to hack into Australian websites clearly shows there is a problem that is not being addressed despite repeated calls for business to get its collective act together.

Coalition government aims to have a close relationship with business, and any action that increases business costs will test that relationship. But this is one of those occasions when the government will need to step back, take a deep breath, and explain to business that mandatory data breach reporting is good for them (and the government).

Business could help the Coalition government out of this predicament by adopting the provisions in the Privacy Alerts Bill 2013 as a mandatory industry best practice guide – but will business leaders have the forethought to act before the Coalition government does?

The previous Labor government failed to introduce the Privacy Alerts Bill 2013 before the end of the last Parliament. Labor’s failure to acknowledge the extent of cybercrime by not introducing the Privacy Alerts Bill 2013 into Parliament has left the new Coalition government with a narrow window of opportunity.

The Coalition government has a stark choice to make and it cannot put the decision off. The new Parliament is fast approaching and the Privacy Alerts Bill 2013 must be addressed one way or another – will the Coalition government act to protect Australians in the online world or not?

The alleged attack on Campbell Newman has firmly put the issue of online privacy and security on the front page. Failure to act will be seen to be an act of cowardice by the Abbott government in the face of attacks by Anonymous Indonesia and misguided lobbying by Australian business.

Mark Gregory is a Senior Lecturer in the School of Electrical and Computer Engineering at RMIT University. You can follow @_markagregory on Twitter or read his blog here.