The Department is also advised that sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions.
The Department’s current view is that law enforcement, anti-corruption and national security agencies should be permitted to apply to an independent issuing authority for a warrant authorising the agency to issue ‘intelligibility assistance notices’ to service providers or other persons. The issuing authority should be permitted to impose conditions or restrictions on the scope of this authority.
Where issued to a service provider, such notices would formalise existing arrangements....
When issued to a person other than a service provider, such as the subject of a warrant, the Department’s preliminary view is that a notice would operate in a similar fashion to orders made under section 3LA of the Crimes Act 1914. Section 3LA permits agencies that have seized physical hardware, such as a computer or an external hard drive, under a search warrant to apply for a further warrant requiring a person to ‘provide any information or assistance that is reasonable and necessary’ to allow information held on the device to be converted into an intelligible form.
The Committee recommends that, should the Government decide to develop an offence for failure to assist in decrypting communications, the offence be developed in consultation with the telecommunications industry, the Department of Broadband Communications and the Digital Economy, and the Australian Communications and Media Authority. It is important that any such offence be expressed with sufficient specificity so that telecommunications providers are left with a clear understanding of their obligations.
The Department’s preliminary view is to support recommendation 16 in principle.
No. This is simply wrong. If "Metlink were simply following their IRP" then they would have started investigating and taking action last month when their gaping security violation was first reported. Instead they did nothing until exposure of their incompetence was threatened by mainstream media.
It all depends on the IRP, most Australian transport organisations do not have a incident response plan for this report from a member of the public (I.T. or otherwise), but they do have them for various PR issues such as public disclosure of security issue (I.T. or otherwise). I'm not saying it's right I'm just explaining how it occurs, and given the public profile of the incident, I'm not sure I'd want to be the one deviating from the established IRP even if it wasn't written with this in mind.
The system is run externally by the warehouse and separately to the ATO," a spokesperson told SC....It is unable to access taxpayer information or their details. There are no financial or bank account details stored on POS.
A case of not reading the article, it's blatant FUD.