The University of Queensland Securing Business Information Questions

User Generated

gbaavrqrre

Computer Science

The University of Queensland

Description

In seminar 2, we have discussed “the need for security” and also the recently enacted Access and  Assistance (TOLA) Australian law.  In relation to these two issues, please consider the following  scenario and question:  Question: You are a corporate business analyst.  Your senior management has asked you for a  (maximum) 300 word description of TOLA.  This description will be used to update executive  managers across the business.  Specifically your description must address the following:  

? An explanation of the “going dark” discourse and why “end?to?end” encryption has  exacerbated this “going dark” challenge.  ? Does TOLA aim to impose absolute Australian government control over the digital  communications industry in Australia – yes/no – why?  

? Does TOLA pose worrying implications for the privacy of the Australian people – yes/no –  why? 

? Does TOLA pose worrying implications for the trust the Australian people have in Internet  communications – yes/no – why?

Unformatted Attachment Preview

Information Security Week 2: Part 1: The Need for Security (Ch. 2) Part 2: Legal, Ethical, Professional Issues (Ch. 3) Semester 1, 2021 CRICOS code 00025B Week 2 – Part 1 Learning Objectives: – Demonstrate that organizations have a business need for information security – Identify the threats posed to information security and the more common attacks associated with those threats, and differentiate threats to the information within systems from attacks against the information within systems – [NOT EXAMINABLE in chapters 2 and 3] Describe the issues facing software developers, as well as the most common errors made by developers, and explain how software development programs can create software that is more secure and reliable CRICOS code 00025B 2 Business Needs First! Information security performs four important functions for an organization – Protects ability to function – Enables safe operation of applications implemented on its IT systems – Protects data (stored and transmitted) the organization collects and uses – Safeguards technology assets in use Remember: store, process, transmit information! CRICOS code 00025B 3 Some definitions – we encountered these in week 1 Threat: a potential risk to an asset’s loss of value – usually targeting a weakness/vulnerability in an asset. Attack: An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it. Exploit: A technique used to compromise a system. We also speak of an attack vector Vulnerability: A (potential) weakness in an asset or its defensive control system(s). Management must remain informed about the various threats to an organization’s people, applications, data, and information systems. We shall see later that this information forms the basis of risk actuals! CRICOS code 00025B 4 Threats – a classification What top-level patterns do we detect within this data? • • Threat: an object, person, or other entity that represents an on‐going danger to an asset Internal/external origin; malicious/accidental origin (copying machines video) Category of Threat Attack Examples Compromises to intellectual property Piracy, copyright infringement Deviations in equality of service Internet service provider (ISP), power, or WAN service problems Espionage or trespass Unauthorized access and/or data collection Forces of nature Fire, floods, earthquakes. lightning Human error or failure Accidents, employee mistakes Information extortion Blackmail, information disclosure Sabotage or vandalism Destruction of systems or information Software attacks Viruses, worms, macros, denial of service Technical hardware failures or errors Equipment failure Technical software failures or errors Bugs, code problems, unknown loopholes Technological obsolescence Antiquated or outdated technologies Theft Illegal confiscation of equipment or information CRICOS code 00025B 5 Compromises to Intellectual Property Intellectual property (IP): “ownership of ideas and control over the tangible or virtual representation of those ideas” The most common IP breaches involve software piracy (unlawful use or duplication of software‐based intellectual property) Two watchdog organizations investigate software abuse: •Software & Information Industry Association (SIIA) •Business Software Alliance (BSA) Enforcement of copyright law has been attempted with technical security mechanisms (digital watermarks, bad sectors on software media, license agreement window, online registration) CRICOS code 00025B 6 Deviations in Quality of Service • • • • • Includes situations where products or services are not delivered as expected Internet service, communications, and power irregularities dramatically affect availability of information and systems Internet service issues – Internet service provider (ISP) failures can considerably undermine availability of information – Outsourced Web hosting provider assumes responsibility for all Internet services as well as hardware and Web site operating system software Communications and other service provider issues – Other utility services affect organizations: telephone, water, wastewater, trash pickup, etc. Power irregularities – Commonplace, organizations with inadequately conditioned power are susceptible, controls can be applied to manage power quality, fluctuations (short or prolonged) CRICOS code 00025B 7 Espionage or Trespass • Access of protected information by unauthorized individuals • Competitive intelligence (legal) vs. industrial espionage (illegal) • Shoulder surfing can occur anywhere a person accesses confidential information • Controls let trespassers know they are encroaching on organization’s cyberspace • Hackers use skill, guile, or fraud to bypass controls protecting others’ information CRICOS code 00025B 8 Forces of Nature • • • Forces of nature are among the most dangerous threats Disrupt not only individual lives, but also storage, transmission, and use of information Organizations must implement controls to limit damage and prepare contingency plans for continued operations Human Error or Failure • Includes acts performed without malicious intent (what does this tell us?) • Causes include: – Inexperience – Improper training – Incorrect assumptions • Employees are among the greatest threats to an organization’s data • Again we need to consider the appropriate controls CRICOS code 00025B 9 Denial of Service Denial‐of‐service (DoS): attacker sends large number of connection or information requests to a target • Target system cannot handle successfully along with other, legitimate service requests • May result in system crash or inability to perform ordinary functions Distributed denial‐of‐service (DDoS): coordinated stream of requests is launched against target from many locations (zombies or bots – compromised machines) simultaneously CRICOS code 00025B 10 Deliberate Software Attacks Malicious software (malware) designed to damage, destroy, or deny service to target systems Includes the following malware attack vectors: •Viruses – understand control approach •Worms •Trojan horses •Logic bombs •Back door or trap door •Polymorphic threats •Virus and worm hoaxes CRICOS code 00025B 11 Malware Control Strategy (Generic) 1 2 3 M A L W A R E W R IT T E N a n d R E L E A S E D (C U R R E N T L Y V E R Y E A S Y T O D O ) S E C U R IT Y V E N D O R S IS O L A T E T H E V IR U S A N D E X T R A C T A S M A L L S A M P L E (w e c a ll t h is t h e v ir u s s ig n a t u r e ) S E C U R IT Y V E N D O R S A D D T H IS V IR U S S IG N A T U R E T O T H E IR E X IS T IN G D A T A B A S E ) 4 V IR U S C H E C K IN G S O F T W A R E C H E C K S F IL E S C O M IN G T O Y O U R C O M P U T E R A G A IN S T T H IS D A T A B A S E – IF M A T C H F O U N D – IS O L A T IO N O F F IL E IN C O M IN G F IL E V IR U S C H E C K IN G S O F T W A R E This is essentially ‘pattern matching’ – there are obvious conclusions! If a virus comprises NEW CODE, it cannot be ‘caught’ in the above model until it has been included in the SIGNATURE DATABASE If the SIGNATURE DATABASE is not kept up to date, the control strategy quickly degrades. CRICOS code 00025B 12 Malware Control Strategy (more specific) We shall look later in the course at ‘Intrusion Detection Systems’ or IDS There is one type of IDS that can monitor files systems – especially ‘critically important’ files within those systems Any changes in those critical files – the IDS reports the ‘anomaly’ and this should then be investigated. CRICOS code 00025B 13 Deliberate Software Attacks The Microsoft Security Intelligence Report (SIR) 2019 describes the following trends: • Malware that got past standard AV tools deceased by 34%. • Ransomware attacks decreased by 75% across the year. • Phishing email detections increased 250% - one out of every 200 emails received by users. SIR: MS users running AutoUpdate and other popular tools such as MS’s Malicious Software Removal Tool, Safety Scanner & Windows Defender. www.Microsoft.com/en-us/security/operations/security-intelligence-report (Vol 24) CRICOS code 00025B 14 ACSC (Aust. Cyber Security Centre) – Threat Report • • • • Ransomware continues to grow – extortion of funds Credential-harvesting (login & account number data) malware increases Social engineering is growing in sophistication (ACSC – phishing included here) Scale/impact of DDoS has set new records CRICOS code 00025B 15 IP Spoofing Attack • Types of attacks (cont’d.) – Spoofing: technique used to gain unauthorized access; intruder assumes a trusted IP address – Man‐in‐the‐middle: attacker monitors network packets, modifies them, and inserts them back into network (leave this category until we have done encryption) – Spam: unsolicited commercial e‐mail; more a nuisance than an attack, though is emerging as a vector for some attacks CRICOS code 00025B 16 Attacks (Continued) • Types of attacks (cont’d.) – Sniffers: program or device that monitors data traveling over network; can be used both for legitimate purposes and for stealing information from a network – Phishing: an attempt to gain personal/financial information from an individual, usually by posing as legitimate entity – Pharming: redirection of legitimate Web traffic (e.g., browser requests) to illegitimate site for the purpose of obtaining private information CRICOS code 00025B 17 Types of attacks (cont’d.) •Social engineering: using social skills to convince people to reveal access credentials or other valuable information to attacker •“People are the weakest link. You can have the best technology; firewalls, intrusion‐detection systems, biometric devices ... and somebody can call an unsuspecting employee. That's all she wrote, baby. They got everything.” — Kevin Mitnick [NOT EXAMINABLE] Software Development Security Problems CRICOS code 00025B 18 Global reports (1): 2020 SANS Cyber Threat Intelligence (CTI) survey (System Administration, Networking and Security Institute) From page 2 (Executive Summary) of report: • Collaboration is key – an emphasis on partnering with others (paid service providers, government bodies, other businesses, and across individual organisations. • Necessary data and tools change as CTI teams evolve – ongoing evolution from vendor-provided information to data from internal tools and teams. • Requirements are taking hold and are a staple of mature teams. 2019 – a minority of responds that they had clearly defined/documented intelligence requirements – 2020 – nearly half of respondents answer ‘yes’ to this question. • A community of consumers and producers contribute to CTI. More than 40% of respondents both produce and consume intelligence. CRICOS code 00025B 19 Global reports (1): 2020 SANS Cyber Threat Intelligence (CTI) survey (System Administration, Networking and Security Institute) From page 3 of report: CRICOS code 00025B 20 Global reports (1): 2020 SANS Cyber Threat Intelligence (CTI) survey (System Administration, Networking and Security Institute) From the report: CRICOS code 00025B 21 Global reports (2): Check Point 2020 Cyber Security Report (Check Point is an American-Israeli multinational provider of software and combined hardware and software products for IT security. As of 2019, the company has approximately 5,000 employees worldwide) Targeted ransomware (p. 14) Phishing attacks go beyond email (p. 15) Mobile malware attacks step up (p. 16) CRICOS code 00025B 22 Security Lecture 2 - Part 2: Legal, Ethical, Professional Issues • Differentiate between laws and ethics (important to know the difference!). Understand the scope of an organization’s legal and ethical responsibilities. • Note the major national laws that relate to the practice of information security. This is important ‘terrain’ or ‘environment’ for the IS security professional. We do not strongly focus on the details of the laws. • Focus on privacy needs and practical issues • To minimize liabilities/reduce risks, the information security practitioner must: – Understand current legal environment – Stay current with laws and regulations – Watch for new issues that emerge • Organization increases liability if it refuses to take measures known as due care (this issue has been amplified by the Internet!) CRICOS code 00025B 23 Law, Ethics, Policy in Information Security • Laws: rules that mandate or prohibit certain societal behavior • Ethics: define socially acceptable behaviour • Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these • Laws carry sanctions of a governing authority; ethics do not • Most organizations develop and formalize a body of management views/expectations called policy. Policies serve as organizational laws – the view of management • To be enforceable, policy must be distributed, readily available, easily understood, and acknowledged by employees – and assessed from a legal viewpoint. We would consider the term “natural justice” CRICOS code 00025B 24 Privacy • One of the hottest topics in information security • Is a “state of being free from unsanctioned intrusion” • Ability to aggregate data from multiple sources allows creation of information databases previously unheard of Many types of privacy issues: spamming, fraud, government intrusion. Information Privacy: ”the claim of individuals, groups, or institutions to determine for themselves when, how and to what extent information about them is communicated to others”. (Alan Westin – Columbia University 1967 Is privacy the same as confidentiality? Are the controls the same? • • • CRICOS code 00025B 25 Australian IT/Privacy Law Telecommunications Act 1997  Prohibits breaches of privacy in telecoms traffic – does this apply (e.g.) to email?  Exemptions made for police – with judicial approval – obligations on ISPs  Cybercrime Act 2001  Unauthorised access, modification or impairment with intent to commit a serious offence (Section 477)  Possession or control of data with intent to commit a computer offence (Section 478)  Producing, supplying or obtaining data with intent to commit a computer offence (Section 478)  Spam Act 2003 – three steps (Consent, Identity, Unsubscription)  Privacy Act 1988 (10 principles: Collection, Use and disclosure, Data quality, Data Security, Openness, Access and correction, Identifiers, Anonymity, Transborder data flows, Sensitive information. Targets public sector. Private sector coverage introduced in 2001.  Copyright Act 1968 – protects the expression of ideas in all forms: artistic media, as well as computer programs (idea cannot be copyrighted – its expression can)  Privacy Amendment (Notifiable Data Breaches) Act 2017 established the NDB scheme in Australia (to be Part 111C of the Privacy Act 1988 on commencement) - The NDB scheme applies to all agencies and organizations with existing personal information security obligations under the Australian Privacy Act 1988 (Privacy Act) from 22 February 2018.  Access and Assistance Bill, December 2018. “Going dark” CRICOS code 00025B 26 Codes of Ethics & Professional Organizations (next 5 slides – important for professionals – briefly discussed here) • ACM established in 1947 as “the world's first educational and scientific computing society”. Membership approx. 100000. Web: www.acm.org • IEEE established in 1963 to advance theory and application and facilitate innovation in engineering, computer science and electronics. Currently publishes nearly one third of all research literature in those disciplines. Membership approx. 420000. Web: www.ieee.org • Both promote a code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property • Sources of information: www.ieee.org and www.acm.org CRICOS code 00025B 27 International Information System Security Certification Consortium (ISC2) • Non‐profit organization focusing on development and implementation of information security certifications and credentials (CISSP – Certified Information Systems Security Professional) • Membership approx. 140000. Web: www.isc2.org • Code primarily designed for information security professionals who have certification from (ISC)2 • Code of ethics focuses on four mandatory canons: – Protect society and infrastructure; act honorably/honestly/justly/responsibly/legally; provide diligent and competent service to principals; advance and protect the profession. CRICOS code 00025B 28 System Administration, Networking and Security Institute (SANS) • SANS is a founding organization of the Center for Internet Security • Professional organization with a large membership dedicated to protection of information and systems • SANS offers set of certifications called Global Information Assurance Certification (GIAC) • Website: www.sans.org CRICOS code 00025B 29 Information Systems Audit and Control Association (ISACA) • Professional association with focus on auditing, control, and security (i.e. a focus on IT governance). Formed in 1967. Current membership: 140000. • Concentrates on providing IT control practices and standards (COBIT) – Control Objectives for Information and Related Technologies – a framework for IT management governance. • ISACA has code of ethics for its professionals CRICOS code 00025B 30 Australian Computer Society (ACS) • Founded 1966. Membership: 45,000. Focus: computer and information processing technology • As the Professional Association and peak body representing Australia’s ICT sector, ACS’ mission is to deliver authoritative independent knowledge and insight into technology, build relevant technology capacity and capability in Australia and to be a catalyst for innovative creation and adoption of technology for the benefit of commerce, governments and society. • Web: www.acs.org.au CRICOS code 00025B 31 Australian Cyber Security Centre The Australian Cyber Security Centre (ACSC) is the Australian Government lead agency for cybersecurity. The ACSC was established in 2014 replacing the Cyber Security Operations Centre. The role of the Australian Cyber Security Centre is to: • lead the Australian Government’s operational response to cyber security incidents • organize national cyber security operations and resources • encourage and receive reporting of cyber security incidents • raise awareness of the level of cyber threats to Australia • study and investigate cyber threats. The ASCS integrates cyber security capabilities across the Australian Signals Directorate, the Digital Transformation Agency, the Defence Intelligence Organisation, the Computer Emergency Response Team, the Cyber Security Policy Division of the Department of Home Affairs, Australian Security Intelligence Organisation cyber and telecommunications specialists, Australian Federal Police cyber crime investigators, and Australian Criminal Intelligence Commission cyber crime threat intelligence specialists. The Centre is also a hub for collaboration and information sharing with the private sector and critical infrastructure providers. CRICOS code 00025B 32 AusCERT • AusCERT is a leading Cyber Emergency Response Team (CERT) for Australia and provides information security advice to its members, including the higher education sector. It is a single point of contact for dealing with cyber security incidents affecting or involving member networks. • AusCERT provides members with proactive and reactive advice and solutions to current threats and vulnerabilities. We’ll help you prevent, detect, respond and mitigate cyber‐based attacks. • AusCERT monitors and evaluates global cyber network threats and vulnerabilities, and remains on‐call for members after hours. AusCERT publishes the Security Bulletin Service, drawing on material from a variety of sources, with recommended prevention and mitigation strategies. • AusCERT's Incident Management Service can be an effective way to halt an ongoing cyber attack or, provide practical advice to assist in responding to and recovering from an attack. • Web site: www.auscert.org.au CRICOS code 00025B 33 Access and Assistance law – December 2018 “Going Dark” #1 • Traditional ‘person-to-person’ communications – who could access the communicated ‘information’? Traditionally, these (telephone) communications (telephone and ‘snail mail’) have allowed police/law enforcement to ‘listen-in’ (subject to judicial approval) CRICOS code 00025B 34 Access and Assistance law – December 2018 “Going Dark” #2 • Modern unsecured ‘person-to-person’ communications – who can access the communicated ‘information’? Email – can be copied at work or in private (with judicial approval). Work calls can be monitored (at work) and can be monitored in private (with judicial approval) CRICOS code 00025B 35 Access and Assistance law – December 2018 “Going Dark” #3 • Modern secured ‘person-to-person’ communications – who can access the communicated ‘information’? Secure email, secure digital apps (e.g. WhatsApp) cannot (in theory) be copied at any intermediate point (‘end-to-end’ communication). This is quite different to routine ‘secured’ digital communications (e.g. between me and my bank – this is explained later in the course in some detail) CRICOS code 00025B 36 Access and Assistance law – December 2018 “Going Dark” #4 • Modern secured ‘person-to-person’ communications – who can access the communicated ‘information’? Secure telephony cannot (in theory) be copied at any intermediate point (‘end-toend’ communication) CRICOS code 00025B 37 ‘Going dark’ – a term first introduced by the FBI (US) • • ‘Going dark’: the unprecedented government measures to access encrypted data – Arthur Kopsias – Feb, 2019 (On course Blackboard site) Cryptography (encryption) in US originally treated as a ‘munition’ – subject to legal restrictions – this produced the Clipper chip debacle for the administration of President Clinton. The greatest benefit of encryption also creates the biggest problem. Secure, encrypted communications are being used by terrorist groups and organised criminals to avoid detection, and the inability of law enforcement agencies to read or even partially understand encrypted communications has presented real challenges for these agencies worldwide. • The trust created by secure communications is essential for digital business • ‘End-to-end’ encryption – incorporated into email two decades ago • ‘End-to-end’ encryption – since approximately 2015 incorporated into mobile telephony services and various apps. This has been developed into a very powerful marketing concept by corporate communication companies (video from Apple: iPhone-Privacy.mp4) • Over 90 percent of telecommunications information being lawfully intercepted by the Australian Federal Police now uses some form of encryption. • End to end security (i.e. digital privacy) now a very significant marketing discourse for the corporate telcos (iPhone-Privacy.mp4) CRICOS code 00025B 38 ‘Going dark’ – Australian government response The Telecommunications and Other Legislation Amendment Act 2018 (TOLA Act)  Also known as the Assistance and Access Act 2018)  Became law on 8 December 2018 – first law of its type!  TOLA is an attempt to counter the ‘going dark’ problem faced by Australian law enforcement agencies  TOLA creates a new operational framework for Australian law agencies seeking access to data and content held by designated communications providers within or outside the Australian jurisdiction  TOLA has implications for the operation of the US CLOUD Act 2018. This US law enables US federal law enforcement to compel US-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil. CRICOS code 00025B 39 TOLA Act – overview – it is designed to be ‘cooperative’  Schedule 1 of the TOLA Act inserts a new ‘Industry Assistance’ section into the Telecommunications Act 1997. This section creates a new operational protocol by which Carriers/Carriage Service Providers (‘CSPs’) will provide assistance to law enforcement and security agencies.  This ‘Industry Assistance’ framework contains three distinct new powers which allow an agency head (of delegate) to issue: • • • ‘technical assistance request’ (TAR) for voluntary assistance from the CSP ‘technical assistance notice’ (TAN) for compulsory assistance from the CSP – this power is used in cases where the CSP is already capable of providing the assistance. ‘technical capability notice’ (TCN) for new capabilities. This notice can only be used by the Australian Attorney-General and requires a CSP to create a specific capability where the CSP is not currently able to assist. CRICOS code 00025B 40 TOLA Act – overview – carriers/carriage service providers  The term ‘Carriers/Carriage service providers (CSPs)’ is broadly defined in the Act so that it includes the wide range of entities integral to the 21st century Australian communications operational environment. The main descriptors are as follows: • CSPs that are based in Australia, and those providers based offshore who operate or supply communications services, devices or products for use within Australia. • Anyone who facilitates the services of CSPs. • Electronic service providers (with at least one end-user in Australia) and anyone who facilitates the services of electronic service providers, e.g. Facebook, Google, and Amazon Web Services; and • Manufacturers of electronic equipment and anyone who facilitates the manufacture of electronic equipment used in Australia, e.g. Samsung, Apple. CRICOS code 00025B 41 TOLA Act – overview – what kind of assistance?  Section 317E sets out, in some detail, the types of assistance that may be specified. These types include (but not limited to): • Providing technical information. • Facilitating access to services and equipment. • Removing one or more forms of electronic protection. • Modifying technology. • Concealing that the company has done any of the above. • Example: The assistance may require the issue (to a specific criminal suspect) of a notice to update messaging software – when in fact the ‘update’ will then allow access to the messages of that suspect. • No introduction of systemic weaknesses and vulnerabilities (also know as ‘backdoors’ for encryption mechanisms) • Civil immunity is available for CSPs acting in good faith to ensure that they are protected from any legal risk. CRICOS code 00025B 42 TOLA Act – overview – other relevant details  Organisations: The use of the powers has been restricted to the Australian Federal Police, the Australian Criminal Intelligence Commission, the Australian Security Intelligence Organisation, the Australian Secret Intelligence Service, the Australian Signals Directorate, and State and Territory Police forces.  Responsible officer: A TAR or a TAN may be issued by the head (or delegate) of each agency above. A TCN may only be issued by the Attorney-General  Suspected offence: The use of the powers is connected to the safeguarding of national security or (for State/Territory/Commonwealth Police) the enforcing of criminal law so far as it relates to serious Australian or foreign offences (defined as punishable by a maximum term of 3 years imprisonment, or more, or for life’.  Enforcement: The framework is not intended to be adversarial – it intends to engender a spirit of cooperation. However – civil penalty for contravention is $10 million for corporate entities and $50,000 for private individuals.  Oversighting and reporting: The Commonwealth Ombudsman or InspectorGeneral of Intelligence and Security. The use of industry assistance powers is subject to annual reports to the Home Affairs Minister. CRICOS code 00025B 43 TOLA Act – overview – other relevant details  The TOLA Bill was introduced to the Australian Parliament on 20 September 2018.  The Bill created significant interest (here and abroad) – the main concerns were perceived privacy implications, withdrawal of international corporate investment in Australia, and loss of public confidence in Internet trust levels.  The Bill was subsequently referred to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) for inquiry and report.  The PJCIS then received a very large number of submissions expressing concerns with the Bill (from the Law Society of NSW, the Law Council of Australia, carrier industry providers, law enforcement/security agencies, and a large number of other commercial and private legal institutions.  The Bill became law on 8 December 2018. The reason given for the rapid passage of these complex reforms: a heightened risk of terrorist incidents over the Christmas and New Year period (2018)  There is continuing evaluation of the new law End of presentation slides CRICOS code 00025B 44
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached. Please let me know if you have any questions or need revisions.

CYBER SECURITY

1

Cyber Security
Student’s Name
Institution Affiliation
Date

CYBER SECURITY

2
Cyber Security

Going dark refers to different situations or circumstances in which the government has
acquired permission to obtain specific information from certain devices but has less know-how
of how to do so. The government acquires the permission legally. The main reason why it
appears difficult for the government to acquire information from these devices is the primary
shift in communication services and technologies (Traylor, 2016). However, the end-to-end
encryption has worsened the "going dark" challenge. Terrorists make use of these secure
encrypted communications to evade detection of any form. Moreover, the government and law
enforcement agencies having an inability to go through or even comprehend encrypted
communications have brought out significant setbacks for security agencies worldwide.
TOLA is a way to try and attack the going dark complications the Australian Law
Enforcement Agencies face. It is conspicuous that TOLA brings up worrying implications for the
privacy of all the Australian people. When TOLA is present, there is no privacy when one uses
gadgets to access or even store their online information. This information could, however, be so
private. Manuel (2019) gives an example of giving one's house keys to the government. It means
that they can access one's house anytime they feel like the absence of proper judicial throughpass and go through everything you own. European Union and the United States have laws to
protect their citizens' privacy and evade government overreach, but Australia does not (Manuel,
2019).
I would argue that TOLA has disturbing implications for the Australian persons' trust in
internet communications. The reason behind this fact is as much as the government needs ways
to curb "going dark," the public should and ought to feel secure whenever they use internet
communications. However, human rights organizations, telecommunication industries, and

CYBER SECURITY
technology companies have commented on the TOLA act of 2018 tabled in the Senate by
Senator Kristina Kenneally. As Digital Rights Watch's Lizzie O'Shea said, "it is fulfilling to see
the introduction today of Labor's proposed amendments to these deeply flawed laws." There is
hope for change and the people of Australia building their trust again in electronic
communication.

3

CYBER SECURITY

4
References.

Manuel, D. (2019, March 29th). Why we need to fix encryption laws the tech sector says
threaten Australian jobs. The Conversation. Retrieved from
https://theconversation.com/why-we-need-to-fix-encryption-laws-the-tech-sector-saysthreaten-australian-jobs-110435
Traylor, J. M. (2016). Shedding Light on the "Going Dark" Problem and the Encryption. (U. o.
Michigan, Ed.) University of Michigan Journal Law Reform. Retrieved from
https://repository.law.umich.edu/cgi/v...


Anonymous
Super useful! Studypool never disappoints.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags