Australian privacy watchdog launches investigation into Clearview AI

Australia’s privacy watchdog will probe the personal information handling practices of Clearview AI after several policing agencies admitted to having used the controversial facial recognition tool.

The Office of the Australian Information Commissioner (OAIC) on Thursday opened a joint investigation into the software with the United Kingdom’s Information Commissioner’s Office (ICO).

The tool, which is targeted at law enforcement agencies, is capable of matching images with billions of others from across the internet, including social media, to find persons of interest.

As part of the probe, OAIC and its overseas counterpart will look at Clearview AI’s “use of ‘scraped’ data and biometrics of individuals”, as well as how it manages personal information more broadly.

“The investigation highlights the importance of enforcement cooperation in protecting the personal information of Australian and UK citizens in a globalised data environment,” the OAIC said in a brief statement.

“In line with the OAIC’s privacy regulatory action policy, and the ICO’s communicating our regulatory and enforcement activity policy, no further comment will be made while the investigation is ongoing.”

The investigation follows preliminary enquiries by OAIC earlier this year after the tool was revealed to have been used by 2200 law enforcement agencies globally, including the Australian Federal Police and the Queensland, Victoria and South Australia police forces.

While the four policing agencies initially denied that the software had been used, the AFP and Victoria Police have since been forced to admit to having briefly trialled the tool from late 2019.

The AFP confirmed in answers to questions on notice that seven officers from the Australian Centre to Counter Child Exploitation had used the tool to conduct searches after being sent trial invitations from Clearview AI.

Victoria Police, similarly, confirmed in a freedom of information request that several officers from the Joint Anti-Child Exploitation Team had run more than 10 searches using the tool after signing up.

Both agencies stressed that Clearview AI had not been adopted as an enterprise product and that no formal commercial agreements had been entered into.

Article Courtesy: www.itnews.com.au/

NSW govt sets up vulnerability tracking centre in Bathurst

The NSW government has set up a cyber security vulnerability management centre in Bathurst, which will start operating next month.

The centre will be operated by Cyber Security NSW, the new name given to what was formerly the Office of the Government Chief Information Security Office.

It will provide the NSW government with an increased awareness of vulnerabilities in internet-facing services and assets,” Customer Service Minister Victor Dominello said in a statement.

“It will deliver a vital, sector-wide risk management capability and is critical to ensuring enhanced monitoring of at-risk government systems, as well as early identification and remediation of known vulnerabilities.

“Early detection of vulnerabilities and the ability to report them to the relevant agencies and departments is essential to improving our cyber security.”

The government added that the centre “will provide ongoing and automated vulnerability scanning across departments and agencies, and as capability develops, other services will be introduced.”

The centre is the first of its kind in NSW and will employ eight Bathurst-based cyber security staff.

It will also see Cyber Security NSW work in partnership with UpGuard “to provide the NSW Government with greater capabilities to detect and manage internet-facing vulnerabilities and data breaches.”

The centre’s establishment comes as the NSW government prepares to invest $240 million into cyber security over the next three years.

It also comes as news reports emerge of the state government being a major target of a potentially state-based attack.

Article courtesy: www.itnews.com.au

Australian governments and companies targeted by a sophisticated state-based actor

What’s happened?

The Australian Government is aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor.

A range of tactics, techniques and procedures are being used to target multiple Australian networks. It’s important that Australian companies are alert to this threat and take steps to enhance the resilience of their networks. Cyber security is everyone’s responsibility.

What your IT managers can do

The ACSC has produced the a technical advice for Information Technology managers.

The advice includes the following mitigation strategies to help reduce the risk of compromise to your systems:

1. Prompt patching of internet-facing software, operating systems and devices

All exploits utilised by the actor in the course of this campaign were publicly known and had patches or mitigations available. Organisations should ensure that security patches or mitigations are applied to internet-facing infrastructure within 48 hours. Additionally organisations, where possible, should use the latest versions of software and operating systems.

2. Use of multi-factor authentication across all remote access services

Multi-factor authentication should be applied to all internet-accessible remote access services, including:

  • web and cloud-based email
  • collaboration platforms
  • virtual private network connections
  • remote desktop services.

Article courtesy: www.staysmartonline.gov.au

Cyber security is essential when preparing for COVID-19

What’s happened?

Organizations around the nation are seeking approaches to protect their staff and vulnerable individuals of the community from the COVID-19 pandemic.

Training their staff to work remotely may be one way of minimizing the spread of the virus. However, remote work arrangements can have security implications and cybercriminals may attempt to exploit this opportunity. The cyber risks of working from home could include malware infection, unauthorized access, data security, and insecure devices used by staff.

It’s substantial that organizations and their staff guarantee that remote access to business network is secure so they are not exposed and business information is not compromised.

How do I stay safe?

Ensuring good cyber security measures now is the best way to address the cyber threat. You can reach us at 1300 660 368 and one of our team members can guide you the way in order to work from home securely.