First up, on the domestic front this week a couple of reports have elevated the issue of government cybersecurity standards, or lack thereof.
Australian Financial Review sources allege that the Chinese intelligence agencies that penetrated Australia’s parliamentary computer network in 2011 may have been inside the system for up to a year (much longer than previously assumed). It’s suspected the email system used by federal MPs, their advisers, electorate staff and parliamentary employees was breached. Independent senator Nick Xenophon has since called for an inquiry as a matter of national security. Chinese Foreign Ministry spokesman Qin Gang has said ‘we hope that the relevant Australian media can deal with this with a responsible, constructive attitude and not stir up things up (sic) for no reason’. The potential value of any information gleaned by China is uncertain, but the penetration does suggest China’s cyber espionage activities are increasingly focused on revealing political intentions and associations. In June last year it was revealed that Chinese hackers had gained access to the computer networks of Barack Obama and John McCain during the 2008 presidential election.
On another issue, information security consultant Troy Hunt told the Sydney Morning Herald that the controls used to protect myGov—the site providing access to essential government services like Medicare and Centrelink—were ‘irresponsible’. The risk of financial and personal information being exploited will increase from the middle of the year, when the government makes it compulsory for Australians to use the my.gov.au website to lodge their electronic tax returns. In response, the Department of Human Services general manager Hank Jongen said, ‘as technology evolves the department will continue to ensure the service meets community security expectations’.
Heading overseas, American netizens are in an uproar after the Wall Street Journal scoop that the Federal Communications Commission is allegedly drafting new net neutrality rules, allowing ISPs to give certain traffic special access. The basic principle of net neutrality is that access to all websites and web services should be equal and that Internet providers shouldn’t be able to block or discriminate between legal Internet traffic. Internet activists and lawmakers have panned FCC Chairman Wheeler’s proposal, which would let ISPs sell ‘express lanes’ to Internet content providers willing to pay a premium. The FCC has subsequently issued a statement, calling reports that it’ll gut the Open Internet rule ‘flat out wrong’. The political damage might already be done, though, with accusations from New Republic that President Obama has effectively back-flipped on his 2008 and 2012 campaign promises to enforce net neutrality.
In Brazil last Friday, ICANN President Fadi Chehadé used Twitter to entreat followers to ‘focus on implementation of #netmundial Roadmap based on #netmundial2014 Principles driven by our newly born NETmundial spirit’.
Platitudes aside, nothing this week has been quite so consequential for the future of the Internet as the Global Multi-stakeholder Meeting on the Future of Internet Governance event in Sao Paulo. Brazil’s President Dilma Rousseff opened the two-day NETmundial conference, where over 850 government officials, academics, and tech heads gathered to debate a new model of Internet governance. The goal of the conference was to agree on a set of principles that outline an ‘inclusive, multi-stakeholder, and evolving Internet governance framework’. The result is the NETmundial Multi-stakeholder Statement. According to the Electronic Frontier Foundation, the conference became a ‘battle between high hopes, user rights, anti-surveillance activism, and the forces of compromise’. For a comprehensive analysis of the lead-up to conference, see the Governing the Net series here on ‘The Strategist’, which breaks down the actors, aims and Australia’s position. (The final piece, addressing the NETmundial session, will be posted on Thursday.)
Finally, in Beijing last week ASPI and its International Cyber Policy Centre jointly held a roundtable meeting on cybersecurity issues with the China Institute of International Studies—a think tank associated with the Ministry of Foreign Affairs. The meeting addressed the September 2013 ASEAN Regional Forum cyber confidence building measures workshop, Cyber Maturity in the Asia-Pacific Region 2014, and Australia-China cybersecurity relations.
Simon Hansen is an intern in ASPI’s International Cyber Policy Centre.