Read The Times Australia

Daily Bulletin

Should cyber officials be required to tell victims of cyber crimes they've been hacked?

  • Written by: Greg Austin, Professor UNSW Canberra Cyber, UNSW
The Conversation

In Germany this week, the legal limbo that defines cyberspace around the world was on full display.

The country’s Federal Office for IT Safety (BSI for its German initials) had been tracking a cyber attack targeting some of the country’s parliamentarians since early December. It ultimately led to the public release of mobile phone numbers, credit card information and ID card details of hundreds of members of parliament, and other public figures.

Only some MPs were informed by BSI about the attacks, while others learned about them only after the details were published in the media. MPs were outraged that BSI had failed to notify them that their personal data was being targeted, despite knowing about elements of the attack for up to four weeks.

Read more: New guidelines for responding to cyber attacks don't go far enough

A deeper concern, raised by some MPs, was that over the same period, BSI (which is not a law enforcement agency) did not inform the German police that a political crime of this seriousness had possibly been committed. Once engaged, the police quickly found a suspect who reportedly confessed.

Hacking, whether or not data is publicly compromised, is a crime in most countries. The crime is constituted simply by the unlawful accessing of data or machines. But few countries have laws that require their cyber agencies that monitor hacking to report the criminal acts – either to third party victims or to the police.

This legal vacuum needs to be addressed urgently.

Is hacking a ‘serious crime’?

The challenge for cyber agencies or private sector firms which detect a hack is that these events are very common. Millions take place every day, and complex forensic information needs to be assembled in order to judge which incidents are serious enough to require notification. This sets up a defacto, but ill-defined, distinction between “petty crime” (most hacks) and “serious crime”.

What this means in reality can be illustrated by the practice in the Australian state of New South Wales. In NSW, there is an obligation under the Crimes Act to report serious crimes. These are defined as those attracting legal penalties of five years or more of imprisonment. But when it comes to cyber hacking, it’s often not immediately clear whether the extent of a hack would trigger such a penalty threshold.

This uncertainty was at play in the German hack, with BSI justifying its failure to notify with the claim it was still trying to analyse it, and did not know the full scale of it.

Even after arresting the suspect and knowing the scale of the attack, the head of cyber security at the Federal Police Office (BKA) said it was still unclear whether the hack was a serious crime inspired by political motives. The suspicion that it may have been politically motivated arises from the fact that the only political party whose MPs were not targeted was the extreme right party, AfD.

Read more: Russians hack home internet connections – here's how to protect yourself

What ‘mandatory reporting’ means in Australia

In 2018, after a long public debate, Australia introduced the Notifiable Data Breaches (NDB) scheme as an amendment to the Privacy Act. The NDB requires companies to notify the Office of the Information Commissioner (not the police), as well as any victims, if personal data they hold is compromised in a way that constitutes a serious breach of privacy.

This civil code provision is very weak due, in part, to the fact that it allows the firm or agency involved to self-assess the seriousness of the breach over a 30-day period before the obligation to notify kicks in.

It is also weak because there is a blanket exemption for law enforcement activities, and for the secrecy needs of the government. Australian cyber agencies, such as the Australian Signals Directorate and the Australian Centre for Cyber Security, appear to have zero obligation to tell either the police or victims that there has been been a hack or a data breach.

That means, if Australian cyber agencies learned that a foreign government had hacked an Australian citizen, the victim may never be told. Or if family photos of an unclothed child were hacked from a family computer by a paedophile, the victim’s family might never know.

A right to know?

In many countries, cyber agencies do notify large corporations of certain hack attacks, regardless of the kind or scale. There are several motivations for this mostly voluntary practice. One is to help corporations realise the seriousness of state-sponsored espionage against them. Another is to help the cyber agency itself coordinate an investigation of the hack, and figure out what might have been lost.

That is not the same as the police investigating the crime.

In most countries, only police agencies are authorised to investigate crimes for the purposes of court prosecution. Few jurisdictions, if any, have formally clarified the ways in which police and courts may rely on information on cyber hacks collected by cyber agencies or security companies.

Read more: 30 years ago, the world's first cyberattack set the stage for modern cybersecurity challenges

Australia is yet to have a serious debate about cyber crime reporting, and its forensic complexities: who is responsible for what, and where the priorities should lie. It’s at least a decade overdue.

While recognising that some distinction will need to be made between petty and serious cyber crimes, such a debate should recognise the right of citizens to be informed by our cyber agencies when they have been assaulted in cyber space and, if possible, by whom.

Authors: Greg Austin, Professor UNSW Canberra Cyber, UNSW

Read more http://theconversation.com/should-cyber-officials-be-required-to-tell-victims-of-cyber-crimes-theyve-been-hacked-109510

Business News

How to Rent a Car for Uber in Melbourne: What Every New Driver Needs to Know

Starting out as an Uber driver in Melbourne is not as complicated as it sounds but getting the vehicle right is where most new drivers get stuck. Uber has strict requirements around vehicle age, condi...

Daily Bulletin - avatar Daily Bulletin

When Should You Speak to a Lawyer About a Legal Issue?

Legal issues can begin with a simple question, then become harder to manage once formal steps are involved. Many people wait until a matter feels urgent before seeking guidance, even though earlier ...

Daily Bulletin - avatar Daily Bulletin

The strategic rise of Bali as Australia’s next essential healthcare support hub

As Australian healthcare providers grapple with unprecedented operational bottlenecks, a new nearshore model is quietly transforming patient care delivery. Forward-thinking organisations,  including...

Daily Bulletin - avatar Daily Bulletin

Cost Savings and Benefits of Using Used Pallets in Logistics

In today’s competitive logistics and supply chain industry, businesses are constantly looking for ways to reduce operational costs without compromising efficiency and reliability. One of the most prac...

Daily Bulletin - avatar Daily Bulletin

How Fulfilment Services in Australia Help Businesses Scale Efficiently

The growth of e-commerce and modern retail has transformed customer expectations. Consumers now expect fast shipping, accurate order processing, and seamless delivery experiences regardless of where...

Daily Bulletin - avatar Daily Bulletin

Practical Ways Australian Workplaces Can Reduce Operating Costs

Reducing business costs doesn’t always mean cutting staff, shrinking services or making the workplace feel bare-bones. In many cases, the smarter savings are hiding in everyday operations: the light...

Daily Bulletin - avatar Daily Bulletin

Executive Recruitment Solutions That Help Organisations Secure Exceptional Leaders

Leadership has a direct impact on organisational performance, employee engagement, strategic growth, and long-term success. Businesses operating in increasingly competitive environments require experi...

Daily Bulletin - avatar Daily Bulletin

Why A WooCommerce Website Designer Matters For Online Growth

Running an online store today requires more than simply listing products and waiting for customers to arrive. Businesses need a website that is fast, reliable, easy to navigate, and designed to suppor...

Daily Bulletin - avatar Daily Bulletin

Turning Your Empty Tables into Revenue

The rise of AI demand tools in hospitality, the EatClub–CommBank partnership, and seven trends reshaping Australian dining  A growing number of Australian venues are turning to AI-powered demand mana...

Daily Bulletin - avatar Daily Bulletin

The Daily Magazine

DIY Rodent Control Vs Professional Help: When Is It Time To Call The Experts?

Rodents are one of the most frustrating pest problems for Australian property owners. Rats and mic...

Lighting Shop in Perth: How The Right Lighting Can Transform Your Home And Business

The right lighting can completely change the look, feel, and functionality of any space. Whether it ...

Traffic Light System Solutions For Safer And More Efficient Traffic Management

Modern cities and growing communities rely heavily on effective traffic management to ensure safety...

Gold Migration Lawyers in Liquidation: How the Closure Affects Your ART Appeal

If your appeal was with Gold Migration Lawyers, a recent change to how the Tribunal decides cases ...

The pressure cooker: life in urban Australia in 2026

Australian cities have always been demanding. Long commutes, rising housing costs, busy schedules a...

What Actually Makes a Good Criminal Lawyer in Melbourne

Most people only think about this question once. That is usually too late. Most people charged wi...

Why Working With A Chatswood Tutor Can Improve Academic Performance

Academic expectations continue increasing for students across primary school, high school, and senio...

Is It Worth Getting Solar Panels in Melbourne?

The real question is not whether solar works in Melbourne. It works. The question is what it is co...

How A Diploma Of Project Management Builds Practical Skills For Modern Work Environments

Developing the ability to plan, execute, and deliver outcomes efficiently is a key requirement in to...