Digital Governance Quarterly Roundup – May 2022 | #datingscams | #russianliovescams | #lovescams

Welcome to the second issue of our quarterly Digital Governance newsletter coming to you during Privacy Awareness Week!

We have included some resources on privacy, as well as our usual roundup of recent digital governance news* and developments in Australia and around the world:

PRIVACY AWARENESS WEEK

According to a survey completed by the OAIC in 2020, 70% of us see the protection of our personal information as a major concern, 87% of us want more control over our personal information and 84% of us consider privacy an extremely important factor when choosing a digital service.

So what can you do to protect your privacy?

1. Password protection. Ensure that you regularly update your password. Use a strong passphrase that is long, complex and unpredictable. Do not store a copy of your passwords in your email and do not re-use the same password across various websites and apps.
2. Use multi-factor authentication. Having two-step authentication set up when you login to a website or app will make hacking more difficult, ensuring an extra line of defence when it comes to protecting your personal information.
3. Update your security software. Keep your operating system, software and apps security up to date. This will protect you from malware, adware and spyware and ensure your data is more easily recoverable if necessary.
4. Always check why, how, and who you are sharing your personal information with. If you are dealing with a business, a privacy policy is always a good place to start.
5. Jane Horvath (Chief Privacy Officer of Apple) recommends practising “privacy hygiene” by reviewing and updating privacy settings. Check your privacy settings every month, such as the permissions you grant apps (including location and microphone) to determine whether or not you are content with the access you have enabled.
6. If you or your business’ data is breached, know how to act and act quickly. Depending on the type of data breach you should consider reporting the data breach to the Office of the Australian Information Commissioner, the Australian Cyber Security Commission, your Insurer or the Police.
7. Keep yourself informed. Attending staff training and educating yourself about the kinds of phishing scams and the causes of data breaches will further your privacy hygiene. Human error is one of the most common causes of data breaches.

Here are some resources to understand your privacy and your rights:

AUSTRALIA

OAIC Notifiable Data Breach Report

The July to December 2021 OAIC Notifiable Data Breach Report is now available. This half-yearly report is the key metric to measure the number of notifiable data breaches in Australia. Human error continues to be the major source of data breaches, accounting for 41% of notifications to the OAIC. Data breach notifications have gone up by 6%, with malicious or criminal attacks being the primary source, followed by human error and system default. The top industry sectors to notify data breaches were health service providers, finance, legal, accounting and management services.

Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022

The Bill amends the geographical jurisdiction provision for computer offences; introduces standalone offences for extortive conduct associated with ransomware and dealing with data obtained by unauthorised access or modification; introduces aggravated offences relating to cyberattacks on critical infrastructure assets and producing, supplying or obtaining data under arrangement for payment; and increases maximum penalties for certain other computer offences. The Bill ensures that existing information gathering powers and freezing orders in relation to financial institutions can also be exercised in relation to digital currency exchanges and ensures that law enforcement agencies can seize digital assets (including cryptocurrency) discovered during the execution of a warrant and suspected to be proceeds of crime.

Australia’s National Plan to Combat Cybercrime

Home Affairs released the National Plan to combat cybercrime on 21 March 2022. The Plan focuses on three pillars – Prevent and Protect; Investigate, Disrupt and Prosecute; and Recover. The next phase of the plan will involve the establishment of a National Cybercrime Forum to develop a roadmap for the nation.

Reform of Australia’s electronic surveillance framework discussion paper

The Department of Home Affairs has now closed its public submissions for its reform of Australia’s electronic surveillance framework discussion paper. We await the DHA reviews of Australia’s electronic surveillance framework.

Increase of 45% in all types of scams reported to ACCC in January

Australians have lost more than $34 million to scams with the top five being investment, dating and romance, false billing, remote access and online shopping. The main delivery methods identified are social networking, phone, mobile applications, email, internet and text messages. Those most affected have been the age group over 65, with the highest number of reports and suffering the most money lost.

GLOBAL

Data on account holders of Credit Suisse holding more than $100B leaked

More than 18,000 bank accounts holding more than $100 billion was leaked to a German newspaper (Süddeutsche Zeitung) by a Whistleblower. The data leak included personal, shared and corporate accounts, including accounts opened in the 1940s. It is alleged that the accounts had been used by clients involved in serious crimes such as money laundering or drug trafficking, with the Whistleblower claiming, “Swiss banking secrecy laws are immoral” and “the pretext of protecting financial privacy is merely a fig leaf covering the shameful role of Swiss banks as collaborators of tax evaders”. Credit Suisse strongly denies involvement in such allegations that it claims are a concerted effort to discredit the bank, noting that approximately 90% of the reviewed accounts were closed or in the process of being closed.

Anonymous announced it is “officially in cyber war against the Russian Government”

Hacking collective, Anonymous announced on Twitter that it was “officially in cyber war against the Russian Government” on 24 February 2022. The Kremlin’s website went down and Russian TV channels were hacked to play Ukrainian songs following a string of reported cyberattacks.

The New Weapon of War: Australia expands cyber security training for Ukrainian officials

As the war between Russia and Ukraine enters the digital economy, Australia is providing Ukraine with cyber security advice in virtual training sessions alongside other western security services including America’s Cyber Command. As “war” shifts into new dimensions, cyber security has become a new weapon of war allowing the disablement of broadband connections, crucial parts of energy, transport and supply line infrastructure. Ukraine’s infrastructure minister argues not enough has been done to protect the Kremlin from shutting down power, mobile networks and internet networks as further invasions loom.

Toyota supplier cyberattack shuts down 14 automobile plants

A cyberattack on Toyota caused a one-day halt to production. The attack has prompted the Japanese Government to voice concern about small or mid-level companies, specifically sub-contractors to Toyota, not having sufficient cybersecurity measures in place.

NFT REGULATION

First NFT Seizure

“The UK’s tax regulator has seized three non-fungible tokens as part of a suspected case of value-added fraud worth 1.4M pounds, in its first ever domestic enforcement action of its kind”. The seizure comes as a result of an alleged web of 250 fake companies defrauding Her Majesty’s Revenue and Customs (HMRC). HRMC says the “first seizure of a non-fungible token serves as a warning to anyone who thinks they can use cryptoassets to hide from HMRC”.

NFT’s – revolutionary product or new litigation frontier?

NFTs are said to be the ‘second wave’ of crypto-assets, but like anything, where there is value there is the potential for disputes, litigation and fraud. This article by Toby Blyth, Katherine Jones and Jessica Yazbek identifies four key areas to be on the watch for NFTs – wash trading, money laundering, insider trading, and brand infringement. 

CRYPTOCURRENCIES

APRA guidance on crypto-assets

The financial services industry has been urged to consult with regulators and supervisors before expanding into volatile crypto-assets, conduct comprehensive due diligence to understand the risks, and always tread warily. In the Australian Prudential Regulation Authority’s first formal guidance on the volatile asset class, chairman Wayne Byres set out an agenda to regulate the sector by 2025, warning that certain crypto-assets could present significant operational, investment and credit risks as exposures rise. “The operational risks are particularly important, and encompass fraud, cyber, conduct, anti-money laundering and technology risks,” Mr Byres said in a letter on Thursday 21 April to banks, super funds and insurers.

APRA plans to consult on requirements for the prudential treatment of crypto-asset exposures in Australia for ADIs, following the conclusion of the Basel Committee’s current consultation. The consultation in Australia is expected to be undertaken in 2023, and APRA will consider the need for initial prudential guidance in the interim.

ATO crackdown on crypto-assets

The ATO has indicated they intend to crackdown on the underreporting of cryptocurrencies which are the subject of capital gains tax – just like shares. Some individuals believe that cryptocurrencies are tax free, however, that is not the case and the ATO can track cryptocurrency where they interact with the ‘real world’.

Britain’s first regulatory framework for crypto-assets

The Bank of England has outlined Britain’s first regulatory framework for crypto-assets as the sector’s rapid growth could pose risks to financial stability if left unregulated. The possible change of laws would “require the expansion of the role of existing macro and micro prudential conduct, and market integrity regulators, and close co-ordination amongst them”, the BoE’s Financial Policy Committee said. “Ensuring innovation in crypto-assets is accompanied by effective public policy frameworks to maintain broader trust and integrity in the financial system”.

Singapore High Court crypto judgment: CLM v CLN & Ors [2022] SGHC 46

The decision addresses two interesting issues – can stolen cryptocurrency assets be the subject of a proprietary injunction? And, in the international landscape of the digital world, does the court have jurisdiction to grant interim orders against persons whose identities are presently unknown?

The ‘Bitcoin Family’ emigrates to Portugal for its 0% tax on cryptocurrencies

For something a little different, we note the retirement plans of one family of five known as the ‘Bitcoin Family’ who liquidated all they owned in 2017 to live a life on the road. After travelling the world for the last five years, the family has now settled down in Portugal – Europe’s ultimate crypto tax haven. Portugal is one of the last places in Europe with a 0% tax on bitcoin. As long as you do not earn cryptocurrency for providing services in Portugal, you are not subject to personal income taxes, including capital gains tax. No wonder the number of foreign residents in Portugal has increased by 40% in the last decade…