JLab/ZDNETFollow ZDNET: Add us as a preferred source More

Sabrina Ortiz/ZDNETZDNET’s key takeawaysThe latest Nebula Capsule 3 Pocket Projector is ideal for people who want to take the cinema experience on the go while reaping the software benefits of Google TV. Despite its small form factor, the Capsule 3 delivers top-quality visuals and sound.On battery power, the projector will run for about 2.5 hours, which may be too short for some users.I’ve always preferred watching my favorite movies and shows on a big screen; the immersion and engulfing experience is bar none. However, this experience is typically limited to the movie theater due to space constraints in places like my home. The latest Nebula Capsule 3 More

The UK Government Communications Headquarters (GCHQ) used bulk interception to unlawfully breach citizens’ privacy and free expression rights, Europe’s highest human rights court has ruled. The ruling is the culmination of three lawsuits that had accused the GCHQ’s bulk interception regime of being incompatible with the right for people to have privacy, which arose in 2013 following revelations from Edward Snowden that the GCHQ was running a bulk interception operation to tap into and store huge volumes of data, which included people’s private communications. In addition to wrapping up those three lawsuits, the landmark judgment also marks the first ruling on UK mass surveillance since Snowden’s revelations. Bulk interception is the process of targeting and collecting communications from targeted bearers through simple selectors, such as an email address. Any communications which match the simple selectors are collected from that bulk interception process, with those that do not match the simple selectors being automatically discarded.  According to the Grand Chamber of the European Court of Human Rights, the bulk interception regime contained “fundamental deficiencies”, such as lacking independent authorisation as bulk interception was approved by UK’s secretary of state; the GCHQ did not have to include categories of search terms defining what communications they would examine when applying for a search warrant; and search terms linked to an individual did not require prior internal authorisation to be used. As such, the Grand Chamber found the regime did not contain sufficient “end-to-end” safeguards and was incompatible with the right to privacy. With the decision, the Grand Chamber has ordered for bulk surveillance in the UK and across Europe to now require independent authorisation from the outset, which checks for adequate end-to-end safeguards, from the initial collection of data to the selection of items for storage.

The court has also ordered for all bulk interception operations to be subject to supervision and independent ex post facto review, as well as assessments at “each stage of the process” of the necessity and proportionality of the measures being taken. While the court concluded that there was considerable potential for bulk interception, in its current form, to be abused, it disagreed with the applicants’ claim that bulk interception should be banned altogether. Instead, it accepted the UK’s government’s claim that bulk interception is of vital importance in helping states for identifying threats to national security, a claim that was backed by the French, Dutch, and Norwegian governments in third party submissions. In a dissenting opinion, Judge Pinto de Alburquerque said non-targeted bulk interception should be scrapped as it could target anyone as a potential suspect. “Admitting non-targeted bulk interception involves a fundamental change in how we view crime prevention and investigation and intelligence gathering in Europe, from targeting a suspect who can be identified to treating everyone as a potential suspect, whose data must be stored, analysed, and profiled,” he said. “A society built upon such foundations is more akin to a police state than to a democratic society. This would be the opposite of what the founding fathers wanted for Europe when they signed the Convention in 1950.” Big Brother Watch director Silkie Carlo said the judgment confirmed that the UK has been mass spying citizens for decades and vindicated Snowden’s whistleblowing.  “Mass surveillance damages democracies under the cloak of defending them, and we welcome the Court’s acknowledgement of this. As one judge put it, we are at great risk of living in an electronic ‘Big Brother’ in Europe,”  he said. Liberty lawyer, Megan Goulding, who represented the applicants of the lawsuit, called the judgment a victory as it recognises that governments have to respect the right to privacy and freedom of expression. “Bulk surveillance powers allow the State to collect data that can reveal a huge amount about any one of us — from our political views to our sexual orientation. These mass surveillance powers do not make us safer,” Goulding said. “Our right to privacy protects all of us. Today’s decision takes us another step closer to scrapping these dangerous, oppressive surveillance powers, and ensuring our rights are protected.” Related Coverage More

<!–> Jonathan Raa/NurPhoto via Getty Images If you’ve opened your Facebook settings lately, you may have seen a new “Link History” option. This is a library that saves all the links users click on. Meta, Facebook’s parent company, is touting this new setting as a “feature” so users never lose a link again, but it […] More

Image: Asha Barbaschow/ZDNet
Newly appointed Minister for Home Affairs Karen Andrews has singled out cyber as a priority in her portfolio, using Australia’s Critical Infrastructure reforms as an example of how the government has worked to protect the nation.”I have elevated cyber to big priority in the portfolio,” Andrews said, speaking as part of the CEDA State of the Nation 2021 conference on Thursday. The reforms, by way of the Security Legislation Amendment (Critical Infrastructure) Bill 2020, would allow, among other things, the government to provide “assistance” to entities in response to significant cyber attacks on Australian systems. Tech giants operating in Australia, such as Amazon Web Services, Cisco, Microsoft, and Salesforce, have all taken issue with these “last resort” powers.  “The Critical Infrastructure legislation is particularly important to us, and I think that what it demonstrates is people’s perception of what is critical infrastructure, which is way beyond the physical bricks and mortar, is crucial to us,” Andrews said. The Bill brings in the likes of communications, financial services, data storage and processing, higher education and research, energy, food and grocery, healthcare and medical, space technology, transport, and water and sewerage sectors to the definition of critical infrastructure.”We do know that there is an increasing threat of cyber attack here in Australia, ransomware, these are significant issues for us. It is also important that we recognise that many businesses who either have been subject to a ransomware attack or are likely to be subject to a ransomware attack are not necessarily going to be forthcoming in providing that information,” Andrews continued. “If we don’t have the information going through to the Australian Signals Directorate that enables them to come in and provide a level of support, then it means that we can’t assist in trying to re-establish some of the connections that are there to try and assist with recovering the data. It also means that we’re not getting the intelligence that we need that will lead to a more cybersecure environment for us here in Australia.”

Andrews said the legislation needs to “be progressed as a matter of urgency”.”That is what my plan is,” she added. “I think it actually provides significantly more protections than it does introduce risks.”Speaking alongside Andrews was Michelle Price, CEO of AustCyber, the organisation charged with growing a local cybersecurity ecosystem. She touted the legislation as “one piece of a very large patchwork of things” that need to be undertaken.”People are celebrating that this legislation is occurring, principally because it does level the playing field across industries,” she said. Of importance to Price, however, is that education on the Bill’s purpose and consequences should occur.”We need to make sure that that education spreads out, this is where the value chain comes into it, those trusted information-sharing networks that occur organically, as well as in an orchestrated way, to make sure that everyone is aware of this legislation,” she added.”I think that the government has done a good job of learning some lessons from the encryption legislation and has done extensive consultation of this legislation in spite of the comparatively short period of time that it has been running through, compared to other areas like the Telecommunication Sector Security Reforms and the Notifiable Data Breaches scheme … [that] have taken a lot longer than the critical infrastructure amendments.”The Senate this week passed two Bills that were not particularly given long consultation periods, either. The Online Safety Bill 2021 was waved through on Wednesday night with amendments. Among other things, the new Act extends the eSafety Commissioner’s cyber takedown function to adults, giving the power to issue takedown notices directly to the services hosting the content and end users responsible for the abusive content.The Bill was introduced to Parliament on February 24, eight business days after consultation on the draft legislation closed and before the 400-something submissions to the consultation were published. It was handed to a Senate committee on February 25 and after holding one public hearing, the committee scrutinising its contents handed down its report.Debating the Bill last week, Australian Greens co-deputy leader Senator Nick McKim said the government “[rammed] these Bills through this Parliament without adequate consideration and without adequate scrutiny”.He was unsuccessful with his request for the Bill to be repealed and re-written and upon receiving Royal Assent, eSafety will be nutting out the specifications of how the new scheme will be run six months thereafter.Also passed this week was the Telecommunications Legislation Amendment (International Production Orders) Bill 2020.The IPO Bill paves the way for Australia to share communications data with other countries. It allows Australia to obtain a proposed bilateral agreement with the United States, in the first instance, under its Clarifying Lawful Overseas Use of Data Act (CLOUD Act).The Bill passed both houses, incorporating amendments from recommendations made by the Parliamentary Joint Committee on Intelligence and Security (PJCIS) last month.The federal opposition on Monday introduced yet another security-related Bill to Parliament that, if passed, would require organisations to inform the Australian Cyber Security Centre (ACSC) before a payment is made to a criminal organisation in response to a ransomware attack. The Ransomware Payments Bill 2021 was introduced in the House of Representatives by Shadow Assistant Minister for Cyber Security Tim Watts, who took the opportunity to say the government’s current position of telling businesses to defend themselves by “locking their doors to cyber-criminal gangs” was “not good enough”.Responding to the proposed Bill, Andrews said she was open to exploring it.”From the government’s perspective, we actually would like businesses to reach out, particularly to ACSC, in the event that they have a ransomware attack or they have other threats,” she said.”[ACSC] is very well placed to be able to support them, but they rely on, in many instances, on businesses reporting or contacting them directly.”I’ve already had some discussions about mandatory reporting of ransomware attacks and my view at this stage is that there are a range of views about that — it’s very mixed in the response — what I want to do over the coming weeks is explore that much more fully.”Andrew said she wants the ACSC to be armed with the opportunity to support businesses that have been the subject of ransomware attacks, but that awareness was also important.”What I don’t want to do is end up with the cart before the horse effectively, and moving directly to the mandatory reporting of ransomware, where we haven’t gone through the process of raising awareness of cybersecurity, raising awareness of ransomware, making sure that we have in place all of the right mechanisms to support businesses,” she said.”So yes, I want to collect the intelligence, but I want to make sure that we’re doing this in a sensible and rational way.”But I’m open to exploring this. I am already exploring it.”RELATED COVERAGE More