Information Technology

A Berlin resident has been found guilty of threatening to bomb a hospital and attempting to blackmail the UK’s National Health Service (NHS) for £10 million in Bitcoin (BTC).

Emil Apreda, previously only identified as Emil A. due to German law, is a 33-year-old Italian and resident of Berlin, Germany, with a background in computing. 
On Friday, the presiding judge in the District Criminal Court of Berlin convicted Apreda and sentenced him to three years in prison.
Apreda was accused of sending emails to the NHS between April and June 2020, in which he threatened to detonate a bomb in an unspecified hospital in the United Kingdom unless he was paid £10 million ($14m) in cryptocurrency. 
Nigel Leary, Deputy Director of the UK’s National Crime Agency (NCA)’s National Cyber Crime Unit, said in a briefing on Thursday that his threats “escalated” over a period of six weeks. 
The first email was sent on April 25, during the first UK lockdown. The NHS was the first subject of the threats, with Apreda saying he would deposit an “explosive package” in a hospital unless his demands were met. The NCA was also sent the same email within hours. 
Apreda monitored world events and attempted to take advantage not only of the COVID-19 pandemic but also claimed he would plant explosives at Black Lives Matter protests. In addition, the intelligence agency says that Apreda threatened the safety of members of parliament around the time of the anniversary of the murder of Labour MP Jo Cox. 

Together, the NCA believes the threats were a “social engineering” attempt designed to “elicit the response he was after” — the cryptocurrency payment. The intelligence agency has no reason to suspect that Apreda had any access to explosive materials. 
The NHS did not respond to the blackmail attempts. 
Prosecutors said that the “attempted extortion” continued until his arrest in June, in which UK intelligence worked with overseas partners to obtain a warrant and force entry into the suspect’s home.  
Apreda’s trial began on December 11 in Germany. He has now been sentenced but has been released on bail until the decision has been ratified. 
The NCA took the threat seriously; Leary noting that at a time when the COVID-19 pandemic was entering full swing, there was a “deep and heightened vulnerability” in the medical system.
The investigation into the culprit required a “dynamic and significant response,” according to the agency. The potential risk was heightened as Apreda claimed he was part of “Combat 18,” and while not prescribed as a terrorist organization in the UK, is still a group with extremist, far-right leanings. 
Hospitals, by their nature, are open areas and during the first lockdown were one of the few areas in which there were mass gatherings of people. 
“We had to step in pretty quickly and make sure that everything that could be done, was done,” Leary commented, but added that “nothing should be done to deter people from seeking medical treatment.”
Apreda was not extradited but would have faced “similar” charges in the UK, according to the NCA.
In June, YouTuber Matthew Wain was jailed for 12 weeks after he recorded himself making a bomb threat and saying that he hoped NHS staff at Birmingham City Hospital “died of coronavirus.”
The footage was posted online in March. The 31-year-old later claimed he was dissatisfied with the treatment he had received at the hospital and that the online rant was nothing more than an “empty threat.” 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The number of malware strains coded in the Go programming language has seen a sharp increase of around 2,000% over the last few years, since 2017, cybersecurity firm Intezer said in a report published this week.
The company’s findings highlight and confirm a general trend in the malware ecosystem, where malware authors have slowly moved away from C and C++ to Go, a programming language developed and launched by Google in 2007.
Intezer: Go malware, now a daily occurrence
While the first Go-based malware was detected in 2012, it took, however, a few years for Golang to catch on with the malware scene.
“Before 2019, spotting malware written in Go was more a rare occurrence and during 2019 it became a daily occurrence,” Intezer said in its report.
But today, Golang (as it’s often also referred to instead of Go) has broken through and has been widely adopted.

techrepublic cheat sheet

It is used by nation-state hacking groups (also known as APTs), cybercrime operators, and even security teams alike, who often used it to create penetration-testing toolkits.
There are three main reasons why Golang has seen this sudden sharp rise in popularity. The first is that Go supports an easy process for cross-platform compilation. This allows malware developers to write code once and compile binaries from the same codebase for multiple platforms, allowing them to target Windows, Mac, and Linux from the same codebase, a versatility that they don’t usually have with many other programming languages.

The second reason is that Go-based binaries are still hard to analyze and reverse engineer by security researchers, which has kept detection rates for Go-based malware very low.
The third reason is related to Go’s support for working with network packets and requests. Intezer explains:
“Go has a very well-written networking stack that is easy to to work with. Go has become one of the programming languages for the cloud with many cloud-native applications written in it. For example, Docker, Kubernetes, InfluxDB, Traefik, Terraform, CockroachDB, Prometheus and Consul are all written in Go. This makes sense given that one of the reasons behind the creation of Go was to invent a better language that could be used to replace the internal C++ network services used by Google.”
Since malware strains usually tamper, assemble, or send/receive network packets all the time, Go provides malware devs with all the tools they need in one place, and it’s easy to see why many malware coders are abandoning C and C++ for it. These three reasons are why we saw more Golang malware in 2020 than ever before.
“Many of these malware [families] are botnets targeting Linux and IoT devices to either install crypto miners or enroll the infected machine into DDoS botnets. Also, ransomware has been written in Go and appears to become more common,” Intezer said.
Examples of some of the biggest and most prevalent Go-based threats seen in 2020 include the likes of (per category):
Nation-state APT malware:
Zebrocy – Russian state-sponsored group APT28 created a Go-based version of their Zebrocy malware last year.
WellMess – Russian state-sponsored group APT29 deployed new upgraded versions of their Go-based WellMess malware last year.
Godlike12 – A Chinese state-sponsored group deployed Go-based backdoors for attacks on the Tibetan community last year.
Go Loader – The China-linked Mustang Panda APT deployed a new Go-based loader last year for their attacks.
E-crime malware:
GOSH – The infamous Carbanak group deployed a new RAT named GOSH written in Go last August.
Glupteba – New versions of the Glupteba loader were seen in 2020, more advanced than ever.
A new RAT targeting Linux servers running Oracle WebLogic was seen by Bitdefender.
CryptoStealer.Go – New and improved versions of the CryptoStealer.Go malware were seen in 2020. This malware targets cryptocurrency wallets and browser passwords.
Also, during 2020, a clipboard stealer written in Go was found.
New ransomware strains written in Go:
Naturally, in light of its recent discoveries, Intezer, along with others, expect Golang usage to continue to rise in the coming years and join C, C++, and Python, as a preferred programming language for coding malware going forward. More

An Oxford University lab conducting research into the coronavirus pandemic has been compromised by cyberattackers. 

Oxford University, one of the most prominent educational institutions in the UK, was made aware of the security breach on Thursday. 
The university confirmed that a security incident took place at the Division of Structural Biology lab, also known as “Strubi,” after Forbes disclosed that hackers were boasting of access to the school’s systems. 
Strubi’s labs are used by students studying molecular and biological science, and during the COVID-19 pandemic, the Oxford team has been researching the virus itself and examining vaccine candidates. 
The school’s latest publications include work on RNA strands and viruses, as well as antiviral agents. However, the group has not been directly involved in the development of the Oxford University-AstraZeneca vaccine. 
According to Forbes and Hold Security, the lab’s “biochemical preparation machines” were compromised by the unknown attackers who boasted of their break-in to what appears to be lab equipment, pumps, and pressure tools in an attempt to sell access to their victim’s systems.
Timestamps of February 13 and 14, 2021, were noted in evidence provided to the publication. 

Oxford University has confirmed the security breach. However, in a statement, the university said there “has been no impact on any clinical research, as this is not conducted in the affected area.”
In addition, the cyberattackers do not appear to have compromised any system relating to patient data or records. 
“We are aware of an incident affecting Oxford University and are working to fully understand its impact,” an Oxford University spokesperson told Forbes. 
The UK’s GCHQ has been informed and the National Cyber Security Center (NCSC) will investigate the incident. 
This is not the first time a university may have been targeted with coronavirus or vaccine research in mind. In May 2020, the NCSC warned that threat actors from Russia, Iran, and China were targeting British universities and research hubs to steal research. 
The European Medicines Agency (EMA), unfortunately, was successfully attacked in December and the cyberattackers responsible then leaked stolen data relating to COVID-19 vaccines and medicines in January this year. 
In late 2020, Interpol warned of a wave of COVID-19 and flu vaccine-related cybercrimes. The law enforcement agency said that the worldwide pandemic had “triggered unprecedented opportunistic and predatory criminal behavior.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Neurodivergent workers bring pattern recognition and skills that are crucial to enterprises and cybersecurity.
I caught up with Craig Froelich, the chief information security officer at Bank of America, to talk about hiring neurodiverse workers and how they can benefit cybersecurity teams. Here are some of the highlights.

Neurodiversity is part of Bank of America’s hiring strategy. Froelich said:

Neuro-diverse people and neurodivergent people have been in our organization for a long time. Neurodiversity is one of those hidden diversity initiatives where there are lots of people who are neuro-diverse. They may be on the autism spectrum. They may have ADHD. They may have dyslexia. And for a long time, they may not necessarily have felt comfortable in being able to talk about that openly because of an associated stigma. So when we first started thinking about neurodiversity and the importance of neurodiversity in order to be able to help solve some of cybersecurity’s hardest problems, it was first about making sure that we had an open and honest, courageous conversation in the organization. From there, it was amazing all of the people that would talk about how they wanted to be able to help. And then it was about finding partners in the community, people who knew a lot more about this than I did, to be able to help us understand where to start and what to do.
I think the important thing to understand is it’s not a program. It is part of our hiring strategy. And so people who are neurodivergent, they’re either are part of our team already, or that we’re bringing into the organization, they go through the same hiring practices.

Neurodiversity’s role in cybersecurity. Froelich said neurodivergent people are adept at finding patterns. He said:

One of the great things that people who are neurodiverse can provide is an amazing ability to be able to think about pattern recognition, as an example. So, in cybersecurity, that’s roles like cryptography, it’s malware reverse engineering, it’s hunt team, where focus and intention and looking for details is really important. And people who are neurodiverse have a great aptitude for being able to do that when given all of the right conditions and the right support.

Neurodiversity brings business benefits. Froelich said:

I think there is absolutely a business benefit. In cybersecurity, there is, depending upon who you talk to, something on the order of about 3.5 million jobs that will be unfilled this year. And so it’s an imperative for us as an industry to be able to make sure that we’re bringing people to the table and that those people have to be able to come from all walks of life. If you’re thinking about how to be able to solve a hard problem, like defending an organization like Bank of America from different threats, you have to anticipate what those threat actors are going to do. And people who think differently are going to be able to help you do that. So the advantages are clear.

Environment matters. When managing neurodivergent people you have to think through the right environmental conditions — especially in a traditional office. Froelich said:

When you have neurodivergent people in your team, you have to think through, how do you make sure that they have the right environmental conditions? Something as simple as providing them with noise canceling headphones, or putting them in a place in the building, when we’re still in buildings, to be able to make sure that they’re not in a high traffic area, or that they have the right lighting. None of these are really expensive, and frankly none of them are really hard, but it’s amazing what you can do when you open up and ask them what it takes for them to be able to focus at what they come up with and what they will help to deliver.

The COVID-19 pandemic has made it easier to tailor the environment to neurodiverse workers. Froelich said:

When they went from the office to working at home, it was actually very easy for them. In fact, probably even easier for them than it was for folks like me. So their ability to stay focused and focused on the outcomes and the details has been a real benefit for us through what we’ve been dealing with as this national human tragedy or global tragedy related to the pandemic.

Neurodiversity meets machine learning. Froelich said that matching neurodivergent workers with machine learning models has been successful. He said:

I mentioned cryptography or malware reverse engineering, hunting. If you take hunting as an example, you’re talking about lots and lots of data. You’re looking at logs, you’re looking at different anomalies, and the models will help to be able to surface things, but any good security team at a reasonably sized organization is going to be most likely inundated with different alerts. They’re going to have a lot of information that the models will end up spitting out, but you still need to be able to process. People who are neurodivergent have an ability to be able to pick through all of that information at a more efficient rate and in a better way to give you that type of information that needs to be risen to the surface so that you can action it faster.

Building a team with neurodiverse people. Froelich said:

This is a journey for us as it is, I think, for most companies. What I would tell you today is that, one, you shouldn’t think of neurodiversity as a bolt-on to your hiring strategies and the way you design your organizations. It needs to be part and parcel of everything that you do. So there’s certainly certain jobs that neurodivergent people are maybe better at. For example, a lot of neurodiverse people may not necessarily feel comfortable in being able to face off to a business to be able to architect a security solution, because that requires human to human communication. But while that may not necessarily be the right place, you take AI as an example, making sure that they’re paired with people who understand how to be able to interact with people who are neurodiverse.
Whether it’s the manager or the people on the team, making sure that they have the right training to say, “What are the types of questions that we should be asking and how should those questions be framed so that somebody who’s on the team that may need extra support, like somebody who’s neurodivergent, has the ability to be able to do that?” What’s been really interesting is that just by making sure that we are being more expressive, more direct, more clear, more straightforward in our language, not just in the way that we manage the teams, but also in the way that we hire, our job specifications, it’s not only made us better in dealing with people who are neurodivergent, but also it’s made us better overall.

Getting started. Froelich said that there are community groups that are a big help for enterprises looking to hire more neurodiverse people. One group, Neurodiversity in the Workplace, has been key to Bank of America. Some advice for enterprises looking to hire more neurodiverse employees:

I think there’s probably three things. The first is, start. This is an untapped market for the most part and starting is really the first part. Two, when you go to start, make sure you bring some partners with you. You don’t have to learn by yourself. You can learn as you go, like we are, but you can bring partners along like the one I mentioned earlier, Neurodiversity In The Workplace, and they can give you a jump start into it. And the third is, don’t think of this as a bolt-on. Don’t think of this as a program. Think of this as an entire way of you being able to work. And when you think of it as your hiring practices need to evolve, the way that you manage needs to evolve, it doesn’t just benefit you in terms of bringing new people that are neurodivergent to the table, but it actually helps the entire organization. 

Workplace diversity More

Microsoft is open-sourcing the CodeQL queries that it used to investigate the impact of Sunburst or Solarigate malware planted in the SolarWinds Orion software updates. Other organizations can use the queries to perform a similar analysis. 
Microsoft released the queries as part of its response to the attack on SolarWinds Orion network monitoring software, which was used to selectively compromise nine US federal agencies and 100 private sector firms, many of which were from the tech sector. 

Suspected Russian government-backed hackers compromised SolarWinds’ build system in early 2020 to pull off the supply chain attack discovered by Microsoft and FireEye — a feat that Microsoft estimated took at least 1,000 engineers.
SEE: Windows 10 Start menu hacks (TechRepublic Premium)
“A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product,” the Microsoft security team said in a blogpost. 
“These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, such as credential theft, privilege escalation, and lateral movement, to steal sensitive information. The incident has reminded organizations to reflect not just on their readiness to respond to sophisticated attacks, but also the resilience of their own codebases.”
Microsoft used CodeQL queries to analyze its source code and confirm there were no indicators of compromise (IoCs) and coding patterns associated with Solorigate aka Sunburst malware in its source code. 

Microsoft earlier this month admitted the SolarWinds hackers downloaded some Azure, Exchange, and Intune source code in what appeared to be a limited attack. It and FireEye were compromised by the tainted Orion update.
Static and dynamic code analysis are part of the defense line-up that organizations can use to detect a software-based attack.  
Microsoft warns that findings from the queries will need to be reviewed because indicators “can occur coincidentally in benign code.”
It added: “Additionally, there is no guarantee that the malicious actor is constrained to the same functionality or coding style in other operations, so these queries may not detect other implants that deviate significantly from the tactics seen in the Solorigate implant.”
SEE: Windows 10: Microsoft makes more tweaks to the touch keyboard
The company also shared some of its security philosophy. 
“Microsoft has long had integrity controls in place to verify that the final compiled binaries distributed to our servers and to our customers have not been maliciously modified at any point in the development and release cycle. For example, we verify that the source file hashes generated by the compiler match the original source files. Still, at Microsoft, we live by the “assume breach” philosophy, which tells us that regardless of how diligent and expansive our security practices are, potential adversaries can be equally as clever and resourced.”
SolarWinds build processes were nor the only weak point the attackers exploited. At a US Senate hearing this week, CrowdStrike CEO George Kurtz critiqued Microsoft for “systemic weaknesses in the Windows authentication architecture”, referring to Active Directory and Azure Active Directory, Reuters reported. These allowed the attackers to move laterally once compromising a network. CrowdStrike was targeted during the attack but said in December that is “suffered no impact”.
Mike Hanley, the newly appointed chief security officer (CSO) of Microsoft-owned GitHub, said CodeQL provides, “key guardrails that help developers avoid incidents and shipping vulnerabilities”.  More

Cyber-criminal hacking operations are now so skilled that nation-states are using them to carry out attacks in an attempt to keep their own involvement hidden.
A report by cybersecurity researchers at BlackBerry warns that the emergence of sophisticated cybercrime-as-a-service schemes means that nation states increasingly have the option of working with groups that can carry out attacks for them.

More on privacy

This cyber-criminal operation provides malicious hacking operations, such as phishing, malware or breaching networks, and gets paid for their actions, while the nation state that ordered the operation receives the information or access it requires.
SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic) 
It also comes with the added bonus that because the attack was conducted by cyber criminals who use their own infrastructure and techniques, it’s difficult to link the activity back to the nation state that ordered the operation.
“The emergence, sophistication, and anonymity of crimeware-as-a-service means that nation states can mask their efforts behind third-party contractors and an almost impenetrable wall of plausible deniability,” warns the BlackBery 2021 Threat Report.
Researchers point to the existence of extensive hacking operations like Bahamut as an example of how sophisticated cyber-criminal campaigns have become.

Originally detailed by BlackBerry last year, Bahamut uses uses phishing, social engineering, malicious apps, custom malware and zero-day attacks in campaigns targeting governments, private industry and individuals around the world – and had been doing so for years before being uncovered.
Researchers note how “the profiles and geography of their victims are far too diverse to be aligned with a single bad actor’s interests”, suggesting that Bahamut is performing operations for different clients, keeping an eye out for jobs that would make them the most money – and when it comes to funding, certain nation states have the most money to spend on conducting campaigns.
Not only does the client nation state end up gaining the access they require to hacked networks or sensitive information, it allows it to be done with a reduced chance of it being linked back to the nation state – meaning that it will potentially avoid consequences or condemnation for conducting attacks.
“Threat actor identification can be challenging for threat researchers due to several factors, such as overlapping infrastructure, disparate targeting, and unusual tactics. This is especially true when only part of a campaign is outsourced,” said the report.
SEE: Phishing: These are the most common techniques used to attack your PC
Bahamut has continued to be active since its initial disclosure last year, with campaigns targeting government agencies linked to foreign affairs and defence across the Middle East. The group has also been conducting campaigns against targets in South Asia, with a particular focus on smartphone attacks.
While protecting networks from determined cyber attackers can be difficult, there are cybersecurity practices that organisations can apply in order help keep intrusions out, such as only providing remote access to sensitive information to those who absolutely need it and constantly examining the network for unusual activity that would be classed as suspicious.
MORE ON CYBERSECURITY More

TikTok has agreed to pay a proposed $92 million to settle a class-action lawsuit alleging the company invaded user privacy.  

The settlement, if approved, would lay to rest claims that the video content-sharing app, owned by Beijing-headquartered ByteDance, wrongfully collected the private and biometric data of users including teenagers and minors. 
The class-action lawsuit originated from 21 separate class-action lawsuits filed in California and Illinois last year. 
If accepted, the settlement — filed in the US District Court for the Northern District of Illinois — would require the creation of a compensation fund for TikTok users. In addition, TikTok would be required to launch a new “privacy compliance” training program and would need to take further measures to protect user data. 
According to the proposed settlement (via NPR), TikTok was accused of using a “complex system of artificial intelligence (AI)” to recognize facial features in user videos, as well as to recommend stickers and filters. Algorithms are also cited as a means to identify a user’s age, gender, and ethnicity. 
The lawsuit also alleged that user data was sent to China, and shared with third-parties, without consent. 
TikTok has denied any wrongdoing. However, in a statement, the social media giant said:

“While we disagree with the assertions, rather than go through lengthy litigation, we’d like to focus our efforts on building a safe and joyful experience for the TikTok community.”

TikTok announced tighter controls for young users in January, including default privacy settings and restricting Duet and Stitch to users aged 16 and over. 
A judge is required to approve the $92 million settlement. Under the terms of the deal, it is possible that class members in Illinois could receive a larger share as the only US state that has laws in place to allow residents to seek compensation when their biometric data is collected or used without consent through the Illinois Biometric Information Privacy Act (BIPA).
“Biometric information is among the most sensitive of private information because it’s unique and it’s permanent,” commented co-lead counsel Beth Fegan. “Users’ data follows them everywhere, and potentially for a lifetime. It’s critical that their privacy and identity is protected by stalwart governance to guard against underhanded attempts at theft.”
FeganScott and Carlson Lynch LLP are among the legal firms involved in the class-action lawsuit. 
Last year, Facebook agreed to pay $550 million to settle BIPA violation claims in Illinois. Complainants argued that the company’s “Tag Suggestions” feature scraped and stored biometric markers without the consent of users. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The Attorney-General has been asked by Australia’s COVID-19 Senate Select Committee to produce documentation pertaining to legal advice received on the COVIDSafe app’s Bill — the Privacy Amendment (Public Health Contact Information) Bill 2020 — in relation to the United States Clarifying Lawful Overseas Use of Data Act (CLOUD Act).
Amazon Web Services (AWS) was handed the data storage contract for Australia’s COVID-19 contact tracing app in April. With AWS headquartered in the United States, concerns over the security of the data had been raised, with fears the data could be accessed by US law enforcement.
The committee has, since May, been seeking access to the legal advice provided to the Attorney-General’s Department (AGD) on the matter. So far, the committee has not been convinced that the public interest immunity claims made by the department were sufficient to exempt it from producing such documentation.
The committee sought the AGD’s assurance that the data collected by COVIDSafe could not be accessed by a US law enforcement agency under the provisions of the CLOUD Act.
See also: New Bill to prepare Australian law enforcement for the US CLOUD Act
While AGD confirmed it had received legal advice on the interaction of the two laws, it would not discuss the content of that advice on the basis of legal professional privilege. The committee then received a letter from AGD, further refusing to provide the information.
In a rebuttal, the committee has said it emphasised the importance of receiving the information.

“The legal advice is significant evidence to the committee’s inquiry,” it wrote [PDF].
“Serious concerns have been raised by the technology industry and peak legal bodies in relation to the safety of COVIDSafe data, which require scrutiny.”
The committee said the provision of the legal advice would permit it to independently assess whether the CLOUD Act could allow US authorities to compel AWS to hand over COVIDSafe data under a warrant.
As a result, the committee has asked AGD, no later than 12:00pm on 17 March 2021, to produce an unredacted copy of the legal advice that the department received regarding the interaction of the Privacy Amendment (Public Health Contact Information) Bill with the United States’ CLOUD Act.
“In the event that the Attorney-General fails to provide the unredacted document, the Senate requires that the Minister representing the Attorney-General attend the Senate at the conclusion of question time on 17 March 2021 to provide an explanation, of no more than 10 minutes, of the Minister’s failure to provide the document,” it wrote.
The Second interim report: Public interest immunity claims document detailed further claims of public interest immunity received during the course of its COVID-19 hearings.
This comprised of two claims made on behalf of the Minister for Health by Senator Michaelia Cash, then-Minister who represented the Minister for Health in the Senate; two claims made on behalf of the treasurer, one by former Senator Mathias Cormann and one by Senator Simon Birmingham; a claim made by Senator Richard Colbeck, then-Minister for Aged Care and Senior Australians; and a claim made by Minister for Families and Social Services Anne Ruston.
“The committee has resolved not to accept these claims on the grounds provided,” it wrote.
“Taken together, these claims have compromised the committee’s ability to scrutinise government decisions with a profound impact on lives of Australians.”
It said it was concerned the claims reflect a pattern of conduct in which the government has “wilfully obstructed access to information that is crucial for the committee’s inquiry”.
“The committee believes the government’s repeated misuse of public interest immunity claims as a basis for withholding key information from the committee is at best lazy and at worst a deliberate abuse of the public interest immunity process. Such an approach undermines the Senate and cannot be left to go on unchallenged,” the report states.
“If we do not stand up for the Senate’s powers and reject this government’s secretive agenda designed simply to protect the executive, then the Senate will become a toothless tiger that gets spoon fed only the information that the government wants to feed it. That is not how our system is meant to operate.”
RELATED COVERAGE More