Politics

But while American companies were being warned away from supposedly untrustworthy Chinese routers, foreign organisations would have been well advised to beware of American-made ones. A June 2010 report from the head of the NSA’s Access and Target Development department is shockingly explicit. The NSA routinely receives — or intercepts — routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.

The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some SIGINT tradecraft … is very hands-on (literally!).

Eventually, the implanted device connects back to the NSA. The report continues: In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network.

It is quite possible that Chinese firms are implanting surveillance mechanisms in their network devices. But the US is certainly doing the same — via redwolf.newsvine.com

The Department of Immigration and Border Protection (DIBP) has succeeded in having a member of the public remove a post from her Facebook wall that a spokesperson has said targeted a staff member within the department.

On Friday, in a series of Tweets from the Department of Immigration and Border Protection’s official Twitter account, the department asked Vanessa Powell, a teacher and a volunteer on community radio, to remove a Facebook post that “contains an offensive remark directed at a staff member” from a man named George Georgiadis — via redwolf.newsvine.com

There is no case, none, to limit debate about the performance of national leaders. The more powerful people are, the more important the presumption must be that less powerful people should be able to say exactly what they think of them.

That’s the Tony Abbott of 2012, addressing his friends at the Institute for Public Affairs. What a difference a couple of years makes.

New guidelines from the department of prime minister and cabinet threaten employees with discipline if they are critical or highly critical of the department, the minister or the prime minister on Facebook, Twitter, YouTube, Pinterest, Flickr, blogs, or anywhere much else.

Note that the policy applies to posts in a personal capacity — even those made anonymously — and that public servants are urged to dob in any colleagues they might recognise.

If an employee becomes aware of another employee who is engaging in conduct that may breach this policy, the edict explains, there is an expectation that the employee will report the conduct to the ­department.

Tim Wilson, then head of the IPA, was in the audience for Abbott’s freedom wars speech. Surely our self-proclaimed freedom commissioner will denounce measures muzzling public servants?

Not so much, no.

There is nothing inconsistent with free speech and having codes of conduct or policies as a condition of employment that require professional, respectful behaviour in their role and the public domain, Wilson told the Daily Telegraph.

Elsewhere, Wilson explicitly rejects the charge that he cares only about the rights of the most powerful. Free speech is for everyone, he says. But his support for the restrictions on employees illustrates that, by everyone, he means something more like everyone I know — via redwolf.newsvine.com

The Australian Federal Police (AFP), the Australian Securities Investment Commission (ASIC), and one unnamed agency have indicated to the government that they would likely seek to keep using powers in the Telecommunications Act to force ISPs to block websites.

In April 2013, following a bungle by ASIC that resulted in accidentally blocking customer access to 250,000 websites for at least two ISPs — when the agency was just seeking to block websites associated with investment fraud — it was revealed that three Commonwealth government agencies had been using Section 313 of the Telecommunications Act to compel ISPs to block customer access to websites on their behalf.

Following public backlash, and amid cries of censorship and criticism over the lack of transparency over the power, the then-Labor government promised to review the power, and improve the oversight and transparency of the process.

At the time, despite the controversy, it seems that internally, agencies had indicated to the government that they intended to continue using the power. A briefing document from a meeting convened by the Department of Communications in May 2013, and published online yesterday under Freedom of Information revealed that the three agencies the department had discovered to be using section 313 to block websites indicated their intention to use Section 313(3) in a similar way in the future.

The heavily redacted briefing document showed that the AFP had used the power 21 times between June 2011 and February 2013 to request ISPs to block websites listed on the Interpol worst of child abuse websites, and would continue to do so in the future.

The document also stated that the AFP may have also used the power to combat some spam and phishing sites. AFP deputy commissioner Michael Phelan said last year that this is not an efficient method of dealing with malware sites.

ASIC was also listed as intending to use the power again — via redwolf.newsvine.com

Riot police in Turkey have fired tear gas, rubber bullets and used water cannons on demonstrators in Istanbul and Ankara protesting against government plans to impose curbs on the internet.

Rights groups say the proposals, which were approved by parliament last week, amount to censorship and will increase government control of the internet.

Up to 2,000 protesters chanted government resign and all united against fascism at Istanbul’s Taksim Square, some of them hurling fireworks and stones at police.

Everywhere Taksim, everywhere resistance, they shouted, using the slogan of last June’s anti-government protests that first erupted in the square.

The demonstration was organised in protest at plans to impose curbs on the internet and over the graft scandal rocking the government.

It broke up after the police action without any immediate reports of injuries or arrests — via redwolf.newsvine.com

A teenager in Australia who thought he was doing a good deed by reporting a security vulnerability in a government website was reported to the police.

Joshua Rogers, a 16-year-old in the state of Victoria, found a basic security hole that allowed him to access a database containing sensitive information for about 600,000 public transport users who made purchases through the Metlink web site run by the Transport Department. It was the primary site for information about train, tram and bus timetables. The database contained the full names, addresses, home and mobile phone numbers, email addresses, dates of birth, and a nine-digit extract of credit card numbers used at the site, according to The Age newspaper in Melbourne.

Rogers says he contacted the site after Christmas to report the vulnerability but never got a response. After waiting two weeks, he contacted the newspaper to report the problem. When The Age called the Transportation Department for comment, it reported Rogers to the police.

It’s truly disappointing that a government agency has developed a website which has these sorts of flaws, Phil Kernick, of cyber security consultancy CQR, told the paper. So if this kid found it, he was probably not the first one. Someone else was probably able to find it too, which means that this information may already be out there.

The paper doesn’t say how Rogers accessed the database, but says he used a common vulnerability that exists in many web sites. It’s likely he used a SQL injection vulnerability, one of the most common ways to breach web sites and gain access to backend databases — via redwolf.newsvine.com

Technology media outlet Delimiter today revealed it would establish a free file-serving mirror of PDF documents published under Freedom of Information laws by the Attorney-General’s Department and relevant to the technology sector, in the wake of confirmation by the department that it has removed such documents from its website.

Under the Freedom of Information Act, all government departments and agencies covered by the legislation must provide a way for the public to access documents which any party has requested under the legislation. This means that if individuals make FoI requests of government organisations, that that information will eventually reach the public domain and be accessible to all.

Almost all Federal Government organisations — including some government business enterprises such as NBN Co — interpret the act to mean that they must publish documents released under the FoI act in a disclosure log on their website. The Attorney-General’s Department, which contains FoI oversight as part of its portfolio, has historically done this.

However, the department recently removed PDF documents relating to FoI requests from its website, forcing those seeking access to the documents to email or otherwise communicate with it directly. This has substantially reduced access to a number of sensitive documents — via redwolf.newsvine.com