The Turnbull government’s recently announced $230 million Cyber Security Strategy is hypocrisy of the highest order. Hot on the heels of introducing mandatory metadata retention to spy on all of us, Turnbull now tells us he’s concerned about our security online – so concerned that he felt the need to use the word “cyber” 402 times in this 67-page document.
While the strategy is being pitched as a defensive plan to protect Australian businesses against cyber attacks, the devil is in the detail. It states, “Australia and its allies will work together internationally to promote norms of behaviour that are consistent with a free, open and secure Internet”.
Yet for years the “norms of behaviour” of the Australian government and its allies have been to weaken online security and use the internet as a tool to spy on citizens.
Whistleblower Edward Snowden revealed that Australia has been one of the ominous “Five Eyes”, working closely with the US National Security Agency (NSA) to create a “supra-national intelligence organisation”.
You can vote Liberal, or you can vote Labor, and you can be confident that when it comes to national security we read from the same song sheet.
– Bill Shorten
Snowden’s revelations have confirmed that the biggest threats to cyber security come from states including Australia and the United States. Turnbull, however, has a different interpretation, writing in his introduction to the document:
“As the Snowden revelations demonstrate, often the most damaging risk to government or business online security is … the ability of an insider to cause massive disruption to a network or obtain and distribute classified material.”
The classified material released by Snowden has exposed that the United States and its allies have created the largest and most complex system of state surveillance that has ever existed.
One of the NSA’s most invasive programs revealed was XKeyscore, a searchable database with millions of people’s emails, web browsing histories and more. This also allowed for real-time monitoring of almost any individual around the world while they used the internet, all without warrants. As Snowden told the Guardian in 2013: “I, sitting at my desk, [could] wiretap anyone, from you or your accountant, to a federal judge or even the president”.
The Australian government has not only participated in creating this global surveillance regime but also carries out its own surveillance in Australia and the region. In 2013, it was revealed that the Australian Signals Directorate had attempted to monitor the phone calls of the Indonesian president and several senior officials.
Australian spies disguised as aid workers also bugged the cabinet room of the East Timorese government to eavesdrop on its discussions of maritime border negotiations with Australia. More recently, the Australian Federal Police spied on several journalists who have exposed the appalling conditions of refugees in Australian-run detention centres.
One of the most revealing aspects of the strategy is its admission of the Australian government’s ability to carry out cyber attacks. As ABC political editor Chris Uhlman pointed out:
“There is one extraordinary admission in the plan. Buried on page 21, it says, ‘Australia’s defensive and offensive cyber capabilities enable us to deter and respond to the threat of cyber attack’ … The government is sending a message: it has the ability to launch cyber attacks of its own.”
On the one hand, Turnbull is telling us that Australia needs to be defended against cyber attacks, while on the other he admits that the Australian state can pre-emptively launch these same attacks against others. The pop culture myth that hackers are just teenagers living in their parents’ basements ignores that the most dangerous hackers and viruses come from the security apparatuses of nation states.
The most well-known example of this is the Stuxnet computer worm, which successfully targeted the Iranian Natanz nuclear facility in 2011. Widely seen as a joint US-Israeli attack, Stuxnet destroyed centrifuges in the nuclear facility by forcing them to spin out of control.
Ilias Chantzos, a senior director of security firm Symantec, told the Guardian in 2011:
“Before Stuxnet, the possibility to attack [a control system] using cyber was explored theoretically but was more seen as in the realm of cinema and creative science-fiction-thriller writing. Now it is a real-life scenario.”
This is a frightening future, yet the admissions in the Cyber Security Strategy show the Australian government is keen to be a part of it. However, little opposition is expected in parliament, as Labor leader Bill Shorten has expressed full support for Turnbull’s new plan.
“You can vote Liberal, or you can vote Labor, and you can be confident that when it comes to national security we read from the same song sheet”, he said.