Chinese spies had MPs' emails for one year; US judge rules on data sovereignty


Tuesday, 29 April, 2014


Chinese spies had MPs' emails for one year; US judge rules on data sovereignty

Chinese spies that accessed Australia’s parliamentary computer network in 2011 may have had access to the system for as long as a year, not a single month as previously reported.

In March 2011 several media outlets reported that China was suspected of having access to an email system used by federal MPs and their staff for more than one month.

Citing anonymous sources, the Financial Review (FR) yesterday reported that the suspected Chinese spies may have in fact been inside the system for as long as a year, and had access to documents and emails revealing political, professional and social links across the political world.

According to the FR, Australian intelligence concluded "absolutely" that Chinese intelligence was responsible for the breach.

The sources said Chinese agencies obtained remote system administrator access to the Parliament’s computer network.

“They had access to everything,” one source said.

China reportedly had access to all emails, contact databases and other documents stored on Parliament’s computers.

The network that was compromised is not used for secret communication. However, the paper said the information gathered could include sensitive discussions between ministers, information on political lobbying and embarrassing gossip about political figures.

The paper’s sources believe that China will use the information gathered to map relationships in Australian politics, including those of present and future leaders.

Independent senator Nick Xenophon has called for an urgent inquiry into the breach, labelling it a "national security scandal".

“What makes it more scandalous is the deafening silence from the government and the opposition,” FR quoted Xenophon as saying.

“This is extremely serious for MPs and senators who rely on the parliamentary systems to discuss confidential information, and I will be calling for an inquiry into this when Parliament resumes.”

He reportedly already has support for an inquiry from Democratic Labor Party senator John Madigan.

US judge orders Microsoft to hand over offshore data

A US judge has ruled that Microsoft must hand over email details to US authorities, even though that data is stored in another country.

According to The Register, “The judge’s reasoning is based on an efficiency argument: if Microsoft isn’t obliged to hand over the information the warrant seeks, the unnamed US law enforcers seeking the identity of (and other information about) the unnamed target of the warrant would have to coordinate with bodies in other countries (in this case, Ireland, since the data is held in Dublin)."

This would place a substantial burden on the US government and impede the efforts of US law enforcement, the judge argued.

Microsoft reportedly said that customer data outside America shouldn’t be subject to search and seizure by US authorities. The company is seeking a review of the decision.

“A US prosecutor cannot obtain a US warrant to search someone’s home located in another country, just as another country’s prosecutor cannot obtain a court order in her home country to conduct a search in the United States,” Reuters quoted Microsoft as saying. "We think the same rules should apply in the online world, but the government disagrees."

The ruling has ramifications for the oft-debated topic of data sovereignty.

Many US-based cloud storage and service providers offer their services to Australian customers. Some of these organisations hold the data of their Australian customers on Australian soil. This is in part an effort to allay local fears that US authorities could easily get their hands on the data, should they decide they have an interest in knowing about specific users or organisations, and compel the cloud providers to fork it over.

It seems this new ruling would remove a substantial amount of barriers between US authorities and the data of Australian users and organisations.

Australian users, organisations and US cloud providers will be watching this case with a close eye

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd