18 April 2013

FOI and Victorian Premier's Office

In Office of the Premier v Herald and Weekly Times Pty Ltd [2013] VSCA 79 the Supreme Court of Victoria Court of Appeal has unanimously held that the electronic private diary of the Victorian Premier's Chief of Staff was an 'official document of a Minister' and was accordingly subject to legally enforceable  public rights of access under the Freedom of Information Act 1982 (Vic).

The Court found that a document 'relates to the affairs of an agency' if it bears a direct or indirect relationship to
  • the business and activities of an agency, or
  • the agency's area of governmental responsibility, or
  • arrangements between government departments or other agencies and external entities, including arrangements between agencies and Ministerial advisers from the Premier's Office. 
A delegate of the Premier had refused a request made by newspaper publisher Herald and Weekly Times to the Office of the Premier for access to the diary of Michael Kapel, Chief of Staff to then Premier Ted Ballieu.

A Vice-President of the Victorian Civil & Administrative Tribunal determined that the Premier's Office was incorrect at law to refuse access to the diary. The determination was that the diary was amenable to the request because it was an ‘official document of a Minister’, and as such was subject to a legally enforceable right of access under s 13(b) of the Act.

The Tribunal made orders setting aside the refusal and remitting the request to the Premier's Office for consideration in accordance with the Tribunal's finding. The Office responded with an application to the Court for leave to appeal. That application was heard at the same time as the appeal.

There was agreement that Kapel's diary was not 'a document of an agency’ and thus does not come within the ambit of s 13(a) of the Act, so that if it was to be subject to the state's FOI regime it must be 'an official document of a Minister', defined in s 5(1) of the Act as "a document in the possession of a Minister, or in the possession of the Minister concerned, as the case requires, that relates to the affairs of an agency, and, for the purposes of this interpretation, a Minister shall be deemed to be in possession of a document that has passed from his possession if he is entitled to access to the document and the document is not a document of an agency".

The Office had argued that for a document to be an ‘official document of a Minister’ there had to have been specific authorisation in some way by a Minister. The Office argued alternatively that before a document could be held to be a document ‘in the possession of a Minister’ (thus satisfying the first limb of the definition of ‘an official document of a Minister’) that document had to be in the possession of the Minister in his capacity as a person exercising ministerial functions. For a document to relate to the affairs of an agency, it was argued, it must have a direct connection to the affairs of an agency, ascertainable through assessing the character of a document by reference to the purpose for which it was generated, rather than its content.

The Tribunal indicated that "that Parliament intended to give members of the public access to information held by the Government and other public bodies; and that the legislation be interpreted so as to further this objective. A member of the public therefore has a right of access to information, unless the FOI Act expressly or by necessary implication, provides otherwise."

The Court concluded that
While the word ‘operations’ does not appear in the phrase there is nothing to preclude the ‘affairs of an agency’ from including its operations, but there is also nothing to support restricting those operations to internal operations. Indeed, the submission ultimately made by the OTP, that a document which relates to the ‘affairs of an agency’ must be one that ‘require[s] the document to relate to acts or actions being done by or within an agency’, to my mind, would extend to the external operations of an agency. In particular, the ‘affairs of an agency’ would include actions taken, including meetings arranged, between an officer of a government department, or other agency, and an external entity (regardless of whether the external entity was also an agency). Such an arrangement is an action taken by the agency. Arrangements made between, on the one hand, officers of a government department, or other agency, and, on the other hand, a ministerial adviser from an external entity, including the OTP, are included within the ‘affairs of an agency’. Documents that bear a direct or indirect relationship to those arrangements are thus included within the documents that ‘relate to the affairs of an agency’.
In summary, a document ‘relates to the affairs of an agency’, and thus falls within the second limb of the definition of an ‘official document of a Minister’, if it bears a direct or indirect relationship to the business and activities of an agency, or the agency’s area of governmental responsibility, or to arrangements between government departments or other agencies and external entities, including arrangements between agencies and Ministerial advisers from the Office of the Premier.
It can be inferred from the general character of the diary, as well as from its content, as described by the Tribunal, that it bears a direct or indirect relationship to arrangements made between officers of government departments, other agencies, and Mr Kapel as the Premier’s Chief of Staff. It follows that the diary satisfies the second limb of the definition of ‘an official document of a Minister’.
The application for leave to appeal was granted, with the Office having identified a question of law (the construction of the definition of ‘an official document of a Minister’) that is "a matter of general or public importance". The diary satisfies both limbs of the definition and is thus an ‘official document of a Minister’, subject to the rights of access under the FOI Act. The appeal by the Office was dismissed.

Importantly, "This is not to conclude that the diary must be disclosed to the HWT. It will be necessary for consideration to be given to the question of whether any exemptions are applicable and also whether any irrelevant or exempt material can be deleted" so that the Office can grant access to a redacted copy.

17 April 2013


The NZ Government has released a redacted version of the Kitteridge Report [PDF], ie the inquiry by Rebecca Kitteridge into the Government Communications Security Bureau (GCSB) - counterpart of Australia's DSD and the UK's GCHQ.

GCSB Director Ian Fletcher indicates that he accepts all of Kitteridge's recommendations and is implementing them.
Within GCSB we are already following the report’s recommendations as quickly as we can. Many of the issues are longstanding and there are some that will take longer than others to address appropriately.
The structure of the GCSB has been reviewed and the functions of senior management are being addressed. We are increasing the legal and compliance teams, with a new chief legal adviser in place, and recruitment of other legal staff is in hand.
Fletcher acknowledges
a longstanding lack of good systems and processes in relation to compliance, as well as underlying organisational problems for GCSB. 
The advice we have recently received from the Solicitor-General is that there are difficulties in interpreting the legislation, and there is a risk that some long-standing practices of offering assistance to other agencies would not be found to be lawful.
Longstanding dates from at least 2003.

Fletcher comments that
I will be reporting publicly each quarter on our progress in delivering the review’s recommendations. You will be seeing and hearing more from us.  
Despite the systemic problems, I am proud of the commitment that staff have to their work, the organisation, and to protecting New Zealand and New Zealanders. The review notes that staff find the idea of unlawful activity, whether by error or deliberate act, abhorrent and they have a strong commitment to comply with the law. We take our responsibilities very seriously. 
We are working together to ensure the Government Communications Security Bureau is an organisation in which the public can again have trust and confidence.
That trust might be more solid if Fletcher's media release hadn't been so elliptical about the agency having "unlawfully intercepted communications of two New Zealand residents", ie elsewhere characterised as public acknowledgement "that GCSB had undertaken unauthorised surveillance of Mr Kim Dotcom, his family and an associate".

Toxic Shock

Let's burn some witches ... or barbecue a few people in a pogrom? No need, after all, to rely on evidence or common sense when you can refer to conspiracies.

NSW shockjock Alan Jones, in responding to the Boston Marathon bombings, has suggested that "left-wing radical students" (presumably right wing people are well-behaved) were behind the incident. His conclusion: Australia should reconsider its intake of foreign university students.
I wouldn't be surprised if this was a conspiracy amongst students, left-wing radical students in Boston, and I think we have to think also very seriously here about our own student numbers. 
We're very keen to have foreign students pay the way of universities in this country without a lot of discernment about who comes in. But I think the fact that we've been spared this kind of thing, touch wood, for so long highlights, as I said, the relentless work done by ASIO and all our police organisations 
We're very keen to have foreign students pay the way of universities in this country without a lot of discernment about who comes in.
It is unclear whether Jones considers that we should shut down a university or two - stamp out the terrorist strongholds - and expel anyone, citizen or otherwise, of a "left-wing radical" persuasion.

Jones has reportedly responded to criticism by stating that there were "a lot of things here that we can't be told". No indication, of course, of those things, of why we can't be told and how he knows about them. Six foot tall green-skinned extraterrestrials described as US cabinet members?

Groundless IP Threats

The UK Law Commission has announced a consultation on Patents, Trade Marks and Design Rights: Groundless Threats - including patent trolls.

The announcement indicates that
Intellectual property rights are a vital foundation of economic growth. Patents, trade marks and design rights ensure that innovation is rewarded and encouraged. If misused, however, they can stifle new ideas and inventions. Infringement litigation can be disruptive and expensive. The law provides a remedy in the shape of the threats provisions. Where a threat is made without a genuine intention to litigate; where there has been no infringement or where the right is invalid the threat is said to be groundless (or unjustified). Any person aggrieved by a groundless threat may apply to court for an injunction, declaration or damages. There are problems with the current law. The provisions do not distinguish well between the trade source of the infringement and others with a lesser connection, such as customers. Groundless threats actions can also be used tactically to drive a wedge between legal advisers and their clients or to drive cases to court rather than encourage negotiations over settlement. 
The Commission is consulting on two approaches to reform.
The first is to build on the reforms made to patent law in 2004 and to extend these to the other rights. We also propose that legal advisers should be protected from liability for groundless threats. 
The second approach is to treat groundless threats as a form of unfair competition and to introduce a new and broader cause of action based on the Paris Convention.
The consultation includes a detailed discussion paper [PDF] .

The paper notes that
Like the UK, Australia has separate groundless threats provisions, set out in statutes and regulations dealing with patents, trade marks and design rights.7 As in the UK, the aggrieved party must establish there has been a threat, which may be express or implied: the test is how a reasonable person in the position of the recipient would understand it.8 The threats provisions do not make a distinction between primary and secondary infringers. The patent and design legislation states that “mere notification is not a threat”, but this provision is absent from the trade mark legislation. 
In Australia, the Civil Dispute Resolution Act 2011 also places an obligation on the parties to a dispute to take genuine steps to resolve the dispute before civil proceedings are begun. The parties must file a “genuine steps statement” stating what they have done to try and reach a settlement. We have not uncovered any concern about how this duty interacts with groundless threat provisions. This appears to be because the requirements of the 2011 Act are quite flexible. 
A major difference between groundless threats law in Australia and in the UK is that the Australian statutes provide immunity for legal advisers. Section 132 of the Patents Act 1990 states that a legal practitioner or registered patent attorney is not liable in respect of “an act done in his or her professional capacity on behalf of a client”. Similar immunities are also granted for threats about trade marks or designs.

15 April 2013

Civil Death

The Age reports on problems with criminal histories in electoral eligibility -
A man at the centre of a neighbourhood spat in Melbourne's east has become the catalyst for change to local government election law. The existence of what Victorian Local Government Minister Jeanette Powell calls a ‘‘loophole’’ could mean 29,179 registered voters in the City of Manningham’s Mullum Mullum ward are forced back to the polls for another round of council elections. ... The 521 votes unsuccessful candidate David Muscat received in the October 2012 election were deemed informal on April 4 after a complaint from fellow unsuccessful candidate, Bob Beynon, that Mr Muscat was not eligible to stand due to a criminal conviction.
In 2011, Mr Muscat was fined and convicted for recklessly causing injury when he head-butted a neighbour, shoved another and blasted them in the face with a leaf-blower near his Park Orchards home. According to the Local Government Act, people convicted of an offence which can carry a five-year jail term, such as recklessly causing injury, cannot run in council elections for seven years.
The Victorian Electoral Commission (VEC) and the state's Local Government Inspections &Compliance Inspectorate were reportedly "tipped off" prior to the election but were unable to delete Mr Muscat from the ballot because he did not formally withdraw. People who are precluded by a criminal conviction from serving as local government councillors can currently stand as candidates and be elected.

The VEC site highlights
To stand in an election you need to first nominate as a candidate. Every eligible person has the right to stand to election, as formalised in Section 18 of the Charter of Human Rights and Responsibilities Act 2006. "Every eligible person has the right, and is to have the opportunity, without discrimination ... to have access, on general terms of equality, to the Victorian public service and public office."
before going on to state that
To become a candidate you must be enrolled as a voter in the municipality in which you wish to stand. You are not eligible to stand for election if:
  • you are an undischarged bankrupt; your property is subject to control under the law relating to bankruptcy; 
  • you are of unsound mind; 
  • you have been convicted of certain criminal offences (within seven years of the election); 
  • you work for the council in which you intend to become a councillor; y 
  • ou are a councillor with another council; or 
  • you are are a Federal Member of Parliament or a Member of Parliament in any state or territory.
The Government has indicated that it will seek to exclude people with certain criminal convictions from getting onto the ballot.

The Age reports that
In the October election, Mr Muscat’s votes were channelled to other candidates as preferences and, given the close nature of the result, Mr Beynon claims they influenced the outcome. Mr Beynon, a former Manningham mayor, began court action against the VEC last year and said he was not motivated by sour grapes. “I’ve been focusing on these ridiculous laws. There are so many things which could be changed, such as introducing a mandatory police check for candidates,” Mr Beynon said. “At the end of the day, I shouldn’t have to pay court costs to seek democracy.”
At a Municipal Electoral Tribunal hearing on April 4, Magistrate Michael Smith gave the VEC until April 19 to recount the Mullum Mullum ballots without Mr Muscat’s votes. If the elected councillors - Meg Downie, Sophy Galbally and Paul McLeish - do not win their seats then voters in that ward would be ordered back to the polls, Mr Smith ruled. But if a new election is ordered, it is likely at least one of the three councillors will appeal the decision to VCAT. Mr Smith said it was unacceptable that the VEC did not have the power to remove a candidate from the ballot paper if they believed he was ineligible. “It’s an unsatisfactory situation…and the VEC can do nothing about it. It was known well before the election that [Mr Muscat] was almost certainly not eligible to stand,” Mr Smith said. VEC spokeswoman Sue Lang said the VEC, and therefore the taxpayer, would likely foot the bill for the court action.
Meanwhile, Mr Muscat yesterday vowed to fight a separate court battle with the inspectorate for alleged breaches of the Local Government Act. He faces charges of nominating as a candidate when he was not qualified to do so and knowingly providing a false declaration to the Victorian Electoral Commission. The maximum penalty is a two-year jail term or a $50,000 fine. 


'Ghost in the Network' by Derek Bambauer - forthcoming in (2014) 162 University of Pennsylvania Law Review indicates that
Cyberattacks are inevitable and widespread. Existing scholarship on cyberespionage and cyberwar is undermined by its futile obsession with preventing attacks. This Article draws on research in normal accident theory and complex system design to argue that successful attacks are unavoidable. Cybersecurity must focus on mitigating breaches rather than preventing them.
First, the Article analyzes cybersecurity’s market failures and information asymmetries. It argues that these economic and structural factors necessitate greater regulation, particularly given the abject failures of alternative approaches. Second, the Article divides cyber-threats into two categories: known and unknown. To reduce the impact of known threats with identified fixes, the federal government should combine funding and legal mandates to push firms to redesign their computer systems. Redesign should follow two principles: disaggregation, dispersing data across many locations; and heterogeneity, running those disaggregated components on variegated software and hardware. For unknown threats -- “zero-day” attacks -- regulation should seek to increase the government’s access to markets for these exploits. Regulation cannot exorcise the ghost in the network, but it can contain the damage it causes.
Bambauer argues that
While a complete defense to zero-day attacks is impossible, policymakers can improve cybersecurity with three regulatory moves: mandatory access to public zero-day markets for the federal government, required confidential reporting on transactions by firms in those markets, and a reward system for researchers who share vulnerabilities with the government. Congress should pass legislation implementing these measures. America should try to convert unknown unknowns to known unknowns. First, firms that transact in software security vulnerabilities should be required to permit the federal government to participate in any offerings or services they provide, on non-discriminatory terms. If Vupen, for example, sought to sell zero-day exploits to France’s security services, but not to America’s National Security Agency, that would be problematic. American law should make paid access by the U.S. government a condition of legal operation for software security firms. This enables the government to develop and deploy countermeasures to at least some zero-day attacks.
Congress has taken analogous measures for other potential risks to national security. For example, one cannot obtain a patent for inventions in nuclear materials or weapons. Such inventions are eligible for a governmental reward scheme, but not for patents. And, the statute transfers rights to the invention from the inventor to the federal government. Similarly, export controls restrict private firms’ ability to engage in transactions with foreign countries. One may not transfer software utilizing encryption to countries such as Iran or North Korea, and one may not sell certain supercomputers to countries such as China or Russia. These rules apply to all firms within U.S. jurisdiction. Thus, Congress has either mandated or forbidden certain transactions based on national security concerns, and could mount a similar effort for zero-day sales.
Not all zero-day merchants fall under American jurisdiction, or enforcement. However, even those operating abroad likely have contacts with the United States. Vupen’s employees visit the United States. Many, if not all, such firms use financial or payment processing companies that are subject to U.S. regulation. These links provide potential leverage. Congress could attach provisions to this legislation that would allow the executive branch to designate firms that do not provide access to the government, and to require banks and payment processors to forgo transactions with them. Analogous measures have been implemented to interdict financing for terrorist groups489, and have been proposed to deal with sites offering prescription drugs or copyrighted works illegally.
Second, Congress should mandate a transaction-reporting system for firms trading in vulnerabilities. These companies should have to report, on a confidential basis, the purchaser’s identity in all transactions of zero-day exploits to the National Security Agency (NSA). This data would remain confidential, and should be designated as statutorily immune from discovery or other use unless the NSA expressly chooses to share it. The statute should enable auditing of firms’ records by the NSA if the agency is able to demonstrate an objectively reasonable basis to suspect inaccuracies or falsification. To make this provision less objectionable for the vulnerability merchants, Congress should include payments to firms that report. While additional spending is politically difficult, this expenditure would be a small but worthwhile investment in security.
Similar reporting systems are widely used to mitigate risk. The National Aeronautics and Space Administration encourages confidential reporting of “near miss” incidents – those that nearly resulted in aviation mishaps – to improve safety procedures and detect product defects. Insurers offering policies for medical malpractice liability must report judgments and settlements to the National Health Practitioner Data Bank. This malpractice information is available for use by state medical licensing boards and federal agencies, but is otherwise confidential. The Federal Railroad Administration is testing a Close Calls Demonstration Project to identify risks in rail operations via confidential reporting of near-miss incidents. The Department of Veterans Affairs has a similar system for patient safety, as does the Federal Communications Commission for network outages.
A zero-day reporting system has several benefits. It would enable the government to detect problematic sales, particularly to unfriendly states and to insecure parties. It would increase the effectiveness of countermeasures that mitigate zero-day exploits by providing a rough guide to how widely distributed a particular attack tool is. It would allow the government to identify whether firms follow their stated criteria for sales (such as Vupen’s self-imposed limit to NATO countries and clients), and to scrutinize suspect firms more closely. Lastly, it would provide a crude estimate of the ebb and flow of the zero-day threat, and to the platforms and applications viewed by the merchant as worthy of attention (and payment).
Finally, Congress should authorize a “bug bounty” program. Its goal would be to collect zero-day exploits, and to encourage researchers to sell their findings to the U.S. government rather than to private firms or other nation-states. A government agency, such as the NSA or the U.S. Computer Emergency Readiness Team, should be provided funds to buy zero-day vulnerability information. The entity selling the exploit, such as a security research firm, would have to certify under penalty of perjury that it had not previously shared the vulnerability information with others, and would have to agree contractually not to do so in the future. Congress should consider backing these requirements with substantial criminal penalties. Arms dealers who sell to both sides are held in low esteem.
Similar private bounty programs, such as by Google and Mozilla, have had considerable success in identifying and remediating bugs. The funding, and amount paid per bug, should be generous: removing zero-days from the Internet ecosystem is highly worthwhile. Moreover, generous payments will have two further beneficial effects. First, it will spur researchers to search for additional bugs. These bugs are like latent defects in a product – they lurk, creating risk, until discovered. Second, paying above-market rates makes it more difficult for others to purchase zero-days. Pushing others out of the zero-day market is useful both offensively and defensively. Offensively, accumulating zero-days provides the U.S. with the building blocks for future Stuxnets. Defensively, it reduces the likelihood that American firms or government entities will fall vulnerable to attacks.
The bug bounty program will create several challenges. First, price: more competition for zero-day exploits will drive up their cost. This increase will burden the public fisc slightly, but helpfully generates added incentives for research into bugs. Second, the government will need to decide how to use exploit information. Congress could establish rules for what NSA may do with the data, or it could defer to the agency (and, by extension, the executive branch) to make that decision. If the NSA uses the exploits to build cyberweapons, such as Stuxnet, or to enable others to do so, it is likely to share vulnerability information less widely than it would without a vision of offensive use. If the agency enables other government entities or private firms to take precautions against the zero-days, it risks having those patches shared, including with potential targets. And, there is an ironic feedback effect: the more important the vulnerability, the greater the temptation to weaponize it, and thus to withhold it from other affected parties.
The hardest decision regarding sharing is determining whether to notify the affected vendor. This Article argues that telling the vendor about the vulnerable code should be the default practice, with two caveats. First, the NSA should work with the vendor to ensure the patch for the vulnerability is maximally effective and minimally visible. If the company draws attention to the patch’s criticality, it may signal to anyone who has independently discovered it that the window of vulnerability is closing – which could draw attacks. Second, NSA should work with the vendor to include detection code in patches. This would help the agency estimate how often vulnerabilities are discovered independently, and perhaps to detect double-dealing by researchers participating in the bug bounty system.
This Article’s solutions for the zero-day problem – the unknown unknowns – differ in character from those for vulnerabilities with existing solutions (the known unknowns) in that they have a greater focus on prevention. Mitigation is still invaluable: disaggregation and heterogeneity are just as helpful for zero-days as for known bugs. However, preventive steps are more important for zero-day exploits. With known vulnerabilities, defenses are possible, though logistically constrained by externalities, information costs, and system complexity. With zero-days, defenses are impossible. Defenders must rely solely on mitigation and recovery. And while prevention tends to be overrated in cybersecurity literature, it remains useful. In particular, even if complete prevention is impossible, defenders may be able to reduce an exploit’s effects – for example, by allowing a server to terminate an affected program, rather than having it cause the server to crash. This is similar to a public health approach: even if one cannot prevent people from contracting a virus, we may be able to make it less lethal. Thus, the three-part agenda above seeks to increase America’s access to information about zero-days, thereby enabling precautions and improving mitigation.

Australian Connectivity

Snippets from the latest Australian Bureau of Statistics Internet Activity report -
  • There were 12.2 million internet subscribers in Australia at the end of December 2012, up 1% since the end of June 2012 and an annual growth of 5%.
  • Household subscribers accounted for 76% of the 12.2 million subscribers in Australia at the end of December 2012. 24% were classified as Business and government subscribers.
  • Business and government subscriber numbers increased by 1% from July 2012 to 2.9 million. The number of Household subscribers increased by 1% to 9.3 million over the same period.
  • For the Business and government sector, 97% of subscribers accessed the net via a broadband connection (unchanged), compared with 98% of Household subscribers (up 2 percentage points).
  • The proportion of internet connections that were dial-up continued to decline, with over 98% of internet connections at 31 December 2012 being broadband. 
  • At 31 December 2012, there were 6.0 million mobile wireless broadband connections in Australia, up 2% since the end of June 2012. Mobile wireless broadband was again the most prevalent internet technology in Australia, accounting for 49% of all connections.
  • Digital Subscriber Line (DSL) connections were up by 2% over the same period, to 4.7 million connections. 
  • Fibre was the fastest growing type of internet access connection, in percentage terms, increasing by 75% since the end of June 2012, to 91,000 connections at 31 December 2012.
  • At 31 December 2012 there were 17.4 million subscribers with internet access connections via a mobile handset in Australia, up 7% from 16.2 million subscribers at the end of June 2012.
  • At 31 December 2012, there were 76 ISPs with over 1,000 subscribers operating in Australia, compared with 81 ISPs in June 2012 and 91 ISPs in December 2011. 
  • The number of medium sized ISPs and large ISPs has continued to decline, with the current figures reflecting "structural reporting arrangements and takeover activity, and also for medium ISPs, some units falling below the threshold for inclusion in the reduced-scope census".
  • The overall volume of data downloaded in the three months ended 31 December 2012 was 554,771 Terabytes, up 34% compared with the three months ended 30 June 2012.
  • Data downloaded by fixed line broadband (526,472 Terabytes) accounted for 95% of all internet downloads in the three months ended 31 December 2012. 
  • The volume of data downloaded by fixed line broadband in the three months ended 31 December 2012 increased by 35% compared with the three months ended 30 June 2012.
  • Data downloaded using wireless broadband also continued to grow, recording an 11% increase over the same period, to 28,196 Terabytes.

Indigenous incarceration

The 80 page Sentencing Advisory Council report [PDF] Comparing Sentencing Outcomes for Koori and Non-Koori Adult Offenders in the Magistrates’ Court of Victoria comments that
there are many causes of over-representation of Koori people in Victoria’s prisons. The findings of this report show that it is influenced by Koori people being more likely to be sent to prison. This difference may be influenced by Koori people being more likely to have been in both the youth justice system and the child welfare system. Both of these may be partly explained by the effects of colonisation and the economic and social impacts that followed.
The 2011 Australian census showed that Koori people made up less than 1% of the Victorian population but more than 7% of the Victorian prison population. The rate of imprisonment for Koori people was 13 times higher than for non-Koori people.
Recent Australian research has found that Indigenous people are given different sentences because they are more involved in offending, not because of any specific racial discrimination among magistrates and judges. However, racial discrimination contributes to the high levels of disadvantage that influence Indigenous people’s involvement in crime in the first place.
The main aim of the report is to compare sentencing outcomes for Koori and non-Koori offenders who have been sentenced in the Magistrates’ Court of Victoria to
  • imprisonment,
  • partially suspended sentences,
  • intensive correction orders and
  • community-based orders.
The report addresses three research questions:
  • What is the profile of Koori and non-Koori offenders sentenced to various sentencing orders, including terms of imprisonment, partially suspended sentences, intensive correction orders and community-based orders? 
  • How do average terms of imprisonment compare for Koori and non-Koori prisoners? What proportion of offenders sentenced to a term of imprisonment is Koori? If this proportion is disproportionate, what is the effect on sentencing outcome of Indigenous status, current offending and prior offending? 
  • Do Koori and non-Koori offenders vary on key social, personal and economic measures?
The conclusions are that  -
For both Koori and non- Koori offenders, their most common crimes were offences of causing injury. Koori offenders were more likely to be sentenced for this (33%) than non-Koori offenders (24%). Non-Koori offenders were more likely to be sentenced for a traffic offence (16% versus 9% for Koori offenders) or a drug offence (8% versus 4% for Koori offenders).
25% of non-Koori offenders had not been sentenced before, compared with 16% of Koori offenders. Koori offenders were also more likely to have been sentenced multiple times.
Koori prisoners are more likely to have problems with drug and alcohol use, to have poor education and employment histories, to have been held in youth detention or in adult prisons and to have breached previous orders.
Koori offenders were more likely to be sentenced to imprisonment: 37% of Koori offenders versus 29% of non-Koori offenders. When other factors such as offence type and prior sentencing are examined at the same time, Koori offenders are still significantly more likely to be imprisoned.
Koori offenders were more likely to be sentenced to a short term of imprisonment (less than 3 months), while non-Koori offenders were more likely to be sentenced to a longer term of imprisonment. When other factors such as offence type and prior sentencing are examined at the same time, there is no difference in sentence length.
The Australian Bureau of Statistics 2012 Prisoners in Australia document [PDF] notes that
The age standardised imprisonment rate for Aboriginal and Torres Strait Islander prisoners at 30 June 2012 was 1,914 Aboriginal and Torres Strait Islander prisoners per 100,000 adult Aboriginal and Torres Strait Islander population. The equivalent rate for non-Indigenous prisoners was 129 non-Indigenous prisoners per 100,000 adult non-Indigenous population.
The rate of imprisonment for Aboriginal and Torres Strait Islander prisoners was15 times higher than the rate for non-Indigenous prisoners at 30 June 2012, an increase in the ratio compared to 2011 (14 times higher). The highest ratio of Aboriginal and Torres Strait Islander to non-Indigenous imprisonment rates in Australia was in Western Australia (20 times higher for Aboriginal and Torres Strait Islander prisoners). Tasmania had the lowest ratio (four times higher for Aboriginal and Torres Strait Islander prisoners).

14 April 2013

Hot Clouds

From this month's The Power of Wireless Cloud: An analysis of the energy consumption of wireless cloud [PDF], a white paper by the Centre for Energy-Efficient Telecommunications (CEET) at Melbourne University -
Previous analysis and industry focus has missed the point: access networks, not data centres, are the biggest threat to the sustainability of cloud services. This is because more people are accessing cloud services via wireless networks. These networks are inherently energy inefficient and a disproportionate contributor to cloud energy consumption.
Cloud computing has rapidly emerged as the driving trend in global Internet services. It is being promoted as a green technology that can significantly reduce energy consumption by centralising the computing power of organisations that manage large IT systems and devices. The substantial energy savings available to organisations moving their ICT services into the cloud has been the subject of several recent white papers.
Another trend that continues unabated is the take-up and use of personal wireless communications devices. These include mobile phones, wireless-enabled laptops, smartphones and tablets. In fact, tablets don’t accommodate a traditional cable connection; rather it is assumed a local or mobile wireless connection will be used to support all data transferred to and from the device. There is a significant emerging convergence between cloud computing and wireless communication, providing consumers with access to a vast array of cloud applications and services with the convenience of anywhere, anytime, any network functionality from the device of their choice. These are services many of us use every day like Google Apps, Office 365, Amazon Web Services (AWS), Facebook, Zoho cloud office suite, and many more.
To date, discussion about the energy efficiency of cloud services has focussed on data centres, the facilities used to store and serve the massive amounts of data underpinning these services. The substantial energy consumption of data centres is undeniable and has been the subject of recent high-profile reports including the Greenpeace report, How Clean is Your Cloud.
However, focussing cloud efficiency debate on data centres alone obscures a more significant and complex problem and avoids the critical issue of inefficiency in the wireless access network Data centres are only part of a much larger cloud-computing ecosystem. In fact, as this white paper puts forward, the network itself, and specifically the final link between telecommunications infrastructure and user device is by far the dominant and most concerning drain on energy in the entire cloud system.
Based on current trends, wireless access technologies such as WiFi (utilising fibre and copper wireline infrastructure) and 4G LTE (cellular technology) will soon be the dominant methods for accessing cloud services. ‘Wireless cloud’ is a surging sector with implications that cannot be ignored. Our energy calculations show that by 2015, wireless cloud will consume up to 43 TWh, compared to only 9.2 TWh in 2012, an increase of 460%. This is an increase in carbon footprint from 6 megatonnes of CO2 in 2012 to up to 30 megatonnes of CO2 in 2015, the equivalent of adding 4.9 million cars to the roads. Up to 90% of this consumption is attributable to wireless access network technologies, data centres account for only 9%.
Curbing the user convenience provided by wireless access seems unlikely and therefor the ICT sector faces a major challenge. Finding solutions to the ‘dirty cloud’ at the very least requires a broader acknowledgment of the cloud computing ecosystem and each components’ energy requirements. There needs to be a focus on making access technologies more efficient and potentially a reworking of how the industry manages data and designs the entire global network.
This white paper sets out to establish a starting point for addressing these issues, presenting a detailed model that estimates the energy consumption of wireless cloud services in 2015 taking into account all of the components required to deliver those services.
The authors conclude -
Cloud computing is widely viewed as the next major evolutionary step for the Internet and Internet-based services. The shift to wireless access is also continuing at a great rate. Cisco projects that cloud computing will represent approximately 34% of data centre traffic in 2015 [3], with approximately 20% of data centre traffic will be served by wireless access networks.
Wireless and cloud are converging trends supported by the increased availability of affordable, powerful portable devices, convenient and useful applications, and highspeed wireless broadband infrastructure. This convergence is expected to be a key driver of traffic growth on telecommunications networks in the future.
There is evidence to show that cloud services access via fixed-line networks could result in lower energy consumption relative to current computing arrangements, such as replacing powerful desktop computers with cloud services [9,10,11]. Greenpeace has highlighted the carbon footprint of cloud computing but focused on data centres as being the biggest contributor to energy consumption. When considering the energy consumption of the wireless cloud, all aspects of the cloud ecosystem must be taken into account, including end-user devices, broadband access technology, metro and core networks, as well as data centres.
This white paper analysed the various components of the wireless cloud ecosystem to identify the dominant energy consumers. The CEET model explored the impact of the wireless cloud, accounting for all aspects of the ecosystem including devices, broadband access technology, and metro and core telecommunications, in addition to data centres. The predicted large-scale take-up of wireless cloud services will consume 32 to 43 TWh by 2015. The energy consumption of wireless access dominates data centre consumption by a significant margin.
To ensure the energy sustainability of future wireless cloud services, there needs to be a strong focus on the part of the ecosystem that consumes the most energy: wireless access networks. Further debate needs to move beyond the data centre to develop a holistic account of the ecosystem with this white paper being a step in that direction.


Catching up with Young People and Sexting in Australia: ethics, representation and the law by Kath Albury, Kate Crawford, Paul Byron & Ben Mathews,  a study released earlier this month.

As noted in the past, Albury's sensible, coherent and well-research work is credible and worthy of attention.

The new study [PDF] presents
the findings of a qualitative study of young people’s understandings of, and responses to, current Australian laws, media and educational resources that address sexting. While there are many definitions of sexting, for the purposes of this report we are referring to the production and distribution of naked or semi-naked photographs via mobile phones and social media.
The project involved a review of both international local and academic research as well as popular media addressing sexting, and a review of educational resources for young people. Three focus groups were conducted with young people aged 16 and 17 in 2012, and a working paper based on those findings was then distributed to adult stakeholders in the fields of law enforcement, youth and children’s legal support, education, criminology, media and communications, youth work, youth health care, counseling and youth health promotion. This report therefore draws on both the focus group discussions, and a workshop consultation with the adult stakeholder group.
The authors indicate that -
  • While focus group participants were familiar with the practice of sending naked or semi-naked pictures, the term sexting was understood as an adult or media-generated concept that did not adequately reflect young people’s everyday practices and experiences of creating and sharing digital images.
  • Young people observed that gendered double-standards were applied to discussions of sexting, and digital self-representation in general. For example one group of young women were particularly offended that their self-portraits or selfies were viewed by both peers and adults as ‘provocative’ while young men’s naked or semi-naked pictures were understood as ‘jokes’.
  • Sample media campaigns and public education materials viewed by focus groups were rejected by some participants for failing to acknowledge young women’s capacity for consensual production and exchange of images. These participants also felt that current sexting education fails to emphasise young people’s responsibility to not share images without consent.
  • Both young people and adult stakeholders agreed that current legal frameworks relating to sexting (particularly those that con$ate sexting with child pornography) are not widely understood by either young people or adults, and that this lack of education and awareness places young people at risk of unreasonable criminal charges.
The recommendations are structured two major categories -  1) strategies and 2) new approaches to understanding sexting. The authors indicate that
  •  1.1 We recommend that educators, policy makers and legislators consider context-specific and age-appropriate legal/educational approaches for young people in different age-groups. Educators and legislators should particularly address the specific needs of those under 18, yet over the age of consent (i.e. young people aged 16-17). 
  • 1.2 We recommend the inclusion of young people on committees, review boards and other policymaking groups, so that their experiences can inform future frameworks for understanding and responding to sexting. We recommend the inclusion of young people on committees, review boards and other policymaking groups, so that their experiences can inform future frameworks for understanding and responding to sexting. 
  • 1.3 We recommend that both educational and legal responses to sexting reflect ‘harm reduction’ principles rather than promoting abstinence from the production and exchange of digital photos between peers or from using social media. 
  • 1.4 We recommend that sexting education be more focused on fostering ethical, respectful practices between intimate partners and within friendship networks. 
  • 1.5 We recommend legislative reform to clarify the application of existing laws relating to child pornography and child exploitation material (as they are applied to sexting), and to clarify the parameters of lawful conduct by and between consenting children and young people. 
  • 1.6 We recommend that educational strategies that address sexting, including information resources for adults, seek to problematise and challenge gendered double-standards in relation to concepts such as ‘provocativeness’, ‘self-confidence’, ‘responsibility’, ‘consequences’ and ‘reputation’. 
  • 1.7 We recommend that educational strategies that address sexting, including information resources for adults, acknowledge young people’s rights and responsibilities with regard to self-representation and sexual expression. 
  • 1.8 We recommend that educational strategies that address sexting, including information resources for adults, distinguish between non-consensual production and distribution of sexting images and consensual image sharing. 
  • 1.9 These educational strategies should emphasise ethical frameworks, and recognise that sexting can be an expression of intimacy, rather than shaming young people for sexting. Framing sexual expression only as a risk does little to alleviate anxieties or feelings of shame that young people may experience in relation to their sexualities.

Slow motion e-health train wreck

An ongoing "carefully managed, staged" train wreck?
The national ehealth program - which like most public sector IT megaprojects is likely to experience function creep, budget blowouts and delays - continues to attract criticism. Some of the criticism is misplaced; other criticism appears to be substantive.

The Adelaide Advertiser this weekend has reported that
Bureaucrats armed with clipboards have been sent into hospitals and nursing homes to cajole patients to sign up for an eHealth record their doctors still won't be able to use.
Nine months after it was launched, the Government's $1 billion eHealth system holds just 414 patient records and is only a fifth of the way towards its target of signing up 500,000 patient users by June 30.
There are currently only two hospitals using the personally controlled electronic health record (PCEHR) system and they have uploaded just 155 discharge summaries.
And the system remains barely operational because fewer than one per cent of doctors have signed up for the Healthcare Identifier service number they need to be able to access patient records.
... Canberra has sent out a sign-up squad in a bid to boost numbers.
A Department of Health spokeswoman said around 12 specially trained staff had been deployed in hospitals, community clinics and aged care homes in Tasmania and the ACT to sign patients up to the scheme.
The move has caused outrage on health IT blogs with experts worried about the security of signing a patient up on paper and then re-entering the data online. Launceston Hospital's Professor Terry Hannan ... said patients in his hospital were being asked to hand over their Medicare cards and drivers licence to get an e-health record.
"Personally I have a lot of difficulty with this data collection process - not only from patient data security but the real risk of transcription errors in the data recording," he said on the Australian Health Information Technology blog.
"This whole process seems like seems like a political stunt to enhance the PCEHR registration numbers for a project that has been costly and doomed to failure - implementation wise and politically."
The eHealth system is meant to bring medical records into the digital age by providing patients with an electronic record that lists their medications and allergies.
Doctors who are registered are meant to be able to upload a patient health summary that can be shared with other medical workers but a few who have tried have crashed their computer systems.
Eventually it is meant to include X-ray results, pathology results, hospital discharge summaries and other data. ...
The DoH said implementation of the system was a carefully managed, staged process.