Australia’s new digital ID system: finding the right way to implement it

This report reviews the Australian Government’s proposed plans for establishing a digital ID, and the ways the new system is expected to work. It explores the planned digital ID system, the key features of the approach, and the privacy and security protections that have been built into the proposals.

Australia has had a long and troubled history with national ID systems, dating back to the mid-1980 when the government failed to introduce the Australia Card. Since then, Australia has ended up with a clunky and inefficient process to identify peoples’ identities online. It has led to an oversharing and storage of sensitive personal data. As the Medibank and Optus data breaches has shown, this creates serious cybersecurity risks.

Now that Parliament has passed the Digital ID legislation, it’s critical that government gets the implementation right.

The report outlines that, although the proposed federated model for a digital ID system is commendable and a needed step-forward, there is a need to still address a range of policy issues that – if left unresolved – would jeopardise trust in the system.

Stop the World: Explainer: A quick dive into subsea cables with Jocelinn Kang and Jessie Jacob

Subsea cables have been a major focus in the media lately. Just last week at the Quad Foreign Ministers’ meeting in Tokyo, Australia announced the launch of its new Cable Connectivity and Resilience Centre—its contribution to the Quad Leaders’ Partnership for Cable Connectivity and Resilience.

So, what are subsea or undersea cables and why are they important? In this short explainer, Olivia Nelson speaks with ASPI experts Jocelinn Kang and Jessie Jacob about this vital strategic asset, where their vulnerabilities lie, and their role in Australia’s resilience.

Transcript:

Dave: Welcome to stop the world. The ASPI podcast on security and International Affairs. I’m David Wroe

Liv: and I’m Olivia Nelson.

Dave: Now, first of all, Liv, how did I not know that Tassie was completely cut off for a while in 2022?

Liv: Well you aren’t alone there, Dave. I’m embarrassed to admit that I also missed that.

Dave: Now I’m choosing not to believe that we just weren’t paying attention to our beloved southern state, but rather, there was just a lot going on that year. But thankfully, to explain all of this issue with subsea cables, we’ve got a short treat for our listeners ahead of our regular Friday programming. Liv, you’ve spoken with two of our experts here at ASPI, Jocelinn Kang and Jesse Jacob.

Liv: That’s right, Dave, I asked Jo and Jess to give us a crash course on the infrastructure we all take for granted, but about which most of us know very little. What are subsea cables? Why are they important, and what are their vulnerabilities?

Dave: So Liv, I’ve got to tell you, Jo actually explained to me the other day how the internet works, and it was bloody useful. Now you’ve done the same for subsea cables today, which I’m very grateful for, and it’s done quickly, which is just what our busy listeners need. So with no further ado from us, let’s dive into the conversation.

Liv: We’re hearing more and more about subsea cables, their strategic importance and vulnerabilities. So today, I’m pleased to be joined by ask these Jocelinn Kang and Jessie Jacob to provide a bit of an overview for our listeners. Jo, I might turn to you first, what are submarine cables and why are they important?

Jo: Thanks, Liv. Submarine cables are the conduit that carries almost all the world’s international data traffic. So if you’re listening to this podcast and you don’t live on the Australian mainland, I can almost guarantee that it traveled via a submarine cable to get to you. Now they’ve always been a strategic asset because they’ve enabled communications to far off lands, but today they’re even more critical because of how much we rely on the data that they transport for businesses, financial markets, military and civilian comms. And of course, things like Facebook and Tiktok and Google search. Submarine cables represent the most cost effective high speed way to transport massive amounts of data.

Liv: So not satellites, Jess? Isn’t that how information is communicated globally?

Jess: No, not really, and it’s really common to think that, but the vast majority is through these subsea cables. Now, this isn’t to say that satellites don’t get used. They certainly are. And they’re good for remote areas with no cable connectivity. But they don’t carry nearly the same amount of data, nor at the same speeds. They’re certainly better than nothing, and they have been used as communication backups recently in places like the Ukraine and in Tonga when they lost their subsea cable connectivity. But they don’t sort of kick in like a one to one backup like a power generator would if the mains go out. So in that regard, it’s better to focus on the resilience of sub cables themselves, rather than satellites.

Jo: To give you an example of the consequences of losing your submarine cable access, we just need to look at Tasmania in 2022 when both the main submarine cables were cut within hours of each other. This caused a widespread outage, and it meant flight delays, loss of access to ATMs and EFTPOS facilities, and that forced businesses to close.

Liv: So Jo, what do these cables look like? Well, I was fascinated to discover that, believe it or not, when they’re lying on the seabed, deep in the ocean, they’re only about the size of a garden hose. Other parts that are closer to shore, they’re a bit thicker because they have more protective armour around them. But the part that actually carries the data, they’re thin strands of fibre optic cable, and the rest of the cable, it’s actually just to give it structure, power and protection. So the power is for repeaters on the cable, so that they can amplify the light signal down the line.

(Jo misspoke here. It’s not structure, but rather insulation)

Liv: And what is the armour for? Am I right to assume that sharks are a threat to national resilience

Jo: In the very early days of having communication cables under the sea, unfortunately, whales used to get entangled in the cable lines, and sharks did actually bite the cables. But since the 1950s the industry started burying the cables in shallower areas to protect them from more frequent bits of anchors and bottom trawling fishing gear. Now, as a result, whales no longer become entangled, and shark bites have reduced. But it really should be said that shark bites, or fish bites, they only made up about 0.1% of cable faults, and since 2006 they’ve actually been no reported shark related cable faults.

Liv: It’s a pretty tiny figure. So what are the biggest threats to the cables?

Jo: Humans.

Jess: –but not humans biting cables. So the most likely cause of damage to cables is actually fishing related. As Jocelinn mentioned earlier, a boat anchor can be dragged across a line, trawling activities and that sort of thing. It’s often done by accident, but of course, could be done on purpose, and it would be pretty hard to prove.

Liv: I’m trying to visualise what happens when a cable gets damaged. Say, I’m watching Netflix and a cable gets cut, does my internet suddenly go out and my Sunday night is ruined?

Jess: Well, whether or not your night was ruined kind of depends on what you’re watching. But seriously, though, if we remove from this scenario any caching or local data storage aspects and focus on how data moves globally, the data gets rerouted away from the damage cable to a different one. And this is why redundancy is so important and a big part of resilience.

Liv: There’s that R word again, resilience. What does resilience look like when it comes to sub cables?

Jo: Well, the way I see it, a resilient submarine cable system is one that operates with minimal disruption and ideally no disruption. But that’s in a perfect world. And the reality is, cable disruptions happen, and they will continue to happen. So, resilience means we need to protect the system to try and avoid disruptions, and then in the event a disruption occurs, that we can be in a place where we can quickly recover.

Liv: So how can we do that? Jo?

Jo: There are a few ways we can protect and try to prevent disruptions, physical security for one of the cables themselves, such as putting armour around them. But even more important is protecting the areas where cables are concentrated, so the areas of ocean where they come up to landfall, and the cable landing stations where these cables are connecting to terrestrial networks. We’ve also mentioned redundancy previously. This is another way, which is about having alternate paths for the data to use in the event of a disruption. So this could mean alternate cable pathways, but also alternate modes of transport, like terrestrial fibre or satellite links. The other element of protection is cybersecurity. So protecting the cable management networks, these are the ones that control the data flows across the submarine cable network. Then, of course, in the event that a disruption occurs, we would want to be able to quickly recover, and this means having an effective and efficient repair capability. So, repair ships to restore that connectivity.

Liv: Okay, so because we don’t have major disruptions, I assume that Australia has all of these elements of protection in place?

Jess: Well, more can be done to protect cable landing stations, and I think there’s a bit of a choke point, so a clustering of cables in Sydney, but in many other areas, Australia is in a relatively good spot. We have multiple cables, and they generally land in geographically diverse locations. And Australia legislates for the protection of several areas for cables. They’re called protection zones. Now, I would say the more problematic issue is the cable repair industry. It’s kind of barely hanging on. There are a limited number of repair ships. Those are surprisingly hard to pin down, but out of about 70 cable ships worldwide, about a third of those are designated repair it’s an aging fleet and an aging workforce getting a cable repair quickly has a worrying amount of luck involved. You want to have a repair ship nearby and be high on the repair priority list.

Liv: And what about using the other ships you mentioned?

Jo: They’re busy and set up to lay new cables as we transition more to cloud and AI and then 6g and everything that enables that’s going to mean more data traffic. Now, if all that data traffic wants to move across oceans, that’s going to mean more cables

Jess: Mmm exactly, and more cables require more repair ships and a solid cable repair industry. It’s the biggest gap Australia has in the resilience piece.

Jo: It’s one of those things that when it works, it works, and you won’t even know about it, but when it doesn’t…

Liv: …everything grinds to a halt?

Jess: Yeah, I think it’s customary in the sub cables field, to quote the US Federal Reserve’s Stephen Malphrus here, who spoke in reference to the financial sector and said when the communications networks go down, it doesn’t grind to a halt. It snaps to a halt. And he said that nearly 15 years ago.

Liv: Scary stuff. Thanks Jo and Jess for explaining the importance and vulnerabilities of subsea cables to our listeners. I look forward to having you back on the podcast soon.

Jo: Thanks Liv.

Jess: Thanks.

Guests:

⁠Olivia Nelson⁠

⁠Jocelinn Kang⁠

Jessie Jacob

ASPI co-hosts Australia-ROK Critical Tech Track 1.5 in Seoul

On July 9, 2024, ASPI co-hosted the Australia-Republic of Korea Critical Technologies Track 1.5 Dialogue in Seoul with the Science & Technology Policy Institute (STEPI).

The Track 1.5 brought together Australian and Korean government, industry and research stakeholders for a dialogue about the role of critical technologies such as biotechnology, AI, quantum and space technologies for regional stability. The discussions focused on how Australia and the Republic of Korea can deepen cooperation on critical technologies, the role of broader regional engagement on technologies through multilateral bodies and how to prioritise which technologies are the most critical areas for cooperation.

The insights from the Track 1.5 will inform an upcoming ASPI report to be co-authored by ASPI’s Afeeya Akhand and Atitaya (Angie) Suriyasenee and will be launched by ASPI’s Executive Director, Mr Justin Bassi, in Canberra in November 2024. The Track 1.5 and report has been generously funded by the Korea Foundation.

Negotiating technical standards for artificial intelligence

The Australian Strategic Policy Institute (ASPI) is delighted to share its latest report – the result of a multi-year project on Artificial Intelligence (AI), technical standards and diplomacy – that conducts a deep-dive into the important, yet often opaque and complicated world of technical standards.

At the heart of how AI technologies are developed, deployed and used in a responsible manner sit a suite of technical standards: rules, guidelines and characteristics that ensure the safety, security and interoperability of a product.

The report authors highlight that the Indo-Pacific, including Australia and India, are largely playing catch-up in AI standards initiatives. The United States and China are leading the pack, followed by European nations thanks to their size, scope and resources of their national standardisation communities as well as their domestic AI sectors.

Not being strongly represented in the world of AI governance and technical standards is a strategic risk for Indo-Pacific nations. For a region that’s banking on the opportunities of a digital and technology-enabled economy and has large swathes of its population in at-risk jobs, it’s a matter of national and economic security that Indo-Pacific stakeholders are active and have a big say in how AI technologies will operate and be used.

Being part of the conversations and negotiations is everything, and as such, governments in the Indo-Pacific – including Australia and India – should invest more in whole-of-nation techdiplomacy capabilities.

Authored by analysts at ASPI and India’s Centre for Internet and Society, this new report ‘Negotiating technical standards for artificial intelligence: A techdiplomacy playbook for policymakers and technologists in the Indo-Pacific’ – and accompanying website (https://www.techdiplomacy.aspi.org.au/) – explains the current state of play in global AI governance, looks at the role of technical standards, outlines how agreements on technical standards are negotiated and created, and describes who are the biggest ‘movers and shakers’.

The authors note that there are currently no representatives from Southeast Asia (except Singapore), Australia, NZ or the Pacific Islands on the UN Secretary-General Advisory Body on AI – a body that’s tasked to come up with suggestions on how to govern AI in a representative and inclusive manner with an eye to achieving the UN Sustainable Development Goals.

The capacity of the Indo-Pacific to engage in critical technology standards has historically been lower in comparison to other regions. However, given the rapid and global impact of AI and the crucial role of technical standards, the report authors argue that dialogue and greater collaboration between policymakers, technologists and civil society has never been more important.

It is hoped this playbook will help key stakeholders – governments, industry, civil society and academia – step through the different aspects of negotiating technical standards for AI, while also encouraging the Indo-Pacific region to step up and get more involved.

Mapping China’s data harvesting and global propaganda efforts

ASPI has released a groundbreaking report that finds the Chinese Communist Party seeks to harvest user data from globally popular Chinese apps, games and online platforms in a likely effort to improve its global propaganda.

The research maps the CCP’s propaganda system, highlighting the links between the Central Propaganda Department, state-owned or controlled propaganda entities and data-collection activities, and technology investments in Chinese companies.

In this special short episode of Stop the World, David Wroe speaks with ASPI analyst Daria Impiombato about the key takeaways from this major piece of research.

Mentioned in this episode:
Truth and reality with Chinese characteristics

Guests:
David Wroe
Daria Impiombato

The Sydney Dialogue to return in September

The Australian Strategic Policy Institute (ASPI) is pleased to announce that the third Sydney Dialogue for critical, emerging and cyber technologies will be held on 2-3 September 2024.

The Sydney Dialogue (TSD) brings together world leaders, global technology industry innovators and top experts in cyber and critical technology for frank and productive discussions, with a specific focus on the Indo-Pacific.

TSD 2024 will generate conversations that address the awesome advances being made across these technologies, their impact on our societies, economies and national security, and how we can best manage their adoption over the next decade and beyond. These will include generative artificial intelligence, cybersecurity, quantum computing, biotechnology, climate and space technologies.

We will prioritise speakers and topics that push the boundaries and generate new insights into these fields, while also promoting diverse views, including from the Pacific, Southeast Asia and South Asia.

This year’s event will also capture the key trends that are dominating international technology, security and geopolitical discussions. With more than 80 national elections set to take place around the world in 2024, the event will also focus on the importance of political leadership, global cooperation and the stable development of technologies amid great power transition, geopolitical uncertainty and ongoing conflict.

ASPI is pleased to have the support once again of the Australian Government for TSD in 2024.

Australia’s Minister for Home Affairs and Cyber Security, the Hon Clare O’Neil MP said: “The threats we face from cyber attacks and tech-enabled perils such as disinformation and foreign interference are only growing as the power of artificial intelligence gathers pace.

“The kind of constructive debate that the Sydney Dialogue fosters helps ensure that the rapid advances in critical technologies and cyber bring better living standards for our people rather than new security threats. Closer engagement with our international partners and with industry on these challenges has never been more important than it is today.”

TSD 2024 will build on the momentum of the previous two dialogues, which featured keynote addresses from Indian Prime Minister Narendra Modi, the late former Japanese Prime Minister Shinzo Abe, Samoa’s Prime Minister Fiamē Naomi Mata’afa, Estonia’s Prime Minister Kaja Kallas and former Chief Executive Officer of Google Eric Schmidt. A full list of previous TSD speakers can be found here. You can also watch previous TSD sessions here.

TSD 2024 will be held in person and will feature a mix of keynote addresses, panel discussions, closed-room sessions and media engagements.

Topics for discussion will also include technological disruptors, cybercrime, online disinformation, hybrid warfare, electoral interference, climate security, international standards and norms, as well as technology design with the aim of enhancing partnerships, trust and global co-operation.

Justin Bassi, the Executive Director of ASPI, said: “The Sydney Dialogue 2024 will continue to build on the great success ASPI has established since 2021. These technologies are affecting our security and economies faster, and more profoundly, than we ever imagined. We need frank, open debate about how, as a globe, we manage their adoption into our lives.

“We are proud to be focusing on our Indo-Pacific region and encouraging a wide and diverse range of perspectives on some of the most important challenges of our time.”

More information and updates on the Sydney Dialogue can be found at tsd.aspi.org.au.

Artificial Intelligence, Human-Machine Teaming, and the Future of Intelligence Analysis

In February, ASPI and the Special Competitive Studies Project held a series of workshops on the rise of artificial intelligence (AI) and its impact on the intelligence sector.

The workshops, which followed a multi-day workshop in Canberra in November 2023, brought together experts from across the Australian and US intelligence communities, think tanks and industry to inform future intelligence approaches in both countries.

The project also focuses on how current and emerging AI capabilities can enhance the quality and timeliness of all-source intelligence analysis and how this new technology may change the nature of the intelligence business.

The aim of the workshops is to develop a prioritised list of recommendations for both the Australian and US intelligence communities on how to adopt AI quickly, safely, and effectively.

You can find out more about the project here.

ASPI’s 2024 Democracy Primer

On 6 February, ASPI held its first public event for the year, the sold-out ‘2024 Democracy Primer’.

Moderated by ASPI’s Council Chair Gai Brodtmann, the panel discussion featuring Professor John DryzekLeena Rikkilä TamangChris Zappone and Dr Alex Caples explored the evolving political trends that are set to define this pivotal year.

More than 2 billion people in over 50 countries, representing nearly a third of the global population, are set to engage in elections this year. It will have geopolitical ramifications with so many countries having the chance to choose new leaders, testing the resilience of democracy and the rules-based order in countless ways.

These elections also come at a time of increasing ambition among powerful authoritarian regimes, growing use of misinformation and disinformation often linked to state-led or state-backed influence operations, rising extremism of various political stripes, and the technological disruption of artificial intelligence.

At the same time, democracies face formidable challenges with wars raging in Europe and the Middle East, increasing climate disasters, weakening economies, and the erosion of confidence in liberal societies.

Watch the panel below as they explore the issues that are set to define 2024’s election campaigns, as well as the impact the outcomes could have on alliances, geopolitics and regional security around the world.

Quad Technology Business and Investment Forum outcomes report

The Quad has prioritised supporting and guiding investment in critical and emerging technology projects consistent with its intent to maintain a free and open Indo-Pacific.

Governments cannot do this alone. Success requires a concerted and coordinated effort between governments, industry, private capital partners and civil society.

To explore opportunities and challenges to this success, the Quad Critical and Emerging Technology Working Group convened the inaugural Quad Technology Business and Investment Forum in Sydney, Australia on 2 December 2022. The forum was supported by the Australian Department of Home Affairs and delivered by the Australian Strategic Policy Institute (ASPI).

The forum brought together senior Quad public- and private-sector leaders, laid the foundations for enhanced private–public collaboration and canvassed a range of practical action-oriented initiatives. Sessions were designed to identify the key challenges and opportunities Quad member nations face in developing coordinated strategic, targeted investment into critical and emerging technology.

Attendees of the forum overwhelmingly endorsed the sentiment that, with our governments, industry, investors and civil society working better together, collectively, our countries can lead the world in quantum technology, artificial intelligence, biotechnology and other critical and emerging technologies.

This report reflects the discussions and key findings from the forum and recommends that the Quad Critical and Emerging Technology Working Group establish an Industry Engagement Sub-Group to develop and deliver a Quad Critical and Emerging Technology Forward Work Plan.

State-sponsored economic cyber-espionage for commercial purposes: tackling an invisible but persistent risk to prosperity

As part of a multi-year capacity building project supporting governments in the Indo-Pacific with defending their economic against the risk of cyber-enabled theft of intellectual property, ASPI analysed public records to determine the effects, the actual scale, severity and spread of current incidents of cyberespionage affecting and targeting commercial entities.

In 2015, the leaders agreed that ‘no country should conduct or support ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.’

Our analyses suggests that the threat of state-sponsored economic cyberespionage is more significant than ever, with countries industrialising their cyberespionage efforts to target commercial firms and universities at a grander scale; and more of these targeted industries and universities are based in emerging economies.

“Strategic competition has spilled into the economic and technological domains and states have become more comfortable and capable using offensive cyber capabilities. Our analysis shows that the state practice of economic cyber-espionage appears to have resurged to pre-2015 levels and tripled in raw numbers.”

In this light, we issued a Briefing Note on 15 November 2022 recommending that the G20 members recognise that state-sponsored ICT-enabled theft of IP remains a key concern for international cooperation and encouraging them to reaffirm their commitment made in 2015 to refrain from economic cyber-espionage for commercial purposes. 

This latest Policy Brief, State-sponsored economic cyber-espionage for commercial purposes: tackling an invisible but persistent risk to prosperity, further suggests that governments should raise awareness by better assessing and sharing information about the impact of IP theft on their nations’ economies in terms of financial costs, jobs and competitiveness. Cybersecurity and intelligence authorities should invest in better understanding the extent of state sponsored economic cyber-espionage on their territories.

On the international front, the G20 and relevant UN committees should continue addressing the issue and emphasising countries’ responsibilities not to allow the attacks to be launched from their territories. 

The G20 should encourage members to reaffirm their 2015 commitments and consider establishing a cross-sectoral working group to develop concrete guidance for the operationalisation and implementation of the 2015 agreement while assessing the scale and impact of cyber-enabled IP theft.

State sponsored economic cyberespionage Briefing note
Defending against cyber IP theft Project flyer