Medibank, Optus data breaches show Australia’s online safeguards are outdated

By the time you read this I should be waking up in Estonia, a small Baltic nation that shares a border with Russia and has a population half that of WA.

Estonia is a nation that wields a secret superpower, especially in light of the recent data breaches, and I’m here to learn how their experience might benefit Australians.

But it’s actually my second visit to Estonia. I was here in 1992 as a uni graduate backpacking across Europe. After years of Soviet rule, Estonia regained its independence in the early Nineties, which happened to coincide with the birth of the real internet, and the likes of Amazon and Yahoo, PlayStation and Google.

It’s a true millennial nation, despite centuries of history.

As a millennial, the Estonian people happily rode the wave of technology advances to become a fully-fledged “e-state”. Estonians today use a digital ID across public and private sectors, doing everything from paying bills, signing contracts, to shopping, accessing health information, and even voting.

It hasn’t been all smooth sailing, but the country has a success story to tell.

Estonia shows one way to navigate a digital world. Australia doesn’t need to follow this path, but it’s worth taking a look at how they’re travelling.

We need to consider what our future looks like in the face of continued cybercrime threats and an incessant drive for faster, more secure online services in every aspect of our life.

Australians are not fearful of new technology. We have a history of early adoption of new technologies. Australians were early adopters of ATMs, way back in 1967. Interestingly since then, we’ve been just as fast to ditch cash. More than 90 per cent of us are using cashless tap and go. But even though Australians are early adopters, they don’t want their digital convenience to come with unaccountable power to control their private information. They don’t want all the power in the hands of the people running the services. They want to make sure their human rights as consumers and citizens are retained when they use digital services.

When Australians are asked to hand over their personal data they have a right to expect it will be protected.

Unfortunately, significant recent privacy breaches have shown existing safeguards are outdated.

In its dying days, the Morrison government tried to push through legislation — the Data Availability and Transparency Act — that would have opened up the personal details of Australians to the ravenous whims of foreign private corporations.

In Parliament at the time, I described the initial bill as a Ford Edsel. A lemon.

It took the intervention of Labor as opposition and more than 200 amendments to turn the reckless plan into a sensible scheme that allowed sharing between government departments but nothing more.

We switched the engines, beat the panels, touched up the Duco. With our improvements, well, if it wasn’t a Maserati then at least it’s now a solid Toyota Corolla.

We share so much of our personal information online now. The Optus and Medibank breaches show we need to find a better way to protect it and the Labor Government, including Attorney-General Mark Dreyfus, Cyber Security Minister Clare O’Neil, Communications Minister Michelle Rowland, Finance Minister Katy Gallagher and I, are committed to strengthening safeguards and mitigating risks.

That said, there will always be risks, and we will continue to stress the need for people to fiercely guard their online identities, be scam aware and not share their passwords or PINs.

But recent times have opened our eyes to the very real risk inherent in allowing private companies to store government issued credentials. We live in a rapidly moving digital age and it’s fair to say there will always be people looking to steal and scam in the digital world just like in the real world. Both governments and corporations have a responsibility to protect people’s private information. For our part, Labor is always on the side of the everyday person and we will do what we can to make it safe.

This opinion piece was first published in The West Australian on Wednesday 16 November 2022.