Four months later, Ukraine ally Australia recognised big tech too. But not with an award. A democracy at war lauds big tech for being “on the light side of digital”. A democracy at peace probes its democratic harm.
How does big tech exert its power and influence over markets and public debate to the detriment of Australian democracy and users? That is the question facing Google, Meta, Apple, Microsoft and Amazon as the Senate economics committee launches its new inquiry into the influence of international digital platforms.
Within 24 hours of announcing his book about Chinese Communist Party espionage and influence operations in July, Australian author Alex Joske received a warning: “Government-backed attackers may be trying to steal your password.” The warning came from Google, which sent more than 50,000 such messages in 2021. Russian state-backed hacking accounted for a near-33 per cent year-on-year increase by October that year. Google began warning users in 2012, Meta and Microsoft in 2015, Apple in 2021.
Unlike Ukraine, Australia is not directly at war. But Australia and democracies alike do face grey-zone hostilities that threaten their national security. Australia’s parliament was hacked in 2019 and cabinet ministers in 2021. As was Nine Entertainment. A Pegasus iPhone hacking wave has targeted journalists, politicians and human rights activists globally. Ransomware costs Australia an estimated annual $2.59bn.
Asking how big tech acts to the “detriment” of Australian democracy and users is an important question. That Meta allegedly progressed its mid-Covid-19 news bargaining code takedown despite knowing it had blocked health and hospital pages is one example. But it is an unmistakably leading question that excludes how big tech does and can act to their benefit.
In Europe, Google addressed the June Copenhagen democracy summit and responded to the European Commission’s liberal democratic, security-rich 2030 digital targets with a 16-page September white paper.
It reflected on Google’s own cyber uplift after a 2009 espionage hack attributed to China. “These attacks and the surveillance they have uncovered – combined with the attempts over the past year to further limit free speech on the web – have led us to conclude that we should review the feasibility of our business operations in China”, Google wrote at the time.
Thirteen years on, democracies are reviewing their national security. “We are going to be under relentless cyber attack essentially from here on in … we need to do a lot better as a country.” This warning came from Australian Home Affairs Minister Clare O’Neil in an interview with ABC Radio’s AM on Thursday.
Optus, Medibank, the Australian Federal Police and Woolworths Group’s MyDeal have all been implicated in data breaches during the past month alone.
Fortune 500 company Uber was hacked in September after an employee was deceived into sharing login credentials, a hacking attack method known as phishing.
Ninety-two per cent of Australian organisations were phished at least once in 2021, a 53 per cent annual increase and the highest rate of all Proofpoint’s surveyed countries: the US, Britain, Japan, France and Germany.
Phishing accounts for 90 per cent of data breaches, the CISCO digital communications company reported in 2020.
Now-hacked Uber used on-device prompts for two-factor authentication, as do the many Australian government and enterprise users of Microsoft’s Authenticator app, ranked ninth in Australia’s Apple App Store at the time of writing.
But worse, SMS codes are a commonly configured two-factor authentication backup method, the first factor being a username and password. On-device prompts prevent 90 per cent and SMS codes only 76 per cent of targeted phishing attacks, a 2019 study co-led by Google found.
Google internally eliminated phishing in early 2017, when it deployed security-key two-factor authentication to its workforce. Security keys are physical devices that block remote hackers and fraudulent login portals. They have a 100 per cent phishing prevention rate, Google’s study found. Not one Google user enrolled in its opt-in, security key-enforcing Advanced Protection Program has been phished.
Meta’s Facebook also allows its users security key-only two-factor authentication.
Australians affected by the Optus breach are now ordering new driver’s licences. But one issuing authority has itself previously been compromised.
“A targeted phishing attack on staff at Service NSW that led to the theft of more than 500,000 documents containing personal information relating to 186,000 people could have been prevented if simple security measures were followed,” The Guardian reported in 2020. Service NSW did not use security keys, on-device prompts or SMS code two-factor authentication. At the time of the attack, it had none.
A January Google-YouGov poll found 41 per cent of people working in politics and journalism in the US had digital accounts hacked or accessed without consent during 2021. “Chinese government hackers are scanning US political party domains ahead of next month’s midterm elections, looking for vulnerable systems as a potential precursor to hacking operations,” The Washington Post reported last week.
Google co-founded Campaign Security Project in February. It has since trained more than 4000 campaign and election officials in cyber security ahead of the November midterms.
In Australia, Google delivered cyber security briefings to political campaigns ahead of the May election. Its counter government-hacking Threat Analysis Group monitored for foreign interference. Meta launched a misinformation awareness campaign with Australian Associated Press in four languages: English, Mandarin, Arabic and Vietnamese.
When the new 14-month Senate inquiry was announced, the public was rightly told big tech has “power that goes deep into society and into democracy”.
The Australian Competition and Consumer Commission launched a five-year inquiry into big tech in 2020. It completed a 20-month inquiry in 2019.
Yet TikTok among platforms “based in countries with a more authoritarian approach to the private sector” faces only a 15-month federal departmental review.
Approximately 7.38 million Australians aged over 18 used TikTok for a monthly average of 23.4 hours in 2021, above second-placed Facebook at 17.6 hours.
Of US users, 33 per cent regularly consumed news on TikTok in the 13 months to August, above Meta’s Instagram at 29 per cent and Google’s YouTube at 30 per cent. Of the 10 platforms surveyed, only TikTok had three consecutive years of rising news consumption. Yet big tech – Google, Meta, Apple, Microsoft, and Amazon – now face a second concurrent federal inquiry.
The question facing Australia and democracies alike is whether big tech is the greater threat or a willing and capable partner against more serious threats. No harm should escape inquiry.
But nor should corporations that defend liberal democracy be disproportionately targeted for democracy detriments above greater threats to Australia.
Constructively engaging big tech is an opportunity for a more resilient Australia and a more resilient democratic world.
James King is a national security and foreign policy adviser. He has been a ministerial adviser and has published investigative journalism with ABC News.
Queensland fixing bad teaching
New NAPLAN results demonstrate that delivering the basics works.
US, China allies resolve conflict
Thai-Cambodian conflict could have destabilised region.
“Big tech support Ukraine.” Those were the words Vice-Prime Minister Mykhailo Fedorov proclaimed as he awarded Google, Microsoft and Amazon presidential peace prizes. Google “proved its bravery and devotion to freedom”. Microsoft “stands for truth and for peace”. Amazon “literally saved our digital infrastructure”. Each was recognised for defending Ukraine against Russian cyber devastation.