[LINK] Can NPP legally conduct secret pen tests on banks?
Roger.Clarke at xamax.com.au
Tue Sep 3 10:07:32 AEST 2019
Secret penetration tests, fines for banks under PayID security crackdown
NPP deploys ‘unilateral’ protections to harden network.
Sep 3 2019
Australian banks and credit unions will have their transactional systems
secretly penetration tested to arrest deficiencies and stop fraud and
abuse of institutional infrastructure plugged into to the New Payments
Platform after two PayID look-up attacks.
[I wonder how this squares up with the computer offences provision in
s.476 of the what we called (for over a century?) the Crimes Act, but is
now the Schedule to the Criminal Code Act:
(then search for 476)
[The mixture of incompetence and obstructiveness of the AGD's
legislative draftsdonkeys is on full display in this area. Critical law
isn't in sections of a principal statute, but is buried deep down in a
Schedule. And of course it's expressed in the most excruciatingly messy
structure and text imaginable.]
[Does anyone know whether:
1. s.476 has the effect of criminalising pen testing?
2. NPP has a dispensation to ignore it?
3. consent is a sufficient defence against s.476?
Roger Clarke mailto:Roger.Clarke at xamax.com.au
T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Visiting Professor in the Faculty of Law University of N.S.W.
Visiting Professor in Computer Science Australian National University
More information about the Link